From df4314f6e89aa18137a89561b05703412a00358b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 6 Aug 2024 21:06:20 -0400 Subject: [PATCH 001/348] mlkem spec --- libcrux-ml-kem/proofs/fstar/spec/Makefile | 122 +++++ .../proofs/fstar/spec/Spec.MLKEM.fst | 472 ++++++++++++++++++ .../proofs/fstar/spec/Spec.Utils.fst | 57 +++ 3 files changed, 651 insertions(+) create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Makefile create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile new file mode 100644 index 000000000..7caf6ddd7 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -0,0 +1,122 @@ +# This is a generically useful Makefile for F* that is self-contained +# +# It is tempting to factor this out into multiple Makefiles but that +# makes it less portable, so resist temptation, or move to a more +# sophisticated build system. +# +# We expect FSTAR_HOME to be set to your FSTAR repo/install directory +# We expect HACL_HOME to be set to your HACL* repo location +# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. +# +# ROOTS contains all the top-level F* files you wish to verify +# The default target `verify` verified ROOTS and its dependencies +# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line +# +# +# To make F* emacs mode use the settings in this file, you need to +# add the following lines to your .emacs +# +# (setq-default fstar-executable "/bin/fstar.exe") +# (setq-default fstar-smt-executable "/bin/z3") +# +# (defun my-fstar-compute-prover-args-using-make () +# "Construct arguments to pass to F* by calling make." +# (with-demoted-errors "Error when constructing arg string: %S" +# (let* ((fname (file-name-nondirectory buffer-file-name)) +# (target (concat fname "-in")) +# (argstr (car (process-lines "make" "--quiet" target)))) +# (split-string argstr)))) +# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) +# + +WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel) + +HAX_HOME ?= $(WORKSPACE_ROOT)/hax +HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar +HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction +FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar +HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star +FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") + +CACHE_DIR ?= .cache +HINT_DIR ?= .hints + +.PHONY: all verify verify-lax clean + +all: + rm -f .depend && $(MAKE) .depend + $(MAKE) verify + +ifeq ($(OTHERFLAGS),$(subst --admit_smt_queries true,,$(OTHERFLAGS))) +FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints +else +FSTAR_HINTS ?= --use_hints --use_hint_hashes +endif + +VERIFIED = + +UNVERIFIED = + + +VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) +UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) + +# By default, we process all the files in the current directory. Here, we +# *extend* the set of relevant files with the tests. +ROOTS = $(UNVERIFIED) $(VERIFIED) + +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) + +FSTAR_FLAGS = $(FSTAR_HINTS) \ + --cmi \ + --warn_error -331 \ + --warn_error -321 \ + --warn_error -274 \ + --query_stats \ + --cache_checked_modules --cache_dir $(CACHE_DIR) \ + --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ + $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) + +# --log_queries \ +# --z3version 4.12.3 \ +# --smtencoding.l_arith_repr native \ +# --smtencoding.nl_arith_repr native \ + +FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) + + +.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) + $(info $(ROOTS)) + $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ + +include .depend + +$(HINT_DIR): + mkdir -p $@ + +$(CACHE_DIR): + mkdir -p $@ + +$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true +$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) + $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints + +verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) + +# Targets for interactive mode + +%.fst-in: + $(info $(FSTAR_FLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) + +%.fsti-in: + $(info $(FSTAR_FLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) + + +# Clean targets + +SHELL=/usr/bin/env bash + +clean: + rm -rf $(CACHE_DIR)/* diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst new file mode 100644 index 000000000..9418acaff --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -0,0 +1,472 @@ +module Spec.MLKEM +#set-options "--fuel 0 --ifuel 1 --z3rlimit 200" +open FStar.Mul +open Core +open Spec.Utils + +(** ML-KEM Constants *) +let v_BITS_PER_COEFFICIENT: usize = sz 12 + +let v_COEFFICIENTS_IN_RING_ELEMENT: usize = sz 256 + +let v_BITS_PER_RING_ELEMENT: usize = sz 3072 // v_COEFFICIENTS_IN_RING_ELEMENT *! sz 12 + +let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8 + +let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 + +let v_FIELD_MODULUS: i32 = 3329l + +let v_H_DIGEST_SIZE: usize = sz 32 +// same as Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) + +let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 + +let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE + +type params_ = { + v_RANK: usize; + v_ETA1: usize; + v_ETA2: usize; + v_VECTOR_U_COMPRESSION_FACTOR: usize; + v_VECTOR_V_COMPRESSION_FACTOR: usize; +} + +let valid_params p = + (v p.v_RANK < pow2 32) /\ + (p.v_RANK = sz 2 || p.v_RANK = sz 3 || p.v_RANK = sz 4) /\ + (p.v_ETA1 = sz 2 || p.v_ETA1 = sz 3) /\ + p.v_ETA2 =. sz 2 /\ + (p.v_VECTOR_U_COMPRESSION_FACTOR = sz 10 || p.v_VECTOR_U_COMPRESSION_FACTOR = sz 11) /\ + (p.v_VECTOR_V_COMPRESSION_FACTOR = sz 4 || p.v_VECTOR_V_COMPRESSION_FACTOR = sz 5) + +let params = p:params_{valid_params p} + +val v_ETA1_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128 \/ u == sz 192} +let v_ETA1_RANDOMNESS_SIZE (p:params) = p.v_ETA1 *! sz 64 + +val v_ETA2_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128} +let v_ETA2_RANDOMNESS_SIZE (p:params) = p.v_ETA2 *! sz 64 + +val v_RANKED_BYTES_PER_RING_ELEMENT (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} +let v_RANKED_BYTES_PER_RING_ELEMENT (p:params) = p.v_RANK *! v_BYTES_PER_RING_ELEMENT + +let v_T_AS_NTT_ENCODED_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +let v_CPA_PKE_SECRET_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p + +val v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} +let v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +! sz 32 + +val v_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} +let v_SECRET_KEY_SIZE (p:params) = + (v_CPA_PKE_SECRET_KEY_SIZE p +! v_CPA_PKE_PUBLIC_KEY_SIZE p +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) + +val v_C1_BLOCK_SIZE (p:params): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v p.v_VECTOR_U_COMPRESSION_FACTOR} +let v_C1_BLOCK_SIZE (p:params) = sz 32 *! p.v_VECTOR_U_COMPRESSION_FACTOR + +val v_C1_SIZE (p:params) : u:usize{(u >=. sz 640 /\ u <=. sz 1448) /\ + v u == v (v_C1_BLOCK_SIZE p) * v p.v_RANK} +let v_C1_SIZE (p:params) = v_C1_BLOCK_SIZE p *! p.v_RANK + +val v_C2_SIZE (p:params) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v p.v_VECTOR_V_COMPRESSION_FACTOR } +let v_C2_SIZE (p:params) = sz 32 *! p.v_VECTOR_V_COMPRESSION_FACTOR + +val v_CPA_PKE_CIPHERTEXT_SIZE (p:params) : u:usize {v u = v (v_C1_SIZE p) + v (v_C2_SIZE p)} +let v_CPA_PKE_CIPHERTEXT_SIZE (p:params) = v_C1_SIZE p +! v_C2_SIZE p + +val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params): u:usize{v u == v v_SHARED_SECRET_SIZE + + v (v_CPA_PKE_CIPHERTEXT_SIZE p)} +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params) = + v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE p + +val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64} +let v_KEY_GENERATION_SEED_SIZE: usize = + v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! + v_SHARED_SECRET_SIZE + +(** ML-KEM Types *) + +type t_MLKEMPublicKey (p:params) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE p) +type t_MLKEMPrivateKey (p:params) = t_Array u8 (v_SECRET_KEY_SIZE p) +type t_MLKEMKeyPair (p:params) = t_MLKEMPrivateKey p & t_MLKEMPublicKey p + +type t_MLKEMCPAPrivateKey (p:params) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE p) +type t_MLKEMCPAKeyPair (p:params) = t_MLKEMCPAPrivateKey p & t_MLKEMPublicKey p + +type t_MLKEMCiphertext (p:params) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE p) +type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) + +(** MLKEM Math and Sampling *) + +type field_element = n:nat{n < v v_FIELD_MODULUS} +type polynomial (ntt:bool) = t_Array field_element (sz 256) +type vector (p:params) (ntt:bool) = t_Array (polynomial ntt) p.v_RANK +type matrix (p:params) (ntt:bool) = t_Array (vector p ntt) p.v_RANK + +val field_add: field_element -> field_element -> field_element +let field_add a b = (a + b) % v v_FIELD_MODULUS + +val field_sub: field_element -> field_element -> field_element +let field_sub a b = (a - b) % v v_FIELD_MODULUS + +val field_mul: field_element -> field_element -> field_element +let field_mul a b = (a * b) % v v_FIELD_MODULUS + +val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +let poly_add a b = map2 field_add a b + +val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +let poly_sub a b = map2 field_sub a b + +assume val poly_ntt: #p:params -> polynomial false -> polynomial true +assume val poly_inv_ntt: #p:params -> polynomial true -> polynomial false +assume val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true + +val vector_add: #p:params -> #ntt:bool -> vector p ntt -> vector p ntt -> vector p ntt +let vector_add #p a b = map2 poly_add a b + +val vector_ntt: #p:params -> vector p false -> vector p true +let vector_ntt #p v = map_array (poly_ntt #p) v + +val vector_inv_ntt: #p:params -> vector p true -> vector p false +let vector_inv_ntt #p v = map_array (poly_inv_ntt #p) v + +val vector_mul_ntt: #p:params -> vector p true -> vector p true -> vector p true +let vector_mul_ntt #p a b = map2 poly_mul_ntt a b + +val vector_sum: #p:params -> #ntt:bool -> vector p ntt -> polynomial ntt +let vector_sum #p a = repeati (v p.v_RANK - 1) + (fun i x -> poly_add x (Lib.Sequence.index #_ #(v p.v_RANK) a (i+1))) (Lib.Sequence.index #_ #(v p.v_RANK) a 0) + +val vector_dot_product_ntt: #p:params -> vector p true -> vector p true -> polynomial true +let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) + +val matrix_transpose: #p:params -> #ntt:bool -> matrix p ntt -> matrix p ntt +let matrix_transpose #p m = + createi p.v_RANK (fun i -> + createi p.v_RANK (fun j -> + m.[j].[i])) + +val matrix_vector_mul_ntt: #p:params -> matrix p true -> vector p true -> vector p true +let matrix_vector_mul_ntt #p m v = + createi p.v_RANK (fun i -> vector_dot_product_ntt m.[i] v) + +val compute_As_plus_e_ntt: #p:params -> a:matrix p true -> s:vector p true -> e:vector p true -> vector p true +let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e + +let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) + : Pure (t_Array u8 bytes) + (requires True) + (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) + = bit_vec_to_int_t_array 8 bv + +let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) + : Pure (i: bit_vec (v bytes * 8)) + (requires True) + (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) + = bit_vec_of_int_t_array r 8 + +unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x + + +// note we take seed of size 32 not 34 as in hacspec +assume val sample_matrix_A_ntt: #p:params -> seed:t_Array u8 (sz 32) -> matrix p true +// note we take seed of size 32 not 33 as in hacspec +assume val sample_vector_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector p false +// note we take seed of size 32 not 33 as in hacspec + +assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false + +open Rust_primitives.Integers + +val sample_poly_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +let sample_poly_cbd #p seed domain_sep = + let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in + let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE p) prf_input in + sample_poly_binomial p.v_ETA2 prf_output + +let sample_vector_cbd_then_ntt (#p:params) (seed:t_Array u8 (sz 32)) (domain_sep:usize) : vector p true = + vector_ntt (sample_vector_cbd #p seed domain_sep) + +type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} +let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS +type field_element_d (d:dT) = n:nat{n < max_d d} +type polynomial_d (d:dT) = t_Array (field_element_d d) (sz 256) +type vector_d (p:params) (d:dT) = t_Array (polynomial_d d) p.v_RANK + + +let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d + = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in + assume (r * v v_FIELD_MODULUS < pow2 d * x + 1664); + assume (pow2 d * x + 1664 < pow2 d * v v_FIELD_MODULUS + 1664); + assume (r < pow2 d); + r + +let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element + = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in + assume (r < v v_FIELD_MODULUS); + r + + +let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) + = let coefficients' : t_Array nat (sz 256) = map_array #(field_element_d d) (fun x -> x <: nat) coefficients in + bits_to_bytes #(sz (32 * d)) + (retype_bit_vector (bit_vec_of_nat_array coefficients' d)) + +let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d + = let bv = bytes_to_bits coefficients in + let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in + let p = map_array (fun (x: nat) -> x % v v_FIELD_MODULUS) arr in + introduce forall i. (d < 12 ==> Seq.index p i < pow2 d) + with assert (Seq.index p i == Seq.index p (v (sz i))); + introduce forall i. (d == 12 ==> Seq.index p i < v v_FIELD_MODULUS) + with assert (Seq.index p i == Seq.index p (v (sz i))); + assert (forall i. (d < 12 ==> Seq.index p i < pow2 d) /\ (d == 12 ==> Seq.index p i < v v_FIELD_MODULUS)); + admit(); + p + +let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p +let coerce_vector_12 #ntt (#p:params) (v:vector p ntt): vector_d p 12 = v + +let vector_encode_12 (#p:params) (#ntt:bool) (v: vector p ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) + = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map_array (byte_encode 12) (coerce_vector_12 v) in + flatten s + +let vector_decode_12 (#p:params) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)): vector p ntt + = createi p.v_RANK (fun block -> + let block_size = (sz (32 * 12)) in + let slice = Seq.slice arr (v block * v block_size) + (v block * v block_size + v block_size) in + byte_decode 12 slice + ) + +let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) + = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients + in + byte_encode d coefs + +let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt + = map_array (decompress_d d) (byte_decode d b) + +let compress_then_encode_message #ntt (p:polynomial ntt) : t_Array u8 v_SHARED_SECRET_SIZE + = compress_then_byte_encode 1 p + +let decode_then_decompress_message #ntt (b:t_Array u8 v_SHARED_SECRET_SIZE): polynomial ntt + = byte_decode_then_decompress 1 b + +let compress_then_encode_u (#p:params) (#ntt:bool) (vec: vector p ntt): t_Array u8 (v_C1_SIZE p) + = let d = v p.v_VECTOR_U_COMPRESSION_FACTOR in + flatten (map_array (compress_then_byte_encode d) vec) + +let decode_then_decompress_u (#p:params) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE p)): vector p ntt + = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in + createi p.v_RANK (fun block -> + let block_size = v_C1_BLOCK_SIZE p in + let slice = Seq.slice arr (v block * v block_size) + (v block * v block_size + v block_size) in + byte_decode_then_decompress (v d) slice + ) + +let compress_then_encode_v (#p:params) (#ntt:bool): polynomial ntt -> t_Array u8 (v_C2_SIZE p) + = compress_then_byte_encode (v p.v_VECTOR_V_COMPRESSION_FACTOR) + +let decode_then_decompress_v (#p:params) (#ntt:bool): t_Array u8 (v_C2_SIZE p) -> polynomial ntt + = byte_decode_then_decompress (v p.v_VECTOR_V_COMPRESSION_FACTOR) + +(** IND-CPA Functions *) + +/// This function implements most of Algorithm 12 of the +/// NIST FIPS 203 specification; this is the MLKEM CPA-PKE key generation algorithm. +/// +/// We say "most of" since Algorithm 12 samples the required randomness within +/// the function itself, whereas this implementation expects it to be provided +/// through the `key_generation_seed` parameter. + +val ind_cpa_generate_keypair (p:params) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) : + t_MLKEMCPAKeyPair p +let ind_cpa_generate_keypair p randomness = + let hashed = v_G randomness in + let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in + let matrix_A_as_ntt = sample_matrix_A_ntt #p seed_for_A in + let secret_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error (sz 0) in + let error_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error p.v_RANK in + let t_as_ntt = compute_As_plus_e_ntt #p matrix_A_as_ntt secret_as_ntt error_as_ntt in + let public_key_serialized = Seq.append (vector_encode_12 #p t_as_ntt) seed_for_A in + let secret_key_serialized = vector_encode_12 #p secret_as_ntt in + (secret_key_serialized,public_key_serialized) + +/// This function implements Algorithm 13 of the +/// NIST FIPS 203 specification; this is the MLKEM CPA-PKE encryption algorithm. + +val ind_cpa_encrypt (p:params) (public_key: t_MLKEMPublicKey p) + (message: t_Array u8 v_SHARED_SECRET_SIZE) + (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : + t_MLKEMCiphertext p + +let ind_cpa_encrypt p public_key message randomness = + let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in + let t_as_ntt = vector_decode_12 #p t_as_ntt_bytes in + let matrix_A_as_ntt = sample_matrix_A_ntt #p seed_for_A in + let r_as_ntt = sample_vector_cbd_then_ntt #p randomness (sz 0) in + let error_1 = sample_vector_cbd #p randomness p.v_RANK in + let error_2 = sample_poly_cbd #p randomness (p.v_RANK +! p.v_RANK) in + let u = vector_add (vector_inv_ntt (matrix_vector_mul_ntt (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in + let mu = decode_then_decompress_message message in + let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in + let c1 = compress_then_encode_u #p u in + let c2 = compress_then_encode_v #p v in + concat c1 c2 + +/// This function implements Algorithm 14 of the +/// NIST FIPS 203 specification; this is the MLKEM CPA-PKE decryption algorithm. + +val ind_cpa_decrypt (p:params) (secret_key: t_MLKEMCPAPrivateKey p) + (ciphertext: t_MLKEMCiphertext p): + t_MLKEMSharedSecret + +let ind_cpa_decrypt p secret_key ciphertext = + let (c1,c2) = split ciphertext (v_C1_SIZE p) in + let u = decode_then_decompress_u #p c1 in + let v = decode_then_decompress_v #p c2 in + let secret_as_ntt = vector_decode_12 #p secret_key in + let w = poly_sub v (poly_inv_ntt #p (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in + compress_then_encode_message w + +(** IND-CCA Functions *) + + +/// This function implements most of Algorithm 15 of the +/// NIST FIPS 203 specification; this is the MLKEM CCA-KEM key generation algorithm. +/// +/// We say "most of" since Algorithm 15 samples the required randomness within +/// the function itself, whereas this implementation expects it to be provided +/// through the `randomness` parameter. +/// +/// TODO: input validation + +val ind_cca_generate_keypair (p:params) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : + t_MLKEMKeyPair p +let ind_cca_generate_keypair p randomness = + let (ind_cpa_keypair_randomness, implicit_rejection_value) = + split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in + + let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in + let ind_cca_secret_key = Seq.append ind_cpa_secret_key ( + Seq.append ind_cpa_public_key ( + Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in + (ind_cca_secret_key, ind_cpa_public_key) + +/// This function implements most of Algorithm 16 of the +/// NIST FIPS 203 specification; this is the MLKEM CCA-KEM encapsulation algorithm. +/// +/// We say "most of" since Algorithm 16 samples the required randomness within +/// the function itself, whereas this implementation expects it to be provided +/// through the `randomness` parameter. +/// +/// TODO: input validation + +val ind_cca_encapsulate (p:params) (public_key: t_MLKEMPublicKey p) + (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : + (t_MLKEMCiphertext p & t_MLKEMSharedSecret) +let ind_cca_encapsulate p public_key randomness = + let to_hash = concat randomness (v_H public_key) in + let hashed = v_G to_hash in + let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in + let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in + (ciphertext,shared_secret) + + +/// This function implements Algorithm 17 of the +/// NIST FIPS 203 specification; this is the MLKEM CCA-KEM encapsulation algorithm. + +val ind_cca_decapsulate (p:params) (secret_key: t_MLKEMPrivateKey p) + (ciphertext: t_MLKEMCiphertext p): + t_MLKEMSharedSecret +let ind_cca_decapsulate p secret_key ciphertext = + let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in + let (ind_cpa_public_key,rest) = split rest (v_CPA_PKE_PUBLIC_KEY_SIZE p) in + let (ind_cpa_public_key_hash,implicit_rejection_value) = split rest v_H_DIGEST_SIZE in + + let decrypted = ind_cpa_decrypt p ind_cpa_secret_key ciphertext in + let to_hash = concat decrypted ind_cpa_public_key_hash in + let hashed = v_G to_hash in + let (success_shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in + + assert (Seq.length implicit_rejection_value = 32); + let to_hash = concat implicit_rejection_value ciphertext in + let rejection_shared_secret = v_J to_hash in + + let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in + if reencrypted = ciphertext + then success_shared_secret + else rejection_shared_secret + + +(** MLKEM-768 Instantiation *) + +let mlkem768_params : params = { + v_RANK = sz 3; + v_ETA1 = sz 2; + v_ETA2 = sz 2; + v_VECTOR_U_COMPRESSION_FACTOR = sz 10; + v_VECTOR_V_COMPRESSION_FACTOR = sz 4; +} + +let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) = + ind_cca_generate_keypair mlkem768_params randomness + +let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) = + ind_cca_encapsulate mlkem768_params public_key randomness + + +let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): + t_Array u8 (sz 32) = + ind_cca_decapsulate mlkem768_params secret_key ciphertext + +(** MLKEM-1024 Instantiation *) + +let mlkem1024_params : params = { + v_RANK = sz 4; + v_ETA1 = sz 2; + v_ETA2 = sz 2; + v_VECTOR_U_COMPRESSION_FACTOR = sz 11; + v_VECTOR_V_COMPRESSION_FACTOR = sz 5; +} + +let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) = + ind_cca_generate_keypair mlkem1024_params randomness + +let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) = + ind_cca_encapsulate mlkem1024_params public_key randomness + + +let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): + t_Array u8 (sz 32) = + ind_cca_decapsulate mlkem1024_params secret_key ciphertext + +(** MLKEM-512 Instantiation *) + +let mlkem512_params : params = { + v_RANK = sz 2; + v_ETA1 = sz 3; + v_ETA2 = sz 2; + v_VECTOR_U_COMPRESSION_FACTOR = sz 10; + v_VECTOR_V_COMPRESSION_FACTOR = sz 4; +} + +let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) = + ind_cca_generate_keypair mlkem512_params randomness + +let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 768) & t_Array u8 (sz 32)) = + ind_cca_encapsulate mlkem512_params public_key randomness + + +let mlkem512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): + t_Array u8 (sz 32) = + ind_cca_decapsulate mlkem512_params secret_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst new file mode 100644 index 000000000..6747f8487 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -0,0 +1,57 @@ +module Spec.Utils +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Spec.SHA3 +open FStar.Mul +open Core + +(** Utils *) +let map_slice #a #b + (f:(x:a -> b)) + (s: t_Slice a): t_Slice b + = createi (length s) (fun i -> f (Seq.index s (v i))) + +let map_array #a #b #len + (f:(x:a -> b)) + (s: t_Array a len): t_Array b len + = createi (length s) (fun i -> f (Seq.index s (v i))) + +let map2 #a #b #c (#len:usize{v len < pow2 32}) + (f:a -> b -> c) + (x: t_Array a len) (y: t_Array b len): t_Array c len + = Lib.Sequence.map2 #a #b #c #(v len) f x y + +let repeati = Lib.LoopCombinators.repeati + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" +let flatten #t #n + (#m: usize {range (v n * v m) usize_inttype}) + (x: t_Array (t_Array t m) n) + : t_Array t (m *! n) + = createi (m *! n) (fun i -> Seq.index (Seq.index x (v i / v m)) (v i % v m)) +#pop-options + +type t_Error = | Error_RejectionSampling : t_Error + +type t_Result a b = + | Ok: a -> t_Result a b + | Err: b -> t_Result a b + +(** Hash Function *) +val v_G (input: t_Slice u8) : t_Array u8 (sz 64) +let v_G input = map_slice Lib.RawIntTypes.u8_to_UInt8 (sha3_512 (Seq.length input) (map_slice Lib.IntTypes.secret input)) + +val v_H (input: t_Slice u8) : t_Array u8 (sz 32) +let v_H input = map_slice Lib.RawIntTypes.u8_to_UInt8 (sha3_256 (Seq.length input) (map_slice Lib.IntTypes.secret input)) + +val v_PRF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_LEN +let v_PRF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 ( + shake256 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN)) + +let v_J (input: t_Slice u8) : t_Array u8 (sz 32) = v_PRF (sz 32) input + +val v_XOF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_LEN +let v_XOF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 ( + shake128 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN)) + + + From 3b90f18d087106d903392647b09c2d27451285a0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 6 Aug 2024 21:42:32 -0400 Subject: [PATCH 002/348] wip: attempt at post-conditiomn --- libcrux-ml-kem/src/ind_cca.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 7127c1704..b950605fc 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -196,6 +196,8 @@ fn encapsulate< (ciphertext, shared_secret_array) } +#[cfg_attr(hax,hax_lib::ensures(|result| + hax_lib::fstar!("$result == Spec.MLKEM.decapsulate($private_key.value, $ciphertext.value)")))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, From 520bc5c98dafe746455404c8cc97af8f5ee6b082 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 7 Aug 2024 13:01:53 +0000 Subject: [PATCH 003/348] Link v_G, v_H, and v_PRF with spec --- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 23 +++++++++++++--- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 23 +++++++++++++--- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 23 +++++++++++++--- libcrux-ml-kem/src/hash_functions.rs | 27 +++++++++++++++++++ 4 files changed, 87 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index 637523b1a..322e6ea5c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -3,12 +3,29 @@ module Libcrux_ml_kem.Hash_functions.Avx2 open Core open FStar.Mul -val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +val v_G (input: t_Slice u8) + : Prims.Pure (t_Array u8 (sz 64)) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 64) = result in + result == Spec.Utils.v_G input) -val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val v_H (input: t_Slice u8) + : Prims.Pure (t_Array u8 (sz 32)) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) - : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_LEN) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_LEN = result in + result == Spec.Utils.v_PRF v_LEN input) val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index d3285aaba..f73dd424d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -3,12 +3,29 @@ module Libcrux_ml_kem.Hash_functions.Neon open Core open FStar.Mul -val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +val v_G (input: t_Slice u8) + : Prims.Pure (t_Array u8 (sz 64)) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 64) = result in + result == Spec.Utils.v_G input) -val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val v_H (input: t_Slice u8) + : Prims.Pure (t_Array u8 (sz 32)) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) - : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_LEN) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_LEN = result in + result == Spec.Utils.v_PRF v_LEN input) val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index 88cba2292..cc5543b7b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -3,12 +3,29 @@ module Libcrux_ml_kem.Hash_functions.Portable open Core open FStar.Mul -val v_G (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +val v_G (input: t_Slice u8) + : Prims.Pure (t_Array u8 (sz 64)) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 64) = result in + result == Spec.Utils.v_G input) -val v_H (input: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) +val v_H (input: t_Slice u8) + : Prims.Pure (t_Array u8 (sz 32)) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.Utils.v_H input) val v_PRF (v_LEN: usize) (input: t_Slice u8) - : Prims.Pure (t_Array u8 v_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_LEN) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_LEN = result in + result == Spec.Utils.v_PRF v_LEN input) val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) : Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index 7c04849de..df7eb58a5 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -67,6 +67,9 @@ pub(crate) mod portable { shake128_state: [KeccakState; K], } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_G $input")) + )] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; @@ -74,6 +77,9 @@ pub(crate) mod portable { digest } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_H $input")) + )] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; @@ -81,6 +87,9 @@ pub(crate) mod portable { digest } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_PRF $LEN $input")) + )] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; @@ -189,6 +198,9 @@ pub(crate) mod avx2 { shake128_state: KeccakState, } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_G $input")) + )] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; @@ -196,6 +208,9 @@ pub(crate) mod avx2 { digest } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_H $input")) + )] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; @@ -203,6 +218,9 @@ pub(crate) mod avx2 { digest } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_PRF $LEN $input")) + )] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; @@ -407,6 +425,9 @@ pub(crate) mod neon { shake128_state: [KeccakState; 2], } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_G $input")) + )] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; @@ -414,6 +435,9 @@ pub(crate) mod neon { digest } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_H $input")) + )] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; @@ -421,6 +445,9 @@ pub(crate) mod neon { digest } + #[cfg_attr(hax,hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_PRF $LEN $input")) + )] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; From 648d92da201e12cf1858b7080a3a99bd25707c3d Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 7 Aug 2024 13:27:08 +0000 Subject: [PATCH 004/348] Update ML-KEM ML.KEM.fst.config.json --- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 2 +- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 2 +- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 2 +- .../fstar/extraction/ML.KEM.fst.config.json | 2 + libcrux-ml-kem/src/hash_functions.rs | 39 ++++++++++--------- 5 files changed, 26 insertions(+), 21 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index 322e6ea5c..ecef6ef88 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -21,7 +21,7 @@ val v_H (input: t_Slice u8) val v_PRF (v_LEN: usize) (input: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) - Prims.l_True + (requires v v_LEN < pow2 32) (ensures fun result -> let result:t_Array u8 v_LEN = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index f73dd424d..dfc347ee5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -21,7 +21,7 @@ val v_H (input: t_Slice u8) val v_PRF (v_LEN: usize) (input: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) - Prims.l_True + (requires v v_LEN < pow2 32) (ensures fun result -> let result:t_Array u8 v_LEN = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index cc5543b7b..7f13d48ce 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -21,7 +21,7 @@ val v_H (input: t_Slice u8) val v_PRF (v_LEN: usize) (input: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) - Prims.l_True + (requires v v_LEN < pow2 32) (ensures fun result -> let result:t_Array u8 v_LEN = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json b/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json index bfd5cccba..d7b3a38b6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json +++ b/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json @@ -14,9 +14,11 @@ ], "include_dirs": [ "${HACL_HOME}/lib", + "${HACL_HOME}/specs", "${HAX_HOME}/proof-libs/fstar/rust_primitives", "${HAX_HOME}/proof-libs/fstar/core", "${HAX_HOME}/hax-lib/proofs/fstar/extraction", + "../spec", "../../../../sys/platform/proofs/fstar/extraction", "../../../../libcrux-sha3/proofs/fstar/extraction", "../../../../libcrux-intrinsics/proofs/fstar/extraction" diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index df7eb58a5..f407fdd45 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -67,9 +67,9 @@ pub(crate) mod portable { shake128_state: [KeccakState; K], } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_G $input")) - )] + ] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; @@ -77,9 +77,9 @@ pub(crate) mod portable { digest } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_H $input")) - )] + ] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; @@ -87,9 +87,10 @@ pub(crate) mod portable { digest } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_PRF $LEN $input")) - )] + ] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; @@ -198,9 +199,9 @@ pub(crate) mod avx2 { shake128_state: KeccakState, } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_G $input")) - )] + ] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; @@ -208,9 +209,9 @@ pub(crate) mod avx2 { digest } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_H $input")) - )] + ] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; @@ -218,9 +219,10 @@ pub(crate) mod avx2 { digest } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_PRF $LEN $input")) - )] + ] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; @@ -425,9 +427,9 @@ pub(crate) mod neon { shake128_state: [KeccakState; 2], } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_G $input")) - )] + ] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { let mut digest = [0u8; G_DIGEST_SIZE]; @@ -435,9 +437,9 @@ pub(crate) mod neon { digest } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_H $input")) - )] + ] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { let mut digest = [0u8; H_DIGEST_SIZE]; @@ -445,9 +447,10 @@ pub(crate) mod neon { digest } - #[cfg_attr(hax,hax_lib::ensures(|result| + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[hax_lib::ensures(|result| fstar!("$result == Spec.Utils.v_PRF $LEN $input")) - )] + ] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { let mut digest = [0u8; LEN]; From 3522bc5e2928e49e981c46e36adcbd1bc828400c Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 7 Aug 2024 13:53:24 +0000 Subject: [PATCH 005/348] Add conditions to hash_functions trait --- .../extraction/Libcrux_ml_kem.Hash_functions.fsti | 11 +++++++---- libcrux-ml-kem/src/hash_functions.rs | 11 +++++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 738c92632..5a8cc9701 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -11,15 +11,18 @@ open FStar.Mul /// - Portable class t_Hash (v_Self: Type0) (v_K: usize) = { f_G_pre:t_Slice u8 -> bool; - f_G_post:t_Slice u8 -> t_Array u8 (sz 64) -> bool; + f_G_post:input: t_Slice u8 -> result: t_Array u8 (sz 64) + -> pred: bool{pred ==> result == Spec.Utils.v_G input}; f_G:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); f_H_pre:t_Slice u8 -> bool; - f_H_post:t_Slice u8 -> t_Array u8 (sz 32) -> bool; + f_H_post:input: t_Slice u8 -> result: t_Array u8 (sz 32) + -> pred: bool{pred ==> result == Spec.Utils.v_H input}; f_H:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); - f_PRF_pre:v_LEN: usize -> t_Slice u8 -> bool; - f_PRF_post:v_LEN: usize -> t_Slice u8 -> t_Array u8 v_LEN -> bool; + f_PRF_pre:v_LEN: usize -> input: t_Slice u8 -> pred: bool{v v_LEN < pow2 32 ==> pred}; + f_PRF_post:v_LEN: usize -> input: t_Slice u8 -> result: t_Array u8 v_LEN + -> pred: bool{pred ==> result == Spec.Utils.v_PRF v_LEN input}; f_PRF:v_LEN: usize -> x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> bool; diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index f407fdd45..caf89ceb6 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -23,14 +23,25 @@ pub(crate) const THREE_BLOCKS: usize = BLOCK_SIZE * 3; /// - AVX2 /// - NEON /// - Portable +#[hax_lib::attributes] pub(crate) trait Hash { /// G aka SHA3 512 + #[hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_G $input")) + ] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE]; /// H aka SHA3 256 + #[hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_H $input")) + ] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE]; /// PRF aka SHAKE256 + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[hax_lib::ensures(|result| + fstar!("$result == Spec.Utils.v_PRF $LEN $input")) + ] fn PRF(input: &[u8]) -> [u8; LEN]; /// PRFxN aka N SHAKE256 From db623b61ce0203c8da311f9823810973cd75e2cc Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 7 Aug 2024 15:22:58 +0000 Subject: [PATCH 006/348] Fix conditions in hash_functions.rs --- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 11 +++-- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 11 +++-- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 11 +++-- .../Libcrux_ml_kem.Hash_functions.fsti | 28 +++++------ libcrux-ml-kem/src/hash_functions.rs | 48 ++++++++++++++++++- 5 files changed, 82 insertions(+), 27 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index ecef6ef88..24782ecde 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -52,13 +52,16 @@ val shake128_squeeze_three_blocks (v_K: usize) (st: t_Simd256Hash) let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = { f_G_pre = (fun (input: t_Slice u8) -> true); - f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> true); + f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> out == Spec.Utils.v_G input); f_G = (fun (input: t_Slice u8) -> v_G input); f_H_pre = (fun (input: t_Slice u8) -> true); - f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> true); + f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> out == Spec.Utils.v_H input); f_H = (fun (input: t_Slice u8) -> v_H input); - f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> true); - f_PRF_post = (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> true); + f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> v v_LEN < pow2 32); + f_PRF_post + = + (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> + v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input); f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index dfc347ee5..f98b621d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -52,13 +52,16 @@ val shake128_squeeze_three_blocks (v_K: usize) (st: t_Simd128Hash) let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = { f_G_pre = (fun (input: t_Slice u8) -> true); - f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> true); + f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> out == Spec.Utils.v_G input); f_G = (fun (input: t_Slice u8) -> v_G input); f_H_pre = (fun (input: t_Slice u8) -> true); - f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> true); + f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> out == Spec.Utils.v_H input); f_H = (fun (input: t_Slice u8) -> v_H input); - f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> true); - f_PRF_post = (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> true); + f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> v v_LEN < pow2 32); + f_PRF_post + = + (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> + v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input); f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index 7f13d48ce..da802b2d0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -52,13 +52,16 @@ val shake128_squeeze_three_blocks (v_K: usize) (st: t_PortableHash v_K) let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K) v_K = { f_G_pre = (fun (input: t_Slice u8) -> true); - f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> true); + f_G_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 64)) -> out == Spec.Utils.v_G input); f_G = (fun (input: t_Slice u8) -> v_G input); f_H_pre = (fun (input: t_Slice u8) -> true); - f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> true); + f_H_post = (fun (input: t_Slice u8) (out: t_Array u8 (sz 32)) -> out == Spec.Utils.v_H input); f_H = (fun (input: t_Slice u8) -> v_H input); - f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> true); - f_PRF_post = (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> true); + f_PRF_pre = (fun (v_LEN: usize) (input: t_Slice u8) -> v v_LEN < pow2 32); + f_PRF_post + = + (fun (v_LEN: usize) (input: t_Slice u8) (out: t_Array u8 v_LEN) -> + v v_LEN < pow2 32 ==> out == Spec.Utils.v_PRF v_LEN input); f_PRF = (fun (v_LEN: usize) (input: t_Slice u8) -> v_PRF v_LEN input); f_PRFxN_pre = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> true); f_PRFxN_post diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 5a8cc9701..43661a52c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -10,43 +10,43 @@ open FStar.Mul /// - NEON /// - Portable class t_Hash (v_Self: Type0) (v_K: usize) = { - f_G_pre:t_Slice u8 -> bool; + f_G_pre:t_Slice u8 -> Type0; f_G_post:input: t_Slice u8 -> result: t_Array u8 (sz 64) - -> pred: bool{pred ==> result == Spec.Utils.v_G input}; + -> pred: Type0{pred ==> result == Spec.Utils.v_G input}; f_G:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); - f_H_pre:t_Slice u8 -> bool; + f_H_pre:t_Slice u8 -> Type0; f_H_post:input: t_Slice u8 -> result: t_Array u8 (sz 32) - -> pred: bool{pred ==> result == Spec.Utils.v_H input}; + -> pred: Type0{pred ==> result == Spec.Utils.v_H input}; f_H:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 32)) (f_H_pre x0) (fun result -> f_H_post x0 result); - f_PRF_pre:v_LEN: usize -> input: t_Slice u8 -> pred: bool{v v_LEN < pow2 32 ==> pred}; + f_PRF_pre:v_LEN: usize -> input: t_Slice u8 -> pred: Type0{v v_LEN < pow2 32 ==> pred}; f_PRF_post:v_LEN: usize -> input: t_Slice u8 -> result: t_Array u8 v_LEN - -> pred: bool{pred ==> result == Spec.Utils.v_PRF v_LEN input}; + -> pred: Type0{pred ==> v v_LEN < pow2 32 ==> result == Spec.Utils.v_PRF v_LEN input}; f_PRF:v_LEN: usize -> x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); - f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> bool; + f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> Type0; f_PRFxN_post:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> t_Array (t_Array u8 v_LEN) v_K - -> bool; + -> Type0; f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (f_PRFxN_pre v_LEN x0) (fun result -> f_PRFxN_post v_LEN x0 result); - f_shake128_init_absorb_pre:t_Array (t_Array u8 (sz 34)) v_K -> bool; - f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> bool; + f_shake128_init_absorb_pre:t_Array (t_Array u8 (sz 34)) v_K -> Type0; + f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; f_shake128_init_absorb:x0: t_Array (t_Array u8 (sz 34)) v_K -> Prims.Pure v_Self (f_shake128_init_absorb_pre x0) (fun result -> f_shake128_init_absorb_post x0 result); - f_shake128_squeeze_three_blocks_pre:v_Self -> bool; + f_shake128_squeeze_three_blocks_pre:v_Self -> Type0; f_shake128_squeeze_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) - -> bool; + -> Type0; f_shake128_squeeze_three_blocks:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) (f_shake128_squeeze_three_blocks_pre x0) (fun result -> f_shake128_squeeze_three_blocks_post x0 result); - f_shake128_squeeze_block_pre:v_Self -> bool; - f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> bool; + f_shake128_squeeze_block_pre:v_Self -> Type0; + f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; f_shake128_squeeze_block:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) (f_shake128_squeeze_block_pre x0) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index caf89ceb6..f8801512c 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -40,7 +40,8 @@ pub(crate) trait Hash { /// PRF aka SHAKE256 #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] #[hax_lib::ensures(|result| - fstar!("$result == Spec.Utils.v_PRF $LEN $input")) + // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 + fstar!("v $LEN < pow2 32 ==> $result == Spec.Utils.v_PRF $LEN $input")) ] fn PRF(input: &[u8]) -> [u8; LEN]; @@ -155,17 +156,32 @@ pub(crate) mod portable { out } + #[hax_lib::attributes] impl Hash for PortableHash { + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + fstar!("$out == Spec.Utils.v_G $input")) + ] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { G(input) } + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + fstar!("$out == Spec.Utils.v_H $input")) + ] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { H(input) } + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 + fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input")) + ] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { PRF::(input) @@ -386,17 +402,32 @@ pub(crate) mod avx2 { out } + #[hax_lib::attributes] impl Hash for Simd256Hash { + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + fstar!("$out == Spec.Utils.v_G $input")) + ] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { G(input) } + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + fstar!("$out == Spec.Utils.v_H $input")) + ] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { H(input) } + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 + fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input")) + ] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { PRF::(input) @@ -645,17 +676,32 @@ pub(crate) mod neon { out } + #[hax_lib::attributes] impl Hash for Simd128Hash { + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + fstar!("$out == Spec.Utils.v_G $input")) + ] #[inline(always)] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE] { G(input) } + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + fstar!("$out == Spec.Utils.v_H $input")) + ] #[inline(always)] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE] { H(input) } + #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[hax_lib::ensures(|out| + // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 + fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input")) + ] #[inline(always)] fn PRF(input: &[u8]) -> [u8; LEN] { PRF::(input) From b9f0cc0dbc9a90c59359a9a4a09ccf2262d2e2b1 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 7 Aug 2024 16:25:36 +0000 Subject: [PATCH 007/348] Add include directories to libcrux-ml-kem Makefile --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 3c3c2a08b..741607975 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -135,9 +135,10 @@ UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIE # *extend* the set of relevant files with the tests. ROOTS = $(UNVERIFIED) $(PANIC_FREE) $(VERIFIED) -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives \ +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives \ $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) \ - ../../../../sys/platform/proofs/fstar/extraction/ \ + ../spec/ \ + ../../../../sys/platform/proofs/fstar/extraction/ \ ../../../../libcrux-intrinsics/proofs/fstar/extraction/ \ ../../../../libcrux-sha3/proofs/fstar/extraction/ From 1199cff8a5c25d77612c4dfc4519b97f250b1a39 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 7 Aug 2024 16:45:50 +0000 Subject: [PATCH 008/348] Remove post-condition in ind_cca.rs --- libcrux-ml-kem/src/ind_cca.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index b950605fc..7127c1704 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -196,8 +196,6 @@ fn encapsulate< (ciphertext, shared_secret_array) } -#[cfg_attr(hax,hax_lib::ensures(|result| - hax_lib::fstar!("$result == Spec.MLKEM.decapsulate($private_key.value, $ciphertext.value)")))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, From 669e56ab801c03a1e863845d5f7fe24e446a3ecf Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 17:58:07 -0400 Subject: [PATCH 009/348] fixing some attributes --- Cargo.lock | 40 +++++- libcrux-ml-kem/Cargo.toml | 7 +- .../Libcrux_ml_kem.Hash_functions.fsti | 12 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 8 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 8 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 11 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 136 +++++++++--------- libcrux-ml-kem/src/hash_functions.rs | 109 +++++++------- libcrux-ml-kem/src/sampling.rs | 6 +- 9 files changed, 184 insertions(+), 153 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 78a064964..bf4d38ec7 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -698,6 +698,15 @@ dependencies = [ "crunchy", ] +[[package]] +name = "hax-lib" +version = "0.1.0-pre.1" +dependencies = [ + "hax-lib-macros 0.1.0-pre.1", + "num-bigint", + "num-traits", +] + [[package]] name = "hax-lib" version = "0.1.0-pre.1" @@ -718,6 +727,18 @@ dependencies = [ "num-traits", ] +[[package]] +name = "hax-lib-macros" +version = "0.1.0-pre.1" +dependencies = [ + "hax-lib-macros-types 0.1.0-pre.1", + "paste", + "proc-macro-error", + "proc-macro2", + "quote", + "syn 2.0.72", +] + [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" @@ -742,6 +763,17 @@ dependencies = [ "syn 2.0.72", ] +[[package]] +name = "hax-lib-macros-types" +version = "0.1.0-pre.1" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" @@ -1037,7 +1069,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib 0.1.0-pre.1", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1253,6 +1285,12 @@ dependencies = [ "sha2", ] +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "pem-rfc7468" version = "0.7.0" diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index ac96cf23b..ffa0fa14a 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -24,10 +24,9 @@ libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } -# This is only required for verification. -# The hax config is set by the hax toolchain. -[target.'cfg(hax)'.dependencies] -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } +# This is only required for verification, but we are setting it as default until some hax attributes are fixed +hax-lib = { path = "../../hax/hax-lib" } +#hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [features] # By default all variants and std are enabled. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 43661a52c..18e6814fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -10,12 +10,12 @@ open FStar.Mul /// - NEON /// - Portable class t_Hash (v_Self: Type0) (v_K: usize) = { - f_G_pre:t_Slice u8 -> Type0; + f_G_pre:input: t_Slice u8 -> pred: Type0{true ==> pred}; f_G_post:input: t_Slice u8 -> result: t_Array u8 (sz 64) -> pred: Type0{pred ==> result == Spec.Utils.v_G input}; f_G:x0: t_Slice u8 -> Prims.Pure (t_Array u8 (sz 64)) (f_G_pre x0) (fun result -> f_G_post x0 result); - f_H_pre:t_Slice u8 -> Type0; + f_H_pre:input: t_Slice u8 -> pred: Type0{true ==> pred}; f_H_post:input: t_Slice u8 -> result: t_Array u8 (sz 32) -> pred: Type0{pred ==> result == Spec.Utils.v_H input}; f_H:x0: t_Slice u8 @@ -25,27 +25,27 @@ class t_Hash (v_Self: Type0) (v_K: usize) = { -> pred: Type0{pred ==> v v_LEN < pow2 32 ==> result == Spec.Utils.v_PRF v_LEN input}; f_PRF:v_LEN: usize -> x0: t_Slice u8 -> Prims.Pure (t_Array u8 v_LEN) (f_PRF_pre v_LEN x0) (fun result -> f_PRF_post v_LEN x0 result); - f_PRFxN_pre:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> Type0; + f_PRFxN_pre:v_LEN: usize -> input: t_Array (t_Array u8 (sz 33)) v_K -> pred: Type0{true ==> pred}; f_PRFxN_post:v_LEN: usize -> t_Array (t_Array u8 (sz 33)) v_K -> t_Array (t_Array u8 v_LEN) v_K -> Type0; f_PRFxN:v_LEN: usize -> x0: t_Array (t_Array u8 (sz 33)) v_K -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (f_PRFxN_pre v_LEN x0) (fun result -> f_PRFxN_post v_LEN x0 result); - f_shake128_init_absorb_pre:t_Array (t_Array u8 (sz 34)) v_K -> Type0; + f_shake128_init_absorb_pre:input: t_Array (t_Array u8 (sz 34)) v_K -> pred: Type0{true ==> pred}; f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; f_shake128_init_absorb:x0: t_Array (t_Array u8 (sz 34)) v_K -> Prims.Pure v_Self (f_shake128_init_absorb_pre x0) (fun result -> f_shake128_init_absorb_post x0 result); - f_shake128_squeeze_three_blocks_pre:v_Self -> Type0; + f_shake128_squeeze_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; f_shake128_squeeze_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) -> Type0; f_shake128_squeeze_three_blocks:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) (f_shake128_squeeze_three_blocks_pre x0) (fun result -> f_shake128_squeeze_three_blocks_post x0 result); - f_shake128_squeeze_block_pre:v_Self -> Type0; + f_shake128_squeeze_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; f_shake128_squeeze_block:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 62b324762..4ad3af6e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -54,7 +54,7 @@ class t_Variant (v_Self: Type0) = { {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> t_Slice u8 -> Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> bool; + -> Type0; f_kdf_post: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -63,7 +63,7 @@ class t_Variant (v_Self: Type0) = { t_Slice u8 -> Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> t_Array u8 (sz 32) - -> bool; + -> Type0; f_kdf: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -79,14 +79,14 @@ class t_Variant (v_Self: Type0) = { #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> t_Slice u8 - -> bool; + -> Type0; f_entropy_preprocess_post: v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> t_Slice u8 -> t_Array u8 (sz 32) - -> bool; + -> Type0; f_entropy_preprocess: v_K: usize -> #v_Hasher: Type0 -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index c5784bfea..3eae8cab8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -200,13 +200,7 @@ let ntt_at_layer_4_plus let _:Prims.unit = if true then - let _:Prims.unit = - if ~.(layer >=. sz 4 <: bool) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: layer >= 4" - <: - Rust_primitives.Hax.t_Never) - in + let _:Prims.unit = Hax_lib.v_assert (layer >=. sz 4 <: bool) in () in let step:usize = sz 1 <=. 0s + Hax_lib.v_assert (((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) >=. + 0s <: bool) && ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <. 4096s <: bool)) - then - Rust_primitives.Hax.never_to_any (Core.Panicking.panic "assertion failed: v.elements[i] >= 0 && v.elements[i] < 4096" - - <: - Rust_primitives.Hax.t_Never) in () in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index f28357683..2928b79ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -6,181 +6,181 @@ open FStar.Mul class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; - f_ZERO_pre:Prims.unit -> bool; - f_ZERO_post:Prims.unit -> v_Self -> bool; + f_ZERO_pre:Prims.unit -> Type0; + f_ZERO_post:Prims.unit -> v_Self -> Type0; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); - f_from_i16_array_pre:t_Slice i16 -> bool; - f_from_i16_array_post:t_Slice i16 -> v_Self -> bool; + f_from_i16_array_pre:t_Slice i16 -> Type0; + f_from_i16_array_post:t_Slice i16 -> v_Self -> Type0; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); - f_to_i16_array_pre:v_Self -> bool; - f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> bool; + f_to_i16_array_pre:v_Self -> Type0; + f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> Type0; f_to_i16_array:x0: v_Self -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); - f_add_pre:v_Self -> v_Self -> bool; - f_add_post:v_Self -> v_Self -> v_Self -> bool; + f_add_pre:v_Self -> v_Self -> Type0; + f_add_post:v_Self -> v_Self -> v_Self -> Type0; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); - f_sub_pre:v_Self -> v_Self -> bool; - f_sub_post:v_Self -> v_Self -> v_Self -> bool; + f_sub_pre:v_Self -> v_Self -> Type0; + f_sub_post:v_Self -> v_Self -> v_Self -> Type0; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); - f_multiply_by_constant_pre:v_Self -> i16 -> bool; - f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) (fun result -> f_multiply_by_constant_post x0 x1 result); - f_bitwise_and_with_constant_pre:v_Self -> i16 -> bool; - f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> bool; + f_bitwise_and_with_constant_pre:v_Self -> i16 -> Type0; + f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> Type0; f_bitwise_and_with_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); - f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> bool; - f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> bool; + f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> Type0; + f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v_Self -> bool; - f_cond_subtract_3329_post:v_Self -> v_Self -> bool; + f_cond_subtract_3329_pre:v_Self -> Type0; + f_cond_subtract_3329_post:v_Self -> v_Self -> Type0; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:v_Self -> bool; - f_barrett_reduce_post:v_Self -> v_Self -> bool; + f_barrett_reduce_pre:v_Self -> Type0; + f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); - f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> bool; - f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> bool; + f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:v_Self -> bool; - f_compress_1_post:v_Self -> v_Self -> bool; + f_compress_1_pre:v_Self -> Type0; + f_compress_1_post:v_Self -> v_Self -> Type0; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; - f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); - f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> bool; - f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> bool; + f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); - f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; - f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; - f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); - f_ntt_layer_3_step_pre:v_Self -> i16 -> bool; - f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) (fun result -> f_ntt_layer_3_step_post x0 x1 result); - f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> bool; - f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> bool; - f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> bool; + f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); - f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> bool; - f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> bool; + f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) (fun result -> f_inv_ntt_layer_3_step_post x0 x1 result); - f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> bool; - f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> bool; + f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:v_Self -> bool; - f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> bool; + f_serialize_1_pre:v_Self -> Type0; + f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> Type0; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:t_Slice u8 -> bool; - f_deserialize_1_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_1_pre:t_Slice u8 -> Type0; + f_deserialize_1_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:v_Self -> bool; - f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> bool; + f_serialize_4_pre:v_Self -> Type0; + f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> Type0; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:t_Slice u8 -> bool; - f_deserialize_4_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_4_pre:t_Slice u8 -> Type0; + f_deserialize_4_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:v_Self -> bool; - f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> bool; + f_serialize_5_pre:v_Self -> Type0; + f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:t_Slice u8 -> bool; - f_deserialize_5_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_5_pre:t_Slice u8 -> Type0; + f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:v_Self -> bool; - f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> bool; + f_serialize_10_pre:v_Self -> Type0; + f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> Type0; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:t_Slice u8 -> bool; - f_deserialize_10_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_10_pre:t_Slice u8 -> Type0; + f_deserialize_10_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:v_Self -> bool; - f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> bool; + f_serialize_11_pre:v_Self -> Type0; + f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:t_Slice u8 -> bool; - f_deserialize_11_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_11_pre:t_Slice u8 -> Type0; + f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:v_Self -> bool; - f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> bool; + f_serialize_12_pre:v_Self -> Type0; + f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> Type0; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:t_Slice u8 -> bool; - f_deserialize_12_post:t_Slice u8 -> v_Self -> bool; + f_deserialize_12_pre:t_Slice u8 -> Type0; + f_deserialize_12_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); - f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> bool; - f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> bool; + f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> Type0; + f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) (f_rej_sample_pre x0 x1) diff --git a/libcrux-ml-kem/src/hash_functions.rs b/libcrux-ml-kem/src/hash_functions.rs index f8801512c..3fafa2888 100644 --- a/libcrux-ml-kem/src/hash_functions.rs +++ b/libcrux-ml-kem/src/hash_functions.rs @@ -26,36 +26,42 @@ pub(crate) const THREE_BLOCKS: usize = BLOCK_SIZE * 3; #[hax_lib::attributes] pub(crate) trait Hash { /// G aka SHA3 512 - #[hax_lib::ensures(|result| + #[requires(true)] + #[ensures(|result| fstar!("$result == Spec.Utils.v_G $input")) ] fn G(input: &[u8]) -> [u8; G_DIGEST_SIZE]; /// H aka SHA3 256 - #[hax_lib::ensures(|result| + #[requires(true)] + #[ensures(|result| fstar!("$result == Spec.Utils.v_H $input")) ] fn H(input: &[u8]) -> [u8; H_DIGEST_SIZE]; /// PRF aka SHAKE256 - #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] - #[hax_lib::ensures(|result| + #[requires(fstar!("v $LEN < pow2 32"))] + #[ensures(|result| // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 fstar!("v $LEN < pow2 32 ==> $result == Spec.Utils.v_PRF $LEN $input")) ] fn PRF(input: &[u8]) -> [u8; LEN]; /// PRFxN aka N SHAKE256 + #[requires(true)] fn PRFxN(input: &[[u8; 33]; K]) -> [[u8; LEN]; K]; /// Create a SHAKE128 state and absorb the input. - fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self; + #[requires(true)] + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> Self; /// Squeeze 3 blocks out of the SHAKE128 state. - fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K]; + #[requires(true)] + fn shake128_squeeze_first_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K]; /// Squeeze 1 block out of the SHAKE128 state. - fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K]; + #[requires(true)] + fn shake128_squeeze_next_block(&mut self) -> [[u8; BLOCK_SIZE]; K]; } /// A portable implementation of [`Hash`] @@ -63,10 +69,7 @@ pub(crate) mod portable { use super::*; use libcrux_sha3::portable::{ self, - incremental::{ - shake128_absorb_final, shake128_init, shake128_squeeze_first_three_blocks, - shake128_squeeze_next_block, - }, + incremental, KeccakState, }; @@ -122,36 +125,36 @@ pub(crate) mod portable { } #[inline(always)] - fn shake128_init_absorb(input: [[u8; 34]; K]) -> PortableHash { + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> PortableHash { debug_assert!(K == 2 || K == 3 || K == 4); - let mut shake128_state = [shake128_init(); K]; + let mut shake128_state = [incremental::shake128_init(); K]; for i in 0..K { - shake128_absorb_final(&mut shake128_state[i], &input[i]); + incremental::shake128_absorb_final(&mut shake128_state[i], &input[i]); } PortableHash { shake128_state } } #[inline(always)] - fn shake128_squeeze_three_blocks( + fn shake128_squeeze_first_three_blocks( st: &mut PortableHash, ) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; THREE_BLOCKS]; K]; for i in 0..K { - shake128_squeeze_first_three_blocks(&mut st.shake128_state[i], &mut out[i]); + incremental::shake128_squeeze_first_three_blocks(&mut st.shake128_state[i], &mut out[i]); } out } #[inline(always)] - fn shake128_squeeze_block(st: &mut PortableHash) -> [[u8; BLOCK_SIZE]; K] { + fn shake128_squeeze_next_block(st: &mut PortableHash) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; for i in 0..K { - shake128_squeeze_next_block(&mut st.shake128_state[i], &mut out[i]); + incremental::shake128_squeeze_next_block(&mut st.shake128_state[i], &mut out[i]); } out } @@ -159,7 +162,7 @@ pub(crate) mod portable { #[hax_lib::attributes] impl Hash for PortableHash { // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| fstar!("$out == Spec.Utils.v_G $input")) ] #[inline(always)] @@ -168,7 +171,7 @@ pub(crate) mod portable { } // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| fstar!("$out == Spec.Utils.v_H $input")) ] #[inline(always)] @@ -176,9 +179,9 @@ pub(crate) mod portable { H(input) } - #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[requires(fstar!("v $LEN < pow2 32"))] // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input")) ] @@ -193,18 +196,18 @@ pub(crate) mod portable { } #[inline(always)] - fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { - shake128_init_absorb(input) + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> Self { + shake128_init_absorb_final(input) } #[inline(always)] - fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { - shake128_squeeze_three_blocks(self) + fn shake128_squeeze_first_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { + shake128_squeeze_first_three_blocks(self) } #[inline(always)] - fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { - shake128_squeeze_block(self) + fn shake128_squeeze_next_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { + shake128_squeeze_next_block(self) } } } @@ -300,7 +303,7 @@ pub(crate) mod avx2 { } #[inline(always)] - fn shake128_init_absorb(input: [[u8; 34]; K]) -> Simd256Hash { + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> Simd256Hash { debug_assert!(K == 2 || K == 3 || K == 4); let mut state = x4::incremental::init(); @@ -329,7 +332,7 @@ pub(crate) mod avx2 { } #[inline(always)] - fn shake128_squeeze_three_blocks( + fn shake128_squeeze_first_three_blocks( st: &mut Simd256Hash, ) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); @@ -367,7 +370,7 @@ pub(crate) mod avx2 { } #[inline(always)] - fn shake128_squeeze_block(st: &mut Simd256Hash) -> [[u8; BLOCK_SIZE]; K] { + fn shake128_squeeze_next_block(st: &mut Simd256Hash) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; let mut out0 = [0u8; BLOCK_SIZE]; @@ -405,7 +408,7 @@ pub(crate) mod avx2 { #[hax_lib::attributes] impl Hash for Simd256Hash { // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| fstar!("$out == Spec.Utils.v_G $input")) ] #[inline(always)] @@ -414,7 +417,7 @@ pub(crate) mod avx2 { } // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| fstar!("$out == Spec.Utils.v_H $input")) ] #[inline(always)] @@ -422,7 +425,7 @@ pub(crate) mod avx2 { H(input) } - #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[requires(fstar!("v $LEN < pow2 32"))] // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[hax_lib::ensures(|out| // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 @@ -439,18 +442,18 @@ pub(crate) mod avx2 { } #[inline(always)] - fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { - shake128_init_absorb(input) + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> Self { + shake128_init_absorb_final(input) } #[inline(always)] - fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { - shake128_squeeze_three_blocks(self) + fn shake128_squeeze_first_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { + shake128_squeeze_first_three_blocks(self) } #[inline(always)] - fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { - shake128_squeeze_block(self) + fn shake128_squeeze_next_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { + shake128_squeeze_next_block(self) } } } @@ -536,7 +539,7 @@ pub(crate) mod neon { } #[inline(always)] - fn shake128_init_absorb(input: [[u8; 34]; K]) -> Simd128Hash { + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> Simd128Hash { debug_assert!(K == 2 || K == 3 || K == 4); let mut state = [ x2::incremental::shake128_init(), @@ -563,7 +566,7 @@ pub(crate) mod neon { } #[inline(always)] - fn shake128_squeeze_three_blocks( + fn shake128_squeeze_first_three_blocks( st: &mut Simd128Hash, ) -> [[u8; THREE_BLOCKS]; K] { debug_assert!(K == 2 || K == 3 || K == 4); @@ -621,7 +624,7 @@ pub(crate) mod neon { } #[inline(always)] - fn shake128_squeeze_block(st: &mut Simd128Hash) -> [[u8; BLOCK_SIZE]; K] { + fn shake128_squeeze_next_block(st: &mut Simd128Hash) -> [[u8; BLOCK_SIZE]; K] { debug_assert!(K == 2 || K == 3 || K == 4); let mut out = [[0u8; BLOCK_SIZE]; K]; @@ -679,7 +682,7 @@ pub(crate) mod neon { #[hax_lib::attributes] impl Hash for Simd128Hash { // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| fstar!("$out == Spec.Utils.v_G $input")) ] #[inline(always)] @@ -688,7 +691,7 @@ pub(crate) mod neon { } // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| fstar!("$out == Spec.Utils.v_H $input")) ] #[inline(always)] @@ -696,9 +699,9 @@ pub(crate) mod neon { H(input) } - #[hax_lib::requires(fstar!("v $LEN < pow2 32"))] + #[requires(fstar!("v $LEN < pow2 32"))] // Output name has be `out` https://github.com/hacspec/hax/issues/832 - #[hax_lib::ensures(|out| + #[ensures(|out| // We need to repeat the pre-condition here because of https://github.com/hacspec/hax/issues/784 fstar!("v $LEN < pow2 32 ==> $out == Spec.Utils.v_PRF $LEN $input")) ] @@ -713,18 +716,18 @@ pub(crate) mod neon { } #[inline(always)] - fn shake128_init_absorb(input: [[u8; 34]; K]) -> Self { - shake128_init_absorb(input) + fn shake128_init_absorb_final(input: [[u8; 34]; K]) -> Self { + shake128_init_absorb_final(input) } #[inline(always)] - fn shake128_squeeze_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { - shake128_squeeze_three_blocks(self) + fn shake128_squeeze_first_three_blocks(&mut self) -> [[u8; THREE_BLOCKS]; K] { + shake128_squeeze_first_three_blocks(self) } #[inline(always)] - fn shake128_squeeze_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { - shake128_squeeze_block(self) + fn shake128_squeeze_next_block(&mut self) -> [[u8; BLOCK_SIZE]; K] { + shake128_squeeze_next_block(self) } } } diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index d71a0f8a1..81d126afa 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -77,8 +77,8 @@ pub(super) fn sample_from_xof( randomness, @@ -92,7 +92,7 @@ pub(super) fn sample_from_xof( randomness, &mut sampled_coefficients, From 2f0809587fbedd42aeb7a072b5555523a5771841 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 18:27:56 -0400 Subject: [PATCH 010/348] hash functions --- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 34 ++++----- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 34 ++++----- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 34 ++++----- .../Libcrux_ml_kem.Hash_functions.fsti | 31 ++++---- .../extraction/Libcrux_ml_kem.Sampling.fst | 6 +- .../proofs/fstar/extraction/Makefile | 76 +++++++++---------- 6 files changed, 108 insertions(+), 107 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index 24782ecde..a8bd8c939 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -35,16 +35,16 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) /// All other functions don\'t actually use any members. val t_Simd256Hash:Type0 -val shake128_init_absorb (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) : Prims.Pure t_Simd256Hash Prims.l_True (fun _ -> Prims.l_True) -val shake128_squeeze_block (v_K: usize) (st: t_Simd256Hash) - : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) +val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_Simd256Hash) + : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) -val shake128_squeeze_three_blocks (v_K: usize) (st: t_Simd256Hash) - : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) +val shake128_squeeze_next_block (v_K: usize) (st: t_Simd256Hash) + : Prims.Pure (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -75,35 +75,35 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd256Hash v_K = f_PRFxN = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input); - f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); - f_shake128_init_absorb_post + f_shake128_init_absorb_final_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); + f_shake128_init_absorb_final_post = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_Simd256Hash) -> true); - f_shake128_init_absorb + f_shake128_init_absorb_final = - (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb v_K input); - f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); - f_shake128_squeeze_three_blocks_post + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb_final v_K input); + f_shake128_squeeze_first_three_blocks_pre = (fun (self: t_Simd256Hash) -> true); + f_shake128_squeeze_first_three_blocks_post = (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); - f_shake128_squeeze_three_blocks + f_shake128_squeeze_first_three_blocks = (fun (self: t_Simd256Hash) -> let tmp0, out:(t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K) = - shake128_squeeze_three_blocks v_K self + shake128_squeeze_first_three_blocks v_K self in let self:t_Simd256Hash = tmp0 in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd256Hash & t_Array (t_Array u8 (sz 504)) v_K)); - f_shake128_squeeze_block_pre = (fun (self: t_Simd256Hash) -> true); - f_shake128_squeeze_block_post + f_shake128_squeeze_next_block_pre = (fun (self: t_Simd256Hash) -> true); + f_shake128_squeeze_next_block_post = (fun (self: t_Simd256Hash) (out1: (t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); - f_shake128_squeeze_block + f_shake128_squeeze_next_block = fun (self: t_Simd256Hash) -> let tmp0, out:(t_Simd256Hash & t_Array (t_Array u8 (sz 168)) v_K) = - shake128_squeeze_block v_K self + shake128_squeeze_next_block v_K self in let self:t_Simd256Hash = tmp0 in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index f98b621d1..b873275d4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -35,16 +35,16 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) /// All other functions don\'t actually use any members. val t_Simd128Hash:Type0 -val shake128_init_absorb (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) : Prims.Pure t_Simd128Hash Prims.l_True (fun _ -> Prims.l_True) -val shake128_squeeze_block (v_K: usize) (st: t_Simd128Hash) - : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) +val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_Simd128Hash) + : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) -val shake128_squeeze_three_blocks (v_K: usize) (st: t_Simd128Hash) - : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) +val shake128_squeeze_next_block (v_K: usize) (st: t_Simd128Hash) + : Prims.Pure (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -75,35 +75,35 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash t_Simd128Hash v_K = f_PRFxN = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input); - f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); - f_shake128_init_absorb_post + f_shake128_init_absorb_final_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); + f_shake128_init_absorb_final_post = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_Simd128Hash) -> true); - f_shake128_init_absorb + f_shake128_init_absorb_final = - (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb v_K input); - f_shake128_squeeze_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); - f_shake128_squeeze_three_blocks_post + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb_final v_K input); + f_shake128_squeeze_first_three_blocks_pre = (fun (self: t_Simd128Hash) -> true); + f_shake128_squeeze_first_three_blocks_post = (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)) -> true); - f_shake128_squeeze_three_blocks + f_shake128_squeeze_first_three_blocks = (fun (self: t_Simd128Hash) -> let tmp0, out:(t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K) = - shake128_squeeze_three_blocks v_K self + shake128_squeeze_first_three_blocks v_K self in let self:t_Simd128Hash = tmp0 in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_Simd128Hash & t_Array (t_Array u8 (sz 504)) v_K)); - f_shake128_squeeze_block_pre = (fun (self: t_Simd128Hash) -> true); - f_shake128_squeeze_block_post + f_shake128_squeeze_next_block_pre = (fun (self: t_Simd128Hash) -> true); + f_shake128_squeeze_next_block_post = (fun (self: t_Simd128Hash) (out1: (t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K)) -> true); - f_shake128_squeeze_block + f_shake128_squeeze_next_block = fun (self: t_Simd128Hash) -> let tmp0, out:(t_Simd128Hash & t_Array (t_Array u8 (sz 168)) v_K) = - shake128_squeeze_block v_K self + shake128_squeeze_next_block v_K self in let self:t_Simd128Hash = tmp0 in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index da802b2d0..e9cabe1c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -35,16 +35,16 @@ val v_PRFxN (v_K v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) /// All other functions don\'t actually use any members. val t_PortableHash (v_K: usize) : Type0 -val shake128_init_absorb (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) +val shake128_init_absorb_final (v_K: usize) (input: t_Array (t_Array u8 (sz 34)) v_K) : Prims.Pure (t_PortableHash v_K) Prims.l_True (fun _ -> Prims.l_True) -val shake128_squeeze_block (v_K: usize) (st: t_PortableHash v_K) - : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) +val shake128_squeeze_first_three_blocks (v_K: usize) (st: t_PortableHash v_K) + : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) Prims.l_True (fun _ -> Prims.l_True) -val shake128_squeeze_three_blocks (v_K: usize) (st: t_PortableHash v_K) - : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) +val shake128_squeeze_next_block (v_K: usize) (st: t_PortableHash v_K) + : Prims.Pure (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) Prims.l_True (fun _ -> Prims.l_True) @@ -75,43 +75,43 @@ let impl (v_K: usize) : Libcrux_ml_kem.Hash_functions.t_Hash (t_PortableHash v_K f_PRFxN = (fun (v_LEN: usize) (input: t_Array (t_Array u8 (sz 33)) v_K) -> v_PRFxN v_K v_LEN input); - f_shake128_init_absorb_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); - f_shake128_init_absorb_post + f_shake128_init_absorb_final_pre = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> true); + f_shake128_init_absorb_final_post = (fun (input: t_Array (t_Array u8 (sz 34)) v_K) (out: t_PortableHash v_K) -> true); - f_shake128_init_absorb + f_shake128_init_absorb_final = - (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb v_K input); - f_shake128_squeeze_three_blocks_pre = (fun (self: t_PortableHash v_K) -> true); - f_shake128_squeeze_three_blocks_post + (fun (input: t_Array (t_Array u8 (sz 34)) v_K) -> shake128_init_absorb_final v_K input); + f_shake128_squeeze_first_three_blocks_pre = (fun (self: t_PortableHash v_K) -> true); + f_shake128_squeeze_first_three_blocks_post = (fun (self: t_PortableHash v_K) (out1: (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K)) -> true); - f_shake128_squeeze_three_blocks + f_shake128_squeeze_first_three_blocks = (fun (self: t_PortableHash v_K) -> let tmp0, out:(t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K) = - shake128_squeeze_three_blocks v_K self + shake128_squeeze_first_three_blocks v_K self in let self:t_PortableHash v_K = tmp0 in let hax_temp_output:t_Array (t_Array u8 (sz 504)) v_K = out in self, hax_temp_output <: (t_PortableHash v_K & t_Array (t_Array u8 (sz 504)) v_K)); - f_shake128_squeeze_block_pre = (fun (self: t_PortableHash v_K) -> true); - f_shake128_squeeze_block_post + f_shake128_squeeze_next_block_pre = (fun (self: t_PortableHash v_K) -> true); + f_shake128_squeeze_next_block_post = (fun (self: t_PortableHash v_K) (out1: (t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K)) -> true); - f_shake128_squeeze_block + f_shake128_squeeze_next_block = fun (self: t_PortableHash v_K) -> let tmp0, out:(t_PortableHash v_K & t_Array (t_Array u8 (sz 168)) v_K) = - shake128_squeeze_block v_K self + shake128_squeeze_next_block v_K self in let self:t_PortableHash v_K = tmp0 in let hax_temp_output:t_Array (t_Array u8 (sz 168)) v_K = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 18e6814fa..8037424f4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -32,25 +32,26 @@ class t_Hash (v_Self: Type0) (v_K: usize) = { -> Prims.Pure (t_Array (t_Array u8 v_LEN) v_K) (f_PRFxN_pre v_LEN x0) (fun result -> f_PRFxN_post v_LEN x0 result); - f_shake128_init_absorb_pre:input: t_Array (t_Array u8 (sz 34)) v_K -> pred: Type0{true ==> pred}; - f_shake128_init_absorb_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; - f_shake128_init_absorb:x0: t_Array (t_Array u8 (sz 34)) v_K + f_shake128_init_absorb_final_pre:input: t_Array (t_Array u8 (sz 34)) v_K + -> pred: Type0{true ==> pred}; + f_shake128_init_absorb_final_post:t_Array (t_Array u8 (sz 34)) v_K -> v_Self -> Type0; + f_shake128_init_absorb_final:x0: t_Array (t_Array u8 (sz 34)) v_K -> Prims.Pure v_Self - (f_shake128_init_absorb_pre x0) - (fun result -> f_shake128_init_absorb_post x0 result); - f_shake128_squeeze_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; - f_shake128_squeeze_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) + (f_shake128_init_absorb_final_pre x0) + (fun result -> f_shake128_init_absorb_final_post x0 result); + f_shake128_squeeze_first_three_blocks_pre:self___: v_Self -> pred: Type0{true ==> pred}; + f_shake128_squeeze_first_three_blocks_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 504)) v_K) -> Type0; - f_shake128_squeeze_three_blocks:x0: v_Self + f_shake128_squeeze_first_three_blocks:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 504)) v_K) - (f_shake128_squeeze_three_blocks_pre x0) - (fun result -> f_shake128_squeeze_three_blocks_post x0 result); - f_shake128_squeeze_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; - f_shake128_squeeze_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; - f_shake128_squeeze_block:x0: v_Self + (f_shake128_squeeze_first_three_blocks_pre x0) + (fun result -> f_shake128_squeeze_first_three_blocks_post x0 result); + f_shake128_squeeze_next_block_pre:self___: v_Self -> pred: Type0{true ==> pred}; + f_shake128_squeeze_next_block_post:v_Self -> (v_Self & t_Array (t_Array u8 (sz 168)) v_K) -> Type0; + f_shake128_squeeze_next_block:x0: v_Self -> Prims.Pure (v_Self & t_Array (t_Array u8 (sz 168)) v_K) - (f_shake128_squeeze_block_pre x0) - (fun result -> f_shake128_squeeze_block_post x0 result) + (f_shake128_squeeze_next_block_pre x0) + (fun result -> f_shake128_squeeze_next_block_post x0 result) } /// The SHA3 block size. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index dff472b76..20253a46c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -329,13 +329,13 @@ let sample_from_xof Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat 0s (sz 272) <: t_Array i16 (sz 272)) v_K in let xof_state:v_Hasher = - Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb #v_Hasher + Libcrux_ml_kem.Hash_functions.f_shake128_init_absorb_final #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve seeds in let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 504)) v_K) = - Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_three_blocks #v_Hasher + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_first_three_blocks #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve xof_state @@ -368,7 +368,7 @@ let sample_from_xof temp_0_ in let tmp0, out1:(v_Hasher & t_Array (t_Array u8 (sz 168)) v_K) = - Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_block #v_Hasher + Libcrux_ml_kem.Hash_functions.f_shake128_squeeze_next_block #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve xof_state diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 741607975..724f655c0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -47,16 +47,46 @@ all: rm -f .depend && $(MAKE) .depend $(MAKE) verify -VERIFIED = -PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ - Libcrux_ml_kem.Constant_time_ops.fsti \ +VERIFIED = Libcrux_ml_kem.Types.fst \ + Libcrux_ml_kem.Types.fsti \ + Libcrux_ml_kem.Types.Unpacked.fsti \ Libcrux_ml_kem.Constants.fsti \ Libcrux_ml_kem.Hash_functions.Avx2.fsti \ Libcrux_ml_kem.Hash_functions.fsti \ Libcrux_ml_kem.Hash_functions.Neon.fsti \ - Libcrux_ml_kem.Hash_functions.Portable.fsti \ + Libcrux_ml_kem.Hash_functions.Portable.fsti + +PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ + Libcrux_ml_kem.Constant_time_ops.fsti \ + Libcrux_ml_kem.Utils.fst \ + Libcrux_ml_kem.Utils.fsti \ Libcrux_ml_kem.Ind_cca.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \ + Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ + Libcrux_ml_kem.Ind_cpa.fsti \ + Libcrux_ml_kem.Ind_cpa.Unpacked.fsti \ + Libcrux_ml_kem.Sampling.fsti \ + Libcrux_ml_kem.Serialize.fsti \ + Libcrux_ml_kem.Matrix.fsti \ + Libcrux_ml_kem.Polynomial.fsti \ + Libcrux_ml_kem.Ntt.fsti \ + Libcrux_ml_kem.Invert_ntt.fsti \ + Libcrux_ml_kem.Vector.Traits.fsti \ + Libcrux_ml_kem.Vector.Portable.fsti \ + Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti \ + Libcrux_ml_kem.Vector.Portable.Compress.fsti \ + Libcrux_ml_kem.Vector.Portable.Ntt.fsti \ + Libcrux_ml_kem.Vector.Portable.Sampling.fsti \ + Libcrux_ml_kem.Vector.Portable.Serialize.fsti \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fsti \ + Libcrux_ml_kem.Vector.Avx2.fsti \ + Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti \ + Libcrux_ml_kem.Vector.Avx2.Compress.fsti \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fsti \ + Libcrux_ml_kem.Vector.Avx2.Portable.fsti \ + Libcrux_ml_kem.Vector.Avx2.Sampling.fsti \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fsti \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \ Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti \ Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst \ Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti \ @@ -64,11 +94,6 @@ PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti \ Libcrux_ml_kem.Ind_cca.Multiplexing.fst \ Libcrux_ml_kem.Ind_cca.Multiplexing.fsti \ - Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ - Libcrux_ml_kem.Ind_cpa.fsti \ - Libcrux_ml_kem.Ind_cpa.Unpacked.fsti \ - Libcrux_ml_kem.Invert_ntt.fsti \ - Libcrux_ml_kem.Matrix.fsti \ Libcrux_ml_kem.Mlkem512.Avx2.fst \ Libcrux_ml_kem.Mlkem512.Avx2.fsti \ Libcrux_ml_kem.Mlkem512.fst \ @@ -93,38 +118,13 @@ PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Mlkem1024.Neon.fsti \ Libcrux_ml_kem.Mlkem1024.Portable.fst \ Libcrux_ml_kem.Mlkem1024.Portable.fsti \ - Libcrux_ml_kem.Ntt.fsti \ - Libcrux_ml_kem.Polynomial.fsti \ - Libcrux_ml_kem.Sampling.fsti \ - Libcrux_ml_kem.Serialize.fsti \ - Libcrux_ml_kem.Types.fst \ - Libcrux_ml_kem.Types.fsti \ - Libcrux_ml_kem.Types.Unpacked.fsti \ - Libcrux_ml_kem.Utils.fst \ - Libcrux_ml_kem.Utils.fsti \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Avx2.Compress.fsti \ - Libcrux_ml_kem.Vector.Avx2.fsti \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fsti \ - Libcrux_ml_kem.Vector.Avx2.Portable.fsti \ - Libcrux_ml_kem.Vector.Avx2.Sampling.fsti \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti \ Libcrux_ml_kem.Vector.Neon.Compress.fsti \ Libcrux_ml_kem.Vector.Neon.fsti \ Libcrux_ml_kem.Vector.Neon.Ntt.fsti \ Libcrux_ml_kem.Vector.Neon.Serialize.fsti \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fsti \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Portable.Compress.fsti \ - Libcrux_ml_kem.Vector.Portable.fsti \ - Libcrux_ml_kem.Vector.Portable.Ntt.fsti \ - Libcrux_ml_kem.Vector.Portable.Sampling.fsti \ - Libcrux_ml_kem.Vector.Portable.Serialize.fsti \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fsti \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Vector.Traits.fsti - + Libcrux_ml_kem.Vector.Neon.Vector_type.fsti + UNVERIFIED = $(filter-out $(PANIC_FREE),$(wildcard *.fst)) VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) @@ -138,7 +138,7 @@ ROOTS = $(UNVERIFIED) $(PANIC_FREE) $(VERIFIED) FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives \ $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) \ ../spec/ \ - ../../../../sys/platform/proofs/fstar/extraction/ \ + ../../../../sys/platform/proofs/fstar/extraction/ \ ../../../../libcrux-intrinsics/proofs/fstar/extraction/ \ ../../../../libcrux-sha3/proofs/fstar/extraction/ From 4ab49a70349e622a883d9b4e33c2d134a9f748fa Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 18:47:30 -0400 Subject: [PATCH 011/348] utils --- .../proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti | 5 ++++- libcrux-ml-kem/src/utils.rs | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index df9ce411d..d21c8e3b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -7,4 +7,7 @@ open FStar.Mul val into_padded_array (v_LEN: usize) (slice: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) (requires (Core.Slice.impl__len #u8 slice <: usize) <=. v_LEN) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 v_LEN = result in + result == Seq.append slice (Seq.create (v v_LEN - v Core.Slice.impl__len #u8 slice) 0uy)) diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index 3c3be2bcc..bfdc019db 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -8,6 +8,8 @@ #[cfg_attr(hax, hax_lib::requires( slice.len() <= LEN ))] +#[cfg_attr(hax, hax_lib::ensures(|result| + fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v ${slice.len()}) 0uy)")))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); From 2f0be218920f6a03bdbd9f70d82a0c3bb909641b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 21:15:53 -0400 Subject: [PATCH 012/348] utils verified --- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 17 +++++++++++++++++ .../fstar/extraction/Libcrux_ml_kem.Utils.fsti | 3 ++- libcrux-ml-kem/src/utils.rs | 7 ++++++- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 7af62082c..6ee03cd7f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -26,4 +26,21 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = <: t_Slice u8) in + let _:Prims.unit = assert (Seq.slice out 0 (Seq.length slice) == slice) in + let _:Prims.unit = + assert (Seq.slice out (Seq.length slice) (v v_LEN) == + Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN)) + in + let _:Prims.unit = + assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i) + in + let _:Prims.unit = + assert (forall i. + (i >= Seq.length slice && i < v v_LEN) ==> + Seq.index out i == + Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice)) + in + let _:Prims.unit = + Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy)) + in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index d21c8e3b5..2184222c0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -10,4 +10,5 @@ val into_padded_array (v_LEN: usize) (slice: t_Slice u8) (ensures fun result -> let result:t_Array u8 v_LEN = result in - result == Seq.append slice (Seq.create (v v_LEN - v Core.Slice.impl__len #u8 slice) 0uy)) + result == Seq.append slice (Seq.create (v v_LEN - v (Core.Slice.impl__len #u8 slice)) 0uy) + ) diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index bfdc019db..62590aa13 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -9,10 +9,15 @@ slice.len() <= LEN ))] #[cfg_attr(hax, hax_lib::ensures(|result| - fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v ${slice.len()}) 0uy)")))] + fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v (${slice.len()})) 0uy)")))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); + hax_lib::fstar!("assert (Seq.slice out 0 (Seq.length slice) == slice)"); + hax_lib::fstar!("assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN))"); + hax_lib::fstar!("assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i)"); + hax_lib::fstar!("assert (forall i. (i >= Seq.length slice && i < v v_LEN) ==> Seq.index out i == Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice))"); + hax_lib::fstar!("Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy))"); out } From 6719f1bbb67920af8e07d508a1760a8f098746a7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 21:16:21 -0400 Subject: [PATCH 013/348] utils verified --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 724f655c0..10feefae2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -54,12 +54,12 @@ VERIFIED = Libcrux_ml_kem.Types.fst \ Libcrux_ml_kem.Hash_functions.Avx2.fsti \ Libcrux_ml_kem.Hash_functions.fsti \ Libcrux_ml_kem.Hash_functions.Neon.fsti \ - Libcrux_ml_kem.Hash_functions.Portable.fsti + Libcrux_ml_kem.Hash_functions.Portable.fsti \ + Libcrux_ml_kem.Utils.fst \ + Libcrux_ml_kem.Utils.fsti PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Constant_time_ops.fsti \ - Libcrux_ml_kem.Utils.fst \ - Libcrux_ml_kem.Utils.fsti \ Libcrux_ml_kem.Ind_cca.fsti \ Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ Libcrux_ml_kem.Ind_cpa.fsti \ From ac32f03e42694ff4cc67922c066a3ebeebfc27b0 Mon Sep 17 00:00:00 2001 From: mamonet Date: Thu, 8 Aug 2024 10:20:27 +0000 Subject: [PATCH 014/348] Update hax-lib in libcrux-ml-kem/Cargo.toml --- libcrux-ml-kem/Cargo.toml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index ffa0fa14a..9774fe22a 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -23,10 +23,7 @@ rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } - -# This is only required for verification, but we are setting it as default until some hax attributes are fixed -hax-lib = { path = "../../hax/hax-lib" } -#hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax" } [features] # By default all variants and std are enabled. From 5665ef2049091bb30b763aef153a02924f8bca8a Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 07:32:06 -0400 Subject: [PATCH 015/348] git hax-lib --- Cargo.lock | 141 +++++++++++++++++++------------------- libcrux-ml-kem/Cargo.toml | 3 +- 2 files changed, 73 insertions(+), 71 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bf4d38ec7..d59075911 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,7 +63,7 @@ version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -73,7 +73,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" dependencies = [ "anstyle", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.6" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35723e6a11662c2afb578bcf0b88bf6ea8e21282a953428f240574fcc3a2b5b3" +checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49eb96cbfa7cfa35017b7cd548c75b14c3118c98b423041d70562665e07fb0fa" +checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" dependencies = [ "anstream", "anstyle", @@ -311,9 +311,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d029b67f89d30bbb547c89fd5161293c0aec155fc691d7924b64550662db93e" +checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" dependencies = [ "heck", "proc-macro2", @@ -532,9 +532,9 @@ dependencies = [ [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "ecdsa" @@ -607,7 +607,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -701,16 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -dependencies = [ - "hax-lib-macros 0.1.0-pre.1", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -720,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -730,21 +721,10 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.72", -] - -[[package]] -name = "hax-lib-macros" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "paste", "proc-macro-error", "proc-macro2", "quote", @@ -754,9 +734,10 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "paste", "proc-macro-error", "proc-macro2", "quote", @@ -766,6 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "proc-macro2", "quote", @@ -777,19 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - -[[package]] -name = "hax-lib-macros-types" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "proc-macro2", "quote", @@ -843,7 +813,7 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -869,7 +839,7 @@ checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" dependencies = [ "hermit-abi", "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1069,7 +1039,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1357,9 +1327,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] [[package]] name = "pqcrypto-dilithium" @@ -1550,9 +1523,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.5" +version = "1.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" +checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" dependencies = [ "aho-corasick", "memchr", @@ -1599,7 +1572,7 @@ dependencies = [ "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1627,7 +1600,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1673,18 +1646,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" dependencies = [ "proc-macro2", "quote", @@ -1693,9 +1666,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.121" +version = "1.0.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ab380d7d9f22ef3f21ad3e6c1ebe8e4fc7a2000ccba2e4d71fc96f15b2cb609" +checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" dependencies = [ "itoa", "memchr", @@ -2001,11 +1974,11 @@ dependencies = [ [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys", + "windows-sys 0.59.0", ] [[package]] @@ -2017,6 +1990,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" version = "0.52.6" @@ -2105,6 +2087,27 @@ dependencies = [ "zeroize", ] +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.72", +] + [[package]] name = "zeroize" version = "1.8.1" diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index ffa0fa14a..99424ea5b 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -25,8 +25,7 @@ libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } # This is only required for verification, but we are setting it as default until some hax attributes are fixed -hax-lib = { path = "../../hax/hax-lib" } -#hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [features] # By default all variants and std are enabled. From fa995d2fe2175ef5f28942d0e9051841873b4b1d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 07:32:41 -0400 Subject: [PATCH 016/348] lock --- Cargo.lock | 52 +++++++--------------------------------------------- 1 file changed, 7 insertions(+), 45 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bf4d38ec7..a40865e5f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -698,15 +698,6 @@ dependencies = [ "crunchy", ] -[[package]] -name = "hax-lib" -version = "0.1.0-pre.1" -dependencies = [ - "hax-lib-macros 0.1.0-pre.1", - "num-bigint", - "num-traits", -] - [[package]] name = "hax-lib" version = "0.1.0-pre.1" @@ -720,25 +711,13 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax#d6cc1888b7633df221e388823f9f9e5bebf42b9e" dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "num-bigint", "num-traits", ] -[[package]] -name = "hax-lib-macros" -version = "0.1.0-pre.1" -dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.72", -] - [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" @@ -754,26 +733,15 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax#d6cc1888b7633df221e388823f9f9e5bebf42b9e" dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "proc-macro-error", "proc-macro2", "quote", "syn 2.0.72", ] -[[package]] -name = "hax-lib-macros-types" -version = "0.1.0-pre.1" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" @@ -789,7 +757,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax#d6cc1888b7633df221e388823f9f9e5bebf42b9e" dependencies = [ "proc-macro2", "quote", @@ -1069,7 +1037,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1116,7 +1084,7 @@ version = "0.0.2-alpha.3" dependencies = [ "cavp", "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1285,12 +1253,6 @@ dependencies = [ "sha2", ] -[[package]] -name = "paste" -version = "1.0.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" - [[package]] name = "pem-rfc7468" version = "0.7.0" From 5aa9c4bc7883d37eafd38bb447a847e568473c2b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 07:55:37 -0400 Subject: [PATCH 017/348] lock --- Cargo.lock | 113 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 77 insertions(+), 36 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a40865e5f..281693ce8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -63,7 +63,7 @@ version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6d36fc52c7f6c869915e99412912f22093507da8d9e942ceaf66fe4b7c14422a" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -73,7 +73,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5bf74e1b6e971609db8ca7a9ce79fd5768ab6ae46441c572e46cf596f59e57f8" dependencies = [ "anstyle", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.6" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2aba8f4e9906c7ce3c73463f62a7f0c65183ada1a2d47e397cc8810827f9694f" +checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35723e6a11662c2afb578bcf0b88bf6ea8e21282a953428f240574fcc3a2b5b3" +checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "49eb96cbfa7cfa35017b7cd548c75b14c3118c98b423041d70562665e07fb0fa" +checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" dependencies = [ "anstream", "anstyle", @@ -311,9 +311,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.11" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d029b67f89d30bbb547c89fd5161293c0aec155fc691d7924b64550662db93e" +checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" dependencies = [ "heck", "proc-macro2", @@ -532,9 +532,9 @@ dependencies = [ [[package]] name = "dunce" -version = "1.0.4" +version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56ce8c6da7551ec6c462cbaf3bfbc75131ebbfa1c944aeaa9dab51ca1c5f0c3b" +checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813" [[package]] name = "ecdsa" @@ -607,7 +607,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "534c5cf6194dfab3db3242765c03bbe257cf92f22b38f6bc0c58d59108a820ba" dependencies = [ "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "num-bigint", @@ -721,9 +721,10 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "paste", "proc-macro-error", "proc-macro2", "quote", @@ -733,9 +734,10 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", + "paste", "proc-macro-error", "proc-macro2", "quote", @@ -745,7 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "proc-macro2", "quote", @@ -757,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#d6cc1888b7633df221e388823f9f9e5bebf42b9e" +source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "proc-macro2", "quote", @@ -811,7 +813,7 @@ version = "0.5.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5" dependencies = [ - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -837,7 +839,7 @@ checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" dependencies = [ "hermit-abi", "libc", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1253,6 +1255,12 @@ dependencies = [ "sha2", ] +[[package]] +name = "paste" +version = "1.0.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" + [[package]] name = "pem-rfc7468" version = "0.7.0" @@ -1319,9 +1327,12 @@ dependencies = [ [[package]] name = "ppv-lite86" -version = "0.2.17" +version = "0.2.20" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] [[package]] name = "pqcrypto-dilithium" @@ -1512,9 +1523,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.10.5" +version = "1.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f" +checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619" dependencies = [ "aho-corasick", "memchr", @@ -1561,7 +1572,7 @@ dependencies = [ "libc", "spin", "untrusted", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1589,7 +1600,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys", + "windows-sys 0.52.0", ] [[package]] @@ -1635,18 +1646,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.204" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" +checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.204" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" +checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" dependencies = [ "proc-macro2", "quote", @@ -1655,9 +1666,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.121" +version = "1.0.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ab380d7d9f22ef3f21ad3e6c1ebe8e4fc7a2000ccba2e4d71fc96f15b2cb609" +checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" dependencies = [ "itoa", "memchr", @@ -1963,11 +1974,11 @@ dependencies = [ [[package]] name = "winapi-util" -version = "0.1.8" +version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4d4cc384e1e73b93bafa6fb4f1df8c41695c8a91cf9c4c64358067d15a7b6c6b" +checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys", + "windows-sys 0.59.0", ] [[package]] @@ -1979,6 +1990,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + [[package]] name = "windows-targets" version = "0.52.6" @@ -2067,6 +2087,27 @@ dependencies = [ "zeroize", ] +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.72", +] + [[package]] name = "zeroize" version = "1.8.1" From 96cfa0886ee923b9d2e865d62b0677f3e1816eef Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 08:37:33 -0400 Subject: [PATCH 018/348] c code refresh --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 269 +- .../c/internal/libcrux_mlkem_neon.h | 30 +- .../c/internal/libcrux_mlkem_portable.h | 74 +- .../c/internal/libcrux_sha3_internal.h | 88 +- libcrux-ml-kem/c/libcrux_core.c | 357 +- libcrux-ml-kem/c/libcrux_core.h | 124 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 110 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 112 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 108 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8568 +----------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 534 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9534 +++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 579 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 4375 ++++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 270 +- libcrux-ml-kem/c/libcrux_sha3.h | 75 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2546 +--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 68 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 820 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3560 ++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 66 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 191 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 19 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5958 +-------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 10826 ++++++++++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2754 +--- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5885 +++++++-- 41 files changed, 31371 insertions(+), 27049 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 89de62066..51ea8bdfc 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f +F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 +Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 1bfc0666f..9768fe0bb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __internal_libcrux_core_H @@ -23,8 +23,6 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -73,11 +71,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( + uint8_t value[800U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -85,12 +86,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -99,10 +100,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -111,21 +112,24 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( + uint8_t value[768U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -134,18 +138,21 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]); /** This function found in impl {(core::convert::From<@Array> for @@ -154,11 +161,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( + uint8_t value[1568U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -166,12 +176,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -180,10 +190,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -192,21 +202,24 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( - uint8_t value[1088U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( + uint8_t value[1568U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -215,18 +228,21 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -235,11 +251,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( + uint8_t value[1184U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -247,12 +266,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -261,10 +280,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -273,28 +292,34 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( - uint8_t value[768U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( + uint8_t value[1088U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -320,12 +345,15 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -335,95 +363,42 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 800 + Pad the `slice` with `0`s at the end. */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]); - /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 64 -*/ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, - uint8_t ret[64U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - +- LEN= 1120 */ -typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]); /** -This function found in impl {core::result::Result} + Pad the `slice` with `0`s at the end. */ /** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - +A monomorphic instance of libcrux_ml_kem.utils.into_padded_array +with const generics +- LEN= 64 */ -typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, + uint8_t ret[64U]); /** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; /** A monomorphic instance of core.result.Result @@ -448,10 +423,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 57231a2ff..d94069a73 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,6 +48,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -184,6 +192,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -320,6 +336,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7e3c47929..37876592f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,8 +53,16 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -69,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -113,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -139,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -165,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_711( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -177,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -193,8 +201,16 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); + +/** + Packed API + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -209,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -230,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -253,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -279,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -305,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -317,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -333,8 +349,16 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); + +/** + Packed API + + Generate a key pair. + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -349,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -370,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -393,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -419,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -445,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c2e703c10..dfbb1098a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,23 +24,22 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_absorb_final_25(s, buf); } /** @@ -51,7 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -59,22 +58,35 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); +} + +/** + Squeeze another block +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); } #define libcrux_sha3_Sha224 0 @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -134,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +157,77 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 4aaba94d8..d714c9f78 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,6 +28,10 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; @@ -43,6 +50,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -85,17 +96,20 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -103,14 +117,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -120,14 +133,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -138,27 +151,30 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -169,22 +185,25 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -192,7 +211,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -202,17 +221,20 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -220,14 +242,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -237,14 +259,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -255,27 +277,30 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -286,22 +311,25 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -309,7 +337,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -319,17 +347,20 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -337,13 +368,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -353,14 +385,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -371,36 +403,42 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -433,12 +471,15 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +499,25 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,15 +525,18 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,66 +549,6 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a389c7bb3..7842067cd 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_core_H @@ -49,6 +49,64 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -145,64 +203,6 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index f2f030801..2aeff4211 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 8f38be0c7..75b144194 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_6b( return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( return encapsulate_6b(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_1c( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( return encapsulate_unpacked_1c(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -175,6 +218,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -182,6 +228,9 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_91(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -201,6 +250,9 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -209,6 +261,9 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_87(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -221,6 +276,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index dc1d1a4be..2e9f988ca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index e8cd5bbc6..f826f0791 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,20 +38,30 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_3e( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_3e(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -70,18 +83,25 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_81( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_81(private_key, ciphertext, ret); } /** @@ -101,24 +121,34 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + return encapsulate_48(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -137,16 +167,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_ac( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { @@ -154,9 +194,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, uu____1); + return encapsulate_unpacked_ac(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -169,20 +212,26 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + return generate_keypair_6e(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -196,20 +245,26 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_f5(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); + return generate_keypair_unpacked_f5(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,14 +273,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_2a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_2a1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c147a8fdd..1b1312882 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 67291c9bf..27da4b08a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 906114e72..9dcf9e340 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_f8( return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( return encapsulate_f8(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_ce( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( return encapsulate_unpacked_ce(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1a(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_38(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 67f26b584..c294c837f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem512_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index a14d6bc00..822f1abca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,18 +38,28 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); +static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_3f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_73( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_73(private_key, ciphertext, ret); } /** @@ -97,24 +117,34 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, uu____1); + return encapsulate_10(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -133,16 +163,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_49( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { @@ -150,9 +188,12 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, uu____1); + return encapsulate_unpacked_49(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -165,20 +206,26 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + return generate_keypair_f9(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -192,20 +239,26 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_d6(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(uu____0); + return generate_keypair_unpacked_d6(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -214,14 +267,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_2a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_2a0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 08df65733..206d5dddf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index d3208577f..170195f36 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index f7f161a44..45be1613b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_ea( return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( return encapsulate_ea(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_29( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( return encapsulate_unpacked_29(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1b(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_42(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 4bbf14bf5..1f07bf56a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem768_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index af58efd18..3aa396cb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,18 +38,28 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_03( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_03(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_69( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_69(private_key, ciphertext, ret); } /** @@ -97,24 +117,34 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, uu____1); + return encapsulate_4b(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -133,16 +163,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -150,9 +188,12 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, uu____1); + return encapsulate_unpacked_10(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -165,20 +206,26 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + return generate_keypair_64(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -192,20 +239,26 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_c5(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(uu____0); + return generate_keypair_unpacked_c5(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -214,14 +267,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_2a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_2a(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ea8485ac0..0554a4336 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index fe9ab1671..0e9d3bd4f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,18 +4,14 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_mlkem_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -34,8557 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_98(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -static core_core_arch_x86___m256i shift_right_ea_92( - core_core_arch_x86___m256i vector) { - return shift_right_98(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static core_core_arch_x86___m256i to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_92(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_d01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_6b1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_1b1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_b01( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca1(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a21( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_971( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i to_standard_domain_42( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_6c1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e31( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_d01( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_001( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i decompress_1_91( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i compress_ea_80( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i compress_ea_800( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_841( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i compress_ea_801( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i compress_ea_802( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_881( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_55(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_550(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_551(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_552(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_201( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c41( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_d00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d0(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_6b0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_1b0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_b00( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca0(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a20( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_6c0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e30( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_d00( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_000( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_880( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_100(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_8c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_200( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_6b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_1b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_b0( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - uint8_t out3[192U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_e3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_20( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index a43dc2228..0ac3403ae 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem_avx2_H @@ -20,9 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -30,530 +28,6 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 751ef2e27..860605a54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,14 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ -#include "libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +33,9524 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right_d3(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_701( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_5d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + deserialize_ring_elements_reduced_a64( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_701( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] + +*/ +typedef struct tuple_4c0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; +} tuple_4c0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static void closure_de1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; +} Simd128Hash; + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( + Simd128Hash *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( + Simd128Hash *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_b71(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( + Simd128Hash *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( + Simd128Hash *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_7d1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_c01( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e63( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_48_ad1(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e64( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_d51(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_481( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_de1(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; + sample_from_xof_c01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_891(input, ret); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_27(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_48_a91(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c0( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_951( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c0 generate_keypair_unpacked_ff1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_771(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_481(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_891( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_701( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( + Eurydice_slice key_generation_seed) { + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_701(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d81( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_851(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_161(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_d81( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c1( + uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_892(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c3(randomness); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_48_a92(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_621( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + invert_ntt_montgomery_621(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_message_23(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_af(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_af(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_af(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_af(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_af(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_43(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_ca0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_af0(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_af0(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_af0(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_af0(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_af0(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_430(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_ca0(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_af1(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_af1(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_af1(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_af1(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_af1(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_431(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_af2(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_af2(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_af2(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_af2(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_af2(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_432(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_4_21(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_541( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; + compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d71( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_201(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + deserialize_ring_elements_reduced_a63( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_481(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c71( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_851(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_201(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_631(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_7a(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_7a(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_7a(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_7a(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_7a(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_21( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_10_81(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_21(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_7a0(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_7a0(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_7a0(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_7a0(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_7a0(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_210( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_11_6b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_210(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { + return deserialize_then_decompress_10_81(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_3c0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_331( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + ntt_vector_u_3c0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_7a1(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_7a1(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_7a1(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_7a1(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_7a1(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_211( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_4_60(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_211(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_7a2(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_7a2(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_7a2(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_7a2(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_7a2(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_212( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_5_25(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { + return deserialize_then_decompress_4_60(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_d61( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + deserialize_then_decompress_u_331(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_440( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f1( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + deserialize_secret_key_4f1(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_821( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_631( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_631(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_5d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + deserialize_ring_elements_reduced_a62( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static void closure_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( + Simd128Hash *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( + Simd128Hash *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_b70(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( + Simd128Hash *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( + Simd128Hash *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_7d0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_c00( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e61( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_48_ad0(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e62( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_d50(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_480( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_de0(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + sample_from_xof_c00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_890(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_950( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_ff0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_770(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_480(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_890( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_700( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d80( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_850(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_160(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_d80( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_620( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + invert_ntt_montgomery_620(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_540( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d70( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + deserialize_ring_elements_reduced_a61( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_480(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c70( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_850(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_630(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_330( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + ntt_vector_u_3c0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_d60( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + deserialize_then_decompress_u_330(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_440( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f0( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + deserialize_secret_key_4f0(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_820( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_630( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_630(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static void closure_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( + Simd128Hash *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( + Simd128Hash *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_b7(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( + Simd128Hash *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( + Simd128Hash *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_7d(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_c0( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_48_ad(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_d5(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_de(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; + sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_89(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_85(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c0( + uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + invert_ntt_montgomery_62(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_55(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_84(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_5_2b(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; + compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d7( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_200(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c7( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_85(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_200(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_63(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { + return deserialize_then_decompress_11_6b(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_3c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_33( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); + ntt_vector_u_3c(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { + return deserialize_then_decompress_5_25(serialized); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_d6( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + deserialize_then_decompress_u_33(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_44( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + deserialize_secret_key_4f(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_82( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_63( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_63(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index f82784d70..a9d9f68b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem_neon_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -28,6 +29,576 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 507d406be..dad0b9eb3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "internal/libcrux_mlkem_portable.h" @@ -68,6 +68,123 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -93,192 +210,227 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_11_0d( +void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - (int16_t)7) + (int16_t)3) << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - (int16_t)63) - << 5U | + (int16_t)15) + << 6U | (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & - (int16_t)127) + (int16_t)63) << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) >> 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) >> - 5U; + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -290,35 +442,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, Eurydice_slice)); int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); @@ -346,548 +476,252 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1018,6 +852,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +900,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,8 +932,19 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( (int32_t)fe * (int32_t)fer); @@ -1102,6 +974,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1268,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1442,346 +1358,44 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( result[uu____0] = (uint32_t)result[uu____0] | (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); KRML_MAYBE_FOR8(i, (size_t)8U, (size_t)16U, (size_t)1U, size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = (uint32_t)result[uu____1] | - (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); + size_t uu____1 = (size_t)1U; + result[uu____1] = (uint32_t)result[uu____1] | + (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U);); + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + KRML_MAYBE_FOR8( + i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; } /** @@ -1789,8 +1403,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } KRML_MUSTINLINE uint8_t_x5 @@ -1840,149 +1513,43 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, Eurydice_slice)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } KRML_MUSTINLINE uint8_t_x3 @@ -2233,7 +1800,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2254,6 +1821,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2261,8 +1834,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2280,6 +1853,12 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2287,12 +1866,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2304,7 +1883,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2318,7 +1897,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2337,8 +1916,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_83(v); } /** @@ -2348,10 +1927,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2364,14 +1943,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_af(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2385,6 +1964,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2392,7 +1974,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2411,7 +1993,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2420,6 +2002,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2428,7 +2013,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2436,7 +2021,7 @@ static KRML_MUSTINLINE void serialize_public_key_801( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_e81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2457,15 +2042,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_524( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2496,7 +2081,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2507,10 +2092,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -2524,11 +2109,12 @@ typedef struct PortableHash_d1_s { /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const +generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_411(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2553,24 +2139,24 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_751(uu____0); + return shake128_init_absorb_final_411(uu____0); } /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const -generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with +const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2588,15 +2174,56 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with -const generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 +with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_101(self, ret); -} - + shake128_squeeze_first_three_blocks_541(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2604,7 +2231,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2639,12 +2266,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, - uint8_t ret[4U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_next_block_881( + PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( @@ -2660,15 +2287,56 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_ed1(self, ret); -} - + shake128_squeeze_next_block_881(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2676,7 +2344,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2720,8 +2388,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_48(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2742,9 +2410,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2755,29 +2423,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_f61( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_111(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( + bool done = sample_from_uniform_distribution_next_023( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_c11(&xof_state, randomness); + shake128_squeeze_next_block_f1_681(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( + done = sample_from_uniform_distribution_next_024( uu____2, sampled_coefficients, out); } } @@ -2785,7 +2453,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_131(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2798,12 +2466,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2816,7 +2484,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_f61(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2855,7 +2523,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2877,11 +2545,60 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_632(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2889,7 +2606,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2925,7 +2642,7 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2936,7 +2653,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2971,7 +2688,7 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2982,8 +2699,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_e3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c8(randomness); } /** @@ -2992,7 +2709,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3000,9 +2717,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3021,7 +2737,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3035,12 +2751,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3054,7 +2770,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3067,7 +2783,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3084,7 +2800,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3102,18 +2818,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3122,12 +2838,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3137,7 +2853,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3150,7 +2866,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3168,19 +2884,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3190,11 +2910,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3205,14 +2925,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + PRFxN_f1_772(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_e3( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3225,6 +2943,33 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3236,9 +2981,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3261,6 +3006,10 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3271,7 +3020,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3298,7 +3047,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3314,14 +3063,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3330,20 +3079,23 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3366,16 +3118,57 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3385,10 +3178,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_111(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3396,14 +3189,14 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_551(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3414,10 +3207,10 @@ static tuple_540 generate_keypair_unpacked_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3466,10 +3259,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_f21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -3482,7 +3275,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3504,7 +3297,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3522,7 +3315,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3531,18 +3324,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3552,13 +3345,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3598,18 +3391,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, + serialize_public_key_9a1(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3620,6 +3413,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3627,7 +3423,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_6b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3656,7 +3452,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_af1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3675,6 +3471,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3689,7 +3493,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3699,13 +3503,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_e81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( + serialize_kem_secret_key_6b( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3714,14 +3518,17 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_05_e00(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_17_2c0( + uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3732,10 +3539,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3746,11 +3553,11 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3770,7 +3577,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3788,9 +3595,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -3799,12 +3606,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3814,7 +3621,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3823,18 +3630,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3843,7 +3650,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3863,7 +3670,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3871,7 +3678,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3883,7 +3690,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3898,7 +3705,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3915,18 +3722,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -3939,7 +3746,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3957,20 +3764,23 @@ static KRML_MUSTINLINE void add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3992,11 +3802,11 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d41(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4010,7 +3820,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4024,8 +3834,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4035,7 +3845,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4051,7 +3861,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4074,6 +3884,9 @@ add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4081,18 +3894,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -4102,7 +3915,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4123,9 +3936,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_94(v); } /** @@ -4134,7 +3947,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4156,8 +3969,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_940(v); } /** @@ -4166,14 +3979,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4194,13 +4007,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_2d0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4210,7 +4026,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_251( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4228,7 +4044,7 @@ static void compress_then_serialize_u_241( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_d80(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4242,7 +4058,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4264,8 +4080,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_941(v); } /** @@ -4274,14 +4090,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4299,7 +4115,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4321,8 +4137,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_942(v); } /** @@ -4331,14 +4147,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4357,11 +4173,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); -} - + compress_then_serialize_5_b9(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4380,14 +4237,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_651( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4395,7 +4252,7 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4403,32 +4260,32 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( + PRF_f1_6f4( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( + compress_then_serialize_u_251( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( + compress_then_serialize_ring_element_v_d60( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4454,11 +4311,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4470,7 +4327,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4484,7 +4341,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -4493,7 +4350,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_01_200(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4512,7 +4369,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4521,6 +4378,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4528,12 +4391,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4545,7 +4408,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4571,10 +4434,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( + deserialize_ring_elements_reduced_523( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4582,8 +4445,8 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_551(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4613,7 +4476,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4628,7 +4491,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4656,15 +4519,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( + entropy_preprocess_af_a1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4672,8 +4535,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + H_f1_af1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4681,7 +4544,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4691,18 +4554,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_01_200(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4719,7 +4582,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4744,9 +4607,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_41(v); } /** @@ -4756,8 +4619,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_02(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4769,7 +4632,7 @@ deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_cc(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4782,7 +4645,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4807,9 +4670,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_410(v); } /** @@ -4819,8 +4682,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_a4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4832,7 +4695,7 @@ deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_cc0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4845,8 +4708,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { + return deserialize_then_decompress_11_a4(serialized); } /** @@ -4855,19 +4718,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_d70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4876,12 +4743,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_201( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4900,10 +4767,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_890(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_ed0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); + ntt_vector_u_d70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4917,7 +4782,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4942,9 +4807,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_411(v); } /** @@ -4954,8 +4819,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_b6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4966,7 +4831,7 @@ deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_cc1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4979,7 +4844,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5004,9 +4869,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_412(v); } /** @@ -5016,8 +4881,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_9f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -5026,11 +4891,10 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5043,8 +4907,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { + return deserialize_then_decompress_5_9f(serialized); } /** @@ -5058,7 +4922,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5076,6 +4940,12 @@ subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5083,17 +4953,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -5103,13 +4973,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_af(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5125,6 +4995,30 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5135,20 +5029,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_181( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_201(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_670( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5157,7 +5051,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5175,8 +5069,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -5201,15 +5095,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5221,7 +5115,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5231,7 +5125,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_973( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5240,9 +5134,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5250,10 +5144,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5272,8 +5166,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5289,18 +5183,21 @@ deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_6b1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5312,7 +5209,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5330,10 +5227,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_6b1(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -5344,7 +5241,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5370,7 +5267,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_711( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5390,9 +5287,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5401,7 +5298,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5411,31 +5308,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( + kdf_af_f4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); + kdf_af_f4(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5446,6 +5343,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5453,12 +5356,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5470,7 +5373,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5478,6 +5381,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5485,7 +5391,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5504,7 +5410,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5513,6 +5419,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5521,14 +5430,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_e80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5549,15 +5458,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_522( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5574,10 +5483,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c0_s { +typedef struct tuple_4c_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; +} tuple_4c; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5588,7 +5497,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5599,10 +5508,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -5616,11 +5525,12 @@ typedef struct PortableHash_8b_s { /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const +generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_410(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5645,24 +5555,24 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_750(uu____0); + return shake128_init_absorb_final_410(uu____0); } /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const -generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with +const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5680,15 +5590,56 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with -const generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 +with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_100(self, ret); -} - + shake128_squeeze_first_three_blocks_540(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5696,7 +5647,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5731,12 +5682,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, - uint8_t ret[2U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_next_block_880( + PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( @@ -5752,15 +5703,56 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_ed0(self, ret); -} - + shake128_squeeze_next_block_880(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5768,7 +5760,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5808,9 +5800,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5821,29 +5813,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_f60( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_110(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( + bool done = sample_from_uniform_distribution_next_021( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_c10(&xof_state, randomness); + shake128_squeeze_next_block_f1_680(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( + done = sample_from_uniform_distribution_next_022( uu____2, sampled_coefficients, out); } } @@ -5851,7 +5843,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_130(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5864,12 +5856,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5882,7 +5874,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_f60(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5910,10 +5902,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { +typedef struct tuple_74_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_740; +} tuple_74; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5921,7 +5913,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5943,9 +5935,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_630(input, ret); } /** @@ -5955,10 +5947,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_e30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b8(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5968,11 +5964,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5983,19 +5979,17 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + PRFxN_f1_770(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_e30( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6003,6 +5997,10 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6013,7 +6011,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6033,20 +6031,23 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6069,16 +6070,57 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6088,10 +6130,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_110(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6099,14 +6141,14 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_550(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6117,10 +6159,10 @@ static tuple_4c0 generate_keypair_unpacked_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6152,7 +6194,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } /** @@ -6169,10 +6211,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_f20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6184,7 +6226,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6202,7 +6244,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6211,18 +6253,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6232,13 +6274,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6278,18 +6320,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, + serialize_public_key_9a0(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -6300,6 +6342,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6307,7 +6352,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_b4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6336,7 +6381,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_af0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6355,6 +6400,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6369,7 +6422,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6379,13 +6432,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_e80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( + serialize_kem_secret_key_b4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6394,12 +6447,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_05_e01(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_17_2c1( + uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); } /** @@ -6408,7 +6461,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6430,11 +6483,14 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_631(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6444,11 +6500,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6459,18 +6515,18 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_771(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6488,9 +6544,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -6499,34 +6555,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6548,17 +6607,20 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d40(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6566,18 +6628,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -6587,14 +6649,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6615,13 +6677,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6631,7 +6696,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6649,7 +6714,7 @@ static void compress_then_serialize_u_240( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6664,11 +6729,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); -} - + compress_then_serialize_4_09(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6687,14 +6793,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_650( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6702,7 +6808,7 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6710,31 +6816,31 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( + PRF_f1_6f2( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_250( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6760,11 +6866,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6776,7 +6882,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6790,7 +6896,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6799,7 +6905,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_201(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6818,7 +6924,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6827,6 +6933,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6834,12 +6946,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6851,7 +6963,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6877,10 +6989,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( + deserialize_ring_elements_reduced_521( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6888,8 +7000,8 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_550(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6919,7 +7031,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6934,7 +7046,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6962,15 +7074,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( + entropy_preprocess_af_57( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6978,8 +7090,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + H_f1_af0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6987,7 +7099,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6997,18 +7109,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_201(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7025,8 +7137,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { + return deserialize_then_decompress_10_02(serialized); } /** @@ -7035,19 +7147,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7056,12 +7172,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_200( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7080,10 +7196,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_ed(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7097,10 +7211,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { + return deserialize_then_decompress_4_b6(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7108,20 +7228,44 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = subtract_reduce_89_d2(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7132,20 +7276,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_180( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_200(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_67( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7159,8 +7303,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -7185,14 +7329,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7204,7 +7348,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7214,7 +7358,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_974( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7223,9 +7367,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7233,10 +7377,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7248,18 +7392,21 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_6b0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7271,7 +7418,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7289,10 +7436,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_6b0(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -7303,7 +7450,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7329,7 +7476,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -7348,9 +7495,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7359,7 +7506,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -7369,31 +7516,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( + kdf_af_26( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); + kdf_af_26(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -7404,6 +7551,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7411,12 +7564,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7428,7 +7581,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7436,6 +7589,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7443,7 +7599,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7462,7 +7618,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -7471,6 +7627,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7479,7 +7638,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -7487,7 +7646,7 @@ static KRML_MUSTINLINE void serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -7508,15 +7667,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7547,7 +7706,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7558,10 +7717,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -7575,11 +7734,12 @@ typedef struct PortableHash_58_s { /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const +generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7604,24 +7764,24 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_75(uu____0); + return shake128_init_absorb_final_41(uu____0); } /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const -generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with +const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7639,15 +7799,56 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with -const generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 +with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_10(self, ret); -} - + shake128_squeeze_first_three_blocks_54(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7655,7 +7856,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7690,12 +7891,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, - uint8_t ret[3U][168U]) { +static KRML_MUSTINLINE void shake128_squeeze_next_block_88( + PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( @@ -7711,15 +7912,56 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_ed(self, ret); -} - + shake128_squeeze_next_block_88(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7727,7 +7969,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7767,9 +8009,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7780,29 +8022,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_11(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( + bool done = sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_c1(&xof_state, randomness); + shake128_squeeze_next_block_f1_68(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( + done = sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -7810,7 +8052,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_13(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7823,12 +8065,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7841,7 +8083,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7880,7 +8122,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7902,11 +8144,15 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_63(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7916,11 +8162,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7931,14 +8177,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + PRFxN_f1_77(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_e3( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7951,6 +8195,10 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7961,7 +8209,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7981,20 +8229,23 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8017,16 +8268,57 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8036,10 +8328,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8047,14 +8339,14 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8065,10 +8357,10 @@ static tuple_9b generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8117,10 +8409,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8132,7 +8424,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8150,7 +8442,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8159,18 +8451,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8180,13 +8472,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -8226,18 +8518,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, + serialize_public_key_9a(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -8248,6 +8540,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8255,7 +8550,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8284,7 +8579,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -8303,6 +8598,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8317,7 +8620,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8327,13 +8630,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -8342,14 +8645,17 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_05_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8360,10 +8666,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8374,11 +8680,11 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -8403,9 +8709,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -8414,34 +8720,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8463,17 +8772,20 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d4(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8481,21 +8793,24 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8505,7 +8820,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8523,7 +8838,7 @@ static void compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8531,6 +8846,47 @@ static void compress_then_serialize_u_24( } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8549,14 +8905,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8564,7 +8920,7 @@ static void encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8572,31 +8928,31 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( + PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8622,11 +8978,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8638,7 +8994,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8652,7 +9008,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8661,7 +9017,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8680,7 +9036,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -8689,6 +9045,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8696,12 +9058,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8713,7 +9075,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8739,10 +9101,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( + deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8750,8 +9112,8 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8781,7 +9143,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8796,7 +9158,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -8824,15 +9186,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( + entropy_preprocess_af_d2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8840,8 +9202,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + H_f1_af(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8849,7 +9211,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8859,18 +9221,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8880,6 +9242,10 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8888,12 +9254,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_20( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8912,16 +9278,20 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_ed(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8929,20 +9299,44 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = subtract_reduce_89_d2(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8953,20 +9347,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_18( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_20(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_67( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8980,8 +9374,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -9006,14 +9400,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9025,7 +9419,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9035,7 +9429,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9044,9 +9438,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9054,10 +9448,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9069,18 +9463,21 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_6b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9092,7 +9489,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9110,10 +9507,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_6b(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -9124,7 +9521,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9150,7 +9547,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -9169,9 +9566,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -9180,7 +9577,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -9190,31 +9587,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( + kdf_af_69( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); + kdf_af_69(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 22c73c92b..ab7ac8347 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem_portable_H @@ -39,10 +39,49 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -53,6 +92,55 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -82,23 +170,9 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -109,22 +183,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -205,6 +263,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +297,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +340,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +471,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -419,55 +559,6 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -483,19 +574,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index bdbc91b3d..1c1a024bc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_sha3_H @@ -22,46 +22,70 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -70,11 +94,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -83,11 +113,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -96,11 +132,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -109,18 +151,31 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 29b305e5e..868da4a2b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,2533 +4,115 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ -#include "internal/libcrux_sha3_avx2.h" - -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = zero_ef(); - lit.st[0U][1U] = zero_ef(); - lit.st[0U][2U] = zero_ef(); - lit.st[0U][3U] = zero_ef(); - lit.st[0U][4U] = zero_ef(); - lit.st[1U][0U] = zero_ef(); - lit.st[1U][1U] = zero_ef(); - lit.st[1U][2U] = zero_ef(); - lit.st[1U][3U] = zero_ef(); - lit.st[1U][4U] = zero_ef(); - lit.st[2U][0U] = zero_ef(); - lit.st[2U][1U] = zero_ef(); - lit.st[2U][2U] = zero_ef(); - lit.st[2U][3U] = zero_ef(); - lit.st[2U][4U] = zero_ef(); - lit.st[3U][0U] = zero_ef(); - lit.st[3U][1U] = zero_ef(); - lit.st[3U][2U] = zero_ef(); - lit.st[3U][3U] = zero_ef(); - lit.st[3U][4U] = zero_ef(); - lit.st[4U][0U] = zero_ef(); - lit.st[4U][1U] = zero_ef(); - lit.st[4U][2U] = zero_ef(); - lit.st[4U][3U] = zero_ef(); - lit.st[4U][4U] = zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} +#include "libcrux_sha3_avx2.h" /** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 + Perform 4 SHAKE256 operations in parallel */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} + Initialise the [`KeccakState`]. */ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); - uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_77(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_29 +KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 + Absorb */ -static KRML_MUSTINLINE void absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} + Squeeze three blocks */ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 + Squeeze another block */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 + Squeeze five blocks */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); -} - KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 667739a31..8896956fe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_sha3_avx2_H @@ -20,53 +20,73 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" +#include "libcrux_sha3_neon.h" /** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t + Perform 4 SHAKE256 operations in parallel */ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; - void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState_29 +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; + +/** + Initialise the [`KeccakState`]. +*/ +libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +/** + Squeeze three blocks +*/ +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +/** + Squeeze another block +*/ +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index c31f051b5..5026cd25a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -198,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +261,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -274,12 +277,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -289,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -316,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -327,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -354,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -365,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -392,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -403,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -430,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -441,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -457,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -468,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -495,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -506,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -533,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -544,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -571,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -582,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -609,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -620,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -647,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -658,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -685,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -696,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -723,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -734,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -761,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -772,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -799,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -810,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -837,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -848,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -875,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -886,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -913,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -924,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -951,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -962,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -989,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -1000,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1027,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1038,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1065,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1076,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1103,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1114,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1141,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1152,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1179,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1189,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1224,77 +1227,54 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; + s->st[1U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + s->st[2U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + s->st[3U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + s->st[4U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + s->st[0U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + s->st[1U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + s->st[2U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + s->st[3U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + s->st[4U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + s->st[0U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + s->st[1U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + s->st[2U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + s->st[3U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + s->st[4U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + s->st[0U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + s->st[1U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + s->st[2U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + s->st[3U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + s->st[4U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + s->st[0U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + s->st[1U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + s->st[2U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + s->st[3U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1389,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1417,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,34 +1422,34 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1477,7 +1457,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1482,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1518,12 +1498,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1534,7 +1514,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1533,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1562,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1567,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1599,9 +1579,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1611,10 +1591,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1626,12 +1606,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -1641,13 +1621,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1655,12 +1635,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1656,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -1689,10 +1669,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1695,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1723,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1737,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1748,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1761,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1779,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -1815,11 +1795,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } /** @@ -1827,7 +1807,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1836,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -1871,13 +1851,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1885,11 +1865,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -1901,12 +1881,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -1917,7 +1897,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1916,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1945,7 +1925,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1946,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1967,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -2000,10 +1980,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2008,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2040,9 +2020,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2052,10 +2032,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2065,11 +2045,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2073,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2087,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2098,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2111,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2129,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } } @@ -2165,11 +2145,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** @@ -2177,7 +2157,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2186,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); } /** @@ -2221,13 +2201,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2235,11 +2215,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de2(s, buf); } /** @@ -2251,12 +2231,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); } /** @@ -2267,7 +2247,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2295,7 +2275,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2296,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_392(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2317,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); } /** @@ -2350,10 +2330,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2358,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_392(a, b); } /** @@ -2390,9 +2370,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2402,10 +2382,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2415,11 +2395,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2423,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2437,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2448,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2461,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2479,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } } @@ -2515,11 +2495,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } /** @@ -2531,12 +2511,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -2546,13 +2526,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2560,12 +2540,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2561,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -2594,10 +2574,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2600,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2628,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2642,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2653,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2666,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2684,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2720,11 +2700,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } /** @@ -2735,7 +2715,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2734,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2766,10 +2746,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2760,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2771,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2784,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2802,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2838,11 +2818,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } /** @@ -2850,7 +2830,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2859,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** @@ -2894,13 +2874,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2908,11 +2888,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_de1(s, buf); } /** @@ -2924,12 +2904,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); } /** @@ -2940,7 +2920,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2939,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2968,7 +2948,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2969,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_391(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +2989,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -3022,10 +3002,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3030,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_391(a, b); } /** @@ -3062,9 +3042,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3074,10 +3054,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3087,11 +3067,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3095,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3109,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3120,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3133,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3151,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -3187,11 +3167,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 6e368639b..586c4820e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,79 +4,3551 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #include "libcrux_sha3_neon.h" +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = zero_fa(); + lit.st[0U][1U] = zero_fa(); + lit.st[0U][2U] = zero_fa(); + lit.st[0U][3U] = zero_fa(); + lit.st[0U][4U] = zero_fa(); + lit.st[1U][0U] = zero_fa(); + lit.st[1U][1U] = zero_fa(); + lit.st[1U][2U] = zero_fa(); + lit.st[1U][3U] = zero_fa(); + lit.st[1U][4U] = zero_fa(); + lit.st[2U][0U] = zero_fa(); + lit.st[2U][1U] = zero_fa(); + lit.st[2U][2U] = zero_fa(); + lit.st[2U][3U] = zero_fa(); + lit.st[2U][4U] = zero_fa(); + lit.st[3U][0U] = zero_fa(); + lit.st[3U][1U] = zero_fa(); + lit.st[3U][2U] = zero_fa(); + lit.st[3U][3U] = zero_fa(); + lit.st[3U][4U] = zero_fa(); + lit.st[4U][0U] = zero_fa(); + lit.st[4U][1U] = zero_fa(); + lit.st[4U][2U] = zero_fa(); + lit.st[4U][3U] = zero_fa(); + lit.st[4U][4U] = zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); + s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_eb(s); + pi_a0(s); + chi_b0(s); + iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_07(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a5(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a5(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(uu____0, out); +} + +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f0(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a50(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a50(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(uu____0, out); +} + +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e0(uu____0, buf); } -KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); } -KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(uu____0, out); +} + +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2_6e1(buf0, buf); +} + +/** + Initialise the `KeccakState2`. +*/ +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c1(s, buf); } -KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_071(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final_fe2(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d1(s, o1); + squeeze_next_block_5d1(s, o2); +} + +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks_2e(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block_5d1(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f1(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_072(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f2(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a1(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a51(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f2(a, b); } +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a51(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block_451(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe3(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e71(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f2(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_701(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(uu____0, out); +} + +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e2(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f2(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_073(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f3(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a2(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a52(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a52(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block_452(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe4(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e72(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f3(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_702(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(uu____0, out); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e3(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 68bc29ff1..c172442d5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_sha3_neon_H @@ -20,36 +20,74 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" +#include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- $2size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -libcrux_sha3_neon_x2_incremental_KeccakState +/** + Initialise the `KeccakState2`. +*/ +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 89de62066..51ea8bdfc 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f +F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 +Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 313228c9f..49c0f8565 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_core_H @@ -53,8 +53,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -78,118 +76,6 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_6f_tags; - -/** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_1c(core_result_Result_6f self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_34(core_result_Result_7a self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_e8(core_result_Result_cd self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -213,6 +99,9 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ @@ -221,7 +110,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_2e( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +125,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_57(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -258,6 +147,9 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -269,7 +161,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -285,7 +177,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_e0(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -314,7 +206,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_20(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -322,6 +214,9 @@ libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -330,17 +225,20 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -353,13 +251,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_00_tags; + /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -387,12 +290,15 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -414,18 +320,21 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_28( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -438,12 +347,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -456,13 +368,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t + +*/ +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; + /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -490,13 +412,18 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; + /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 3bf3b7a0a..751101238 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_ct_ops_H @@ -21,6 +21,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -36,6 +39,10 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; @@ -55,6 +62,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d3f1e459d..e30a4fbd6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,8 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_ct_ops.h" -#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -45,5952 +43,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( - void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - core_core_arch_x86___m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, - Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( - Eurydice_slice input, Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( - vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( - vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( - re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_56( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_4e( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( - Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } -} - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState - libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( - uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b(self, - ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca(uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( - Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_98( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_980( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_981( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_982( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( - uu____0, uu____1); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( - self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_25( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), - uint8_t, Eurydice_slice), - ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); - memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( - uu____0, uu____1); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} +typedef libcrux_sha3_avx2_x4_incremental_KeccakState + libcrux_ml_kem_hash_functions_avx2_Simd256Hash; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 1bedf65a9..ea01e9b3a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_mlkem768_portable_H @@ -21,6 +21,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -47,7 +48,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -122,268 +123,870 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); } -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; lit.elements[5U] = (int16_t)0; lit.elements[6U] = (int16_t)0; lit.elements[7U] = (int16_t)0; @@ -399,14 +1002,13 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -433,8 +1035,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } static KRML_MUSTINLINE void @@ -454,565 +1056,43 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -1020,124 +1100,192 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; - } +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +static inline void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -1146,87 +1294,216 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } - return v; -} +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +static inline void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -1235,296 +1512,293 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +static inline void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** @@ -1532,67 +1806,290 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } - return result; + return lhs; } /** @@ -1600,144 +2097,45 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } return v; } @@ -1746,171 +2144,114 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1919,191 +2260,134 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) + +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } return v; } @@ -2112,168 +2396,126 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x3_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; -} uint8_t_x3; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x3 -libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); - return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_12( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[24U]) { - uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); - uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); - uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); - uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); - uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -typedef struct int16_t_x2_s { - int16_t fst; - int16_t snd; -} int16_t_x2; - -static KRML_MUSTINLINE int16_t_x2 -libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; } /** @@ -2281,144 +2523,5451 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { - size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - } - return sampled; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; + +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + +typedef struct uint8_t_x3_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; +} uint8_t_x3; + +static KRML_MUSTINLINE uint8_t_x3 +libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) >> + 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U); + uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 4U & + (int16_t)255); + return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]) { + uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, + Eurydice_slice)); + uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, + Eurydice_slice)); + uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, + Eurydice_slice)); + uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, + Eurydice_slice)); + uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[24U] = {0U}; + result[0U] = r0_2.fst; + result[1U] = r0_2.snd; + result[2U] = r0_2.thd; + result[3U] = r3_5.fst; + result[4U] = r3_5.snd; + result[5U] = r3_5.thd; + result[6U] = r6_8.fst; + result[7U] = r6_8.snd; + result[8U] = r6_8.thd; + result[9U] = r9_11.fst; + result[10U] = r9_11.snd; + result[11U] = r9_11.thd; + result[12U] = r12_14.fst; + result[13U] = r12_14.snd; + result[14U] = r12_14.thd; + result[15U] = r15_17.fst; + result[16U] = r15_17.snd; + result[17U] = r15_17.thd; + result[18U] = r18_20.fst; + result[19U] = r18_20.snd; + result[20U] = r18_20.thd; + result[21U] = r21_23.fst; + result[22U] = r21_23.snd; + result[23U] = r21_23.thd; + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + +typedef struct int16_t_x2_s { + int16_t fst; + int16_t snd; +} int16_t_x2; + +static KRML_MUSTINLINE int16_t_x2 +libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice bytes) { + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + size_t i0 = i; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); +} + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, + uint8_t ret[64U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, + uint8_t ret[32U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, + uint8_t ret[32U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( + uint8_t input[3U][34U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( + uint8_t input[3U][34U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][504U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][168U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[3U][128U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[3U][128U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, + uint8_t ret[128U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]); + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +void libcrux_ml_kem_ind_cca_kdf_43_af( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_40(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_48( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_86( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_61( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_86( + v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_10_f4( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_61( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_860( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_610( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_860( + v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_11_59( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_610( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f4(serialized); +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_82( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( + u_bytes); + libcrux_ml_kem_ntt_ntt_vector_u_82(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_861( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_611( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_861( + v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_611( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_862( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_862( + v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_5_17( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( + re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f(serialized); +} + +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_ntt_multiply_89_16( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_subtract_reduce_89_e1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_message_c9( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_e1(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_shift_right_cc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_shift_right_20_df( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_shift_right_cc(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_shift_right_20_df(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_23( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_da( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + libcrux_ml_kem_matrix_compute_message_c9(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_23(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static inline void libcrux_ml_kem_ind_cpa_decrypt_92(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_48(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_da(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_f3( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = + libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + re_as_ntt[i0] = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b0 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b0 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_0a( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_a1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_0a(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_ca( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_a1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_0a0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_a10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_0a0(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_a10( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_0a1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_a11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_0a1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_a11( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_0a2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_a12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_0a2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + libcrux_ml_kem_vector_neon_compress_20_a12( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + libcrux_ml_kem_matrix_compute_ring_element_v_9b( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_0c( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_92(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_af( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_af(shared_secret0, ciphertext, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_28(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Portable decapsulate +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ +static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_31( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_da( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_28(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Portable decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ +static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +void libcrux_ml_kem_ind_cca_entropy_preprocess_43_87(Eurydice_slice randomness, + uint8_t ret[32U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_af(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]); + +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_a7( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Portable encapsualte +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]); + +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( + uu____0, uu____1); +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_to_standard_domain_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_fc( + self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); +} + +/** + Portable generate key pair. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( + uint8_t randomness[64U]); + +/** + Generate ML-KEM 768 Key Pair +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_61(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_20( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_clone_d5_cb( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c4(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_20(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_polynomial_clone_d5_cb(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Unpacked API +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( + uint8_t randomness[64U]); + +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +void libcrux_ml_kem_ind_cca_kdf_6c_75( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_0c0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_92(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_75( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_75(shared_secret0, ciphertext, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_28(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Portable decapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ +static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_9a(Eurydice_slice randomness, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_9a( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_75(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Portable encapsulate +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]); + +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( + uu____0, uu____1); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 */ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; +/** + Portable public key validation +*/ +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( + uint8_t *public_key); -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +/** + Validate a public key. -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -2440,7 +7989,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2468,8 +8017,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_13(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -2479,10 +8028,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2498,18 +8047,21 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -2522,7 +8074,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2550,8 +8102,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -2561,7 +8113,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2586,9 +8138,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( v); } @@ -2599,10 +8151,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_51( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -2614,7 +8166,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( coefficient); re.coefficients[i0] = uu____0; } @@ -2628,7 +8180,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2653,9 +8205,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( v); } @@ -2666,10 +8218,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_df( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -2681,7 +8233,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( coefficient); re.coefficients[i0] = uu____0; } @@ -2695,9 +8247,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_51(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +8264,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +8278,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +8297,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +8310,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +8327,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,19 +8347,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2818,13 +8369,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2834,7 +8385,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2849,7 +8399,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2867,23 +8417,27 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2893,12 +8447,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -2918,11 +8472,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( + u_as_ntt[i0] = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_1e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2936,7 +8489,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2961,9 +8514,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( v); } @@ -2974,10 +8527,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_da( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -2988,7 +8541,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( coefficient); re.coefficients[i0] = uu____0; } @@ -3002,7 +8555,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3027,9 +8580,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( v); } @@ -3040,10 +8593,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -3052,11 +8605,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,11 +8622,38 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_da(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3086,11 +8665,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_89_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3113,6 +8692,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_d5( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3123,7 +8706,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3149,13 +8732,13 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3165,7 +8748,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3176,19 +8758,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3199,7 +8780,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3221,7 +8802,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3229,7 +8810,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3242,7 +8823,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3257,7 +8838,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3274,22 +8855,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -3303,7 +8884,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_79( +libcrux_ml_kem_polynomial_subtract_reduce_89_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3322,6 +8903,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_79( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3329,21 +8916,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b8( +libcrux_ml_kem_matrix_compute_message_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_ed(v, result); return result; } @@ -3353,7 +8940,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3373,9 +8960,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); } /** @@ -3385,10 +8972,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3402,13 +8989,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_fb( +libcrux_ml_kem_serialize_compress_then_serialize_message_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3427,6 +9014,30 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_fb( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3437,21 +9048,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_56(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3465,11 +9076,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_c0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -3480,7 +9091,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3494,7 +9105,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3504,7 +9115,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3523,9 +9134,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); } /** @@ -3536,11 +9147,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3548,10 +9165,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -3569,6 +9186,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3577,12 +9200,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -3595,7 +9218,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( ring_element); deserialized_pk[i0] = uu____0; } @@ -3612,8 +9235,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -3623,10 +9246,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } } @@ -3641,11 +9264,12 @@ typedef struct libcrux_ml_kem_hash_functions_portable_PortableHash_58_s { /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final with const +generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3672,27 +9296,27 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_init_absorb_final_f1 with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( uu____0); } /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const -generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with +const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3712,18 +9336,59 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with -const generics +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 +with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10(self, - ret); -} - + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( + self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3732,7 +9397,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3770,12 +9435,12 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3795,17 +9460,59 @@ libcrux_ml_kem::hash_functions::portable::PortableHash)} */ /** A monomorphic instance of -libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const +libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed(self, ret); -} - + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, + ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3814,7 +9521,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3861,9 +9568,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3885,8 +9592,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( +libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_48( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -3898,7 +9605,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3906,25 +9613,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -3932,7 +9639,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); } memcpy( ret, ret0, @@ -3946,12 +9653,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3969,7 +9676,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -4010,10 +9717,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b0_s { +typedef struct tuple_b00_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b0; +} tuple_b00; /** A monomorphic instance of @@ -4026,8 +9733,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4036,7 +9743,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4059,11 +9766,60 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4071,7 +9827,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4108,7 +9864,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4119,7 +9875,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4155,7 +9911,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4166,9 +9922,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( randomness); } @@ -4178,7 +9934,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4186,9 +9942,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -4202,22 +9957,26 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4227,12 +9986,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4246,21 +10005,20 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + re_as_ntt[i0] = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4278,10 +10036,13 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4291,12 +10052,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4310,11 +10071,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -4323,7 +10084,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4336,7 +10097,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4355,9 +10116,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); } /** @@ -4367,8 +10128,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4381,7 +10142,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4399,20 +10160,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -4435,12 +10199,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4454,7 +10218,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_e9( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4469,10 +10233,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4482,7 +10246,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4499,7 +10263,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4522,6 +10286,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4529,22 +10296,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( error_2, message, result); return result; } @@ -4555,7 +10322,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_94( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4578,9 +10345,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_94(v); } /** @@ -4590,15 +10357,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4619,7 +10386,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_940( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4642,9 +10409,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_9b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_940(v); } /** @@ -4654,15 +10421,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4685,13 +10452,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4701,7 +10471,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4719,7 +10489,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4734,7 +10504,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_941( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4757,9 +10527,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_9b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_941(v); } /** @@ -4769,15 +10539,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4796,7 +10566,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_942( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4819,9 +10589,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_9b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_942(v); } /** @@ -4831,15 +10601,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4860,11 +10630,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); -} - + libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4883,15 +10694,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4899,7 +10710,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4908,33 +10719,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_c8( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4959,12 +10770,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4972,8 +10783,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -5003,7 +10814,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5019,7 +10830,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_25( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5051,7 +10862,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_88( +static inline void libcrux_ml_kem_ind_cca_decapsulate_87( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -5070,10 +10881,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_c0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5082,7 +10893,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5092,32 +10903,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc( + libcrux_ml_kem_ind_cca_kdf_43_25( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_25(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_28(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5128,6 +10939,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -5149,16 +10963,23 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_87(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( private_key, ciphertext, ret); } @@ -5218,14 +11039,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5237,7 +11058,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5247,7 +11068,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5256,9 +11077,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5266,11 +11087,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_28(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5282,6 +11103,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -5304,16 +11128,23 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( private_key, ciphertext, ret); } @@ -5327,7 +11158,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d5( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5345,7 +11176,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5369,15 +11200,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_d5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5385,9 +11216,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5395,7 +11226,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5405,19 +11236,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_25(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -5446,22 +11277,29 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, uu____1); } @@ -5484,11 +11322,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5500,7 +11338,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5514,7 +11352,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5524,7 +11362,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -5533,6 +11371,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -5552,16 +11393,24 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -5569,7 +11418,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( uu____0, uu____1); } @@ -5581,10 +11430,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b_s { +typedef struct tuple_9b0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; +} tuple_9b0; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -5593,8 +11442,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -5604,7 +11453,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5621,7 +11470,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5629,7 +11478,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_a1( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5639,20 +11488,23 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -5676,12 +11528,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5689,6 +11541,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5698,10 +11591,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5709,15 +11602,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5728,12 +11621,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5766,7 +11659,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } /** @@ -5776,14 +11669,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5798,6 +11691,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5805,7 +11701,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5824,7 +11720,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5833,6 +11729,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5841,7 +11740,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5849,7 +11748,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -5875,19 +11774,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5899,6 +11798,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -5906,7 +11808,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5935,7 +11837,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5954,6 +11856,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5968,7 +11878,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5978,13 +11888,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -5993,14 +11903,17 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_05_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -6014,18 +11927,21 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( uu____0); } @@ -6044,8 +11960,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_23(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -6062,10 +11978,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_28( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } } @@ -6080,7 +11996,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_5e( +libcrux_ml_kem_polynomial_clone_d5_70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6107,7 +12023,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6116,7 +12032,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6124,14 +12040,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_28(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_70(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6143,13 +12059,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -6178,6 +12094,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -6191,19 +12110,22 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( uu____0); } @@ -6218,18 +12140,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_aa( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_2e(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -6237,7 +12159,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -6265,7 +12187,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_880( +static inline void libcrux_ml_kem_ind_cca_decapsulate_870( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6284,10 +12206,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_c0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6296,7 +12218,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6306,32 +12228,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72( + libcrux_ml_kem_ind_cca_kdf_6c_aa( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_aa(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_28(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -6342,6 +12264,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -6364,16 +12289,23 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_870(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( private_key, ciphertext, ret); } @@ -6387,9 +12319,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f9( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); } /** @@ -6411,15 +12343,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f9( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6427,9 +12359,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6437,7 +12369,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6447,19 +12379,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_aa(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -6470,6 +12402,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( return lit; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -6489,22 +12424,29 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( uu____0, uu____1); } @@ -6516,11 +12458,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6529,12 +12477,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -6547,7 +12495,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( ring_element); deserialized_pk[i0] = uu____0; } @@ -6564,16 +12512,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -6582,6 +12530,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -6591,16 +12542,21 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -6610,6 +12566,16 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index d47e46e3b..00abf2c8a 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_sha3_avx2_H @@ -20,2759 +20,125 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" #include "libcrux_sha3_portable.h" /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} + Perform 4 SHAKE256 operations in parallel */ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, - uint64_t c) { - return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( - Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( - Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); - } - } -} - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_29 - libcrux_sha3_avx2_x4_incremental_KeccakState; - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); -} +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 + Initialise the [`KeccakState`]. */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_avx2_x4_incremental_init(void) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 + Absorb */ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 + Squeeze three blocks */ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); -} - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 + Squeeze another block */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 + Squeeze five blocks */ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); -} - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } +/** + Squeeze block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } +/** + Squeeze next block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 56e5608a9..3eea98060 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b */ #ifndef __libcrux_sha3_portable_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -79,14 +80,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -187,6 +188,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -198,7 +202,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +237,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -262,12 +266,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -277,7 +281,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -288,9 +292,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -304,8 +308,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -315,7 +319,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -326,9 +330,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -342,8 +346,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -353,7 +357,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -364,9 +368,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -380,8 +384,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -391,7 +395,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -402,9 +406,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -418,8 +422,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -429,9 +433,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -445,8 +449,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -456,7 +460,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -467,9 +471,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -483,8 +487,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -494,7 +498,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -505,9 +509,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -521,8 +525,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -532,7 +536,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -543,9 +547,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -559,8 +563,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -570,7 +574,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -581,9 +585,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -597,8 +601,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -608,7 +612,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -619,9 +623,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -635,8 +639,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -646,7 +650,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -657,9 +661,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -673,8 +677,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -684,7 +688,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -695,9 +699,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -711,8 +715,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -722,7 +726,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -733,9 +737,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -749,8 +753,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -760,7 +764,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -771,9 +775,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -787,8 +791,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -798,7 +802,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -809,9 +813,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -825,8 +829,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -836,7 +840,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -847,9 +851,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -863,8 +867,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -874,7 +878,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -885,9 +889,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -901,8 +905,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -912,7 +916,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -923,9 +927,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -939,8 +943,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -950,7 +954,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -961,9 +965,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -977,8 +981,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -988,7 +992,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -999,9 +1003,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1015,8 +1019,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1026,7 +1030,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1037,9 +1041,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1053,8 +1057,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1064,7 +1068,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1075,9 +1079,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1091,8 +1095,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1102,7 +1106,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1113,9 +1117,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1129,8 +1133,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1140,7 +1144,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1151,9 +1155,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1167,8 +1171,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1177,7 +1181,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1212,77 +1216,54 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; + s->st[1U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + s->st[2U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + s->st[3U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + s->st[4U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + s->st[0U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + s->st[1U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + s->st[2U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + s->st[3U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + s->st[4U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + s->st[0U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + s->st[1U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + s->st[2U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + s->st[3U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + s->st[4U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + s->st[0U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + s->st[1U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + s->st[2U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + s->st[3U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + s->st[4U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + s->st[0U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + s->st[1U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + s->st[2U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + s->st[3U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1292,7 +1273,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1328,7 +1309,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1349,7 +1330,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1361,14 +1342,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1379,13 +1360,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1393,11 +1374,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -1409,12 +1390,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -1425,7 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1445,8 +1426,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1454,7 +1435,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1475,12 +1456,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1495,9 +1476,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -1508,10 +1489,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1536,9 +1517,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1548,9 +1529,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1560,10 +1541,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1573,11 +1554,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1601,10 +1582,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1615,7 +1596,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1626,12 +1607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1639,7 +1620,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1657,12 +1638,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -1673,18 +1654,21 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } /** @@ -1692,7 +1676,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1721,12 +1705,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -1736,13 +1720,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1750,11 +1734,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1766,12 +1750,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1782,7 +1766,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1802,8 +1786,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1811,7 +1795,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1832,12 +1816,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1853,9 +1837,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -1866,10 +1850,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1894,9 +1878,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1906,9 +1890,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1918,10 +1902,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1931,11 +1915,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1959,10 +1943,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1973,7 +1957,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1984,12 +1968,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1997,7 +1981,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2015,12 +1999,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2031,18 +2015,21 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } /** @@ -2053,7 +2040,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2073,8 +2060,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2085,10 +2072,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2099,7 +2086,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2110,12 +2097,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2123,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2141,12 +2128,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2157,386 +2144,3926 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); } -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); } -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_58( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); +} -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_and_not_xor_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); } -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_constant_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( + Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( + Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- RATE= 168 +- $2size_t */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_generic_keccak_new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa with const generics -- RATE= 168 +- BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 */ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_580( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- BLOCKSIZE= 168 +- LEFT= 36 +- RIGHT= 28 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c1( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_580(ab); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 +- LEFT= 36 +- RIGHT= 28 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_581( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- RATE= 168 +- LEFT= 3 +- RIGHT= 61 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c10( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_581(ab); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- BLOCKSIZE= 168 +- LEFT= 3 +- RIGHT= 61 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_582( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c11( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_582(ab); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left with const generics -- N= 1 -- RATE= 168 +- LEFT= 18 +- RIGHT= 46 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_583( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c12( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_583(ab); } -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c13( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_584( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c14( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_585( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c15( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_586( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c16( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_587( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c17( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_588( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c18( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_589( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c19( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5810( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c110( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5811( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c111( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5812( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c112( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5813( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c113( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5814( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c114( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5815( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c115( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5816( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c116( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5817( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c117( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5818( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c118( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5819( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c119( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5820( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c120( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5821( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c121( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5822( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c122( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); + s->st[1U][0U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[2U][0U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_a0(s); + libcrux_sha3_generic_keccak_chi_b0(s); + libcrux_sha3_generic_keccak_iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_59(uu____0, out); +} + +/** + A portable SHA3 512 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_590(uu____0, out); +} + +/** + A portable SHA3 256 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_591(uu____0, out); +} + +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_neon_keccakx2_6e1(buf0, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState_fc + libcrux_sha3_neon_x2_incremental_KeccakState; + +/** + Initialise the `KeccakState2`. +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); +} + +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); +} + +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; + +/** + Create a new SHAKE-128 state object. +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_7a(); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** + Absorb +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_252(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_391(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); +} + +/** + Squeeze three blocks +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); +} + +/** + Squeeze another block +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); +} + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 typedef uint8_t libcrux_sha3_Algorithm; -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; +/** + Returns the output size of a digest. +*/ +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; + } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; + } + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; + } + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_392(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_392(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_7a(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); +} + +/** + A portable SHA3 224 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_393(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_393(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_7a(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } - return uu____0; } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 144 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} + A portable SHA3 384 implementation. */ +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); +} + /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 144 + SHA3 224 + + Preconditions: + - `digest.len() == 28` */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 + SHA3 224 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 144 + SHA3 256 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); +} + +/** + SHA3 256 +*/ +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + SHA3 384 +*/ +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); +} + +/** + SHA3 384 +*/ +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +} + +/** + SHA3 512 +*/ +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); +} + +/** + SHA3 512 +*/ +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } /** @@ -2544,82 +6071,45 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 144 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_391(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2632,12 +6122,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -2645,13 +6135,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2661,49 +6151,10 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } } /** @@ -2711,13 +6162,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2738,27 +6189,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 144 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -2766,20 +6217,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2792,17 +6243,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -2810,123 +6261,196 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 144 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { +/** + A portable SHAKE128 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block + SHAKE 128 + + Writes `out.len()` bytes. +*/ +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); +} + +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_simd_arm64_load_block_3c2(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2936,81 +6460,121 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.arm64.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f2(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3026,57 +6590,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f2(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3093,51 +6657,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3149,171 +6713,308 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.portable.keccakx1 +A monomorphic instance of libcrux_sha3.neon.keccakx2 with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_592(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +/** + A portable SHA3 224 implementation. +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); } -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } } -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); } -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c3(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa with const generics -- BLOCKSIZE= 168 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.store_block with const generics -- RATE= 168 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f3(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa with const generics -- BLOCKSIZE= 168 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3328,19 +7029,58 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( } } +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); +} + /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3357,51 +7097,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 +- N= 2 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3413,78 +7153,46 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.portable.keccakx1 +A monomorphic instance of libcrux_sha3.neon.keccakx2 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); -} - -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_593(uu____0, out); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); } /** @@ -3495,7 +7203,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3503,62 +7211,77 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_251(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** @@ -3635,6 +7358,12 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } +typedef core_core_arch_arm_shared_neon_uint64x2_t + libcrux_sha3_simd_arm64_uint64x2_t; + +typedef libcrux_sha3_generic_keccak_KeccakState_fc + libcrux_sha3_neon_x2_incremental_KeccakState2Internal; + typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 10:26:32 -0400 Subject: [PATCH 019/348] simplified spec to use rank --- .../proofs/fstar/spec/Spec.MLKEM.fst | 296 +++++++++--------- 1 file changed, 140 insertions(+), 156 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 9418acaff..3282afa9c 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -24,60 +24,62 @@ let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE -type params_ = { - v_RANK: usize; - v_ETA1: usize; - v_ETA2: usize; - v_VECTOR_U_COMPRESSION_FACTOR: usize; - v_VECTOR_V_COMPRESSION_FACTOR: usize; -} +type rank = r:usize{r == sz 2 \/ r == sz 3 \/ r == sz 4} -let valid_params p = - (v p.v_RANK < pow2 32) /\ - (p.v_RANK = sz 2 || p.v_RANK = sz 3 || p.v_RANK = sz 4) /\ - (p.v_ETA1 = sz 2 || p.v_ETA1 = sz 3) /\ - p.v_ETA2 =. sz 2 /\ - (p.v_VECTOR_U_COMPRESSION_FACTOR = sz 10 || p.v_VECTOR_U_COMPRESSION_FACTOR = sz 11) /\ - (p.v_VECTOR_V_COMPRESSION_FACTOR = sz 4 || p.v_VECTOR_V_COMPRESSION_FACTOR = sz 5) +let v_ETA1 (r:rank) : usize = + if r = sz 2 then sz 3 else + if r = sz 3 then sz 2 else + if r = sz 4 then sz 2 -let params = p:params_{valid_params p} +let v_ETA2 (r:rank) : usize = sz 2 -val v_ETA1_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128 \/ u == sz 192} -let v_ETA1_RANDOMNESS_SIZE (p:params) = p.v_ETA1 *! sz 64 +let v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : usize = + if r = sz 2 then sz 10 else + if r = sz 3 then sz 10 else + if r = sz 4 then sz 11 -val v_ETA2_RANDOMNESS_SIZE (p:params) : u:usize{u == sz 128} -let v_ETA2_RANDOMNESS_SIZE (p:params) = p.v_ETA2 *! sz 64 +let v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : usize = + if r = sz 2 then sz 4 else + if r = sz 3 then sz 4 else + if r = sz 4 then sz 5 -val v_RANKED_BYTES_PER_RING_ELEMENT (p:params) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} -let v_RANKED_BYTES_PER_RING_ELEMENT (p:params) = p.v_RANK *! v_BYTES_PER_RING_ELEMENT -let v_T_AS_NTT_ENCODED_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p -let v_CPA_PKE_SECRET_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +val v_ETA1_RANDOMNESS_SIZE (r:rank) : u:usize{u == sz 128 \/ u == sz 192} +let v_ETA1_RANDOMNESS_SIZE (r:rank) = v_ETA1 r *! sz 64 -val v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} -let v_CPA_PKE_PUBLIC_KEY_SIZE (p:params) = v_RANKED_BYTES_PER_RING_ELEMENT p +! sz 32 +val v_ETA2_RANDOMNESS_SIZE (r:rank) : u:usize{u == sz 128} +let v_ETA2_RANDOMNESS_SIZE (r:rank) = v_ETA2 r *! sz 64 -val v_SECRET_KEY_SIZE (p:params) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} -let v_SECRET_KEY_SIZE (p:params) = - (v_CPA_PKE_SECRET_KEY_SIZE p +! v_CPA_PKE_PUBLIC_KEY_SIZE p +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) +val v_RANKED_BYTES_PER_RING_ELEMENT (r:rank) : u:usize{u = sz 768 \/ u = sz 1152 \/ u = sz 1536} +let v_RANKED_BYTES_PER_RING_ELEMENT (r:rank) = r *! v_BYTES_PER_RING_ELEMENT -val v_C1_BLOCK_SIZE (p:params): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v p.v_VECTOR_U_COMPRESSION_FACTOR} -let v_C1_BLOCK_SIZE (p:params) = sz 32 *! p.v_VECTOR_U_COMPRESSION_FACTOR +let v_T_AS_NTT_ENCODED_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r +let v_CPA_PKE_SECRET_KEY_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r -val v_C1_SIZE (p:params) : u:usize{(u >=. sz 640 /\ u <=. sz 1448) /\ - v u == v (v_C1_BLOCK_SIZE p) * v p.v_RANK} -let v_C1_SIZE (p:params) = v_C1_BLOCK_SIZE p *! p.v_RANK +val v_CPA_PKE_PUBLIC_KEY_SIZE (r:rank) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} +let v_CPA_PKE_PUBLIC_KEY_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r +! sz 32 -val v_C2_SIZE (p:params) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v p.v_VECTOR_V_COMPRESSION_FACTOR } -let v_C2_SIZE (p:params) = sz 32 *! p.v_VECTOR_V_COMPRESSION_FACTOR +val v_SECRET_KEY_SIZE (r:rank) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} +let v_SECRET_KEY_SIZE (r:rank) = + (v_CPA_PKE_SECRET_KEY_SIZE r +! v_CPA_PKE_PUBLIC_KEY_SIZE r +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) -val v_CPA_PKE_CIPHERTEXT_SIZE (p:params) : u:usize {v u = v (v_C1_SIZE p) + v (v_C2_SIZE p)} -let v_CPA_PKE_CIPHERTEXT_SIZE (p:params) = v_C1_SIZE p +! v_C2_SIZE p +val v_C1_BLOCK_SIZE (r:rank): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v (v_VECTOR_U_COMPRESSION_FACTOR r)} +let v_C1_BLOCK_SIZE (r:rank) = sz 32 *! v_VECTOR_U_COMPRESSION_FACTOR r -val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params): u:usize{v u == v v_SHARED_SECRET_SIZE + - v (v_CPA_PKE_CIPHERTEXT_SIZE p)} -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (p:params) = - v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE p +val v_C1_SIZE (r:rank) : u:usize{(u >=. sz 640 /\ u <=. sz 1448) /\ + v u == v (v_C1_BLOCK_SIZE r) * v r} +let v_C1_SIZE (r:rank) = v_C1_BLOCK_SIZE r *! r + +val v_C2_SIZE (r:rank) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v (v_VECTOR_V_COMPRESSION_FACTOR r)} +let v_C2_SIZE (r:rank) = sz 32 *! v_VECTOR_V_COMPRESSION_FACTOR r + +val v_CPA_PKE_CIPHERTEXT_SIZE (r:rank) : u:usize {v u = v (v_C1_SIZE r) + v (v_C2_SIZE r)} +let v_CPA_PKE_CIPHERTEXT_SIZE (r:rank) = v_C1_SIZE r +! v_C2_SIZE r + +val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (r:rank): u:usize{v u == v v_SHARED_SECRET_SIZE + + v (v_CPA_PKE_CIPHERTEXT_SIZE r)} +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (r:rank) = + v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE r val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64} let v_KEY_GENERATION_SEED_SIZE: usize = @@ -86,22 +88,22 @@ let v_KEY_GENERATION_SEED_SIZE: usize = (** ML-KEM Types *) -type t_MLKEMPublicKey (p:params) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE p) -type t_MLKEMPrivateKey (p:params) = t_Array u8 (v_SECRET_KEY_SIZE p) -type t_MLKEMKeyPair (p:params) = t_MLKEMPrivateKey p & t_MLKEMPublicKey p +type t_MLKEMPublicKey (r:rank) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE r) +type t_MLKEMPrivateKey (r:rank) = t_Array u8 (v_SECRET_KEY_SIZE r) +type t_MLKEMKeyPair (r:rank) = t_MLKEMPrivateKey r & t_MLKEMPublicKey r -type t_MLKEMCPAPrivateKey (p:params) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE p) -type t_MLKEMCPAKeyPair (p:params) = t_MLKEMCPAPrivateKey p & t_MLKEMPublicKey p +type t_MLKEMCPAPrivateKey (r:rank) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE r) +type t_MLKEMCPAKeyPair (r:rank) = t_MLKEMCPAPrivateKey r & t_MLKEMPublicKey r -type t_MLKEMCiphertext (p:params) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE p) +type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE r) type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) (** MLKEM Math and Sampling *) type field_element = n:nat{n < v v_FIELD_MODULUS} type polynomial (ntt:bool) = t_Array field_element (sz 256) -type vector (p:params) (ntt:bool) = t_Array (polynomial ntt) p.v_RANK -type matrix (p:params) (ntt:bool) = t_Array (vector p ntt) p.v_RANK +type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r +type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r val field_add: field_element -> field_element -> field_element let field_add a b = (a + b) % v v_FIELD_MODULUS @@ -118,40 +120,40 @@ let poly_add a b = map2 field_add a b val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt let poly_sub a b = map2 field_sub a b -assume val poly_ntt: #p:params -> polynomial false -> polynomial true -assume val poly_inv_ntt: #p:params -> polynomial true -> polynomial false +assume val poly_ntt: #r:rank -> polynomial false -> polynomial true +assume val poly_inv_ntt: #r:rank -> polynomial true -> polynomial false assume val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true -val vector_add: #p:params -> #ntt:bool -> vector p ntt -> vector p ntt -> vector p ntt +val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt let vector_add #p a b = map2 poly_add a b -val vector_ntt: #p:params -> vector p false -> vector p true +val vector_ntt: #r:rank -> vector r false -> vector r true let vector_ntt #p v = map_array (poly_ntt #p) v -val vector_inv_ntt: #p:params -> vector p true -> vector p false +val vector_inv_ntt: #r:rank -> vector r true -> vector r false let vector_inv_ntt #p v = map_array (poly_inv_ntt #p) v -val vector_mul_ntt: #p:params -> vector p true -> vector p true -> vector p true +val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true let vector_mul_ntt #p a b = map2 poly_mul_ntt a b -val vector_sum: #p:params -> #ntt:bool -> vector p ntt -> polynomial ntt -let vector_sum #p a = repeati (v p.v_RANK - 1) - (fun i x -> poly_add x (Lib.Sequence.index #_ #(v p.v_RANK) a (i+1))) (Lib.Sequence.index #_ #(v p.v_RANK) a 0) +val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt +let vector_sum #r a = repeati (v r - 1) + (fun i x -> poly_add x (Lib.Sequence.index #_ #(v r) a (i+1))) (Lib.Sequence.index #_ #(v r) a 0) -val vector_dot_product_ntt: #p:params -> vector p true -> vector p true -> polynomial true +val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) -val matrix_transpose: #p:params -> #ntt:bool -> matrix p ntt -> matrix p ntt -let matrix_transpose #p m = - createi p.v_RANK (fun i -> - createi p.v_RANK (fun j -> +val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt +let matrix_transpose #r m = + createi r (fun i -> + createi r (fun j -> m.[j].[i])) -val matrix_vector_mul_ntt: #p:params -> matrix p true -> vector p true -> vector p true -let matrix_vector_mul_ntt #p m v = - createi p.v_RANK (fun i -> vector_dot_product_ntt m.[i] v) +val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true +let matrix_vector_mul_ntt #r m v = + createi r (fun i -> vector_dot_product_ntt m.[i] v) -val compute_As_plus_e_ntt: #p:params -> a:matrix p true -> s:vector p true -> e:vector p true -> vector p true +val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) @@ -170,29 +172,29 @@ unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x // note we take seed of size 32 not 34 as in hacspec -assume val sample_matrix_A_ntt: #p:params -> seed:t_Array u8 (sz 32) -> matrix p true +assume val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> matrix r true // note we take seed of size 32 not 33 as in hacspec -assume val sample_vector_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector p false +assume val sample_vector_cbd: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector r false // note we take seed of size 32 not 33 as in hacspec assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false open Rust_primitives.Integers -val sample_poly_cbd: #p:params -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false -let sample_poly_cbd #p seed domain_sep = +val sample_poly_cbd: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +let sample_poly_cbd #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in - let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE p) prf_input in - sample_poly_binomial p.v_ETA2 prf_output + let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE r) prf_input in + sample_poly_binomial (v_ETA2 r) prf_output -let sample_vector_cbd_then_ntt (#p:params) (seed:t_Array u8 (sz 32)) (domain_sep:usize) : vector p true = - vector_ntt (sample_vector_cbd #p seed domain_sep) +let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize) : vector r true = + vector_ntt (sample_vector_cbd #r seed domain_sep) type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS type field_element_d (d:dT) = n:nat{n < max_d d} type polynomial_d (d:dT) = t_Array (field_element_d d) (sz 256) -type vector_d (p:params) (d:dT) = t_Array (polynomial_d d) p.v_RANK +type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d @@ -226,14 +228,14 @@ let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d p let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p -let coerce_vector_12 #ntt (#p:params) (v:vector p ntt): vector_d p 12 = v +let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v -let vector_encode_12 (#p:params) (#ntt:bool) (v: vector p ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p) - = let s: t_Array (t_Array _ (sz 384)) p.v_RANK = map_array (byte_encode 12) (coerce_vector_12 v) in +let vector_encode_12 (#r:rank) (#ntt:bool) (v: vector r ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) + = let s: t_Array (t_Array _ (sz 384)) r = map_array (byte_encode 12) (coerce_vector_12 v) in flatten s -let vector_decode_12 (#p:params) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE p)): vector p ntt - = createi p.v_RANK (fun block -> +let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r)): vector r ntt + = createi r (fun block -> let block_size = (sz (32 * 12)) in let slice = Seq.slice arr (v block * v block_size) (v block * v block_size + v block_size) in @@ -254,24 +256,24 @@ let compress_then_encode_message #ntt (p:polynomial ntt) : t_Array u8 v_SHARED_S let decode_then_decompress_message #ntt (b:t_Array u8 v_SHARED_SECRET_SIZE): polynomial ntt = byte_decode_then_decompress 1 b -let compress_then_encode_u (#p:params) (#ntt:bool) (vec: vector p ntt): t_Array u8 (v_C1_SIZE p) - = let d = v p.v_VECTOR_U_COMPRESSION_FACTOR in +let compress_then_encode_u (#r:rank) (#ntt:bool) (vec: vector r ntt): t_Array u8 (v_C1_SIZE r) + = let d = v (v_VECTOR_U_COMPRESSION_FACTOR r) in flatten (map_array (compress_then_byte_encode d) vec) -let decode_then_decompress_u (#p:params) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE p)): vector p ntt - = let d = p.v_VECTOR_U_COMPRESSION_FACTOR in - createi p.v_RANK (fun block -> - let block_size = v_C1_BLOCK_SIZE p in +let decode_then_decompress_u (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE r)): vector r ntt + = let d = v_VECTOR_U_COMPRESSION_FACTOR r in + createi r (fun block -> + let block_size = v_C1_BLOCK_SIZE r in let slice = Seq.slice arr (v block * v block_size) (v block * v block_size + v block_size) in byte_decode_then_decompress (v d) slice ) -let compress_then_encode_v (#p:params) (#ntt:bool): polynomial ntt -> t_Array u8 (v_C2_SIZE p) - = compress_then_byte_encode (v p.v_VECTOR_V_COMPRESSION_FACTOR) +let compress_then_encode_v (#r:rank) (#ntt:bool): polynomial ntt -> t_Array u8 (v_C2_SIZE r) + = compress_then_byte_encode (v (v_VECTOR_V_COMPRESSION_FACTOR r)) -let decode_then_decompress_v (#p:params) (#ntt:bool): t_Array u8 (v_C2_SIZE p) -> polynomial ntt - = byte_decode_then_decompress (v p.v_VECTOR_V_COMPRESSION_FACTOR) +let decode_then_decompress_v (#r:rank) (#ntt:bool): t_Array u8 (v_C2_SIZE r) -> polynomial ntt + = byte_decode_then_decompress (v (v_VECTOR_V_COMPRESSION_FACTOR r)) (** IND-CPA Functions *) @@ -282,54 +284,54 @@ let decode_then_decompress_v (#p:params) (#ntt:bool): t_Array u8 (v_C2_SIZE p) - /// the function itself, whereas this implementation expects it to be provided /// through the `key_generation_seed` parameter. -val ind_cpa_generate_keypair (p:params) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) : - t_MLKEMCPAKeyPair p -let ind_cpa_generate_keypair p randomness = +val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) : + t_MLKEMCPAKeyPair r +let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in - let matrix_A_as_ntt = sample_matrix_A_ntt #p seed_for_A in - let secret_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error (sz 0) in - let error_as_ntt = sample_vector_cbd_then_ntt #p seed_for_secret_and_error p.v_RANK in - let t_as_ntt = compute_As_plus_e_ntt #p matrix_A_as_ntt secret_as_ntt error_as_ntt in - let public_key_serialized = Seq.append (vector_encode_12 #p t_as_ntt) seed_for_A in - let secret_key_serialized = vector_encode_12 #p secret_as_ntt in + let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in + let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in + let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in + let public_key_serialized = Seq.append (vector_encode_12 #r t_as_ntt) seed_for_A in + let secret_key_serialized = vector_encode_12 #r secret_as_ntt in (secret_key_serialized,public_key_serialized) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE encryption algorithm. -val ind_cpa_encrypt (p:params) (public_key: t_MLKEMPublicKey p) +val ind_cpa_encrypt (r:rank) (public_key: t_MLKEMPublicKey r) (message: t_Array u8 v_SHARED_SECRET_SIZE) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : - t_MLKEMCiphertext p - -let ind_cpa_encrypt p public_key message randomness = - let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE p) in - let t_as_ntt = vector_decode_12 #p t_as_ntt_bytes in - let matrix_A_as_ntt = sample_matrix_A_ntt #p seed_for_A in - let r_as_ntt = sample_vector_cbd_then_ntt #p randomness (sz 0) in - let error_1 = sample_vector_cbd #p randomness p.v_RANK in - let error_2 = sample_poly_cbd #p randomness (p.v_RANK +! p.v_RANK) in + t_MLKEMCiphertext r + +let ind_cpa_encrypt r public_key message randomness = + let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE r) in + let t_as_ntt = vector_decode_12 #r t_as_ntt_bytes in + let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let r_as_ntt = sample_vector_cbd_then_ntt #r randomness (sz 0) in + let error_1 = sample_vector_cbd #r randomness r in + let error_2 = sample_poly_cbd #r randomness (r +! r) in let u = vector_add (vector_inv_ntt (matrix_vector_mul_ntt (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in let mu = decode_then_decompress_message message in let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in - let c1 = compress_then_encode_u #p u in - let c2 = compress_then_encode_v #p v in + let c1 = compress_then_encode_u #r u in + let c2 = compress_then_encode_v #r v in concat c1 c2 /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE decryption algorithm. -val ind_cpa_decrypt (p:params) (secret_key: t_MLKEMCPAPrivateKey p) - (ciphertext: t_MLKEMCiphertext p): +val ind_cpa_decrypt (r:rank) (secret_key: t_MLKEMCPAPrivateKey r) + (ciphertext: t_MLKEMCiphertext r): t_MLKEMSharedSecret -let ind_cpa_decrypt p secret_key ciphertext = - let (c1,c2) = split ciphertext (v_C1_SIZE p) in - let u = decode_then_decompress_u #p c1 in - let v = decode_then_decompress_v #p c2 in - let secret_as_ntt = vector_decode_12 #p secret_key in - let w = poly_sub v (poly_inv_ntt #p (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in +let ind_cpa_decrypt r secret_key ciphertext = + let (c1,c2) = split ciphertext (v_C1_SIZE r) in + let u = decode_then_decompress_u #r c1 in + let v = decode_then_decompress_v #r c2 in + let secret_as_ntt = vector_decode_12 #r secret_key in + let w = poly_sub v (poly_inv_ntt #r (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in compress_then_encode_message w (** IND-CCA Functions *) @@ -344,8 +346,8 @@ let ind_cpa_decrypt p secret_key ciphertext = /// /// TODO: input validation -val ind_cca_generate_keypair (p:params) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : - t_MLKEMKeyPair p +val ind_cca_generate_keypair (r:rank) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : + t_MLKEMKeyPair r let ind_cca_generate_keypair p randomness = let (ind_cpa_keypair_randomness, implicit_rejection_value) = split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in @@ -365,9 +367,9 @@ let ind_cca_generate_keypair p randomness = /// /// TODO: input validation -val ind_cca_encapsulate (p:params) (public_key: t_MLKEMPublicKey p) +val ind_cca_encapsulate (r:rank) (public_key: t_MLKEMPublicKey r) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : - (t_MLKEMCiphertext p & t_MLKEMSharedSecret) + (t_MLKEMCiphertext r & t_MLKEMSharedSecret) let ind_cca_encapsulate p public_key randomness = let to_hash = concat randomness (v_H public_key) in let hashed = v_G to_hash in @@ -379,8 +381,8 @@ let ind_cca_encapsulate p public_key randomness = /// This function implements Algorithm 17 of the /// NIST FIPS 203 specification; this is the MLKEM CCA-KEM encapsulation algorithm. -val ind_cca_decapsulate (p:params) (secret_key: t_MLKEMPrivateKey p) - (ciphertext: t_MLKEMCiphertext p): +val ind_cca_decapsulate (r:rank) (secret_key: t_MLKEMPrivateKey r) + (ciphertext: t_MLKEMCiphertext r): t_MLKEMSharedSecret let ind_cca_decapsulate p secret_key ciphertext = let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in @@ -404,69 +406,51 @@ let ind_cca_decapsulate p secret_key ciphertext = (** MLKEM-768 Instantiation *) -let mlkem768_params : params = { - v_RANK = sz 3; - v_ETA1 = sz 2; - v_ETA2 = sz 2; - v_VECTOR_U_COMPRESSION_FACTOR = sz 10; - v_VECTOR_V_COMPRESSION_FACTOR = sz 4; -} +let mlkem768_rank = sz 3 let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)): (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) = - ind_cca_generate_keypair mlkem768_params randomness + ind_cca_generate_keypair mlkem768_rank randomness let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem768_params public_key randomness + ind_cca_encapsulate mlkem768_rank public_key randomness let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem768_params secret_key ciphertext + ind_cca_decapsulate mlkem768_rank secret_key ciphertext (** MLKEM-1024 Instantiation *) -let mlkem1024_params : params = { - v_RANK = sz 4; - v_ETA1 = sz 2; - v_ETA2 = sz 2; - v_VECTOR_U_COMPRESSION_FACTOR = sz 11; - v_VECTOR_V_COMPRESSION_FACTOR = sz 5; -} +let mlkem1024_rank = sz 4 let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) = - ind_cca_generate_keypair mlkem1024_params randomness + ind_cca_generate_keypair mlkem1024_rank randomness let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem1024_params public_key randomness + ind_cca_encapsulate mlkem1024_rank public_key randomness let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem1024_params secret_key ciphertext + ind_cca_decapsulate mlkem1024_rank secret_key ciphertext (** MLKEM-512 Instantiation *) -let mlkem512_params : params = { - v_RANK = sz 2; - v_ETA1 = sz 3; - v_ETA2 = sz 2; - v_VECTOR_U_COMPRESSION_FACTOR = sz 10; - v_VECTOR_V_COMPRESSION_FACTOR = sz 4; -} +let mlkem512_rank : rank = sz 2 let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) = - ind_cca_generate_keypair mlkem512_params randomness + ind_cca_generate_keypair mlkem512_rank randomness let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 768) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem512_params public_key randomness + ind_cca_encapsulate mlkem512_rank public_key randomness let mlkem512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem512_params secret_key ciphertext + ind_cca_decapsulate mlkem512_rank secret_key ciphertext From f0fcebc92f3e5b300c5e533155ee0686040734bc Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 14:45:11 -0400 Subject: [PATCH 020/348] edited spec/Makefile --- libcrux-ml-kem/proofs/fstar/spec/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index 7caf6ddd7..6eda7cef5 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -53,7 +53,7 @@ else FSTAR_HINTS ?= --use_hints --use_hint_hashes endif -VERIFIED = +VERIFIED = Spec.Utils.fst Spec.MLKEM.fst UNVERIFIED = From 22de2d071eefa203d463c63072dc3fa4dafd3543 Mon Sep 17 00:00:00 2001 From: mamonet Date: Thu, 8 Aug 2024 18:48:22 +0000 Subject: [PATCH 021/348] Update MLKEM spec --- .../proofs/fstar/spec/Spec.MLKEM.fst | 47 ++++++++++--------- libcrux-ml-kem/src/ind_cca.rs | 10 ++++ 2 files changed, 36 insertions(+), 21 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 3282afa9c..41f415d33 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -13,7 +13,7 @@ let v_BITS_PER_RING_ELEMENT: usize = sz 3072 // v_COEFFICIENTS_IN_RING_ELEMENT * let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8 -let v_CPA_PKE_KEY_GENERATION_SEED_SIZE: usize = sz 32 +let v_CPA_KEY_GENERATION_SEED_SIZE: usize = sz 32 let v_FIELD_MODULUS: i32 = 3329l @@ -24,7 +24,10 @@ let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE -type rank = r:usize{r == sz 2 \/ r == sz 3 \/ r == sz 4} +let is_rank (r:usize) = + r == sz 2 \/ r == sz 3 \/ r == sz 4 + +type rank = r:usize{is_rank r} let v_ETA1 (r:rank) : usize = if r = sz 2 then sz 3 else @@ -54,14 +57,16 @@ val v_RANKED_BYTES_PER_RING_ELEMENT (r:rank) : u:usize{u = sz 768 \/ u = sz 1152 let v_RANKED_BYTES_PER_RING_ELEMENT (r:rank) = r *! v_BYTES_PER_RING_ELEMENT let v_T_AS_NTT_ENCODED_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r -let v_CPA_PKE_SECRET_KEY_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r +let v_CPA_PRIVATE_KEY_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r + +val v_CPA_PUBLIC_KEY_SIZE (r:rank) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} +let v_CPA_PUBLIC_KEY_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r +! sz 32 -val v_CPA_PKE_PUBLIC_KEY_SIZE (r:rank) : u:usize{u = sz 800 \/ u = sz 1184 \/ u = sz 1568} -let v_CPA_PKE_PUBLIC_KEY_SIZE (r:rank) = v_RANKED_BYTES_PER_RING_ELEMENT r +! sz 32 +val v_CCA_PRIVATE_KEY_SIZE (r:rank) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} +let v_CCA_PRIVATE_KEY_SIZE (r:rank) = + (v_CPA_PRIVATE_KEY_SIZE r +! v_CPA_PUBLIC_KEY_SIZE r +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) -val v_SECRET_KEY_SIZE (r:rank) : u:usize{u = sz 1632 \/ u = sz 2400 \/ u = sz 3168} -let v_SECRET_KEY_SIZE (r:rank) = - (v_CPA_PKE_SECRET_KEY_SIZE r +! v_CPA_PKE_PUBLIC_KEY_SIZE r +! v_H_DIGEST_SIZE +! v_SHARED_SECRET_SIZE) +let v_CCA_PUBLIC_KEY_SIZE (r:rank) = v_CPA_PUBLIC_KEY_SIZE r val v_C1_BLOCK_SIZE (r:rank): u:usize{(u = sz 320 \/ u = sz 352) /\ v u == 32 * v (v_VECTOR_U_COMPRESSION_FACTOR r)} let v_C1_BLOCK_SIZE (r:rank) = sz 32 *! v_VECTOR_U_COMPRESSION_FACTOR r @@ -73,29 +78,29 @@ let v_C1_SIZE (r:rank) = v_C1_BLOCK_SIZE r *! r val v_C2_SIZE (r:rank) : u:usize{(u = sz 128 \/ u = sz 160) /\ v u == 32 * v (v_VECTOR_V_COMPRESSION_FACTOR r)} let v_C2_SIZE (r:rank) = sz 32 *! v_VECTOR_V_COMPRESSION_FACTOR r -val v_CPA_PKE_CIPHERTEXT_SIZE (r:rank) : u:usize {v u = v (v_C1_SIZE r) + v (v_C2_SIZE r)} -let v_CPA_PKE_CIPHERTEXT_SIZE (r:rank) = v_C1_SIZE r +! v_C2_SIZE r +val v_CPA_CIPHERTEXT_SIZE (r:rank) : u:usize {v u = v (v_C1_SIZE r) + v (v_C2_SIZE r)} +let v_CPA_CIPHERTEXT_SIZE (r:rank) = v_C1_SIZE r +! v_C2_SIZE r val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (r:rank): u:usize{v u == v v_SHARED_SECRET_SIZE + - v (v_CPA_PKE_CIPHERTEXT_SIZE r)} + v (v_CPA_CIPHERTEXT_SIZE r)} let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (r:rank) = - v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE r + v_SHARED_SECRET_SIZE +! v_CPA_CIPHERTEXT_SIZE r val v_KEY_GENERATION_SEED_SIZE: u:usize{u = sz 64} let v_KEY_GENERATION_SEED_SIZE: usize = - v_CPA_PKE_KEY_GENERATION_SEED_SIZE +! + v_CPA_KEY_GENERATION_SEED_SIZE +! v_SHARED_SECRET_SIZE (** ML-KEM Types *) -type t_MLKEMPublicKey (r:rank) = t_Array u8 (v_CPA_PKE_PUBLIC_KEY_SIZE r) -type t_MLKEMPrivateKey (r:rank) = t_Array u8 (v_SECRET_KEY_SIZE r) +type t_MLKEMPublicKey (r:rank) = t_Array u8 (v_CPA_PUBLIC_KEY_SIZE r) +type t_MLKEMPrivateKey (r:rank) = t_Array u8 (v_CCA_PRIVATE_KEY_SIZE r) type t_MLKEMKeyPair (r:rank) = t_MLKEMPrivateKey r & t_MLKEMPublicKey r -type t_MLKEMCPAPrivateKey (r:rank) = t_Array u8 (v_CPA_PKE_SECRET_KEY_SIZE r) +type t_MLKEMCPAPrivateKey (r:rank) = t_Array u8 (v_CPA_PRIVATE_KEY_SIZE r) type t_MLKEMCPAKeyPair (r:rank) = t_MLKEMCPAPrivateKey r & t_MLKEMPublicKey r -type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_PKE_CIPHERTEXT_SIZE r) +type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_CIPHERTEXT_SIZE r) type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) (** MLKEM Math and Sampling *) @@ -284,7 +289,7 @@ let decode_then_decompress_v (#r:rank) (#ntt:bool): t_Array u8 (v_C2_SIZE r) -> /// the function itself, whereas this implementation expects it to be provided /// through the `key_generation_seed` parameter. -val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_PKE_KEY_GENERATION_SEED_SIZE) : +val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) : t_MLKEMCPAKeyPair r let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in @@ -350,7 +355,7 @@ val ind_cca_generate_keypair (r:rank) (randomness:t_Array u8 v_KEY_GENERATION_SE t_MLKEMKeyPair r let ind_cca_generate_keypair p randomness = let (ind_cpa_keypair_randomness, implicit_rejection_value) = - split randomness v_CPA_PKE_KEY_GENERATION_SEED_SIZE in + split randomness v_CPA_KEY_GENERATION_SEED_SIZE in let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in let ind_cca_secret_key = Seq.append ind_cpa_secret_key ( @@ -385,8 +390,8 @@ val ind_cca_decapsulate (r:rank) (secret_key: t_MLKEMPrivateKey r) (ciphertext: t_MLKEMCiphertext r): t_MLKEMSharedSecret let ind_cca_decapsulate p secret_key ciphertext = - let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PKE_SECRET_KEY_SIZE p) in - let (ind_cpa_public_key,rest) = split rest (v_CPA_PKE_PUBLIC_KEY_SIZE p) in + let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PRIVATE_KEY_SIZE p) in + let (ind_cpa_public_key,rest) = split rest (v_CPA_PUBLIC_KEY_SIZE p) in let (ind_cpa_public_key_hash,implicit_rejection_value) = split rest v_H_DIGEST_SIZE in let decrypted = ind_cpa_decrypt p ind_cpa_secret_key ciphertext in diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 7127c1704..42cb0e0ef 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -107,6 +107,16 @@ fn validate_public_key< /// /// Depending on the `Vector` and `Hasher` used, this requires different hardware /// features +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_BYTES_PER_RING_ELEMENT /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] +#[hax_lib::ensures(|result| + fstar!("(${result}.f_sk.f_value, ${result}.f_pk.f_value) == Spec.MLKEM.ind_cca_generate_keypair $K $randomness")) +] fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, From 0c800c3b8222b946a594a8a2ffc0186b3224b819 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 15:56:52 -0400 Subject: [PATCH 022/348] ind_cca is panic-free --- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 8 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 8 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 8 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 34 ++ .../extraction/Libcrux_ml_kem.Ind_cca.fst | 339 +------------- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 102 ++-- .../proofs/fstar/spec/Spec.MLKEM.fst | 2 + libcrux-ml-kem/src/ind_cca.rs | 434 ++++++++++-------- libcrux-ml-kem/src/ind_cca/instantiations.rs | 6 +- 9 files changed, 347 insertions(+), 594 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index b0da52091..a6412b597 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -64,7 +64,7 @@ let encapsulate_unpacked Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector @@ -78,7 +78,7 @@ let decapsulate_unpacked Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - Libcrux_ml_kem.Ind_cca.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE @@ -90,7 +90,7 @@ let generate_keypair_unpacked usize) (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index ee22fe76c..39e857ef8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -66,7 +66,7 @@ let encapsulate_unpacked Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector @@ -80,7 +80,7 @@ let decapsulate_unpacked Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - Libcrux_ml_kem.Ind_cca.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE @@ -92,7 +92,7 @@ let generate_keypair_unpacked usize) (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 793a0358f..b4fea31ec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -66,7 +66,7 @@ let encapsulate_unpacked Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -80,7 +80,7 @@ let decapsulate_unpacked Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - Libcrux_ml_kem.Ind_cca.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE @@ -92,7 +92,7 @@ let generate_keypair_unpacked usize) (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE + v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 8f34bc961..04608ba6f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -6,6 +6,9 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in let open Libcrux_ml_kem.Vector.Traits in () @@ -25,6 +28,18 @@ type t_MlKemPublicKeyUnpacked f_public_key_hash:t_Array u8 (sz 32) } +val encapsulate_unpacked + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + Prims.l_True + (fun _ -> Prims.l_True) + /// An unpacked ML-KEM KeyPair type t_MlKemKeyPairUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -32,3 +47,22 @@ type t_MlKemKeyPairUnpacked f_private_key:t_MlKemPrivateKeyUnpacked v_K v_Vector; f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector } + +val decapsulate_unpacked + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + +val generate_keypair_unpacked + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (randomness: t_Array u8 (sz 64)) + : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index e529309e6..6fcb8f418 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -7,7 +7,6 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in let open Libcrux_ml_kem.Vector.Traits in () @@ -290,7 +289,7 @@ let decapsulate (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -353,7 +352,7 @@ let encapsulate in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 + v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key <: @@ -443,337 +442,3 @@ let generate_keypair public_key <: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) - = - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Rust_primitives.unsize public_key.Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key_hash - <: - t_Slice u8) - <: - t_Slice u8) - in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - in - let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN - v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - public_key.Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key randomness pseudorandomness - in - let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let shared_secret_array:t_Array u8 (sz 32) = - Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret - in - Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Array u8 v_CIPHERTEXT_SIZE) - #FStar.Tactics.Typeclasses.solve - ciphertext, - shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - let decrypted:t_Array u8 (sz 32) = - Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K - v_CIPHERTEXT_SIZE - v_C1_SIZE - v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR - #v_Vector - key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_private_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_private_key - ciphertext.Libcrux_ml_kem.Types.f_value - in - let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) - in - let to_hash:t_Array u8 (sz 64) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Rust_primitives.unsize key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key_hash - <: - t_Slice u8) - <: - t_Slice u8) - in - let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - in - let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 - v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - (Rust_primitives.unsize key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_private_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_implicit_rejection_value - <: - t_Slice u8) - in - let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash - ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize) - (Core.Slice.impl__copy_from_slice #u8 - (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } - <: - Core.Ops.Range.t_RangeFrom usize ] - <: - t_Slice u8) - (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - <: - t_Slice u8) - in - let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) - in - let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = - Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE - v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - key_pair.Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key - .Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key decrypted pseudorandomness - in - let selector:u8 = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext - v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - in - Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) - selector - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Array u8 (sz 64)) - = - let ind_cpa_keypair_randomness:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_Range usize ] - in - let implicit_rejection_value:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE - } - <: - Core.Ops.Range.t_RangeFrom usize ] - in - let ind_cpa_private_key, ind_cpa_public_key:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked - v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher - ind_cpa_keypair_randomness - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - v_A - (fun v_A i -> - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K = - v_A - in - let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - v_A - (fun v_A j -> - let v_A:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - v_A - in - let j:usize = j in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - j - (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - #FStar.Tactics.Typeclasses.solve - ((ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K).[ i ] - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K) - <: - t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - in - let ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector - in - let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K - v_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #v_Vector - ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A - <: - t_Slice u8) - in - let public_key_hash:t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize pk_serialized <: t_Slice u8) - in - let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - implicit_rejection_value - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - in - { - Libcrux_ml_kem.Ind_cca.Unpacked.f_private_key - = - { - Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_private_key = ind_cpa_private_key; - Libcrux_ml_kem.Ind_cca.Unpacked.f_implicit_rejection_value = implicit_rejection_value - } - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPrivateKeyUnpacked v_K v_Vector; - Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key - = - { - Libcrux_ml_kem.Ind_cca.Unpacked.f_ind_cpa_public_key = ind_cpa_public_key; - Libcrux_ml_kem.Ind_cca.Unpacked.f_public_key_hash = public_key_hash - } - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K v_Vector - } - <: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 4ad3af6e2..1c2c5879d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -7,7 +7,6 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in - let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in let open Libcrux_ml_kem.Vector.Traits in () @@ -26,7 +25,13 @@ val serialize_kem_secret_key (#v_Hasher: Type0) {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (private_key public_key implicit_rejection_value: t_Slice u8) - : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SERIALIZED_KEY_LEN) + (requires + Spec.MLKEM.is_rank v_K /\ v_SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + Core.Slice.impl__len #u8 private_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + Core.Slice.impl__len #u8 public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + Core.Slice.impl__len #u8 implicit_rejection_value == Spec.MLKEM.v_SHARED_SECRET_SIZE) + (fun _ -> Prims.l_True) /// Implements [`Variant`], to perform the ML-KEM-specific actions /// during encapsulation and decapsulation. @@ -40,7 +45,12 @@ val validate_public_key (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) /// This trait collects differences in specification between ML-KEM /// (Draft FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the @@ -52,9 +62,9 @@ class t_Variant (v_Self: Type0) = { v_CIPHERTEXT_SIZE: usize -> #v_Hasher: Type0 -> {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> Type0; + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; f_kdf_post: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -78,8 +88,8 @@ class t_Variant (v_Self: Type0) = { v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 - -> Type0; + randomness: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; f_entropy_preprocess_post: v_K: usize -> #v_Hasher: Type0 -> @@ -112,7 +122,7 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - true); + (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); f_kdf_post = (fun @@ -152,7 +162,7 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - true); + (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); f_entropy_preprocess_post = (fun @@ -189,10 +199,25 @@ val decapsulate {| i5: t_Variant v_Scheme |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + (fun _ -> Prims.l_True) val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher #v_Scheme: Type0) {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -201,7 +226,17 @@ val encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Packed API @@ -216,38 +251,11 @@ val generate_keypair {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) - -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K v_Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (key_pair: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - (randomness: t_Array u8 (sz 64)) - : Prims.Pure (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K v_Vector) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_BYTES_PER_RING_ELEMENT /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 41f415d33..021ea0b4b 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -81,6 +81,8 @@ let v_C2_SIZE (r:rank) = sz 32 *! v_VECTOR_V_COMPRESSION_FACTOR r val v_CPA_CIPHERTEXT_SIZE (r:rank) : u:usize {v u = v (v_C1_SIZE r) + v (v_C2_SIZE r)} let v_CPA_CIPHERTEXT_SIZE (r:rank) = v_C1_SIZE r +! v_C2_SIZE r +let v_CCA_CIPHERTEXT_SIZE (r:rank) = v_CPA_CIPHERTEXT_SIZE r + val v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (r:rank): u:usize{v u == v v_SHARED_SECRET_SIZE + v (v_CPA_CIPHERTEXT_SIZE r)} let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE (r:rank) = diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 42cb0e0ef..4942e0ef3 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -13,29 +13,6 @@ use crate::{ vector::Operations, }; -/// Types for the unpacked API. -pub mod unpacked { - use crate::{ind_cpa::unpacked::*, vector::traits::Operations}; - - /// An unpacked ML-KEM IND-CCA Private Key - pub struct MlKemPrivateKeyUnpacked { - pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, - pub(crate) implicit_rejection_value: [u8; 32], - } - - /// An unpacked ML-KEM IND-CCA Private Key - pub struct MlKemPublicKeyUnpacked { - pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, - pub(crate) public_key_hash: [u8; 32], - } - - /// An unpacked ML-KEM KeyPair - pub struct MlKemKeyPairUnpacked { - pub private_key: MlKemPrivateKeyUnpacked, - pub public_key: MlKemPublicKeyUnpacked, - } -} -use unpacked::*; /// Seed size for key generation pub const KEY_GENERATION_SEED_SIZE: usize = CPA_PKE_KEY_GENERATION_SEED_SIZE + SHARED_SECRET_SIZE; @@ -62,6 +39,11 @@ pub(crate) mod instantiations; /// Serialize the secret key. #[inline(always)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ + ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] fn serialize_kem_secret_key>( private_key: &[u8], public_key: &[u8], @@ -81,6 +63,9 @@ fn serialize_kem_secret_key, ->( - randomness: [u8; KEY_GENERATION_SEED_SIZE], -) -> MlKemKeyPairUnpacked { - let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; - let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; - let (ind_cpa_private_key, mut ind_cpa_public_key) = - crate::ind_cpa::generate_keypair_unpacked::( - ind_cpa_keypair_randomness, - ); +pub mod unpacked { + use crate::{ind_cpa::unpacked::*, vector::traits::Operations}; + use super::*; - // We need to un-transpose the A_transpose matrix provided by IND-CPA - // We would like to write the following but it is not supported by Eurydice yet. - // https://github.com/AeneasVerif/eurydice/issues/39 - // - // let A = core::array::from_fn(|i| { - // core::array::from_fn(|j| A_transpose[j][i]) - // }); - - #[allow(non_snake_case)] - let mut A = core::array::from_fn(|_i| { - core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) - }); - for i in 0..K { - for j in 0..K { - A[i][j] = ind_cpa_public_key.A[j][i].clone(); - } + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPrivateKeyUnpacked { + pub(crate) ind_cpa_private_key: IndCpaPrivateKeyUnpacked, + pub(crate) implicit_rejection_value: [u8; 32], } - ind_cpa_public_key.A = A; - let pk_serialized = serialize_public_key::( - &ind_cpa_public_key.t_as_ntt, - &ind_cpa_public_key.seed_for_A, - ); - let public_key_hash = Hasher::H(&pk_serialized); - let implicit_rejection_value: [u8; 32] = implicit_rejection_value.try_into().unwrap(); - - MlKemKeyPairUnpacked { - private_key: MlKemPrivateKeyUnpacked { - ind_cpa_private_key, - implicit_rejection_value, - }, - public_key: MlKemPublicKeyUnpacked { - ind_cpa_public_key, - public_key_hash, - }, + /// An unpacked ML-KEM IND-CCA Private Key + pub struct MlKemPublicKeyUnpacked { + pub(crate) ind_cpa_public_key: IndCpaPublicKeyUnpacked, + pub(crate) public_key_hash: [u8; 32], } -} - -// Encapsulate with Unpacked Public Key -pub(crate) fn encapsulate_unpacked< - const K: usize, - const CIPHERTEXT_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - public_key: &MlKemPublicKeyUnpacked, - randomness: [u8; SHARED_SECRET_SIZE], -) -> (MlKemCiphertext, MlKemSharedSecret) { - let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); - to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); - - let hashed = Hasher::G(&to_hash); - let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); - let ciphertext = crate::ind_cpa::encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, - >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); - let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; - shared_secret_array.copy_from_slice(shared_secret); - (MlKemCiphertext::from(ciphertext), shared_secret_array) -} - -// Decapsulate with Unpacked Private Key -pub(crate) fn decapsulate_unpacked< - const K: usize, - const SECRET_KEY_SIZE: usize, - const CPA_SECRET_KEY_SIZE: usize, - const PUBLIC_KEY_SIZE: usize, - const CIPHERTEXT_SIZE: usize, - const T_AS_NTT_ENCODED_SIZE: usize, - const C1_SIZE: usize, - const C2_SIZE: usize, - const VECTOR_U_COMPRESSION_FACTOR: usize, - const VECTOR_V_COMPRESSION_FACTOR: usize, - const C1_BLOCK_SIZE: usize, - const ETA1: usize, - const ETA1_RANDOMNESS_SIZE: usize, - const ETA2: usize, - const ETA2_RANDOMNESS_SIZE: usize, - const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, - Vector: Operations, - Hasher: Hash, ->( - key_pair: &MlKemKeyPairUnpacked, - ciphertext: &MlKemCiphertext, -) -> MlKemSharedSecret { - let decrypted = crate::ind_cpa::decrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - C1_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - Vector, - >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); + /// An unpacked ML-KEM KeyPair + pub struct MlKemKeyPairUnpacked { + pub private_key: MlKemPrivateKeyUnpacked, + pub public_key: MlKemPublicKeyUnpacked, + } - let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); + // Generate Unpacked Keys + pub(crate) fn generate_keypair_unpacked< + const K: usize, + const CPA_PRIVATE_KEY_SIZE: usize, + const PRIVATE_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const BYTES_PER_RING_ELEMENT: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + randomness: [u8; KEY_GENERATION_SEED_SIZE], + ) -> MlKemKeyPairUnpacked { + let ind_cpa_keypair_randomness = &randomness[0..CPA_PKE_KEY_GENERATION_SEED_SIZE]; + let implicit_rejection_value = &randomness[CPA_PKE_KEY_GENERATION_SEED_SIZE..]; + let (ind_cpa_private_key, mut ind_cpa_public_key) = + crate::ind_cpa::generate_keypair_unpacked::( + ind_cpa_keypair_randomness, + ); + + // We need to un-transpose the A_transpose matrix provided by IND-CPA + // We would like to write the following but it is not supported by Eurydice yet. + // https://github.com/AeneasVerif/eurydice/issues/39 + // + // let A = core::array::from_fn(|i| { + // core::array::from_fn(|j| A_transpose[j][i]) + // }); + + #[allow(non_snake_case)] + let mut A = core::array::from_fn(|_i| { + core::array::from_fn(|_j| PolynomialRingElement::::ZERO()) + }); + for i in 0..K { + for j in 0..K { + A[i][j] = ind_cpa_public_key.A[j][i].clone(); + } + } + ind_cpa_public_key.A = A; - let hashed = Hasher::G(&to_hash); - let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + let pk_serialized = serialize_public_key::( + &ind_cpa_public_key.t_as_ntt, + &ind_cpa_public_key.seed_for_A, + ); + let public_key_hash = Hasher::H(&pk_serialized); + let implicit_rejection_value: [u8; 32] = implicit_rejection_value.try_into().unwrap(); + + MlKemKeyPairUnpacked { + private_key: MlKemPrivateKeyUnpacked { + ind_cpa_private_key, + implicit_rejection_value, + }, + public_key: MlKemPublicKeyUnpacked { + ind_cpa_public_key, + public_key_hash, + }, + } + } - let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = - into_padded_array(&key_pair.private_key.implicit_rejection_value); - to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); - let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + // Encapsulate with Unpacked Public Key + pub(crate) fn encapsulate_unpacked< + const K: usize, + const CIPHERTEXT_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const VECTOR_U_BLOCK_LEN: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + Vector: Operations, + Hasher: Hash, + >( + public_key: &MlKemPublicKeyUnpacked, + randomness: [u8; SHARED_SECRET_SIZE], + ) -> (MlKemCiphertext, MlKemSharedSecret) { + let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); + to_hash[H_DIGEST_SIZE..].copy_from_slice(&public_key.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + VECTOR_U_BLOCK_LEN, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >(&public_key.ind_cpa_public_key, randomness, pseudorandomness); + let mut shared_secret_array = [0u8; SHARED_SECRET_SIZE]; + shared_secret_array.copy_from_slice(shared_secret); + (MlKemCiphertext::from(ciphertext), shared_secret_array) + } - let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_SIZE, - C2_SIZE, - VECTOR_U_COMPRESSION_FACTOR, - VECTOR_V_COMPRESSION_FACTOR, - C1_BLOCK_SIZE, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, + // Decapsulate with Unpacked Private Key + pub(crate) fn decapsulate_unpacked< + const K: usize, + const SECRET_KEY_SIZE: usize, + const CPA_SECRET_KEY_SIZE: usize, + const PUBLIC_KEY_SIZE: usize, + const CIPHERTEXT_SIZE: usize, + const T_AS_NTT_ENCODED_SIZE: usize, + const C1_SIZE: usize, + const C2_SIZE: usize, + const VECTOR_U_COMPRESSION_FACTOR: usize, + const VECTOR_V_COMPRESSION_FACTOR: usize, + const C1_BLOCK_SIZE: usize, + const ETA1: usize, + const ETA1_RANDOMNESS_SIZE: usize, + const ETA2: usize, + const ETA2_RANDOMNESS_SIZE: usize, + const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize, + Vector: Operations, + Hasher: Hash, >( - &key_pair.public_key.ind_cpa_public_key, - decrypted, - pseudorandomness, - ); + key_pair: &MlKemKeyPairUnpacked, + ciphertext: &MlKemCiphertext, + ) -> MlKemSharedSecret { + let decrypted = crate::ind_cpa::decrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + C1_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + Vector, + >(&key_pair.private_key.ind_cpa_private_key, &ciphertext.value); + + let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(&key_pair.public_key.public_key_hash); + + let hashed = Hasher::G(&to_hash); + let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + + let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = + into_padded_array(&key_pair.private_key.implicit_rejection_value); + to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); + let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + + let expected_ciphertext = crate::ind_cpa::encrypt_unpacked::< + K, + CIPHERTEXT_SIZE, + T_AS_NTT_ENCODED_SIZE, + C1_SIZE, + C2_SIZE, + VECTOR_U_COMPRESSION_FACTOR, + VECTOR_V_COMPRESSION_FACTOR, + C1_BLOCK_SIZE, + ETA1, + ETA1_RANDOMNESS_SIZE, + ETA2, + ETA2_RANDOMNESS_SIZE, + Vector, + Hasher, + >( + &key_pair.public_key.ind_cpa_public_key, + decrypted, + pseudorandomness, + ); - let selector = compare_ciphertexts_in_constant_time(ciphertext.as_ref(), &expected_ciphertext); + let selector = compare_ciphertexts_in_constant_time(ciphertext.as_ref(), &expected_ciphertext); - select_shared_secret_in_constant_time( - shared_secret, - &implicit_rejection_shared_secret, - selector, - ) + select_shared_secret_in_constant_time( + shared_secret, + &implicit_rejection_shared_secret, + selector, + ) + } } /// This trait collects differences in specification between ML-KEM @@ -470,11 +505,14 @@ pub(crate) fn decapsulate_unpacked< /// NIST PQ competition. /// /// cf. FIPS 203 (Draft), section 1.3 +#[hax_lib::attributes] pub(crate) trait Variant { + #[requires(shared_secret.len() == 32)] fn kdf>( shared_secret: &[u8], ciphertext: &MlKemCiphertext, ) -> [u8; 32]; + #[requires(randomness.len() == 32)] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; } @@ -487,8 +525,10 @@ pub(crate) trait Variant { pub(crate) struct Kyber {} #[cfg(feature = "kyber")] +#[hax_lib::attributes] impl Variant for Kyber { #[inline(always)] + #[requires(shared_secret.len() == 32)] fn kdf>( shared_secret: &[u8], ciphertext: &MlKemCiphertext, @@ -499,6 +539,7 @@ impl Variant for Kyber { } #[inline(always)] + #[requires(randomness.len() == 32)] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { Hasher::H(&randomness) } @@ -511,8 +552,10 @@ impl Variant for Kyber { /// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. pub(crate) struct MlKem {} +#[hax_lib::attributes] impl Variant for MlKem { #[inline(always)] + #[requires(shared_secret.len() == 32)] fn kdf>( shared_secret: &[u8], _: &MlKemCiphertext, @@ -523,6 +566,7 @@ impl Variant for MlKem { } #[inline(always)] + #[requires(randomness.len() == 32)] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { let mut out = [0u8; 32]; out.copy_from_slice(randomness); diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 1316d3564..3922615a7 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -233,7 +233,7 @@ macro_rules! instantiate { >( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPairUnpacked { - crate::ind_cca::generate_keypair_unpacked::< + crate::ind_cca::unpacked::generate_keypair_unpacked::< K, CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, @@ -265,7 +265,7 @@ macro_rules! instantiate { public_key: &MlKemPublicKeyUnpacked, randomness: [u8; SHARED_SECRET_SIZE], ) -> (MlKemCiphertext, MlKemSharedSecret) { - crate::ind_cca::encapsulate_unpacked::< + crate::ind_cca::unpacked::encapsulate_unpacked::< K, CIPHERTEXT_SIZE, PUBLIC_KEY_SIZE, @@ -306,7 +306,7 @@ macro_rules! instantiate { key_pair: &MlKemKeyPairUnpacked, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - crate::ind_cca::decapsulate_unpacked::< + crate::ind_cca::unpacked::decapsulate_unpacked::< K, SECRET_KEY_SIZE, CPA_SECRET_KEY_SIZE, From fbe147da28b4d81f37b3bb0f79c9a3944e7db17a Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 16:41:45 -0400 Subject: [PATCH 023/348] more modules are panic free --- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 10 ++-- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 48 ++++++++++++++-- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 10 ++-- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 48 ++++++++++++++-- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 10 ++-- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 48 ++++++++++++++-- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 16 +++--- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 48 ++++++++++++++-- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ind_cca/instantiations.rs | 48 ++++++++++++++-- libcrux-ml-kem/src/ind_cca/multiplexing.rs | 55 ++++++++++++++++--- 11 files changed, 283 insertions(+), 59 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index a6412b597..723e8e4ee 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -35,24 +35,24 @@ let decapsulate #Libcrux_ml_kem.Ind_cca.t_MlKem private_key ciphertext let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash #Libcrux_ml_kem.Ind_cca.t_MlKem public_key randomness let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 5e93b95fd..7fb183942 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -15,7 +15,12 @@ let _ = val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) /// Portable decapsulate val decapsulate @@ -23,24 +28,55 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + (fun _ -> Prims.l_True) val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Portable generate key pair. val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Portable encapsualte diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 39e857ef8..44e9eb957 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -36,25 +36,25 @@ let decapsulate ciphertext let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Ind_cca.t_MlKem public_key randomness let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 5b91ffe69..36027ded7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -15,7 +15,12 @@ let _ = val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) /// Portable decapsulate val decapsulate @@ -23,24 +28,55 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + (fun _ -> Prims.l_True) val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Portable generate key pair. val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Portable encapsualte diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index b4fea31ec..5095ea6f2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -36,25 +36,25 @@ let decapsulate private_key ciphertext let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = Libcrux_ml_kem.Ind_cca.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE - v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR - v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE + v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Ind_cca.t_MlKem public_key randomness let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) = Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE + v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 1d56ac04e..b35947909 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -15,7 +15,12 @@ let _ = val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) /// Portable decapsulate val decapsulate @@ -23,24 +28,55 @@ val decapsulate usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + (fun _ -> Prims.l_True) val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Portable generate key pair. val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) /// Portable encapsualte diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 110c7795f..ae05c29fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -55,7 +55,7 @@ let decapsulate private_key ciphertext let encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) @@ -64,23 +64,23 @@ let encapsulate then Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness else if Libcrux_platform.Platform.simd128_support () then Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness else Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE public_key randomness let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) = @@ -90,7 +90,7 @@ let generate_keypair v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT + v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE randomness @@ -101,7 +101,7 @@ let generate_keypair v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT + v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE randomness @@ -110,7 +110,7 @@ let generate_keypair v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT + v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index f94109b2d..3bab36da7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -6,28 +6,64 @@ open FStar.Mul val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + (fun _ -> Prims.l_True) val encapsulate - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_SIZE == Spec.MLKEM.v_C2_SIZE v_K /\ + v_VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 724f655c0..41ea6d360 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -60,6 +60,7 @@ PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Constant_time_ops.fsti \ Libcrux_ml_kem.Utils.fst \ Libcrux_ml_kem.Utils.fsti \ + Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cca.fsti \ Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ Libcrux_ml_kem.Ind_cpa.fsti \ diff --git a/libcrux-ml-kem/src/ind_cca/instantiations.rs b/libcrux-ml-kem/src/ind_cca/instantiations.rs index 3922615a7..8fe74c596 100644 --- a/libcrux-ml-kem/src/ind_cca/instantiations.rs +++ b/libcrux-ml-kem/src/ind_cca/instantiations.rs @@ -12,12 +12,19 @@ macro_rules! instantiate { crate::ind_cca::unpacked::MlKemPublicKeyUnpacked; /// Portable generate key pair. + #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, >( @@ -28,7 +35,7 @@ macro_rules! instantiate { CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, + RANKED_BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, $vector, @@ -37,6 +44,9 @@ macro_rules! instantiate { } /// Portable public key validation + #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))] pub(crate) fn validate_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -92,6 +102,19 @@ macro_rules! instantiate { >(public_key, randomness) } + #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ + $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\ + $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ + $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))] pub(crate) fn encapsulate< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -101,7 +124,7 @@ macro_rules! instantiate { const C2_SIZE: usize, const VECTOR_U_COMPRESSION_FACTOR: usize, const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, + const C1_BLOCK_SIZE: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, const ETA2: usize, @@ -119,7 +142,7 @@ macro_rules! instantiate { C2_SIZE, VECTOR_U_COMPRESSION_FACTOR, VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, + C1_BLOCK_SIZE, ETA1, ETA1_RANDOMNESS_SIZE, ETA2, @@ -177,6 +200,23 @@ macro_rules! instantiate { } /// Portable decapsulate + #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ + $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + + $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ + $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\ + $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ + $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ + $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] pub fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cca/multiplexing.rs b/libcrux-ml-kem/src/ind_cca/multiplexing.rs index 8257a573a..efe518217 100644 --- a/libcrux-ml-kem/src/ind_cca/multiplexing.rs +++ b/libcrux-ml-kem/src/ind_cca/multiplexing.rs @@ -48,6 +48,9 @@ use instantiations::portable::{ kyber_decapsulate as kyber_decapsulate_neon, kyber_encapsulate as kyber_encapsulate_neon, }; +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE $K"))] pub(crate) fn validate_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -68,12 +71,19 @@ pub(crate) fn validate_public_key< } } +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] pub(crate) fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, >( @@ -86,7 +96,7 @@ pub(crate) fn generate_keypair< CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, + RANKED_BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, >(randomness) @@ -96,7 +106,7 @@ pub(crate) fn generate_keypair< CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, + RANKED_BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, >(randomness) @@ -106,7 +116,7 @@ pub(crate) fn generate_keypair< CPA_PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, + RANKED_BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, >(randomness) @@ -183,6 +193,19 @@ pub(crate) fn kyber_encapsulate< } } +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ + $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\ + $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ + $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))] pub(crate) fn encapsulate< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -192,7 +215,7 @@ pub(crate) fn encapsulate< const C2_SIZE: usize, const VECTOR_U_COMPRESSION_FACTOR: usize, const VECTOR_V_COMPRESSION_FACTOR: usize, - const VECTOR_U_BLOCK_LEN: usize, + const C1_BLOCK_SIZE: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, const ETA2: usize, @@ -211,7 +234,7 @@ pub(crate) fn encapsulate< C2_SIZE, VECTOR_U_COMPRESSION_FACTOR, VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, + C1_BLOCK_SIZE, ETA1, ETA1_RANDOMNESS_SIZE, ETA2, @@ -227,7 +250,7 @@ pub(crate) fn encapsulate< C2_SIZE, VECTOR_U_COMPRESSION_FACTOR, VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, + C1_BLOCK_SIZE, ETA1, ETA1_RANDOMNESS_SIZE, ETA2, @@ -243,7 +266,7 @@ pub(crate) fn encapsulate< C2_SIZE, VECTOR_U_COMPRESSION_FACTOR, VECTOR_V_COMPRESSION_FACTOR, - VECTOR_U_BLOCK_LEN, + C1_BLOCK_SIZE, ETA1, ETA1_RANDOMNESS_SIZE, ETA2, @@ -334,6 +357,22 @@ pub(crate) fn kyber_decapsulate< } } +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ + $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ + $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\ + $VECTOR_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $VECTOR_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $C1_BLOCK_SIZE == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ + $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ + $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, From a0312a28d95915e33ac5fe9d2ad41c869b1ad430 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 16:49:02 -0400 Subject: [PATCH 024/348] propagated preconditions to API modules --- .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 4 ++-- .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti | 4 ++-- libcrux-ml-kem/src/ind_cca.rs | 7 +++---- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 6fcb8f418..9f9bfdcf5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -380,7 +380,7 @@ let encapsulate (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) let generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -411,7 +411,7 @@ let generate_keypair Libcrux_ml_kem.Ind_cpa.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE - v_BYTES_PER_RING_ELEMENT + v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 1c2c5879d..a95f0965a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -244,7 +244,7 @@ val encapsulate /// Depending on the `Vector` and `Hasher` used, this requires different hardware /// features val generate_keypair - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -255,7 +255,7 @@ val generate_keypair Spec.MLKEM.is_rank v_K /\ v_CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - v_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_BYTES_PER_RING_ELEMENT /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 4942e0ef3..ed805ecee 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -96,7 +96,7 @@ fn validate_public_key< $CPA_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - $BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_BYTES_PER_RING_ELEMENT /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] fn generate_keypair< @@ -104,7 +104,7 @@ fn generate_keypair< const CPA_PRIVATE_KEY_SIZE: usize, const PRIVATE_KEY_SIZE: usize, const PUBLIC_KEY_SIZE: usize, - const BYTES_PER_RING_ELEMENT: usize, + const RANKED_BYTES_PER_RING_ELEMENT: usize, const ETA1: usize, const ETA1_RANDOMNESS_SIZE: usize, Vector: Operations, @@ -119,7 +119,7 @@ fn generate_keypair< K, CPA_PRIVATE_KEY_SIZE, PUBLIC_KEY_SIZE, - BYTES_PER_RING_ELEMENT, + RANKED_BYTES_PER_RING_ELEMENT, ETA1, ETA1_RANDOMNESS_SIZE, Vector, @@ -206,7 +206,6 @@ fn encapsulate< $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ - $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ $C1_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ $C2_SIZE == Spec.MLKEM.v_C2_SIZE $K /\\ From af205fb9fc22514121bdfc8c30be5180978b4646 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 9 Aug 2024 08:52:19 -0400 Subject: [PATCH 025/348] WIP: vector trait spec --- .../Libcrux_ml_kem.Vector.Traits.fsti | 90 +++++++++++-------- libcrux-ml-kem/src/vector/traits.rs | 43 ++++++++- 2 files changed, 91 insertions(+), 42 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 2928b79ef..bf70faa49 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -6,180 +6,192 @@ open FStar.Mul class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; - f_ZERO_pre:Prims.unit -> Type0; - f_ZERO_post:Prims.unit -> v_Self -> Type0; - f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); - f_from_i16_array_pre:t_Slice i16 -> Type0; - f_from_i16_array_post:t_Slice i16 -> v_Self -> Type0; - f_from_i16_array:x0: t_Slice i16 - -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); - f_to_i16_array_pre:v_Self -> Type0; + f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> Type0; f_to_i16_array:x0: v_Self -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); - f_add_pre:v_Self -> v_Self -> Type0; + f_from_i16_array_pre:array: t_Slice i16 + -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; + f_from_i16_array_post:array: t_Slice i16 -> result: v_Self + -> pred: Type0{pred ==> f_to_i16_array result == array}; + f_from_i16_array:x0: t_Slice i16 + -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); + f_ZERO_pre:Prims.unit -> Type0; + f_ZERO_post:result: v_Self -> pred: Type0{pred ==> f_to_i16_array result == Seq.create 16 0uy}; + f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); + f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_add_post:v_Self -> v_Self -> v_Self -> Type0; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); - f_sub_pre:v_Self -> v_Self -> Type0; + f_sub_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_sub_post:v_Self -> v_Self -> v_Self -> Type0; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); - f_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) (fun result -> f_multiply_by_constant_post x0 x1 result); - f_bitwise_and_with_constant_pre:v_Self -> i16 -> Type0; + f_bitwise_and_with_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> Type0; f_bitwise_and_with_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); - f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> Type0; + f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self -> pred: Type0{true ==> pred}; f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v_Self -> Type0; + f_cond_subtract_3329_pre:v: v_Self -> pred: Type0{true ==> pred}; f_cond_subtract_3329_post:v_Self -> v_Self -> Type0; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:v_Self -> Type0; + f_barrett_reduce_pre:v: v_Self -> pred: Type0{true ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); - f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_montgomery_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:v_Self -> Type0; + f_compress_1_pre:v: v_Self -> pred: Type0{true ==> pred}; f_compress_1_post:v_Self -> v_Self -> Type0; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self -> pred: Type0{true ==> pred}; f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); - f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self + -> pred: Type0{true ==> pred}; f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); - f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_layer_1_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> zeta2: i16 -> zeta3: i16 + -> pred: Type0{true ==> pred}; f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> pred: Type0{true ==> pred}; f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); - f_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0{true ==> pred}; f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) (fun result -> f_ntt_layer_3_step_post x0 x1 result); - f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_inv_ntt_layer_1_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> zeta2: i16 -> zeta3: i16 + -> pred: Type0{true ==> pred}; f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_inv_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> pred: Type0{true ==> pred}; f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); - f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0{true ==> pred}; f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) (fun result -> f_inv_ntt_layer_3_step_post x0 x1 result); - f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_multiply_pre: + lhs: v_Self -> + rhs: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 + -> pred: Type0{true ==> pred}; f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:v_Self -> Type0; + f_serialize_1_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> Type0; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:t_Slice u8 -> Type0; + f_deserialize_1_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_1_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:v_Self -> Type0; + f_serialize_4_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> Type0; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:t_Slice u8 -> Type0; + f_deserialize_4_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_4_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:v_Self -> Type0; + f_serialize_5_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:t_Slice u8 -> Type0; + f_deserialize_5_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:v_Self -> Type0; + f_serialize_10_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> Type0; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:t_Slice u8 -> Type0; + f_deserialize_10_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_10_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:v_Self -> Type0; + f_serialize_11_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:t_Slice u8 -> Type0; + f_deserialize_11_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:v_Self -> Type0; + f_serialize_12_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> Type0; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:t_Slice u8 -> Type0; + f_deserialize_12_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_12_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); - f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> Type0; + f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 87bb9138f..0670e7244 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -3,64 +3,101 @@ pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R +#[hax_lib::attributes] pub trait Operations: Copy + Clone { - #[allow(non_snake_case)] - fn ZERO() -> Self; + #[requires(true)] + fn to_i16_array(x: Self) -> [i16; 16]; + #[requires(array.len() == 16)] + #[ensures(|result| fstar!("f_to_i16_array $result == $array"))] fn from_i16_array(array: &[i16]) -> Self; - fn to_i16_array(x: Self) -> [i16; 16]; + + #[allow(non_snake_case)] + #[ensures(|result| fstar!("f_to_i16_array $result == Seq.create 16 0uy"))] + fn ZERO() -> Self; // Basic arithmetic + #[requires(true)] fn add(lhs: Self, rhs: &Self) -> Self; + #[requires(true)] fn sub(lhs: Self, rhs: &Self) -> Self; + #[requires(true)] fn multiply_by_constant(v: Self, c: i16) -> Self; // Bitwise operations + #[requires(true)] fn bitwise_and_with_constant(v: Self, c: i16) -> Self; + #[requires(true)] fn shift_right(v: Self) -> Self; // fn shift_left(v: Self) -> Self; // Modular operations + #[requires(true)] fn cond_subtract_3329(v: Self) -> Self; + #[requires(true)] fn barrett_reduce(v: Self) -> Self; + #[requires(true)] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; // Compression + #[requires(true)] fn compress_1(v: Self) -> Self; + #[requires(true)] fn compress(v: Self) -> Self; + #[requires(true)] fn decompress_ciphertext_coefficient(v: Self) -> Self; // NTT + #[requires(true)] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; + #[requires(true)] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; + #[requires(true)] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; + #[requires(true)] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; + #[requires(true)] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; + #[requires(true)] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; + #[requires(true)] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; // Serialization and deserialization + #[requires(true)] fn serialize_1(a: Self) -> [u8; 2]; + #[requires(true)] fn deserialize_1(a: &[u8]) -> Self; + #[requires(true)] fn serialize_4(a: Self) -> [u8; 8]; + #[requires(true)] fn deserialize_4(a: &[u8]) -> Self; + #[requires(true)] fn serialize_5(a: Self) -> [u8; 10]; + #[requires(true)] fn deserialize_5(a: &[u8]) -> Self; + #[requires(true)] fn serialize_10(a: Self) -> [u8; 20]; + #[requires(true)] fn deserialize_10(a: &[u8]) -> Self; + #[requires(true)] fn serialize_11(a: Self) -> [u8; 22]; + #[requires(true)] fn deserialize_11(a: &[u8]) -> Self; + #[requires(true)] fn serialize_12(a: Self) -> [u8; 24]; + #[requires(true)] fn deserialize_12(a: &[u8]) -> Self; + #[requires(true)] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } From 9e22300ea777317047978425770b7d95b9c20708 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 9 Aug 2024 09:30:12 -0400 Subject: [PATCH 026/348] WIP cca proof --- .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 8 +++++++- .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti | 16 ++++++++++++++-- .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti | 12 ++++++++++-- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst | 2 +- libcrux-ml-kem/src/ind_cca.rs | 6 ++++++ libcrux-ml-kem/src/ind_cpa.rs | 7 +++++++ 6 files changed, 45 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9f9bfdcf5..2f2333830 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -44,6 +44,7 @@ let serialize_kem_secret_key <: t_Slice u8) in + assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out @@ -68,8 +69,10 @@ let serialize_kem_secret_key <: t_Slice u8) in + assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); + assert (Seq.slice out (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + v (Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)) == public_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in - let out:t_Array u8 v_SERIALIZED_KEY_LEN = + let out1:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; @@ -123,6 +126,8 @@ let serialize_kem_secret_key <: t_Slice u8) in + admit(); + Seq.lemma_eq_intro out (Seq.append (Seq.append (Seq.append private_key public_key) (Spec.Utils.v_H public_key)) implicit_rejection_value); out let validate_public_key @@ -379,6 +384,7 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +#push-options "--z3rlimit 500" let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index a95f0965a..228954840 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -31,7 +31,13 @@ val serialize_kem_secret_key Core.Slice.impl__len #u8 private_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ Core.Slice.impl__len #u8 public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ Core.Slice.impl__len #u8 implicit_rejection_value == Spec.MLKEM.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 v_SERIALIZED_KEY_LEN = result in + result == + Seq.append private_key + (Seq.append public_key (Seq.append (Spec.Utils.v_H public_key) implicit_rejection_value) + )) /// Implements [`Variant`], to perform the ML-KEM-specific actions /// during encapsulation and decapsulation. @@ -258,4 +264,10 @@ val generate_keypair v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = + result + in + (result.f_sk.f_value, result.f_pk.f_value) == + Spec.MLKEM.ind_cca_generate_keypair v_K randomness) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index b9e8e9af3..51ca994db 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -228,5 +228,13 @@ val generate_keypair {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_generation_seed: t_Slice u8) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.MLKEM.is_rank v_K /\ v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) + (ensures + fun result -> + let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = result in + result == Spec.MLKEM.ind_cpa_generate_keypair v_K key_generation_seed) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 021ea0b4b..3f9367017 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -295,7 +295,7 @@ val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATIO t_MLKEMCPAKeyPair r let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in - let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in + let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ed805ecee..ec21bf23c 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -44,6 +44,10 @@ pub(crate) mod instantiations; ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] +#[hax_lib::ensures(|result| fstar!("result == Seq.append $private_key ( + Seq.append $public_key ( + Seq.append (Spec.Utils.v_H $public_key) + $implicit_rejection_value))"))] fn serialize_kem_secret_key>( private_key: &[u8], public_key: &[u8], @@ -99,6 +103,8 @@ fn validate_public_key< $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] +#[hax_lib::ensures(|result| fstar!("(${result}.f_sk.f_value, ${result}.f_pk.f_value) == + Spec.MLKEM.ind_cca_generate_keypair $K $randomness"))] fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 0c3bc7f65..b046d879c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -209,6 +209,13 @@ pub(crate) fn generate_keypair_unpacked< } #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] +#[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed"))] pub(crate) fn generate_keypair< const K: usize, const PRIVATE_KEY_SIZE: usize, From 120a3433ebae17feb2b448eb032d964ea29542e2 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 10 Aug 2024 13:49:10 +0000 Subject: [PATCH 027/348] Set post-condition for MlKemKeyPair::from in types.rs --- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 334 ++++++++++++++++++ .../extraction/Libcrux_ml_kem.Ind_cca.fst | 14 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 30 +- .../extraction/Libcrux_ml_kem.Types.fsti | 61 ++-- .../proofs/fstar/spec/Spec.MLKEM.fst | 2 +- libcrux-ml-kem/src/types.rs | 2 + 6 files changed, 388 insertions(+), 55 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst new file mode 100644 index 000000000..94b75e85b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -0,0 +1,334 @@ +module Libcrux_ml_kem.Ind_cca.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + +let encapsulate_unpacked + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Rust_primitives.unsize public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Rust_primitives.unsize to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + public_key.f_ind_cpa_public_key randomness pseudorandomness + in + let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let shared_secret_array:t_Array u8 (sz 32) = + Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret + in + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + #FStar.Tactics.Typeclasses.solve + ciphertext, + shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + +let decapsulate_unpacked + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let decrypted:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector + key_pair.f_private_key.f_ind_cpa_private_key + ciphertext.Libcrux_ml_kem.Types.f_value + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Rust_primitives.unsize key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Rust_primitives.unsize to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (Rust_primitives.unsize hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + (Rust_primitives.unsize key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + in + let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + <: + t_Slice u8) + in + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (sz 32) + (Rust_primitives.unsize to_hash <: t_Slice u8) + in + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + key_pair.f_public_key.f_ind_cpa_public_key decrypted pseudorandomness + in + let selector:u8 = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext + v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + in + Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + selector + +let generate_keypair_unpacked + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Array u8 (sz 64)) + = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let ind_cpa_private_key, ind_cpa_public_key:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked + v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + ind_cpa_keypair_randomness + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + #FStar.Tactics.Typeclasses.solve + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v_A + (fun v_A i -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let i:usize = i in + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + #FStar.Tactics.Typeclasses.solve + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v_A + (fun v_A j -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let j:usize = j in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + j + (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + #FStar.Tactics.Typeclasses.solve + ((ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K).[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + in + let ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (Rust_primitives.unsize ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + <: + t_Slice u8) + in + let public_key_hash:t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Rust_primitives.unsize pk_serialized <: t_Slice u8) + in + let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + implicit_rejection_value + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + in + { + f_private_key + = + { + f_ind_cpa_private_key = ind_cpa_private_key; + f_implicit_rejection_value = implicit_rejection_value + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key + = + { f_ind_cpa_public_key = ind_cpa_public_key; f_public_key_hash = public_key_hash } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 2f2333830..7a882d0f6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -44,7 +44,6 @@ let serialize_kem_secret_key <: t_Slice u8) in - assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out @@ -69,10 +68,8 @@ let serialize_kem_secret_key <: t_Slice u8) in - assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); - assert (Seq.slice out (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + v (Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)) == public_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in - let out1:t_Array u8 v_SERIALIZED_KEY_LEN = + let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; @@ -126,8 +123,6 @@ let serialize_kem_secret_key <: t_Slice u8) in - admit(); - Seq.lemma_eq_intro out (Seq.append (Seq.append (Seq.append private_key public_key) (Spec.Utils.v_H public_key)) implicit_rejection_value); out let validate_public_key @@ -331,7 +326,7 @@ let encapsulate (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE + (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -359,7 +354,7 @@ let encapsulate Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key + (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Array u8 v_PUBLIC_KEY_SIZE) <: @@ -384,7 +379,6 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) -#push-options "--z3rlimit 500" let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -439,7 +433,7 @@ let generate_keypair #FStar.Tactics.Typeclasses.solve secret_key_serialized in - Libcrux_ml_kem.Types.impl__from v_PRIVATE_KEY_SIZE + Libcrux_ml_kem.Types.impl_18__from v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE private_key (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index e5a39ea4d..186d2dccc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -3,25 +3,25 @@ module Libcrux_ml_kem.Types open Core open FStar.Mul -let impl_6__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_5__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_12__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_11__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_18__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_17__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value +let impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value +let impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value +let impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value -let impl__from +let impl_18__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE -let impl__into_parts +let impl_18__into_parts (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = @@ -29,7 +29,7 @@ let impl__into_parts <: (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) -let impl__new +let impl_18__new (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -51,22 +51,22 @@ let impl__new <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE -let impl__pk +let impl_18__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_18__as_slice v_PUBLIC_KEY_SIZE self.f_pk + = impl_17__as_slice v_PUBLIC_KEY_SIZE self.f_pk -let impl__private_key +let impl_18__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = self.f_sk -let impl__public_key +let impl_18__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = self.f_pk -let impl__sk +let impl_18__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk + = impl_11__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 40b435b81..9e6a138ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -4,22 +4,22 @@ open Core open FStar.Mul /// The number of bytes -val impl_6__len: v_SIZE: usize -> Prims.unit +val impl_5__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_12__len: v_SIZE: usize -> Prims.unit +val impl_11__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_18__len: v_SIZE: usize -> Prims.unit +val impl_17__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); @@ -27,7 +27,7 @@ let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -35,7 +35,7 @@ let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -48,7 +48,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = +let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = { f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true); f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -56,14 +56,14 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip } /// A reference to the raw byte slice. -val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) +val impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); @@ -71,7 +71,7 @@ let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_7 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -79,7 +79,7 @@ let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -92,7 +92,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = +let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -100,14 +100,14 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr } /// A reference to the raw byte slice. -val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) +val impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); @@ -115,7 +115,7 @@ let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_13 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -123,7 +123,7 @@ let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -136,7 +136,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = +let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -144,11 +144,11 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu } /// A reference to the raw byte slice. -val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) +val impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_4 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -179,7 +179,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -210,7 +210,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_16 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -247,16 +247,19 @@ type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { } /// Create a new [`MlKemKeyPair`] from the secret and public key. -val impl__from +val impl_18__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = result in + result.f_sk == sk /\ result.f_pk == pk) /// Separate this key into the public and private key. -val impl__into_parts +val impl_18__into_parts (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) @@ -264,7 +267,7 @@ val impl__into_parts (fun _ -> Prims.l_True) /// Creates a new [`MlKemKeyPair`]. -val impl__new +val impl_18__new (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -273,25 +276,25 @@ val impl__new (fun _ -> Prims.l_True) /// Get a reference to the raw public key bytes. -val impl__pk +val impl_18__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the [`MlKemPrivateKey`]. -val impl__private_key +val impl_18__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the [`MlKemPublicKey`]. -val impl__public_key +val impl_18__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPublicKey v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the raw private key bytes. -val impl__sk +val impl_18__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 3f9367017..021ea0b4b 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -295,7 +295,7 @@ val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATIO t_MLKEMCPAKeyPair r let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in - let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in + let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index b2ab0cc30..6481737ae 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -140,6 +140,7 @@ pub struct MlKemKeyPair, } +#[hax_lib::attributes] impl MlKemKeyPair { @@ -152,6 +153,7 @@ impl } /// Create a new [`MlKemKeyPair`] from the secret and public key. + #[ensures(|result| fstar!("${result}.f_sk == $sk /\\ ${result}.f_pk == $pk"))] pub fn from( sk: MlKemPrivateKey, pk: MlKemPublicKey, From a6bd01f7072cacd41785316790c2a93833a0418f Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 10 Aug 2024 22:04:56 +0000 Subject: [PATCH 028/348] Proof for serialize_kem_secret_key --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 34 +++++++++++++++++++ .../proofs/fstar/spec/Spec.Utils.fst | 19 +++++++++-- libcrux-ml-kem/src/ind_cca.rs | 19 +++++++++++ 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 7a882d0f6..dea9b4e8f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -123,6 +123,40 @@ let serialize_kem_secret_key <: t_Slice u8) in + let _:Prims.unit = + let open Spec.Utils in + assert ((Seq.slice out 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K))) + `Seq.equal` + private_key); + assert ((Seq.slice out + (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K))) + `Seq.equal` + public_key); + assert ((Seq.slice out + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)) + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))) + `Seq.equal` + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key)); + assert (Seq.slice out + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)) + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +! + Spec.MLKEM.v_SHARED_SECRET_SIZE)) == + implicit_rejection_value); + lemma_slice_append_4 out + private_key + public_key + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key) + implicit_rejection_value + in out let validate_public_key diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 6747f8487..b9af3a9bc 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -53,5 +53,20 @@ val v_XOF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_L let v_XOF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 ( shake128 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN)) - - +let update_at_range_lemma #n + (s: t_Slice 't) + (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).f_index_pre s i}) + (x: t_Slice 't) + : Lemma + (requires (Seq.length x == v i.f_end - v i.f_start)) + (ensures ( + let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in + let len = v i.f_start in + forall (i: nat). i < len ==> Seq.index s i == Seq.index s' i + )) + [SMTPat (Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x)] + = let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in + let len = v i.f_start in + introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i + with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i + /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ec21bf23c..e5f29a92b 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -63,6 +63,25 @@ fn serialize_kem_secret_key Date: Sun, 11 Aug 2024 07:59:01 -0400 Subject: [PATCH 029/348] wip ntt --- .../proofs/fstar/spec/Spec.MLKEM.fst | 107 +++++++++++++++++- 1 file changed, 102 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 3f9367017..ee5558e74 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -118,6 +118,9 @@ let field_add a b = (a + b) % v v_FIELD_MODULUS val field_sub: field_element -> field_element -> field_element let field_sub a b = (a - b) % v v_FIELD_MODULUS +val field_neg: field_element -> field_element +let field_neg a = (0 - a) % v v_FIELD_MODULUS + val field_mul: field_element -> field_element -> field_element let field_mul a b = (a * b) % v v_FIELD_MODULUS @@ -127,18 +130,112 @@ let poly_add a b = map2 field_add a b val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt let poly_sub a b = map2 field_sub a b -assume val poly_ntt: #r:rank -> polynomial false -> polynomial true -assume val poly_inv_ntt: #r:rank -> polynomial true -> polynomial false -assume val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true + +(* +bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] +zetas = [pow(17,x) % 3329 for x in bitrev7] +zetas_mont = [pow(2,16) * x % 3329 for x in zetas] +zetas_mont_r = [(x - 3329 if x > 1664 else x) for x in zetas_mont] + +bitrev7 is +[0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120, 4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124, 2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122, 6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126, 1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121, 5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125, 3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123, 7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127] + +zetas = 17^bitrev7 is +[1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154] + +zetas_mont = zetas * 2^16 is +[2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628] + +zetas_mont_r = zetas_mont - 3329 if zetas_mont > 1664 else zetas_mont is +[-1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628] +*) + +let zetas_list : list field_element = [1; 1729; 2580; 3289; 2642; 630; 1897; 848; 1062; 1919; 193; 797; 2786; 3260; 569; 1746; 296; 2447; 1339; 1476; 3046; 56; 2240; 1333; 1426; 2094; 535; 2882; 2393; 2879; 1974; 821; 289; 331; 3253; 1756; 1197; 2304; 2277; 2055; 650; 1977; 2513; 632; 2865; 33; 1320; 1915; 2319; 1435; 807; 452; 1438; 2868; 1534; 2402; 2647; 2617; 1481; 648; 2474; 3110; 1227; 910; 17; 2761; 583; 2649; 1637; 723; 2288; 1100; 1409; 2662; 3281; 233; 756; 2156; 3015; 3050; 1703; 1651; 2789; 1789; 1847; 952; 1461; 2687; 939; 2308; 2437; 2388; 733; 2337; 268; 641; 1584; 2298; 2037; 3220; 375; 2549; 2090; 1645; 1063; 319; 2773; 757; 2099; 561; 2466; 2594; 2804; 1092; 403; 1026; 1143; 2150; 2775; 886; 1722; 1212; 1874; 1029; 2110; 2935; 885; 2154] + +let zetas : t_Array field_element (sz 128) = + assert_norm(List.Tot.length zetas_list == 128); + Rust_primitives.Arrays.of_list zetas_list + +let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let t = field_mul b zetas.[sz i] in + let b = field_sub a t in + let a = field_add a t in + (a,b) + +let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (128 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in + if idx < len then a_ntt else b_ntt) + +val poly_ntt: polynomial false -> polynomial true +let poly_ntt p = + let p = poly_ntt_layer p 7 in + let p = poly_ntt_layer p 6 in + let p = poly_ntt_layer p 5 in + let p = poly_ntt_layer p 4 in + let p = poly_ntt_layer p 3 in + let p = poly_ntt_layer p 2 in + let p = poly_ntt_layer p 1 in + p + +let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let b_minus_a = field_sub b a in + let a = field_add a b in + let b = field_mul b_minus_a zetas.[sz i] in + (a,b) + +let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (256 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in + if idx < len then a_ntt else b_ntt) + +val poly_inv_ntt: polynomial true -> polynomial false +let poly_inv_ntt p = + let p = poly_inv_ntt_layer p 1 in + let p = poly_inv_ntt_layer p 2 in + let p = poly_inv_ntt_layer p 3 in + let p = poly_inv_ntt_layer p 4 in + let p = poly_inv_ntt_layer p 5 in + let p = poly_inv_ntt_layer p 6 in + let p = poly_inv_ntt_layer p 7 in + p + +let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = + let c0 = field_add (field_mul a0 b0) (field_mul (field_mul a1 b1) zeta) in + let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in + (c0,c1) + +val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true +let poly_mul_ntt a b = + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let a0 = a.[sz (2 * (v i / 2))] in + let a1 = a.[sz (2 * (v i / 2) + 1)] in + let b0 = b.[sz (2 * (v i / 2))] in + let b1 = b.[sz (2 * (v i / 2) + 1)] in + let zeta_4 = zetas.[sz (64 + (v i/4))] in + let zeta = if v i % 4 < 2 then zeta_4 else field_neg zeta_4 in + let (c0,c1) = poly_base_case_multiply a0 a1 b0 b1 zeta in + if v i % 2 = 0 then c0 else c1) + val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt let vector_add #p a b = map2 poly_add a b val vector_ntt: #r:rank -> vector r false -> vector r true -let vector_ntt #p v = map_array (poly_ntt #p) v +let vector_ntt #p v = map_array poly_ntt v val vector_inv_ntt: #r:rank -> vector r true -> vector r false -let vector_inv_ntt #p v = map_array (poly_inv_ntt #p) v +let vector_inv_ntt #p v = map_array poly_inv_ntt v val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true let vector_mul_ntt #p a b = map2 poly_mul_ntt a b From aa91a6764bde8c1f15107a03746f506e99a9159b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 11 Aug 2024 08:08:24 -0400 Subject: [PATCH 030/348] refresh c code --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 42 +- .../c/internal/libcrux_mlkem_neon.h | 30 +- .../c/internal/libcrux_mlkem_portable.h | 30 +- .../c/internal/libcrux_sha3_internal.h | 36 +- libcrux-ml-kem/c/libcrux_core.c | 53 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 944 ++--------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 999 +----------------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 88 +- libcrux-ml-kem/c/libcrux_sha3.h | 61 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 33 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 33 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 78 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 132 +-- libcrux-ml-kem/c/libcrux_sha3_neon.h | 37 +- libcrux-ml-kem/cg/code_gen.txt | 6 +- libcrux-ml-kem/cg/libcrux_core.h | 27 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 17 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 989 +---------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 33 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 266 ++--- 41 files changed, 476 insertions(+), 4180 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 51ea8bdfc..78dff4819 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc +Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 +Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b +Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 9768fe0bb..7deb679b4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_core_H @@ -76,9 +76,6 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( uint8_t value[800U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -117,9 +114,6 @@ with const generics libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( uint8_t value[768U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -143,9 +137,6 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -166,9 +157,6 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( uint8_t value[1568U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -207,9 +195,6 @@ with const generics libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( uint8_t value[1568U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -233,9 +218,6 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -256,9 +238,6 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( uint8_t value[1184U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -297,9 +276,6 @@ with const generics libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( uint8_t value[1088U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -311,9 +287,6 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -345,9 +318,6 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -368,9 +338,6 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -379,9 +346,6 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, uint8_t ret[1120U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index d94069a73..3d5888d57 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,14 +48,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -192,14 +184,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -336,14 +320,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 37876592f..91c820eb4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -55,14 +55,6 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -203,14 +195,6 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -351,14 +335,6 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index dfbb1098a..868f1881d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,17 +24,11 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -69,9 +63,6 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -79,9 +70,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -96,9 +84,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -182,9 +167,6 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -192,9 +174,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -202,17 +181,11 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -220,9 +193,6 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d714c9f78..20d000c45 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "internal/libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -28,10 +25,6 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; @@ -50,10 +43,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -107,9 +96,6 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -162,9 +148,6 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -193,9 +176,6 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -232,9 +212,6 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -288,9 +265,6 @@ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -319,9 +293,6 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -358,9 +329,6 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -414,9 +382,6 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -430,9 +395,6 @@ uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -471,9 +433,6 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -507,9 +466,6 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -528,9 +484,6 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 7842067cd..e77989b62 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 2aeff4211..8e222f296 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 75b144194..178092bfb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -45,13 +42,6 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -59,9 +49,6 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -90,13 +77,6 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -130,13 +110,6 @@ static tuple_21 encapsulate_6b( return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -146,9 +119,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( return encapsulate_6b(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -177,16 +147,6 @@ static tuple_21 encapsulate_unpacked_1c( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { @@ -197,9 +157,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( return encapsulate_unpacked_1c(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -218,9 +175,6 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -228,9 +182,6 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_91(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -250,9 +201,6 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -261,9 +209,6 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_87(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -276,11 +221,6 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 2e9f988ca..7e0bbc8a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f826f0791..df92b5fc5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -45,13 +42,6 @@ static void decapsulate_3e( libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -59,9 +49,6 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( decapsulate_3e(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -90,13 +77,6 @@ static void decapsulate_unpacked_81( libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -130,13 +110,6 @@ static tuple_21 encapsulate_48( return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -146,9 +119,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( return encapsulate_48(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -177,16 +147,6 @@ static tuple_21 encapsulate_unpacked_ac( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { @@ -197,9 +157,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( return encapsulate_unpacked_ac(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -219,9 +176,6 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -229,9 +183,6 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_6e(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -251,9 +202,6 @@ generate_keypair_unpacked_f5(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -262,9 +210,6 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_f5(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -277,11 +222,6 @@ static bool validate_public_key_2a1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1b1312882..8ea1e9716 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 27da4b08a..9807a25ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 9dcf9e340..83108e30f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_ec encapsulate_f8( return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( return encapsulate_f8(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_ec encapsulate_unpacked_ce( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( return encapsulate_unpacked_ce(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,9 +171,6 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -222,9 +178,6 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1a(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -244,9 +197,6 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -255,9 +205,6 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_38(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -270,11 +217,6 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index c294c837f..cd6856831 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 822f1abca..6c174313d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_3f(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_73( libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_ec encapsulate_10( return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( return encapsulate_10(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_ec encapsulate_unpacked_49( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( return encapsulate_unpacked_49(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -213,9 +172,6 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -223,9 +179,6 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_f9(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -245,9 +198,6 @@ generate_keypair_unpacked_d6(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -256,9 +206,6 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_d6(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -271,11 +218,6 @@ static bool validate_public_key_2a0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 206d5dddf..90842b984 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 170195f36..ea3d3e6a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 45be1613b..6d20b2d78 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_3c encapsulate_ea( return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( return encapsulate_ea(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_3c encapsulate_unpacked_29( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( return encapsulate_unpacked_29(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,9 +171,6 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -222,9 +178,6 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1b(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -244,9 +197,6 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -255,9 +205,6 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_42(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -270,11 +217,6 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 1f07bf56a..8182ff91a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 3aa396cb9..6505a0266 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_03( libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_03(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_69( libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_3c encapsulate_4b( return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( return encapsulate_4b(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_3c encapsulate_unpacked_10( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( return encapsulate_unpacked_10(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -213,9 +172,6 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -223,9 +179,6 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_64(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -245,9 +198,6 @@ generate_keypair_unpacked_c5(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -256,9 +206,6 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_c5(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -271,11 +218,6 @@ static bool validate_public_key_2a(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0554a4336..1b4f22dec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 0e9d3bd4f..664d3491c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0ac3403ae..482143058 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 860605a54..7f7b104e4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "internal/libcrux_mlkem_neon.h" @@ -1324,12 +1324,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1356,12 +1350,6 @@ deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1465,9 +1453,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -1503,9 +1488,6 @@ static KRML_MUSTINLINE void serialize_secret_key_5d1( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -1683,47 +1665,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( shake128_squeeze_first_three_blocks_b71(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1807,47 +1748,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( shake128_squeeze_next_block_7d1(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2067,55 +1967,6 @@ static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], PRFxN_891(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2234,8 +2085,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_67( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = libcrux_ml_kem_vector_neon_multiply_by_constant_20( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -2336,12 +2188,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_d0( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -2355,16 +2208,17 @@ static KRML_MUSTINLINE void ntt_at_layer_1_39( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -2407,10 +2261,6 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( poly_barrett_reduce_89_5f(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -2435,11 +2285,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c0( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -2452,33 +2304,6 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2515,10 +2340,6 @@ ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2586,9 +2407,6 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -2635,47 +2453,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_951( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -2916,9 +2693,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -2974,14 +2748,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d81( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -3083,9 +2849,6 @@ sample_from_binomial_distribution_2c(Eurydice_slice randomness) { return sample_from_binomial_distribution_2_c3(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -3169,7 +2932,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3179,7 +2942,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3193,13 +2956,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3319,9 +3082,6 @@ static KRML_MUSTINLINE void add_error_reduce_89_24( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3438,9 +3198,6 @@ add_message_error_reduce_89_3a( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3672,9 +3429,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3942,47 +3696,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( compress_then_serialize_4_21(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -4139,12 +3852,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4571,10 +4278,6 @@ static KRML_MUSTINLINE void ntt_vector_u_3c0( poly_barrett_reduce_89_5f(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4607,7 +4310,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_331( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_060(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_3c0(&u_as_ntt[i0]); } memcpy( @@ -4811,7 +4516,9 @@ deserialize_then_decompress_5_25(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -4859,12 +4566,6 @@ subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4914,30 +4615,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ab( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5102,9 +4779,6 @@ deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5261,12 +4935,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_821( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5299,9 +4967,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5337,9 +5002,6 @@ static KRML_MUSTINLINE void serialize_secret_key_5d0( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5523,47 +5185,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( shake128_squeeze_first_three_blocks_b70(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5652,47 +5273,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( shake128_squeeze_next_block_7d0(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5894,10 +5474,6 @@ static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], PRFxN_890(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -5922,11 +5498,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -5939,10 +5517,6 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5972,9 +5546,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ae0( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6021,47 +5592,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_950( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6279,9 +5809,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -6337,14 +5864,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d80( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6391,9 +5910,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6471,9 +5987,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_620( poly_barrett_reduce_89_5f(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6520,9 +6033,6 @@ static KRML_MUSTINLINE void compute_vector_u_6a0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6545,9 +6055,6 @@ compute_ring_element_v_9b0( return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6583,47 +6090,6 @@ static void compress_then_serialize_u_d70( } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6780,12 +6246,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6976,10 +6436,6 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7012,7 +6468,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_330( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_060(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_3c0(&u_as_ntt[i0]); } memcpy( @@ -7020,12 +6478,6 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_330( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7047,30 +6499,6 @@ compute_message_c70( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7196,9 +6624,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7355,12 +6780,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_820( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7393,9 +6812,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7431,9 +6847,6 @@ static KRML_MUSTINLINE void serialize_secret_key_5d( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7620,47 +7033,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( shake128_squeeze_first_three_blocks_b7(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7752,47 +7124,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( shake128_squeeze_next_block_7d(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7997,10 +7328,6 @@ static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], PRFxN_89(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8025,11 +7352,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -8042,10 +7371,6 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8075,9 +7400,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ae( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8124,47 +7446,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_95( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8382,9 +7663,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -8440,14 +7718,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d8( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8494,9 +7764,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8574,9 +7841,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_62( poly_barrett_reduce_89_5f(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8623,9 +7887,6 @@ static KRML_MUSTINLINE void compute_vector_u_6a( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8689,9 +7950,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8739,47 +7997,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( compress_then_serialize_5_2b(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8937,12 +8154,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9163,10 +8374,6 @@ static KRML_MUSTINLINE void ntt_vector_u_3c( poly_barrett_reduce_89_5f(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -9199,7 +8406,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_33( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_06(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_3c(&u_as_ntt[i0]); } memcpy( @@ -9218,12 +8427,6 @@ deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { return deserialize_then_decompress_5_25(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -9245,30 +8448,6 @@ compute_message_c7( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -9395,9 +8574,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index a9d9f68b7..ba986ba9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index dad0b9eb3..891fdfb9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "internal/libcrux_mlkem_portable.h" @@ -852,19 +852,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -900,20 +887,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -932,17 +905,6 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -974,28 +936,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1268,28 +1208,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1821,12 +1739,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1853,12 +1765,6 @@ deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1964,9 +1870,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2002,9 +1905,6 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2183,47 +2083,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( shake128_squeeze_first_three_blocks_541(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2296,47 +2155,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( shake128_squeeze_next_block_881(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2550,55 +2368,6 @@ static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], PRFxN_632(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2717,8 +2486,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -2823,13 +2593,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_46( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -2843,7 +2613,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_c9( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2853,7 +2623,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_c9( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -2897,10 +2667,6 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( poly_barrett_reduce_89_55(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -2926,11 +2692,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_f1_772(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -2943,33 +2711,6 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3006,10 +2747,6 @@ ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3079,9 +2816,6 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3128,47 +2862,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3413,9 +3106,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3471,14 +3161,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3526,9 +3208,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3611,7 +3290,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3621,7 +3300,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3635,13 +3314,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3764,9 +3443,6 @@ static KRML_MUSTINLINE void add_error_reduce_89_b9( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3884,9 +3560,6 @@ add_message_error_reduce_89_11( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4014,9 +3687,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4178,47 +3848,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( compress_then_serialize_5_b9(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4378,12 +4007,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4731,10 +4354,6 @@ static KRML_MUSTINLINE void ntt_vector_u_d70( poly_barrett_reduce_89_55(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4767,7 +4386,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_201( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_450(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_d70(&u_as_ntt[i0]); } memcpy( @@ -4891,8 +4512,9 @@ deserialize_then_decompress_5_9f(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -4940,12 +4562,6 @@ subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4995,30 +4611,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ef( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5183,9 +4775,6 @@ deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5343,12 +4932,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5381,9 +4964,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5419,9 +4999,6 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5599,47 +5176,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( shake128_squeeze_first_three_blocks_540(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5712,47 +5248,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( shake128_squeeze_next_block_880(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5951,10 +5446,6 @@ sample_from_binomial_distribution_e30(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_b8(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5980,11 +5471,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_f1_770(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e30( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_e30(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -5997,10 +5490,6 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6031,9 +5520,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_8e0( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6080,47 +5566,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6342,9 +5787,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6400,14 +5842,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6488,9 +5922,6 @@ static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], PRFxN_631(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6569,9 +6000,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_d40( poly_barrett_reduce_89_55(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6618,9 +6046,6 @@ static KRML_MUSTINLINE void compute_vector_u_570( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6684,9 +6109,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6734,47 +6156,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( compress_then_serialize_4_09(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6933,12 +6314,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7160,10 +6535,6 @@ static KRML_MUSTINLINE void ntt_vector_u_d7( poly_barrett_reduce_89_55(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7196,7 +6567,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_200( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_45(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( @@ -7215,12 +6588,6 @@ deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { return deserialize_then_decompress_4_b6(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7242,30 +6609,6 @@ compute_message_f60( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7392,9 +6735,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7551,12 +6891,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7589,9 +6923,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7627,9 +6958,6 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7808,47 +7136,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( shake128_squeeze_first_three_blocks_54(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7921,47 +7208,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( shake128_squeeze_next_block_88(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8149,10 +7395,6 @@ static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], PRFxN_63(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8178,11 +7420,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_f1_77(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -8195,10 +7439,6 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8229,9 +7469,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_8e( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8278,47 +7515,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8540,9 +7736,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8598,14 +7791,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8653,9 +7838,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8734,9 +7916,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_d4( poly_barrett_reduce_89_55(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8783,9 +7962,6 @@ static KRML_MUSTINLINE void compute_vector_u_57( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8808,9 +7984,6 @@ compute_ring_element_v_c8( return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8846,47 +8019,6 @@ static void compress_then_serialize_u_25( } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9045,12 +8177,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9242,10 +8368,6 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9278,7 +8400,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_45(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( @@ -9286,12 +8410,6 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9313,30 +8431,6 @@ compute_message_f6( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9463,9 +8557,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index ab7ac8347..77d1b9896 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem_portable_H @@ -263,19 +263,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -297,34 +284,9 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -340,28 +302,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -471,28 +411,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 1c1a024bc..ad380eb57 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_H @@ -22,9 +22,6 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -32,9 +29,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd(buf0, buf); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -42,9 +36,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -52,9 +43,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -62,9 +50,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -72,20 +57,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -94,17 +70,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -113,17 +83,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -132,17 +96,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -151,9 +109,6 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -161,21 +116,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 868da4a2b..97d59fe45 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_sha3_avx2.h" -/** - Perform 4 SHAKE256 operations in parallel -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -25,9 +22,6 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( KRML_HOST_EXIT(255U); } -/** - Initialise the [`KeccakState`]. -*/ KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -35,9 +29,6 @@ libcrux_sha3_avx2_x4_incremental_init(void) { KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -46,9 +37,6 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze three blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,9 +46,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } -/** - Squeeze another block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -70,9 +55,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } -/** - Squeeze five blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -82,9 +64,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -93,9 +72,6 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -105,9 +81,6 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( KRML_HOST_EXIT(255U); } -/** - Squeeze next block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8896956fe..6066347d6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_avx2_H @@ -22,9 +22,6 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_sha3_neon.h" -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -34,57 +31,33 @@ typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; } libcrux_sha3_avx2_x4_incremental_KeccakState; -/** - Initialise the [`KeccakState`]. -*/ libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze five blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze next block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 5026cd25a..af76d13e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_internal_H @@ -187,9 +187,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1227,52 +1224,75 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = + uint64_t uu____4 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); - s->st[2U][0U] = + s->st[1U][0U] = uu____4; + uint64_t uu____5 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); - s->st[3U][0U] = + s->st[2U][0U] = uu____5; + uint64_t uu____6 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); - s->st[4U][0U] = + s->st[3U][0U] = uu____6; + uint64_t uu____7 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); - s->st[0U][1U] = + s->st[4U][0U] = uu____7; + uint64_t uu____8 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); - s->st[1U][1U] = + s->st[0U][1U] = uu____8; + uint64_t uu____9 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); - s->st[2U][1U] = + s->st[1U][1U] = uu____9; + uint64_t uu____10 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); - s->st[3U][1U] = + s->st[2U][1U] = uu____10; + uint64_t uu____11 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); - s->st[4U][1U] = + s->st[3U][1U] = uu____11; + uint64_t uu____12 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); - s->st[0U][2U] = + s->st[4U][1U] = uu____12; + uint64_t uu____13 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); - s->st[1U][2U] = + s->st[0U][2U] = uu____13; + uint64_t uu____14 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); - s->st[2U][2U] = + s->st[1U][2U] = uu____14; + uint64_t uu____15 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); - s->st[3U][2U] = + s->st[2U][2U] = uu____15; + uint64_t uu____16 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); - s->st[4U][2U] = + s->st[3U][2U] = uu____16; + uint64_t uu____17 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); - s->st[0U][3U] = + s->st[4U][2U] = uu____17; + uint64_t uu____18 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); - s->st[1U][3U] = + s->st[0U][3U] = uu____18; + uint64_t uu____19 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); - s->st[2U][3U] = + s->st[1U][3U] = uu____19; + uint64_t uu____20 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); - s->st[3U][3U] = + s->st[2U][3U] = uu____20; + uint64_t uu____21 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); - s->st[4U][3U] = + s->st[3U][3U] = uu____21; + uint64_t uu____22 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); - s->st[0U][4U] = + s->st[4U][3U] = uu____22; + uint64_t uu____23 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); - s->st[1U][4U] = + s->st[0U][4U] = uu____23; + uint64_t uu____24 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); - s->st[2U][4U] = + s->st[1U][4U] = uu____24; + uint64_t uu____25 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); - s->st[3U][4U] = + s->st[2U][4U] = uu____25; + uint64_t uu____26 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 586c4820e..11362bb06 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_sha3_neon.h" @@ -178,9 +178,6 @@ split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { return split_at_mut_2(a, mid); } -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1398,29 +1395,75 @@ static KRML_MUSTINLINE void theta_rho_eb( rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; core_core_arch_arm_shared_neon_uint64x2_t uu____27 = xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1851,9 +1894,6 @@ static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], keccak_59(uu____0, out); } -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[64U] = {0U}; Eurydice_slice uu____0[2U] = {data, data}; @@ -2278,9 +2318,6 @@ static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], keccak_590(uu____0, out); } -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[32U] = {0U}; Eurydice_slice uu____0[2U] = {data, data}; @@ -2404,11 +2441,6 @@ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], keccak_591(uu____0, out); } -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1) { Eurydice_slice buf0[2U] = {input0, input1}; @@ -2416,9 +2448,6 @@ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, keccakx2_6e1(buf0, buf); } -/** - Initialise the `KeccakState2`. -*/ libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { return new_1e_12(); @@ -2543,9 +2572,6 @@ static KRML_MUSTINLINE void absorb_final_fe2( keccakf1600_3e(s); } -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -2675,10 +2701,6 @@ static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( squeeze_next_block_5d1(s, o2); } -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { @@ -2686,10 +2708,6 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( squeeze_first_three_blocks_2e(s, buf); } -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { @@ -3112,9 +3130,6 @@ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], keccak_592(uu____0, out); } -/** - A portable SHA3 224 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[28U] = {0U}; @@ -3540,9 +3555,6 @@ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], keccak_593(uu____0, out); } -/** - A portable SHA3 384 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[48U] = {0U}; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c172442d5..8b66fd17c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_neon_H @@ -33,61 +33,30 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_fc; -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -/** - Initialise the `KeccakState2`. -*/ libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -/** - A portable SHA3 224 implementation. -*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 384 implementation. -*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 51ea8bdfc..78dff4819 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc +Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 +Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b +Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 49c0f8565..b022c4fde 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_core_H @@ -99,9 +99,6 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ @@ -147,9 +144,6 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -214,9 +208,6 @@ libcrux_ml_kem_types_from_01_20(uint8_t value[1088U]) { return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -230,9 +221,6 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -290,9 +278,6 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -326,9 +311,6 @@ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_28( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -347,9 +329,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 751101238..6705551b9 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_ct_ops_H @@ -21,9 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -39,10 +36,6 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; @@ -62,10 +55,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index e30a4fbd6..dbf15e8ae 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index ea01e9b3a..48da0d7e1 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_portable_H @@ -2216,19 +2216,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -2271,20 +2258,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -2304,17 +2277,6 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -2346,28 +2308,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { @@ -2642,28 +2582,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -3484,9 +3402,6 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3868,11 +3783,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -3889,15 +3806,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -3946,10 +3865,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_82( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3984,9 +3899,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( u_bytes); + u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_82(&u_as_ntt[i0]); } memcpy( @@ -4199,7 +4115,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_17( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( re.coefficients[i0]); @@ -4220,33 +4138,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f(serialized); } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -4285,10 +4176,6 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_16( return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -4330,7 +4217,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -4340,6 +4227,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -4356,12 +4244,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -4492,12 +4381,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_e1( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4601,30 +4484,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_23( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4696,12 +4555,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -4730,12 +4583,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4795,47 +4642,6 @@ static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( } } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -4880,47 +4686,6 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( return done; } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5139,55 +4904,6 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -5310,8 +5026,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = libcrux_ml_kem_vector_neon_multiply_by_constant_20( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -5341,10 +5058,6 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -5375,10 +5088,11 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - re_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; @@ -5406,9 +5120,6 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -5496,9 +5207,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5621,9 +5329,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5902,9 +5607,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6186,47 +5888,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6467,9 +6128,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_0c( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -6494,13 +6152,6 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6627,9 +6278,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_31( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -6655,13 +6303,6 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6793,13 +6434,6 @@ tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -6877,9 +6511,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_a7( return lit; } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -6902,14 +6533,6 @@ tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -6921,9 +6544,6 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uu____0, uu____1); } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -7001,9 +6621,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7054,47 +6671,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -7203,9 +6779,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7241,9 +6814,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7309,14 +6879,6 @@ libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { return lit; } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -7363,9 +6925,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -7381,9 +6940,6 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair -*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -7538,9 +7094,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c4(uint8_t randomness[64U]) { return lit; } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -7557,9 +7110,6 @@ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -7683,9 +7233,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_0c0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics @@ -7710,13 +7257,6 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate Kyber 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -7815,9 +7355,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( return lit; } -/** - Portable encapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics @@ -7839,13 +7376,6 @@ tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate Kyber 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -7869,12 +7399,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7936,9 +7460,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -7950,11 +7471,6 @@ generics bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( uint8_t *public_key); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { @@ -8047,9 +7563,6 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8353,12 +7866,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -8375,7 +7889,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -8385,6 +7899,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -8434,10 +7949,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1e( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8472,9 +7983,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( u_bytes); + u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_1e(&u_as_ntt[i0]); } memcpy( @@ -8605,8 +8117,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( re.coefficients[i0]); @@ -8627,33 +8140,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_da(serialized); } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8692,10 +8178,6 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_f7( return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8738,7 +8220,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -8748,6 +8230,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -8764,12 +8247,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -8903,12 +8387,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_ed( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9014,30 +8492,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_d1( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9152,12 +8606,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( return libcrux_ml_kem_polynomial_ZERO_89_02(); } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -9186,12 +8634,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9348,47 +8790,6 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -9472,47 +8873,6 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -9771,55 +9131,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -9942,8 +9253,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -9973,10 +9285,6 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10008,10 +9316,11 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - re_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -10040,9 +9349,6 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_02(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10160,9 +9466,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10286,9 +9589,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10459,9 +9759,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10635,47 +9932,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10939,9 +10195,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -10969,13 +10222,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( libcrux_ml_kem_ind_cca_decapsulate_87(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -11103,9 +10349,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -11134,13 +10377,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -11286,13 +10522,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -11371,9 +10600,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( return lit; } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -11403,14 +10629,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -11488,9 +10706,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -11541,47 +10756,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11691,9 +10865,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -11729,9 +10900,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -11798,9 +10966,6 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -11856,14 +11021,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11911,9 +11068,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -11934,9 +11088,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -12094,9 +11245,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { return lit; } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -12117,9 +11265,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -12264,9 +11409,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -12295,13 +11437,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( libcrux_ml_kem_ind_cca_decapsulate_870(private_key, ciphertext, ret); } -/** - Decapsulate Kyber 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -12402,9 +11537,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( return lit; } -/** - Portable encapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -12433,13 +11565,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } -/** - Encapsulate Kyber 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -12463,12 +11588,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( return libcrux_ml_kem_polynomial_ZERO_89_02(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -12530,9 +11649,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -12547,11 +11663,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 00abf2c8a..c3d1f7ee3 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_avx2_H @@ -22,9 +22,6 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_sha3_portable.h" -/** - Perform 4 SHAKE256 operations in parallel -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, @@ -39,9 +36,6 @@ typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; } libcrux_sha3_avx2_x4_incremental_KeccakState; -/** - Initialise the [`KeccakState`]. -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { @@ -50,9 +44,6 @@ libcrux_sha3_avx2_x4_incremental_init(void) { KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -63,9 +54,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze three blocks -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -76,9 +64,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } -/** - Squeeze another block -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -89,9 +74,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } -/** - Squeeze five blocks -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( @@ -102,9 +84,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( @@ -115,9 +94,6 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze block -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( @@ -128,9 +104,6 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( KRML_HOST_EXIT(255U); } -/** - Squeeze next block -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 3eea98060..d42aa9ea4 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_portable_H @@ -188,9 +188,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1216,52 +1213,75 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = + uint64_t uu____4 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); - s->st[2U][0U] = + s->st[1U][0U] = uu____4; + uint64_t uu____5 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); - s->st[3U][0U] = + s->st[2U][0U] = uu____5; + uint64_t uu____6 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); - s->st[4U][0U] = + s->st[3U][0U] = uu____6; + uint64_t uu____7 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); - s->st[0U][1U] = + s->st[4U][0U] = uu____7; + uint64_t uu____8 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); - s->st[1U][1U] = + s->st[0U][1U] = uu____8; + uint64_t uu____9 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); - s->st[2U][1U] = + s->st[1U][1U] = uu____9; + uint64_t uu____10 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); - s->st[3U][1U] = + s->st[2U][1U] = uu____10; + uint64_t uu____11 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); - s->st[4U][1U] = + s->st[3U][1U] = uu____11; + uint64_t uu____12 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); - s->st[0U][2U] = + s->st[4U][1U] = uu____12; + uint64_t uu____13 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); - s->st[1U][2U] = + s->st[0U][2U] = uu____13; + uint64_t uu____14 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); - s->st[2U][2U] = + s->st[1U][2U] = uu____14; + uint64_t uu____15 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); - s->st[3U][2U] = + s->st[2U][2U] = uu____15; + uint64_t uu____16 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); - s->st[4U][2U] = + s->st[3U][2U] = uu____16; + uint64_t uu____17 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); - s->st[0U][3U] = + s->st[4U][2U] = uu____17; + uint64_t uu____18 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); - s->st[1U][3U] = + s->st[0U][3U] = uu____18; + uint64_t uu____19 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); - s->st[2U][3U] = + s->st[1U][3U] = uu____19; + uint64_t uu____20 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); - s->st[3U][3U] = + s->st[2U][3U] = uu____20; + uint64_t uu____21 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); - s->st[4U][3U] = + s->st[3U][3U] = uu____21; + uint64_t uu____22 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); - s->st[0U][4U] = + s->st[4U][3U] = uu____22; + uint64_t uu____23 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); - s->st[1U][4U] = + s->st[0U][4U] = uu____23; + uint64_t uu____24 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); - s->st[2U][4U] = + s->st[1U][4U] = uu____24; + uint64_t uu____25 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); - s->st[3U][4U] = + s->st[2U][4U] = uu____25; + uint64_t uu____26 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1661,9 +1681,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2022,9 +2039,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2151,9 +2165,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2344,9 +2355,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_fc; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -3645,52 +3653,75 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); - s->st[1U][0U] = + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[2U][0U] = + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; core_core_arch_arm_shared_neon_uint64x2_t uu____27 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -4136,9 +4167,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( libcrux_sha3_generic_keccak_keccak_59(uu____0, out); } -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[64U] = {0U}; @@ -4576,9 +4604,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( libcrux_sha3_generic_keccak_keccak_590(uu____0, out); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[32U] = {0U}; @@ -4708,11 +4733,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( libcrux_sha3_generic_keccak_keccak_591(uu____0, out); } -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -4725,9 +4745,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, typedef libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_KeccakState; -/** - Initialise the `KeccakState2`. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_12(); @@ -4855,9 +4872,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( libcrux_sha3_generic_keccak_keccakf1600_3e(s); } -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, @@ -4989,10 +5003,6 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); } -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, @@ -5001,10 +5011,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); } -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, @@ -5016,9 +5022,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); @@ -5110,9 +5113,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_keccakf1600_13(s); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -5207,9 +5207,6 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -5217,9 +5214,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -5234,9 +5228,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -5616,9 +5607,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -5977,9 +5965,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -5987,20 +5972,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -6009,17 +5985,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -6028,17 +5998,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -6047,17 +6011,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -6271,9 +6229,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -6281,21 +6236,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); @@ -6742,9 +6687,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( libcrux_sha3_generic_keccak_keccak_592(uu____0, out); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[28U] = {0U}; @@ -7182,9 +7124,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( libcrux_sha3_generic_keccak_keccak_593(uu____0, out); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[48U] = {0U}; @@ -7236,9 +7175,6 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -7246,9 +7182,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -7256,17 +7189,11 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_251(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -7274,9 +7201,6 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { From c75b7037acf2a5ab315afb41fe41c0a9edc7c8e2 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 11 Aug 2024 12:27:45 +0000 Subject: [PATCH 031/348] refresh C code from avx2 machine --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 229 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 42 +- libcrux-ml-kem/c/libcrux_core.c | 306 +- libcrux-ml-kem/c/libcrux_core.h | 120 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8576 ++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 530 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8706 +-------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 575 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2859 +++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 184 +- libcrux-ml-kem/c/libcrux_sha3.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2539 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 740 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3568 +----- libcrux-ml-kem/c/libcrux_sha3_neon.h | 27 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 166 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5956 +++++++++- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 9579 ++++------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2741 ++++- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5499 ++-------- 42 files changed, 26328 insertions(+), 26923 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 78dff4819..b902bff7c 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 7deb679b4..540d71b3b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]); /** This function found in impl @@ -83,12 +85,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -97,10 +99,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -109,10 +111,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} @@ -120,10 +122,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -132,18 +134,18 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -152,10 +154,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]); /** This function found in impl @@ -164,12 +166,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -178,10 +180,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +192,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} @@ -201,10 +203,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -213,18 +215,18 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -233,10 +235,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]); /** This function found in impl @@ -245,12 +247,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -259,10 +261,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -271,10 +273,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} @@ -282,17 +284,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -323,7 +325,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -333,36 +335,95 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -387,10 +448,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b400ee5e8..9b26cfb7f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 91c820eb4..13eee5030 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -69,7 +69,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +90,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -139,7 +139,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -165,7 +165,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -177,7 +177,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -193,7 +193,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -209,7 +209,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -230,7 +230,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -253,7 +253,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -279,7 +279,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -305,7 +305,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -317,7 +317,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -333,7 +333,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -370,7 +370,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -393,7 +393,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -419,7 +419,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -445,7 +445,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f57c7bd3f..2c845fe8e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 868f1881d..d47ba4344 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_sha3_internal_H @@ -26,14 +26,14 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -44,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } #define libcrux_sha3_Sha224 0 @@ -134,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 20d000c45..01f6cf1f1 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "internal/libcrux_core.h" @@ -85,14 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -103,13 +103,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -119,14 +120,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -137,14 +138,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -154,10 +155,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -168,22 +169,22 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -191,7 +192,7 @@ void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -201,14 +202,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -219,14 +220,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -236,14 +237,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -254,14 +255,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -271,10 +272,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -285,22 +286,22 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -308,7 +309,7 @@ void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -318,14 +319,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -336,14 +337,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -353,14 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -371,14 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -388,10 +388,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -400,7 +400,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +458,22 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,7 +481,7 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -489,7 +489,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,6 +502,66 @@ void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e77989b62..2493baec1 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8e222f296..6581a305a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index b520aad16..03fdbde61 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 95e4be554..a8ef77d6f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index df92b5fc5..311d81992 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_3e( +static void decapsulate_52( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_52(private_key, ciphertext, ret); } /** @@ -70,18 +70,18 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_81( +static void decapsulate_unpacked_b6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_81(private_key, ciphertext, ret); + decapsulate_unpacked_b6(private_key, ciphertext, ret); } /** @@ -101,13 +101,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_48( +static tuple_21 encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -116,7 +116,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_48(uu____0, uu____1); + return encapsulate_ec(uu____0, uu____1); } /** @@ -137,14 +137,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ac( +static tuple_21 encapsulate_unpacked_9a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( @@ -154,7 +154,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ac(uu____0, uu____1); + return encapsulate_unpacked_9a(uu____0, uu____1); } /** @@ -169,18 +169,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(uu____0); + return generate_keypair_0e(uu____0); } /** @@ -196,10 +196,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_f5(uint8_t randomness[64U]) { +generate_keypair_unpacked_4a(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -207,7 +207,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(uu____0); + return generate_keypair_unpacked_4a(uu____0); } /** @@ -218,14 +218,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_e11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2a1(public_key.value)) { + if (validate_public_key_e11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8ea1e9716..ca0a26b44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 9807a25ef..015904411 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 84df57bde..76b1c8601 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 584ff9e81..b5b99a9b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 6c174313d..eda334653 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); +static void decapsulate_be0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3f(private_key, ciphertext, ret); + decapsulate_be0(private_key, ciphertext, ret); } /** @@ -68,16 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_73( +static void decapsulate_unpacked_06( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_73(private_key, ciphertext, ret); + decapsulate_unpacked_06(private_key, ciphertext, ret); } /** @@ -97,13 +97,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_10( +static tuple_ec encapsulate_f3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -112,7 +112,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, uu____1); + return encapsulate_f3(uu____0, uu____1); } /** @@ -133,14 +133,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_49( +static tuple_ec encapsulate_unpacked_01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( @@ -150,7 +150,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, uu____1); + return encapsulate_unpacked_01(uu____0, uu____1); } /** @@ -165,18 +165,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(uu____0); + return generate_keypair_df(uu____0); } /** @@ -192,10 +192,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d6(uint8_t randomness[64U]) { +generate_keypair_unpacked_c0(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -203,7 +203,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(uu____0); + return generate_keypair_unpacked_c0(uu____0); } /** @@ -214,14 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_e10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2a0(public_key.value)) { + if (validate_public_key_e10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 90842b984..90fc6cf2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index ea3d3e6a6..e7767f6d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index eb821bdb0..515ad73b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 74e2de796..60ac8f723 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 6505a0266..71d2574ee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_03( +static void decapsulate_be( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_03(private_key, ciphertext, ret); + decapsulate_be(private_key, ciphertext, ret); } /** @@ -68,16 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_69( +static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_69(private_key, ciphertext, ret); + decapsulate_unpacked_d4(private_key, ciphertext, ret); } /** @@ -97,13 +97,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4b( +static tuple_3c encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -112,7 +112,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4b(uu____0, uu____1); + return encapsulate_13(uu____0, uu____1); } /** @@ -133,14 +133,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_10( +static tuple_3c encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -150,7 +150,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_10(uu____0, uu____1); + return encapsulate_unpacked_1b(uu____0, uu____1); } /** @@ -165,18 +165,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(uu____0); + return generate_keypair_ff(uu____0); } /** @@ -192,10 +192,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_c5(uint8_t randomness[64U]) { +generate_keypair_unpacked_37(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -203,7 +203,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c5(uu____0); + return generate_keypair_unpacked_37(uu____0); } /** @@ -214,14 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2a(public_key.value)) { + if (validate_public_key_e1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 1b4f22dec..374afe9fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 664d3491c..947545b34 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,11 +7,15 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +34,8569 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_98(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +static core_core_arch_x86___m256i shift_right_ea_92( + core_core_arch_x86___m256i vector) { + return shift_right_98(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static core_core_arch_x86___m256i to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_ea_92(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_ae1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_5d4( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_6b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_1b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca1(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_470(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c1(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_971( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_42(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_6c1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e31( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_d01( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_751( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_e11(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_751( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_571( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + invert_ntt_montgomery_571(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i decompress_1_91( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_711( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i compress_ea_80( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i compress_ea_800( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a0(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_841( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i compress_ea_801( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a1(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i compress_ea_802( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a2(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_841( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f50(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_5d3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e21( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f50(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_501(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_55(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_550(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_8d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { + return deserialize_then_decompress_10_a7(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_10(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_551(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_9a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_552(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_75(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_9a(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_221( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ec( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_201( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_201(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c41( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_501( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_501(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_ae0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_5d2( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_6b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_1b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca0(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_970( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_6c0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e30( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_d00( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_750( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_e10(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_750( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_570( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + invert_ntt_montgomery_570(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_710( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_d10(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_b20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_35(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_840( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_390( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f51(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_5d1( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e20( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f51(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_500(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { + return deserialize_then_decompress_11_8d(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_100(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_fe0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_75(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_220( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_8c0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b0( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_200( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_200(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c40( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_500( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_500(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_6b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_47(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_43(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_47(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_e3( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + invert_ntt_montgomery_57(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e2( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_50(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_10(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_22( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_20( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_20(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c4( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_50( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_50(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 482143058..08d38f679 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,530 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 7f7b104e4..5f3affba0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,14 +7,11 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -33,8700 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_d3(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_701( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_5d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_a64( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_701( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_b71(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( - Simd128Hash *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_7d1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_27(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_951( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_ff1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_891( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_701( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_701(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d81( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_161(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d81( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c3(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_621( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - invert_ntt_montgomery_621(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_23(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_af(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_af(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_43(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_ca0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af0(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_af0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_af0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af0(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_430(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_ca0(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af1(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_af1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_af1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af1(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_431(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af2(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_af2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_af2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af2(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_432(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_541( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d71( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_a63( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c71( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_631(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_21( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_81(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_21(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a0(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a0(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_210( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_6b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_210(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { - return deserialize_then_decompress_10_81(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_331( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_060(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a1(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a1(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_211( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_211(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a2(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a2(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_212( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_25(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { - return deserialize_then_decompress_4_60(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ab( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d61( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_331(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f1( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_4f1(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_821( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_631( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_631(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_5d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_a62( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_b70(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( - Simd128Hash *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_7d0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_950( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_ff0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_890( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_700( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d80( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_160(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d80( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_620( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - invert_ntt_montgomery_620(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_540( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d70( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_a61( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c70( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_630(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_330( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_060(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d60( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_330(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f0( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_4f0(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_820( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_630( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_630(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_b7(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( - Simd128Hash *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_7d(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_89( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - invert_ntt_montgomery_62(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_55(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_84(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_2b(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d7( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c7( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_63(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { - return deserialize_then_decompress_11_6b(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_33( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_06(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3c(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { - return deserialize_then_decompress_5_25(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_d6( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_33(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_44( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_4f(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_82( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_63( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_63(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index ba986ba9c..0d1f0e4b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,576 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 891fdfb9c..787004952 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "internal/libcrux_mlkem_portable.h" @@ -68,407 +68,20 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -476,8 +89,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } KRML_MUSTINLINE uint8_t_x11 @@ -676,6 +289,28 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -715,6 +350,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1320,68 +1486,311 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1470,6 +1879,112 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -1718,7 +2233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1746,8 +2261,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1772,12 +2287,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1789,7 +2304,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1803,7 +2318,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1822,8 +2337,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1833,10 +2348,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_af( +to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1849,14 +2364,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re->coefficients[i0]); + to_unsigned_representative_78(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1877,7 +2392,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_e81( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -1896,7 +2411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -1913,7 +2428,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_9a1( +static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -1921,7 +2436,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a1( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_e81(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -1942,15 +2457,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_524( + deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -1981,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -1992,10 +2507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2014,7 +2529,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_411(uint8_t input[4U][34U]) { +shake128_init_absorb_final_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2044,10 +2559,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_411(uu____0); + return shake128_init_absorb_final_751(uu____0); } /** @@ -2056,7 +2571,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2078,9 +2593,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_541(self, ret); + shake128_squeeze_first_three_blocks_101(self, ret); } /** @@ -2090,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2129,7 +2644,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_881( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2150,9 +2665,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_881(self, ret); + shake128_squeeze_next_block_ed1(self, ret); } /** @@ -2162,7 +2677,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2206,8 +2721,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); +from_i16_array_89_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2228,9 +2743,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2241,29 +2756,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( + bool done = sample_from_uniform_distribution_next_053( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_681(&xof_state, randomness); + shake128_squeeze_next_block_f1_c11(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( + done = sample_from_uniform_distribution_next_054( uu____2, sampled_coefficients, out); } } @@ -2271,7 +2786,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_991(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2284,12 +2799,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2302,7 +2817,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_2b1(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2341,7 +2856,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2363,9 +2878,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } /** @@ -2375,7 +2890,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2411,7 +2926,7 @@ sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2422,7 +2937,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2457,7 +2972,7 @@ sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2468,8 +2983,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c8(randomness); +sample_from_binomial_distribution_66(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_20(randomness); } /** @@ -2478,7 +2993,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_1c( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2507,7 +3022,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_29( +montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2521,12 +3036,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_29(b, zeta_r); + montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2540,7 +3055,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2553,7 +3068,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2570,7 +3085,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c1( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2588,7 +3103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_46( +static KRML_MUSTINLINE void ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2608,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c9( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2636,7 +3151,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2654,17 +3169,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_1c(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -2676,11 +3191,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -2691,14 +3206,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -2722,9 +3237,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2757,7 +3272,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e1( +static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -2784,7 +3299,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a1( +to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2800,14 +3315,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -2822,14 +3337,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a51( +static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2852,10 +3367,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -2871,10 +3386,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a91( +static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2882,14 +3397,14 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2900,10 +3415,10 @@ static tuple_540 generate_keypair_unpacked_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -2952,10 +3467,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f21( +static void closure_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2968,7 +3483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -2990,7 +3505,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3008,7 +3523,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3017,18 +3532,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3038,13 +3553,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3084,18 +3599,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1(pk.t_as_ntt, + serialize_public_key_801(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3113,7 +3628,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6b( +static KRML_MUSTINLINE void serialize_kem_secret_key_f2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3142,7 +3657,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); + H_f1_2e1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3175,7 +3690,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3185,13 +3700,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e81(ind_cpa_keypair_randomness); + generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6b( + serialize_kem_secret_key_f2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3200,12 +3715,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_from_05_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); } /** @@ -3218,10 +3733,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3232,11 +3747,11 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3256,7 +3771,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3274,9 +3789,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3285,7 +3800,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3309,7 +3824,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3329,7 +3844,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3349,7 +3864,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3357,7 +3872,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3369,7 +3884,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3384,7 +3899,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3401,18 +3916,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d41( +static KRML_MUSTINLINE void invert_ntt_montgomery_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -3425,7 +3940,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_b9( +static KRML_MUSTINLINE void add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3449,14 +3964,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_571( +static KRML_MUSTINLINE void compute_vector_u_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3478,11 +3993,11 @@ static KRML_MUSTINLINE void compute_vector_u_571( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_d41(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_861(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3496,7 +4011,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3510,8 +4025,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3521,7 +4036,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e9(coefficient_compressed); + decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3537,7 +4052,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_11( +add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3567,18 +4082,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c81( +compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -3588,7 +4103,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3609,9 +4124,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3620,7 +4135,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3642,8 +4157,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -3652,14 +4167,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_2d0( +static KRML_MUSTINLINE void compress_then_serialize_11_e10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3680,10 +4195,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_2d0(re, uu____0); + compress_then_serialize_11_e10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -3696,7 +4211,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_251( +static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3714,7 +4229,7 @@ static void compress_then_serialize_u_251( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d80(&re, ret); + compress_then_serialize_ring_element_u_2f0(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -3728,7 +4243,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3750,8 +4265,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -3760,14 +4275,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_09( +static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3785,7 +4300,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3807,8 +4322,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -3817,14 +4332,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_b9( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3843,9 +4358,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_b9(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -3866,14 +4381,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_651( +static void encrypt_unpacked_6c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -3881,7 +4396,7 @@ static void encrypt_unpacked_651( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -3889,32 +4404,32 @@ static void encrypt_unpacked_651( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( + PRF_f1_044( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_251( + compress_then_serialize_u_241( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d60( + compress_then_serialize_ring_element_v_310( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -3940,11 +4455,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -3956,7 +4471,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -3970,7 +4485,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -3979,7 +4494,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -3998,7 +4513,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4014,12 +4529,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4031,7 +4546,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4057,10 +4572,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_523( + deserialize_ring_elements_reduced_723( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4068,8 +4583,8 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4099,7 +4614,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4114,7 +4629,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4142,15 +4657,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a1( + entropy_preprocess_af_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4158,8 +4673,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4167,7 +4682,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4177,18 +4692,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_f51(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_f4(shared_secret, shared_secret_array); + kdf_af_c2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4205,7 +4720,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4230,9 +4745,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4242,8 +4757,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_02(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_10_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4255,7 +4770,7 @@ deserialize_then_decompress_10_02(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4268,7 +4783,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4293,9 +4808,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4305,8 +4820,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_a4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_11_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4318,7 +4833,7 @@ deserialize_then_decompress_11_a4(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4331,8 +4846,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { - return deserialize_then_decompress_11_a4(serialized); +deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f5(serialized); } /** @@ -4341,17 +4856,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_d70( +static KRML_MUSTINLINE void ntt_vector_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -4362,12 +4877,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_201( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4387,9 +4902,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_201( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_450(u_bytes); + deserialize_then_decompress_ring_element_u_890(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_d70(&u_as_ntt[i0]); + ntt_vector_u_ed0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4403,7 +4918,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4428,9 +4943,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4440,8 +4955,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_b6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_4_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4452,7 +4967,7 @@ deserialize_then_decompress_4_b6(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4465,7 +4980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4490,9 +5005,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4502,8 +5017,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_9f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_5_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4516,7 +5031,7 @@ deserialize_then_decompress_5_9f(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4529,8 +5044,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { - return deserialize_then_decompress_5_9f(serialized); +deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { + return deserialize_then_decompress_5_53(serialized); } /** @@ -4544,7 +5059,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4569,17 +5084,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f61( +compute_message_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -4589,13 +5104,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_ef( +static KRML_MUSTINLINE void compress_then_serialize_message_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re.coefficients[i0]); + to_unsigned_representative_78(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -4621,20 +5136,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_181( +static void decrypt_unpacked_e71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_201(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_670( + deserialize_then_decompress_ring_element_v_300( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4643,7 +5158,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -4661,8 +5176,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -4687,15 +5202,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4707,7 +5222,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4717,7 +5232,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -4726,9 +5241,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -4736,10 +5251,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4758,8 +5273,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -4781,12 +5296,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b1( +static KRML_MUSTINLINE void deserialize_secret_key_011( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4798,7 +5313,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4816,10 +5331,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_6b1(secret_key, secret_as_ntt); + deserialize_secret_key_011(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -4830,7 +5345,7 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4856,7 +5371,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4876,9 +5391,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4887,7 +5402,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -4897,31 +5412,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f4( + kdf_af_c2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_f4(shared_secret0, shared_secret); + kdf_af_c2(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -4939,12 +5454,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4956,7 +5471,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4971,7 +5486,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_e80( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -4990,7 +5505,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5007,14 +5522,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_9a0( +static KRML_MUSTINLINE void serialize_public_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_e80(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5035,15 +5550,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_522( + deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5060,10 +5575,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5074,7 +5589,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5085,10 +5600,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5107,7 +5622,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_410(uint8_t input[2U][34U]) { +shake128_init_absorb_final_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5137,10 +5652,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_410(uu____0); + return shake128_init_absorb_final_750(uu____0); } /** @@ -5149,7 +5664,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5171,9 +5686,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_540(self, ret); + shake128_squeeze_first_three_blocks_100(self, ret); } /** @@ -5183,7 +5698,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5222,7 +5737,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_880( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5243,9 +5758,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_880(self, ret); + shake128_squeeze_next_block_ed0(self, ret); } /** @@ -5255,7 +5770,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5295,9 +5810,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5308,29 +5823,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( + bool done = sample_from_uniform_distribution_next_051( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_680(&xof_state, randomness); + shake128_squeeze_next_block_f1_c10(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( + done = sample_from_uniform_distribution_next_052( uu____2, sampled_coefficients, out); } } @@ -5338,7 +5853,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_990(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5351,12 +5866,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5369,7 +5884,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_2b0(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5397,10 +5912,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5408,7 +5923,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5430,9 +5945,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -5442,8 +5957,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b8(randomness); +sample_from_binomial_distribution_660(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_85(randomness); } /** @@ -5455,11 +5970,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5470,19 +5985,19 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e30(Eurydice_array_to_slice( + sample_from_binomial_distribution_660(Eurydice_array_to_slice( (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5500,7 +6015,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e0( +static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -5526,14 +6041,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a50( +static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5556,10 +6071,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -5575,10 +6090,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_a90( +static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5586,14 +6101,14 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5604,10 +6119,10 @@ static tuple_4c generate_keypair_unpacked_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -5639,7 +6154,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -5656,10 +6171,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_f20( +static void closure_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5671,7 +6186,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5689,7 +6204,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5698,18 +6213,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -5719,13 +6234,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -5765,18 +6280,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0(pk.t_as_ntt, + serialize_public_key_800(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -5794,7 +6309,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b4( +static KRML_MUSTINLINE void serialize_kem_secret_key_41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -5823,7 +6338,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); + H_f1_2e0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5856,7 +6371,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5866,13 +6381,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e80(ind_cpa_keypair_randomness); + generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b4( + serialize_kem_secret_key_41( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -5881,12 +6396,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_from_05_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } /** @@ -5895,7 +6410,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5917,9 +6432,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -5931,11 +6446,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5946,18 +6461,18 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5975,9 +6490,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -5986,18 +6501,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d40( +static KRML_MUSTINLINE void invert_ntt_montgomery_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -6006,14 +6521,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_570( +static KRML_MUSTINLINE void compute_vector_u_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6035,11 +6550,11 @@ static KRML_MUSTINLINE void compute_vector_u_570( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_d40(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_860(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6053,18 +6568,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c80( +compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -6074,14 +6589,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_54( +static KRML_MUSTINLINE void compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6102,10 +6617,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_54(re, uu____0); + compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6118,7 +6633,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_250( +static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6136,7 +6651,7 @@ static void compress_then_serialize_u_250( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6151,9 +6666,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_09(re, out); + compress_then_serialize_4_e5(re, out); } /** @@ -6174,14 +6689,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_650( +static void encrypt_unpacked_6c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6189,7 +6704,7 @@ static void encrypt_unpacked_650( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); + tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6197,31 +6712,31 @@ static void encrypt_unpacked_650( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( + PRF_f1_042( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_250( + compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6247,11 +6762,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6263,7 +6778,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6277,7 +6792,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6286,7 +6801,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6305,7 +6820,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6321,12 +6836,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6338,7 +6853,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6364,10 +6879,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_521( + deserialize_ring_elements_reduced_721( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6375,8 +6890,8 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6406,7 +6921,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6421,7 +6936,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6449,15 +6964,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_57( + entropy_preprocess_af_5d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6465,8 +6980,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6474,7 +6989,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6484,18 +6999,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_26(shared_secret, shared_secret_array); + kdf_af_e8(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6512,8 +7027,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { - return deserialize_then_decompress_10_02(serialized); +deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { + return deserialize_then_decompress_10_e9(serialized); } /** @@ -6522,17 +7037,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_d7( +static KRML_MUSTINLINE void ntt_vector_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -6543,12 +7058,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_200( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -6568,9 +7083,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_200( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_45(u_bytes); + deserialize_then_decompress_ring_element_u_89(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_d7(&u_as_ntt[i0]); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6584,8 +7099,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b6(serialized); +deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { + return deserialize_then_decompress_4_34(serialized); } /** @@ -6595,17 +7110,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f60( +compute_message_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -6619,20 +7134,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_180( +static void decrypt_unpacked_e70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_200(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6646,8 +7161,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -6672,14 +7187,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6691,7 +7206,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6701,7 +7216,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -6710,9 +7225,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -6720,10 +7235,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6741,12 +7256,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b0( +static KRML_MUSTINLINE void deserialize_secret_key_010( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6758,7 +7273,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6776,10 +7291,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_6b0(secret_key, secret_as_ntt); + deserialize_secret_key_010(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -6790,7 +7305,7 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6816,7 +7331,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6835,9 +7350,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6846,7 +7361,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6856,31 +7371,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_26( + kdf_af_e8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_26(shared_secret0, shared_secret); + kdf_af_e8(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -6898,12 +7413,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6915,7 +7430,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6930,7 +7445,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_e8( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6949,7 +7464,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -6966,7 +7481,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_9a( +static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -6974,7 +7489,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_e8(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -6995,15 +7510,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_520( + deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7034,7 +7549,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7045,10 +7560,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7067,7 +7582,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_41(uint8_t input[3U][34U]) { +shake128_init_absorb_final_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7097,10 +7612,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_41(uu____0); + return shake128_init_absorb_final_75(uu____0); } /** @@ -7109,7 +7624,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7131,9 +7646,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_54(self, ret); + shake128_squeeze_first_three_blocks_10(self, ret); } /** @@ -7143,7 +7658,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7182,7 +7697,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_88( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7203,9 +7718,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_88(self, ret); + shake128_squeeze_next_block_ed(self, ret); } /** @@ -7215,7 +7730,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7255,9 +7770,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7268,29 +7783,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( + bool done = sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_68(&xof_state, randomness); + shake128_squeeze_next_block_f1_c1(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( + done = sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -7298,7 +7813,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_99(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7311,12 +7826,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7329,7 +7844,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7368,7 +7883,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7390,9 +7905,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -7404,11 +7919,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7419,14 +7934,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7449,7 +7964,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e( +static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7475,14 +7990,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a5( +static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7505,10 +8020,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7524,10 +8039,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a9( +static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7535,14 +8050,14 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7553,10 +8068,10 @@ static tuple_9b generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -7605,10 +8120,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f2( +static void closure_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7620,7 +8135,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7638,7 +8153,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7647,18 +8162,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -7668,13 +8183,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -7714,18 +8229,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a(pk.t_as_ntt, + serialize_public_key_80(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -7743,7 +8258,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_97( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7772,7 +8287,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); + H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -7805,7 +8320,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7815,13 +8330,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e8(ind_cpa_keypair_randomness); + generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_97( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -7830,12 +8345,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); } /** @@ -7848,10 +8363,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7862,11 +8377,11 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -7891,9 +8406,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -7902,18 +8417,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -7922,14 +8437,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_57( +static KRML_MUSTINLINE void compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7951,11 +8466,11 @@ static KRML_MUSTINLINE void compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_d4(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_86(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7969,18 +8484,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c8( +compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -7993,7 +8508,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_25( +static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8011,7 +8526,7 @@ static void compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8037,14 +8552,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_65( +static void encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8052,7 +8567,7 @@ static void encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8060,31 +8575,31 @@ static void encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( + PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_25( + compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8110,11 +8625,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8126,7 +8641,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8140,7 +8655,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8149,7 +8664,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8168,7 +8683,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -8184,12 +8699,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8201,7 +8716,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8227,10 +8742,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_52( + deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8238,8 +8753,8 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8269,7 +8784,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8284,7 +8799,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -8312,15 +8827,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d2( + entropy_preprocess_af_6c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8328,8 +8843,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8337,7 +8852,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8347,18 +8862,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f50(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_69(shared_secret, shared_secret_array); + kdf_af_b6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8376,12 +8891,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_20( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8401,9 +8916,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_45(u_bytes); + deserialize_then_decompress_ring_element_u_89(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_d7(&u_as_ntt[i0]); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8417,17 +8932,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f6( +compute_message_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -8441,20 +8956,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_18( +static void decrypt_unpacked_e7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_20(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8468,8 +8983,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -8494,14 +9009,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8513,7 +9028,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8523,7 +9038,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -8532,9 +9047,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -8542,10 +9057,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8563,12 +9078,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b( +static KRML_MUSTINLINE void deserialize_secret_key_01( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8580,7 +9095,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8598,10 +9113,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_6b(secret_key, secret_as_ntt); + deserialize_secret_key_01(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8612,7 +9127,7 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8638,7 +9153,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8657,9 +9172,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -8668,7 +9183,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -8678,31 +9193,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_69( + kdf_af_b6( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_69(shared_secret0, shared_secret); + kdf_af_b6(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 77d1b9896..c5afc2a8b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -477,6 +419,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -492,6 +483,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ad380eb57..7c6b8dc3b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_H @@ -26,35 +26,35 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -113,7 +113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 97d59fe45..62ace3bfe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,85 +7,2530 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6066347d6..efdecdccd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_avx2_H @@ -20,46 +20,53 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - -libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index af76d13e5..834f6dd19 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -198,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -274,12 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -289,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -316,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -327,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -354,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -365,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -392,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -403,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -430,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -441,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -457,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -468,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -495,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -506,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -533,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -544,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -571,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -582,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -609,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -620,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -647,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -658,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -685,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -696,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -723,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -734,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -761,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -772,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -799,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -810,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -837,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -848,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -875,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -886,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -913,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -924,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -951,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -989,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1000,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1027,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1038,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1065,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1076,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1103,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1114,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1141,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1152,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1179,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1189,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1225,76 +1225,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1389,7 +1389,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1417,7 +1417,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1454,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1466,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1477,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1518,12 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1534,7 +1534,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1562,7 +1562,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1599,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1611,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1626,12 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -1641,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1655,12 +1655,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1689,10 +1689,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1715,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1743,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1768,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1815,11 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); } /** @@ -1827,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** @@ -1871,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1885,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1901,12 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1945,7 +1945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1966,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -2000,10 +2000,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2040,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2052,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2065,11 +2065,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2093,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2107,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2118,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2165,11 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); } /** @@ -2177,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -2221,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2235,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2251,12 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -2267,7 +2267,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2295,7 +2295,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2316,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2350,10 +2350,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2390,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2402,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2415,11 +2415,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2443,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2468,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2515,11 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } /** @@ -2531,12 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -2546,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2560,12 +2560,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2594,10 +2594,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2620,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2648,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2662,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2673,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2720,11 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } /** @@ -2735,7 +2735,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2766,10 +2766,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2838,11 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } /** @@ -2850,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** @@ -2894,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2908,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2924,12 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** @@ -2940,7 +2940,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2968,7 +2968,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2989,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3022,10 +3022,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3062,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3074,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3087,11 +3087,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3115,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3129,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3187,11 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 11362bb06..da0caa7ff 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,3560 +7,76 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); -} - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 8b66fd17c..1510c3862 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_neon_H @@ -20,19 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -40,19 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState_fc +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 78dff4819..b902bff7c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index b022c4fde..92f568d7c 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_core_H @@ -53,6 +53,8 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -76,6 +78,118 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_6f_tags; + +/** +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_1c(core_result_Result_6f self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_34(core_result_Result_7a self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_e8(core_result_Result_cd self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -107,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_2e( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -122,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_57(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -155,7 +269,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -171,7 +285,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_e0(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -200,7 +314,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_20(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -216,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -226,7 +340,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -239,18 +353,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_00_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -283,7 +392,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -305,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_28( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -316,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -334,7 +443,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -347,23 +456,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t - -*/ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; - /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -391,18 +490,13 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; - /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 6705551b9..865ca4449 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index dbf15e8ae..b184d8770 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,6 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -43,9 +45,5959 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( + void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( + core_core_arch_x86___m256i x, int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, + int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, + Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( + Eurydice_slice input, Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ntt_multiply_89_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_subtract_reduce_89_56( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_message_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_shift_right_ea_4e( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_4a( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( + Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + typedef libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_Simd256Hash; +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( + Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_slice input, uint8_t ret[128U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = + libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_71( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_be( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + uu____0, uu____1); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_42( + self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_clone_d5_25( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t kdf_input[64U]; + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1088U, + libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + uint8_t, Eurydice_slice), + ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t ret1[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), + ret1); + memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + Eurydice_slice randomness, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + uu____0, uu____1); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 48da0d7e1..738eb3f73 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_portable_H @@ -21,7 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -48,7 +47,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; + libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -123,862 +122,260 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; @@ -1002,13 +399,14 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1035,8 +433,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } static KRML_MUSTINLINE void @@ -1056,43 +454,565 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** @@ -1100,192 +1020,124 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1294,216 +1146,53 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } return v; } @@ -1512,292 +1201,159 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); return v; } @@ -1806,268 +1362,44 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** @@ -2075,21 +1407,34 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** @@ -2097,23 +1442,33 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; } /** @@ -2121,22 +1476,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; } /** @@ -2144,57 +1532,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; } - return v; + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } + return result; } /** @@ -2202,98 +1600,144 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2302,128 +1746,171 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2432,143 +1919,191 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2577,286 +2112,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -2969,4521 +2226,199 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { - size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); -} - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, - uint8_t ret[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( - uint8_t input[3U][34U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uint8_t input[3U][34U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_43_af( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_40(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_48( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_86( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_61( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_86( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f4( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_61( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_860( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_610( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_860( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_11_59( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_610( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f4(serialized); -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_82( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_82(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_861( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_611( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_861( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_611( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_862( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_862( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_5_17( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ntt_multiply_89_16( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_subtract_reduce_89_e1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_message_c9( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_e1(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_shift_right_cc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_shift_right_20_df( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_shift_right_cc(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_shift_right_20_df(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_23( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_da( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - libcrux_ml_kem_matrix_compute_message_c9(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_23(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_92(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_48(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_da(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_f3( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = - libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_ca( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_a1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a0(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_a10( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_a11( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - libcrux_ml_kem_vector_neon_compress_20_a12( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_matrix_compute_ring_element_v_9b( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_0c( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_92(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_af( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_af(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_31( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_da( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_43_87(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_af(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_a7( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( - uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_standard_domain_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_fc( - self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_61(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_20( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_clone_d5_cb( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c4(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_20(i, A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_polynomial_clone_d5_cb(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_6c_75( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_0c0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_92(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_75( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_75(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_9a(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_9a( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_75(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( - uu____0, uu____1); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return sampled; } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( - uint8_t *public_key); +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -7505,7 +2440,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_02(void) { +libcrux_ml_kem_polynomial_ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -7533,8 +2468,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_13(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7544,10 +2479,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -7569,12 +2504,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -7587,7 +2522,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -7615,8 +2550,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7626,7 +2561,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7651,9 +2586,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( v); } @@ -7664,10 +2599,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -7679,7 +2614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_51( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( coefficient); re.coefficients[i0] = uu____0; } @@ -7693,7 +2628,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7718,9 +2653,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( v); } @@ -7731,10 +2666,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_df( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -7746,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( coefficient); re.coefficients[i0] = uu____0; } @@ -7760,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_51(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -7777,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -7791,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -7810,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -7823,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -7840,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7860,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7883,7 +2818,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7914,7 +2849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -7932,21 +2867,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -7958,12 +2893,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -7984,10 +2919,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_1e(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8001,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8026,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( v); } @@ -8039,10 +2974,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_da( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -8053,7 +2988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_da( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( coefficient); re.coefficients[i0] = uu____0; } @@ -8067,7 +3002,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8092,9 +3027,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( v); } @@ -8105,10 +3040,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -8121,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -8135,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_da(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); } /** @@ -8151,11 +3086,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_f7( +libcrux_ml_kem_polynomial_ntt_multiply_89_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8188,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8214,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8241,7 +3176,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8264,7 +3199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8286,7 +3221,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -8294,7 +3229,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -8307,7 +3242,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -8322,7 +3257,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -8339,22 +3274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -8368,7 +3303,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_ed( +libcrux_ml_kem_polynomial_subtract_reduce_89_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -8394,21 +3329,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_56( +libcrux_ml_kem_matrix_compute_message_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_ed(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); return result; } @@ -8418,7 +3353,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8438,9 +3373,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_bf( +libcrux_ml_kem_vector_portable_shift_right_0d_4b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); } /** @@ -8450,10 +3385,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_af( +libcrux_ml_kem_vector_traits_to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); + libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -8467,13 +3402,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d1( +libcrux_ml_kem_serialize_compress_then_serialize_message_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -8502,21 +3437,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_56(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8530,11 +3465,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_c0(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8545,7 +3480,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_c0(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8559,7 +3494,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8569,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -8588,9 +3523,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); } /** @@ -8601,9 +3536,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8613,10 +3548,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -8642,12 +3577,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -8660,7 +3595,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -8677,8 +3612,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8688,10 +3623,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -8711,7 +3646,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -8743,11 +3678,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uu____0); } @@ -8758,7 +3693,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -8783,10 +3718,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( self, ret); } @@ -8798,7 +3733,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8841,7 +3776,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -8866,10 +3801,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, ret); } @@ -8881,7 +3816,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8928,9 +3863,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8952,8 +3887,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_48( +libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8965,7 +3900,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8973,25 +3908,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -8999,7 +3934,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); } memcpy( ret, ret0, @@ -9013,12 +3948,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -9036,7 +3971,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -9077,10 +4012,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b00_s { +typedef struct tuple_b0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b00; +} tuple_b0; /** A monomorphic instance of @@ -9093,8 +4028,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9103,7 +4038,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9126,9 +4061,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } /** @@ -9138,7 +4073,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9175,7 +4110,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9186,7 +4121,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9222,7 +4157,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9233,9 +4168,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( randomness); } @@ -9245,7 +4180,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -9269,20 +4204,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -9294,12 +4229,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9313,21 +4248,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9345,8 +4280,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9358,12 +4293,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9377,11 +4312,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -9390,7 +4325,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9403,7 +4338,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -9422,9 +4357,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); } /** @@ -9434,8 +4369,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9448,7 +4383,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -9472,14 +4407,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -9502,12 +4437,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9521,7 +4456,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_e9( +libcrux_ml_kem_vector_traits_decompress_1_89( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -9536,10 +4471,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9549,7 +4484,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -9566,7 +4501,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -9596,22 +4531,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_c8( +libcrux_ml_kem_matrix_compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( error_2, message, result); return result; } @@ -9622,7 +4557,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_94( +libcrux_ml_kem_vector_portable_compress_compress_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9645,9 +4580,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b( +libcrux_ml_kem_vector_portable_compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_94(v); + return libcrux_ml_kem_vector_portable_compress_compress_be(v); } /** @@ -9657,15 +4592,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_54( +libcrux_ml_kem_serialize_compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_31( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -9686,7 +4621,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_940( +libcrux_ml_kem_vector_portable_compress_compress_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9709,9 +4644,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b0( +libcrux_ml_kem_vector_portable_compress_0d_310( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_940(v); + return libcrux_ml_kem_vector_portable_compress_compress_be0(v); } /** @@ -9721,15 +4656,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_2d( +libcrux_ml_kem_serialize_compress_then_serialize_11_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_310( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -9752,10 +4687,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -9768,7 +4703,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9786,7 +4721,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -9801,7 +4736,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_941( +libcrux_ml_kem_vector_portable_compress_compress_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9824,9 +4759,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b1( +libcrux_ml_kem_vector_portable_compress_0d_311( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_941(v); + return libcrux_ml_kem_vector_portable_compress_compress_be1(v); } /** @@ -9836,15 +4771,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_09( +libcrux_ml_kem_serialize_compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_311( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -9863,7 +4798,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_942( +libcrux_ml_kem_vector_portable_compress_compress_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9886,9 +4821,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b2( +libcrux_ml_kem_vector_portable_compress_0d_312( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_942(v); + return libcrux_ml_kem_vector_portable_compress_compress_be2(v); } /** @@ -9898,15 +4833,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b9( +libcrux_ml_kem_serialize_compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_9b2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_312( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -9927,9 +4862,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } /** @@ -9950,15 +4885,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9966,7 +4901,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -9975,33 +4910,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c8( + libcrux_ml_kem_matrix_compute_ring_element_v_1f( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -10026,12 +4961,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -10039,8 +4974,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -10070,7 +5005,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -10086,7 +5021,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_25( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -10118,7 +5053,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_87( +static inline void libcrux_ml_kem_ind_cca_decapsulate_88( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -10137,10 +5072,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_c0(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -10149,7 +5084,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -10159,32 +5094,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_25( + libcrux_ml_kem_ind_cca_kdf_43_cc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_25(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -10216,16 +5151,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_87(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( private_key, ciphertext, ret); } @@ -10285,14 +5220,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10304,7 +5239,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10314,7 +5249,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -10323,9 +5258,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -10333,11 +5268,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -10371,16 +5306,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( private_key, ciphertext, ret); } @@ -10394,7 +5329,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -10412,7 +5347,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -10436,15 +5371,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d5( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -10452,9 +5387,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), + libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -10462,7 +5397,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10472,19 +5407,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_25(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -10513,13 +5448,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -10528,7 +5463,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, uu____1); } @@ -10551,11 +5486,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10567,7 +5502,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10581,7 +5516,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -10591,7 +5526,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -10619,14 +5554,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -10636,7 +5571,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( uu____0, uu____1); } @@ -10648,10 +5583,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b0_s { +typedef struct tuple_9b_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b0; +} tuple_9b; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -10660,8 +5595,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -10671,7 +5606,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_a1( +libcrux_ml_kem_vector_traits_to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -10688,7 +5623,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -10696,7 +5631,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_a1( + libcrux_ml_kem_vector_traits_to_standard_domain_3e( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -10712,14 +5647,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -10743,12 +5678,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -10765,10 +5700,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10776,15 +5711,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -10795,12 +5730,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -10833,7 +5768,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } /** @@ -10843,14 +5778,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -10872,7 +5807,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -10891,7 +5826,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -10908,7 +5843,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -10916,7 +5851,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -10942,19 +5877,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -10973,7 +5908,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -11002,7 +5937,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -11035,7 +5970,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -11045,13 +5980,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -11060,12 +5995,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } /** @@ -11081,18 +6016,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uu____0); } @@ -11111,8 +6046,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_23(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11129,10 +6064,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_28( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -11147,7 +6082,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_70( +libcrux_ml_kem_polynomial_clone_d5_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -11174,7 +6109,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -11183,7 +6118,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -11191,14 +6126,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_28(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_70(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -11210,13 +6145,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -11258,11 +6193,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -11270,7 +6205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( uu____0); } @@ -11285,18 +6220,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_aa( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_2e(ciphertext), + libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -11304,7 +6239,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_aa( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -11332,7 +6267,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_870( +static inline void libcrux_ml_kem_ind_cca_decapsulate_880( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -11351,10 +6286,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_c0(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -11363,7 +6298,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -11373,32 +6308,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_aa( + libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_aa(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -11431,16 +6366,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_870(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( private_key, ciphertext, ret); } @@ -11454,9 +6389,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } /** @@ -11478,15 +6413,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f9( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -11494,9 +6429,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), + libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -11504,7 +6439,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -11514,19 +6449,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_aa(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -11556,13 +6491,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -11571,7 +6506,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( uu____0, uu____1); } @@ -11583,9 +6518,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11596,12 +6531,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -11614,7 +6549,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -11631,16 +6566,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -11658,16 +6593,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -11677,16 +6612,6 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index c3d1f7ee3..8fab63dea 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_avx2_H @@ -20,98 +20,2759 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +#include "libcrux_core.h" #include "libcrux_sha3_portable.h" +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, + uint64_t c) { + return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_generic_keccak_new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_71(s); + libcrux_sha3_generic_keccak_pi_01(s); + libcrux_sha3_generic_keccak_chi_9b(s); + libcrux_sha3_generic_keccak_iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(&s); + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = + libcrux_sha3_generic_keccak_new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + } + } +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_keccak_14(buf0, buf); } -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; +typedef libcrux_sha3_generic_keccak_KeccakState_29 + libcrux_sha3_avx2_x4_incremental_KeccakState; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return libcrux_sha3_generic_keccak_new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index d42aa9ea4..384edfddf 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -80,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -199,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -234,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -263,12 +262,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -278,7 +277,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -289,9 +288,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -305,8 +304,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -316,7 +315,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -327,9 +326,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -343,8 +342,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -354,7 +353,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -365,9 +364,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -381,8 +380,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -392,7 +391,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -403,9 +402,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -419,8 +418,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -430,9 +429,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -446,8 +445,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -457,7 +456,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -468,9 +467,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -484,8 +483,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -495,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -506,9 +505,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -522,8 +521,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -533,7 +532,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -544,9 +543,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -560,8 +559,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -571,7 +570,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -582,9 +581,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -598,8 +597,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -609,7 +608,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -620,9 +619,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -636,8 +635,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -647,7 +646,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -658,9 +657,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -674,8 +673,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -685,7 +684,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -696,9 +695,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -712,8 +711,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -723,7 +722,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -734,9 +733,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -750,8 +749,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -761,7 +760,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -772,9 +771,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -788,8 +787,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -799,7 +798,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -810,9 +809,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -826,8 +825,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -837,7 +836,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -848,9 +847,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -864,8 +863,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -875,7 +874,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -886,9 +885,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -902,8 +901,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -913,7 +912,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -924,9 +923,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -940,8 +939,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -951,7 +950,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -962,9 +961,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -978,8 +977,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -989,7 +988,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1000,9 +999,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1016,8 +1015,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1027,7 +1026,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1038,9 +1037,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1054,8 +1053,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1065,7 +1064,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1076,9 +1075,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1092,8 +1091,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1103,7 +1102,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1114,9 +1113,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1130,8 +1129,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1141,7 +1140,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1152,9 +1151,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1168,8 +1167,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1178,7 +1177,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1214,76 +1213,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1293,7 +1292,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1328,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1350,7 +1349,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1362,14 +1361,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1380,13 +1379,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1394,11 +1393,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -1410,12 +1409,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -1426,7 +1425,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1446,8 +1445,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1455,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1476,12 +1475,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1496,9 +1495,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -1509,10 +1508,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1537,9 +1536,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1549,9 +1548,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1561,10 +1560,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1574,11 +1573,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1602,10 +1601,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1616,7 +1615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1627,12 +1626,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1640,7 +1639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1658,12 +1657,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -1674,18 +1673,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -1693,7 +1692,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1722,12 +1721,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -1737,13 +1736,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1751,11 +1750,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1767,12 +1766,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1783,7 +1782,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1803,8 +1802,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1812,7 +1811,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1833,12 +1832,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1854,9 +1853,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -1867,10 +1866,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1895,9 +1894,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1907,9 +1906,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1919,10 +1918,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1932,11 +1931,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1960,10 +1959,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1974,7 +1973,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1985,12 +1984,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1998,7 +1997,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2016,12 +2015,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2032,18 +2031,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -2054,7 +2053,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2074,8 +2073,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2086,10 +2085,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2100,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2111,12 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2124,7 +2123,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2142,12 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2158,3470 +2157,326 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_58( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_and_not_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_constant_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); -} +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); +static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_generic_keccak_new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - return lit; +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- BLOCKSIZE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_580( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- LEFT= 36 -- RIGHT= 28 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_580(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t with const generics -- LEFT= 36 -- RIGHT= 28 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_581( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_722(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- LEFT= 3 -- RIGHT= 61 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_581(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- LEFT= 3 -- RIGHT= 61 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_582( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_582(ab); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_583( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_583(ab); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); -} +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_58(ab); -} +typedef uint8_t libcrux_sha3_Algorithm; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_584( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_585( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_586( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_587( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_588( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_589( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5810( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c110( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5811( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c111( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5812( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c112( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5813( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c113( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5814( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c114( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5815( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c115( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5816( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c116( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5817( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c117( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5818( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c118( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5819( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c119( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5820( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c120( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5821( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c121( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5822( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c122( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_a0(s); - libcrux_sha3_generic_keccak_chi_b0(s); - libcrux_sha3_generic_keccak_iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_59(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_590(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_591(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_neon_keccakx2_6e1(buf0, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, - Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_252(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); -} - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; core_result_Result_56 dst; @@ -5646,14 +2501,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -5661,27 +2516,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -5691,14 +2546,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -5706,10 +2561,10 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -5723,24 +2578,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, @@ -5757,14 +2612,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -5777,12 +2632,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -5790,13 +2645,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -5819,11 +2674,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -5831,288 +2686,24 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -6120,13 +2711,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -6147,27 +2738,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -6175,20 +2766,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6201,17 +2792,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -6219,183 +2810,123 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c2(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6405,121 +2936,81 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; + size_t uu____2 = (size_t)104U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f2(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6535,57 +3026,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f2(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6602,51 +3093,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6658,305 +3149,171 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_592(uu____0, out); +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t with const generics -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6971,58 +3328,19 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( } } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -7039,51 +3357,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -7095,43 +3413,78 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 104 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_593(uu____0, out); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); +} + +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -7142,7 +3495,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -7150,62 +3503,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_251(s, buf); + libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** @@ -7282,12 +3635,6 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } -typedef core_core_arch_arm_shared_neon_uint64x2_t - libcrux_sha3_simd_arm64_uint64x2_t; - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState2Internal; - typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From a0f24d312c5d78e7d82a27338ae95f82b96d94bc Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 11 Aug 2024 18:30:23 -0400 Subject: [PATCH 032/348] a more complete spec --- libcrux-ml-kem/proofs/fstar/spec/Makefile | 2 +- .../fstar/spec/Spec.MLKEM.Instances.fst | 62 +++ .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 168 ++++++++ .../proofs/fstar/spec/Spec.MLKEM.fst | 364 +++++------------- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- 5 files changed, 337 insertions(+), 261 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index 7caf6ddd7..b67b71b55 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -53,7 +53,7 @@ else FSTAR_HINTS ?= --use_hints --use_hint_hashes endif -VERIFIED = +VERIFIED = Spec.Utils.fst Spec.MLKEM.Math.fst Spec.MLKEM.fst Spec.MLKEM.Instances.fst UNVERIFIED = diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst new file mode 100644 index 000000000..bf9261111 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst @@ -0,0 +1,62 @@ +module Spec.MLKEM.Instances +#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" +open FStar.Mul +open Core +open Spec.Utils +open Spec.MLKEM.Math +open Spec.MLKEM + + +(** MLKEM-768 Instantiation *) + +let mlkem768_rank : rank = sz 3 + +#push-options "--z3rlimit 300" +let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) & bool = + ind_cca_generate_keypair mlkem768_rank randomness + +let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) & bool = + ind_cca_encapsulate mlkem768_rank public_key randomness + +let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): + t_Array u8 (sz 32) & bool = + ind_cca_decapsulate mlkem768_rank secret_key ciphertext + +(** MLKEM-1024 Instantiation *) + +let mlkem1024_rank = sz 4 + +let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) & bool = + ind_cca_generate_keypair mlkem1024_rank randomness + +let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) & bool = + ind_cca_encapsulate mlkem1024_rank public_key randomness + + +let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): + t_Array u8 (sz 32) & bool = + ind_cca_decapsulate mlkem1024_rank secret_key ciphertext + +(** MLKEM-512 Instantiation *) + +let mlkem512_rank : rank = sz 2 + +let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) & bool = + ind_cca_generate_keypair mlkem512_rank randomness + +let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 768) & t_Array u8 (sz 32)) & bool = + ind_cca_encapsulate mlkem512_rank public_key randomness + + +let mlkem512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): + t_Array u8 (sz 32) & bool = + ind_cca_decapsulate mlkem512_rank secret_key ciphertext + + + diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst new file mode 100644 index 000000000..18fb880df --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -0,0 +1,168 @@ +module Spec.MLKEM.Math +#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" + +open FStar.Mul +open Core +open Spec.Utils + +let v_FIELD_MODULUS: i32 = 3329l +let is_rank (r:usize) = v r == 2 \/ v r == 3 \/ v r == 4 + +type rank = r:usize{is_rank r} + + +(** MLKEM Math and Sampling *) + +type field_element = n:nat{n < v v_FIELD_MODULUS} +type polynomial (ntt:bool) = t_Array field_element (sz 256) +type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r +type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r + +val field_add: field_element -> field_element -> field_element +let field_add a b = (a + b) % v v_FIELD_MODULUS + +val field_sub: field_element -> field_element -> field_element +let field_sub a b = (a - b) % v v_FIELD_MODULUS + +val field_neg: field_element -> field_element +let field_neg a = (0 - a) % v v_FIELD_MODULUS + +val field_mul: field_element -> field_element -> field_element +let field_mul a b = (a * b) % v v_FIELD_MODULUS + +val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +let poly_add a b = map2 field_add a b + +val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +let poly_sub a b = map2 field_sub a b + + +(* +bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] +zetas = [pow(17,x) % 3329 for x in bitrev7] +zetas_mont = [pow(2,16) * x % 3329 for x in zetas] +zetas_mont_r = [(x - 3329 if x > 1664 else x) for x in zetas_mont] + +bitrev7 is +[0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120, 4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124, 2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122, 6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126, 1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121, 5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125, 3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123, 7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127] + +zetas = 17^bitrev7 is +[1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154] + +zetas_mont = zetas * 2^16 is +[2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628] + +zetas_mont_r = zetas_mont - 3329 if zetas_mont > 1664 else zetas_mont is +[-1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628] +*) + +let zetas_list : list field_element = [1; 1729; 2580; 3289; 2642; 630; 1897; 848; 1062; 1919; 193; 797; 2786; 3260; 569; 1746; 296; 2447; 1339; 1476; 3046; 56; 2240; 1333; 1426; 2094; 535; 2882; 2393; 2879; 1974; 821; 289; 331; 3253; 1756; 1197; 2304; 2277; 2055; 650; 1977; 2513; 632; 2865; 33; 1320; 1915; 2319; 1435; 807; 452; 1438; 2868; 1534; 2402; 2647; 2617; 1481; 648; 2474; 3110; 1227; 910; 17; 2761; 583; 2649; 1637; 723; 2288; 1100; 1409; 2662; 3281; 233; 756; 2156; 3015; 3050; 1703; 1651; 2789; 1789; 1847; 952; 1461; 2687; 939; 2308; 2437; 2388; 733; 2337; 268; 641; 1584; 2298; 2037; 3220; 375; 2549; 2090; 1645; 1063; 319; 2773; 757; 2099; 561; 2466; 2594; 2804; 1092; 403; 1026; 1143; 2150; 2775; 886; 1722; 1212; 1874; 1029; 2110; 2935; 885; 2154] + +let zetas : t_Array field_element (sz 128) = + assert_norm(List.Tot.length zetas_list == 128); + Rust_primitives.Arrays.of_list zetas_list + +let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let t = field_mul b zetas.[sz i] in + let b = field_sub a t in + let a = field_add a t in + (a,b) + +let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (128 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in + if idx < len then a_ntt else b_ntt) + +val poly_ntt: polynomial false -> polynomial true +let poly_ntt p = + let p = poly_ntt_layer p 7 in + let p = poly_ntt_layer p 6 in + let p = poly_ntt_layer p 5 in + let p = poly_ntt_layer p 4 in + let p = poly_ntt_layer p 3 in + let p = poly_ntt_layer p 2 in + let p = poly_ntt_layer p 1 in + p + +let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let b_minus_a = field_sub b a in + let a = field_add a b in + let b = field_mul b_minus_a zetas.[sz i] in + (a,b) + +let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (256 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in + if idx < len then a_ntt else b_ntt) + +val poly_inv_ntt: polynomial true -> polynomial false +let poly_inv_ntt p = + let p = poly_inv_ntt_layer p 1 in + let p = poly_inv_ntt_layer p 2 in + let p = poly_inv_ntt_layer p 3 in + let p = poly_inv_ntt_layer p 4 in + let p = poly_inv_ntt_layer p 5 in + let p = poly_inv_ntt_layer p 6 in + let p = poly_inv_ntt_layer p 7 in + p + +let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = + let c0 = field_add (field_mul a0 b0) (field_mul (field_mul a1 b1) zeta) in + let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in + (c0,c1) + +val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true +let poly_mul_ntt a b = + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let a0 = a.[sz (2 * (v i / 2))] in + let a1 = a.[sz (2 * (v i / 2) + 1)] in + let b0 = b.[sz (2 * (v i / 2))] in + let b1 = b.[sz (2 * (v i / 2) + 1)] in + let zeta_4 = zetas.[sz (64 + (v i/4))] in + let zeta = if v i % 4 < 2 then zeta_4 else field_neg zeta_4 in + let (c0,c1) = poly_base_case_multiply a0 a1 b0 b1 zeta in + if v i % 2 = 0 then c0 else c1) + + +val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt +let vector_add #p a b = map2 poly_add a b + +val vector_ntt: #r:rank -> vector r false -> vector r true +let vector_ntt #p v = map_array poly_ntt v + +val vector_inv_ntt: #r:rank -> vector r true -> vector r false +let vector_inv_ntt #p v = map_array poly_inv_ntt v + +val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true +let vector_mul_ntt #p a b = map2 poly_mul_ntt a b + +val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt +let vector_sum #r a = repeati (r -! sz 1) + (fun i x -> assert (v i < v r - 1); poly_add x (a.[i +! sz 1])) a.[sz 0] + +val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true +let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) + +val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt +let matrix_transpose #r m = + createi r (fun i -> + createi r (fun j -> + m.[j].[i])) + +val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true +let matrix_vector_mul_ntt #r m v = + createi r (fun i -> vector_dot_product_ntt m.[i] v) + +val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true +let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e + diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index ee5558e74..5e081b5b7 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -1,8 +1,9 @@ module Spec.MLKEM -#set-options "--fuel 0 --ifuel 1 --z3rlimit 200" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" open FStar.Mul open Core open Spec.Utils +open Spec.MLKEM.Math (** ML-KEM Constants *) let v_BITS_PER_COEFFICIENT: usize = sz 12 @@ -15,8 +16,6 @@ let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8 let v_CPA_KEY_GENERATION_SEED_SIZE: usize = sz 32 -let v_FIELD_MODULUS: i32 = 3329l - let v_H_DIGEST_SIZE: usize = sz 32 // same as Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) @@ -24,11 +23,7 @@ let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE -let is_rank (r:usize) = - r == sz 2 \/ r == sz 3 \/ r == sz 4 - -type rank = r:usize{is_rank r} - +val v_ETA1 (r:rank) : u:usize{u == sz 3 \/ u == sz 2} let v_ETA1 (r:rank) : usize = if r = sz 2 then sz 3 else if r = sz 3 then sz 2 else @@ -36,17 +31,18 @@ let v_ETA1 (r:rank) : usize = let v_ETA2 (r:rank) : usize = sz 2 +val v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : u:usize{u == sz 10 \/ u == sz 11} let v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : usize = if r = sz 2 then sz 10 else if r = sz 3 then sz 10 else if r = sz 4 then sz 11 +val v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : u:usize{u == sz 4 \/ u == sz 5} let v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : usize = if r = sz 2 then sz 4 else if r = sz 3 then sz 4 else if r = sz 4 then sz 5 - val v_ETA1_RANDOMNESS_SIZE (r:rank) : u:usize{u == sz 128 \/ u == sz 192} let v_ETA1_RANDOMNESS_SIZE (r:rank) = v_ETA1 r *! sz 64 @@ -93,6 +89,7 @@ let v_KEY_GENERATION_SEED_SIZE: usize = v_CPA_KEY_GENERATION_SEED_SIZE +! v_SHARED_SECRET_SIZE + (** ML-KEM Types *) type t_MLKEMPublicKey (r:rank) = t_Array u8 (v_CPA_PUBLIC_KEY_SIZE r) @@ -105,160 +102,6 @@ type t_MLKEMCPAKeyPair (r:rank) = t_MLKEMCPAPrivateKey r & t_MLKEMPublicKey r type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_CIPHERTEXT_SIZE r) type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) -(** MLKEM Math and Sampling *) - -type field_element = n:nat{n < v v_FIELD_MODULUS} -type polynomial (ntt:bool) = t_Array field_element (sz 256) -type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r -type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r - -val field_add: field_element -> field_element -> field_element -let field_add a b = (a + b) % v v_FIELD_MODULUS - -val field_sub: field_element -> field_element -> field_element -let field_sub a b = (a - b) % v v_FIELD_MODULUS - -val field_neg: field_element -> field_element -let field_neg a = (0 - a) % v v_FIELD_MODULUS - -val field_mul: field_element -> field_element -> field_element -let field_mul a b = (a * b) % v v_FIELD_MODULUS - -val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt -let poly_add a b = map2 field_add a b - -val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt -let poly_sub a b = map2 field_sub a b - - -(* -bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] -zetas = [pow(17,x) % 3329 for x in bitrev7] -zetas_mont = [pow(2,16) * x % 3329 for x in zetas] -zetas_mont_r = [(x - 3329 if x > 1664 else x) for x in zetas_mont] - -bitrev7 is -[0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120, 4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124, 2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122, 6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126, 1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121, 5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125, 3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123, 7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127] - -zetas = 17^bitrev7 is -[1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154] - -zetas_mont = zetas * 2^16 is -[2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628] - -zetas_mont_r = zetas_mont - 3329 if zetas_mont > 1664 else zetas_mont is -[-1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628] -*) - -let zetas_list : list field_element = [1; 1729; 2580; 3289; 2642; 630; 1897; 848; 1062; 1919; 193; 797; 2786; 3260; 569; 1746; 296; 2447; 1339; 1476; 3046; 56; 2240; 1333; 1426; 2094; 535; 2882; 2393; 2879; 1974; 821; 289; 331; 3253; 1756; 1197; 2304; 2277; 2055; 650; 1977; 2513; 632; 2865; 33; 1320; 1915; 2319; 1435; 807; 452; 1438; 2868; 1534; 2402; 2647; 2617; 1481; 648; 2474; 3110; 1227; 910; 17; 2761; 583; 2649; 1637; 723; 2288; 1100; 1409; 2662; 3281; 233; 756; 2156; 3015; 3050; 1703; 1651; 2789; 1789; 1847; 952; 1461; 2687; 939; 2308; 2437; 2388; 733; 2337; 268; 641; 1584; 2298; 2037; 3220; 375; 2549; 2090; 1645; 1063; 319; 2773; 757; 2099; 561; 2466; 2594; 2804; 1092; 403; 1026; 1143; 2150; 2775; 886; 1722; 1212; 1874; 1029; 2110; 2935; 885; 2154] - -let zetas : t_Array field_element (sz 128) = - assert_norm(List.Tot.length zetas_list == 128); - Rust_primitives.Arrays.of_list zetas_list - -let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = - let t = field_mul b zetas.[sz i] in - let b = field_sub a t in - let a = field_add a t in - (a,b) - -let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = - let len = pow2 l in - let k = (128 / len) - 1 in - Rust_primitives.Arrays.createi (sz 256) (fun i -> - let round = v i / (2 * len) in - let idx = v i % (2 * len) in - let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in - let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in - if idx < len then a_ntt else b_ntt) - -val poly_ntt: polynomial false -> polynomial true -let poly_ntt p = - let p = poly_ntt_layer p 7 in - let p = poly_ntt_layer p 6 in - let p = poly_ntt_layer p 5 in - let p = poly_ntt_layer p 4 in - let p = poly_ntt_layer p 3 in - let p = poly_ntt_layer p 2 in - let p = poly_ntt_layer p 1 in - p - -let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = - let b_minus_a = field_sub b a in - let a = field_add a b in - let b = field_mul b_minus_a zetas.[sz i] in - (a,b) - -let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = - let len = pow2 l in - let k = (256 / len) - 1 in - Rust_primitives.Arrays.createi (sz 256) (fun i -> - let round = v i / (2 * len) in - let idx = v i % (2 * len) in - let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in - let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in - if idx < len then a_ntt else b_ntt) - -val poly_inv_ntt: polynomial true -> polynomial false -let poly_inv_ntt p = - let p = poly_inv_ntt_layer p 1 in - let p = poly_inv_ntt_layer p 2 in - let p = poly_inv_ntt_layer p 3 in - let p = poly_inv_ntt_layer p 4 in - let p = poly_inv_ntt_layer p 5 in - let p = poly_inv_ntt_layer p 6 in - let p = poly_inv_ntt_layer p 7 in - p - -let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = - let c0 = field_add (field_mul a0 b0) (field_mul (field_mul a1 b1) zeta) in - let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in - (c0,c1) - -val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true -let poly_mul_ntt a b = - Rust_primitives.Arrays.createi (sz 256) (fun i -> - let a0 = a.[sz (2 * (v i / 2))] in - let a1 = a.[sz (2 * (v i / 2) + 1)] in - let b0 = b.[sz (2 * (v i / 2))] in - let b1 = b.[sz (2 * (v i / 2) + 1)] in - let zeta_4 = zetas.[sz (64 + (v i/4))] in - let zeta = if v i % 4 < 2 then zeta_4 else field_neg zeta_4 in - let (c0,c1) = poly_base_case_multiply a0 a1 b0 b1 zeta in - if v i % 2 = 0 then c0 else c1) - - -val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt -let vector_add #p a b = map2 poly_add a b - -val vector_ntt: #r:rank -> vector r false -> vector r true -let vector_ntt #p v = map_array poly_ntt v - -val vector_inv_ntt: #r:rank -> vector r true -> vector r false -let vector_inv_ntt #p v = map_array poly_inv_ntt v - -val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true -let vector_mul_ntt #p a b = map2 poly_mul_ntt a b - -val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt -let vector_sum #r a = repeati (v r - 1) - (fun i x -> poly_add x (Lib.Sequence.index #_ #(v r) a (i+1))) (Lib.Sequence.index #_ #(v r) a 0) - -val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true -let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) - -val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt -let matrix_transpose #r m = - createi r (fun i -> - createi r (fun j -> - m.[j].[i])) - -val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true -let matrix_vector_mul_ntt #r m v = - createi r (fun i -> vector_dot_product_ntt m.[i] v) - -val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true -let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) : Pure (t_Array u8 bytes) @@ -274,25 +117,75 @@ let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x - -// note we take seed of size 32 not 34 as in hacspec -assume val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> matrix r true -// note we take seed of size 32 not 33 as in hacspec -assume val sample_vector_cbd: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector r false -// note we take seed of size 32 not 33 as in hacspec - -assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false +assume val sample_max: n:usize{v n < pow2 32 /\ v n >= 128 * 3 /\ v n % 3 = 0} + +val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial true & bool) +let sample_polynomial_ntt seed = + let randomness = v_XOF sample_max seed in + let bv = bytes_to_bits randomness in + assert (v sample_max * 8 == (((v sample_max / 3) * 2) * 12)); + let bv: bit_vec ((v (sz ((v sample_max / 3) * 2))) * 12) = retype_bit_vector bv in + let i16s = bit_vec_to_nat_array #(sz ((v sample_max / 3) * 2)) 12 bv in + assert ((v sample_max / 3) * 2 >= 256); + let poly0: polynomial true = Seq.create 256 0 in + let (sampled, poly1) = + repeati #((n:nat{n <= 256}) & polynomial true) (sz ((v sample_max / 3) * 2)) + (fun i (sampled,acc) -> + if sampled < 256 then + let sample = Seq.index i16s (v i) in + if sample < 3329 then + (sampled+1, Rust_primitives.Hax.update_at acc (sz sampled) sample) + else (sampled, acc) + else (sampled, acc)) + (0,poly0) in + if sampled < 256 then poly0, false else poly1, true + +let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial true & bool = + let seed34 = Seq.append seed (Seq.create 2 0uy) in + let seed34 = Rust_primitives.Hax.update_at seed34 (sz 32) (mk_int #u8_inttype (v i)) in + let seed34 = Rust_primitives.Hax.update_at seed34 (sz 33) (mk_int #u8_inttype (v j)) in + sample_polynomial_ntt seed34 + +val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r true & bool) +let sample_matrix_A_ntt #r seed = + let m = + createi r (fun i -> + createi r (fun j -> + let (p,b) = sample_polynomial_ntt_at_index seed i j in + p)) + in + let sufficient_randomness = + repeati r (fun i b -> + repeati r (fun j b -> + let (p,v) = sample_polynomial_ntt_at_index seed i j in + b && v) b) true in + (m, sufficient_randomness) + +assume val sample_poly_cbd: v_ETA:usize{v v_ETA == 2 \/ v v_ETA == 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false open Rust_primitives.Integers -val sample_poly_cbd: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false -let sample_poly_cbd #r seed domain_sep = +val sample_poly_cbd2: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +let sample_poly_cbd2 #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE r) prf_input in - sample_poly_binomial (v_ETA2 r) prf_output + sample_poly_cbd (v_ETA2 r) prf_output + +val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +let sample_poly_cbd1 #r seed domain_sep = + let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in + let prf_output = v_PRF (v_ETA1_RANDOMNESS_SIZE r) prf_input in + sample_poly_cbd (v_ETA1 r) prf_output + +let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = + createi r (fun i -> sample_poly_cbd1 #r seed (domain_sep +! i)) + +let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = + createi r (fun i -> sample_poly_cbd2 #r seed (domain_sep +! i)) + +let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = + vector_ntt (sample_vector_cbd1 #r seed domain_sep) -let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize) : vector r true = - vector_ntt (sample_vector_cbd #r seed domain_sep) type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS @@ -303,14 +196,18 @@ type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in - assume (r * v v_FIELD_MODULUS < pow2 d * x + 1664); - assume (pow2 d * x + 1664 < pow2 d * v v_FIELD_MODULUS + 1664); - assume (r < pow2 d); - r + assert (r * v v_FIELD_MODULUS <= pow2 d * x + 1664); + assert (r * v v_FIELD_MODULUS <= pow2 d * (v v_FIELD_MODULUS - 1) + 1664); + Math.Lemmas.lemma_div_le (r * v v_FIELD_MODULUS) (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) (v v_FIELD_MODULUS); + Math.Lemmas.cancel_mul_div r (v v_FIELD_MODULUS); + assert (r <= (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) / v v_FIELD_MODULUS); + Math.Lemmas.lemma_div_mod_plus (1664 - pow2 d) (pow2 d) (v v_FIELD_MODULUS); + assert (r <= pow2 d + (1664 - pow2 d) / v v_FIELD_MODULUS); + assert (r <= pow2 d); + if r = pow2 d then 0 else r let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in - assume (r < v v_FIELD_MODULUS); r @@ -322,13 +219,13 @@ let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d = let bv = bytes_to_bits coefficients in let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in - let p = map_array (fun (x: nat) -> x % v v_FIELD_MODULUS) arr in - introduce forall i. (d < 12 ==> Seq.index p i < pow2 d) - with assert (Seq.index p i == Seq.index p (v (sz i))); - introduce forall i. (d == 12 ==> Seq.index p i < v v_FIELD_MODULUS) - with assert (Seq.index p i == Seq.index p (v (sz i))); - assert (forall i. (d < 12 ==> Seq.index p i < pow2 d) /\ (d == 12 ==> Seq.index p i < v v_FIELD_MODULUS)); - admit(); + let p: polynomial_d d = + createi (sz 256) (fun i -> + let x_f : field_element = arr.[i] % v v_FIELD_MODULUS in + assert (d < 12 ==> arr.[i] < pow2 d); + let x_m : field_element_d d = x_f in + x_m) + in p let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p @@ -389,17 +286,17 @@ let decode_then_decompress_v (#r:rank) (#ntt:bool): t_Array u8 (v_C2_SIZE r) -> /// through the `key_generation_seed` parameter. val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) : - t_MLKEMCPAKeyPair r + (t_MLKEMCPAKeyPair r & bool) let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in - let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let (matrix_A_as_ntt, sufficient_randomness) = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in let public_key_serialized = Seq.append (vector_encode_12 #r t_as_ntt) seed_for_A in let secret_key_serialized = vector_encode_12 #r secret_as_ntt in - (secret_key_serialized,public_key_serialized) + ((secret_key_serialized,public_key_serialized), sufficient_randomness) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE encryption algorithm. @@ -407,21 +304,21 @@ let ind_cpa_generate_keypair r randomness = val ind_cpa_encrypt (r:rank) (public_key: t_MLKEMPublicKey r) (message: t_Array u8 v_SHARED_SECRET_SIZE) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : - t_MLKEMCiphertext r - + (t_MLKEMCiphertext r & bool) + let ind_cpa_encrypt r public_key message randomness = let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE r) in let t_as_ntt = vector_decode_12 #r t_as_ntt_bytes in - let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let matrix_A_as_ntt, sufficient_randomness = sample_matrix_A_ntt #r seed_for_A in let r_as_ntt = sample_vector_cbd_then_ntt #r randomness (sz 0) in - let error_1 = sample_vector_cbd #r randomness r in - let error_2 = sample_poly_cbd #r randomness (r +! r) in + let error_1 = sample_vector_cbd2 #r randomness r in + let error_2 = sample_poly_cbd2 #r randomness (r +! r) in let u = vector_add (vector_inv_ntt (matrix_vector_mul_ntt (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in let mu = decode_then_decompress_message message in let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in let c1 = compress_then_encode_u #r u in let c2 = compress_then_encode_v #r v in - concat c1 c2 + (concat c1 c2, sufficient_randomness) /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE decryption algorithm. @@ -435,7 +332,7 @@ let ind_cpa_decrypt r secret_key ciphertext = let u = decode_then_decompress_u #r c1 in let v = decode_then_decompress_v #r c2 in let secret_as_ntt = vector_decode_12 #r secret_key in - let w = poly_sub v (poly_inv_ntt #r (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in + let w = poly_sub v (poly_inv_ntt (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in compress_then_encode_message w (** IND-CCA Functions *) @@ -451,16 +348,16 @@ let ind_cpa_decrypt r secret_key ciphertext = /// TODO: input validation val ind_cca_generate_keypair (r:rank) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : - t_MLKEMKeyPair r + t_MLKEMKeyPair r & bool let ind_cca_generate_keypair p randomness = let (ind_cpa_keypair_randomness, implicit_rejection_value) = split randomness v_CPA_KEY_GENERATION_SEED_SIZE in - let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in + let (ind_cpa_secret_key,ind_cpa_public_key), sufficient_randomness = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in let ind_cca_secret_key = Seq.append ind_cpa_secret_key ( Seq.append ind_cpa_public_key ( Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in - (ind_cca_secret_key, ind_cpa_public_key) + (ind_cca_secret_key, ind_cpa_public_key), sufficient_randomness /// This function implements most of Algorithm 16 of the /// NIST FIPS 203 specification; this is the MLKEM CCA-KEM encapsulation algorithm. @@ -473,13 +370,13 @@ let ind_cca_generate_keypair p randomness = val ind_cca_encapsulate (r:rank) (public_key: t_MLKEMPublicKey r) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : - (t_MLKEMCiphertext r & t_MLKEMSharedSecret) + (t_MLKEMCiphertext r & t_MLKEMSharedSecret) & bool let ind_cca_encapsulate p public_key randomness = let to_hash = concat randomness (v_H public_key) in let hashed = v_G to_hash in let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in - let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in - (ciphertext,shared_secret) + let ciphertext, sufficient_randomness = ind_cpa_encrypt p public_key randomness pseudorandomness in + (ciphertext,shared_secret), sufficient_randomness /// This function implements Algorithm 17 of the @@ -487,7 +384,7 @@ let ind_cca_encapsulate p public_key randomness = val ind_cca_decapsulate (r:rank) (secret_key: t_MLKEMPrivateKey r) (ciphertext: t_MLKEMCiphertext r): - t_MLKEMSharedSecret + t_MLKEMSharedSecret & bool let ind_cca_decapsulate p secret_key ciphertext = let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PRIVATE_KEY_SIZE p) in let (ind_cpa_public_key,rest) = split rest (v_CPA_PUBLIC_KEY_SIZE p) in @@ -502,59 +399,8 @@ let ind_cca_decapsulate p secret_key ciphertext = let to_hash = concat implicit_rejection_value ciphertext in let rejection_shared_secret = v_J to_hash in - let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in + let reencrypted, sufficient_randomness = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in if reencrypted = ciphertext - then success_shared_secret - else rejection_shared_secret + then success_shared_secret, sufficient_randomness + else rejection_shared_secret, sufficient_randomness - -(** MLKEM-768 Instantiation *) - -let mlkem768_rank = sz 3 - -let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)): - (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) = - ind_cca_generate_keypair mlkem768_rank randomness - -let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): - (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem768_rank public_key randomness - - -let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): - t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem768_rank secret_key ciphertext - -(** MLKEM-1024 Instantiation *) - -let mlkem1024_rank = sz 4 - -let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): - (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) = - ind_cca_generate_keypair mlkem1024_rank randomness - -let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): - (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem1024_rank public_key randomness - - -let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): - t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem1024_rank secret_key ciphertext - -(** MLKEM-512 Instantiation *) - -let mlkem512_rank : rank = sz 2 - -let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): - (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) = - ind_cca_generate_keypair mlkem512_rank randomness - -let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): - (t_Array u8 (sz 768) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem512_rank public_key randomness - - -let mlkem512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): - t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem512_rank secret_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 6747f8487..0b63ffa03 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -20,7 +20,7 @@ let map2 #a #b #c (#len:usize{v len < pow2 32}) (x: t_Array a len) (y: t_Array b len): t_Array c len = Lib.Sequence.map2 #a #b #c #(v len) f x y -let repeati = Lib.LoopCombinators.repeati +let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 #push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let flatten #t #n From da9ecb2ad489e01d23b7a5d85c781cc6f3cca58b Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 12 Aug 2024 06:45:23 +0000 Subject: [PATCH 033/348] Post-condition for ind_cca::encapsulate --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 8 ++++ .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 19 +++++++--- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 9 ++++- .../extraction/Libcrux_ml_kem.Types.fsti | 21 ++++++++-- .../extraction/Libcrux_ml_kem.Utils.fsti | 5 ++- libcrux-ml-kem/src/ind_cca.rs | 38 +++++++++++-------- libcrux-ml-kem/src/ind_cpa.rs | 6 +++ libcrux-ml-kem/src/types.rs | 2 + libcrux-ml-kem/src/utils.rs | 3 ++ 9 files changed, 85 insertions(+), 26 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index dea9b4e8f..b81af1ab0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -373,6 +373,14 @@ let encapsulate <: t_Slice u8) in + let _:Prims.unit = + assert (Seq.slice to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == randomness); + lemma_slice_append to_hash + randomness + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value); + assert (to_hash == + concat randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value)) + in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 228954840..98c724eec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -76,10 +76,10 @@ class t_Variant (v_Self: Type0) = { v_CIPHERTEXT_SIZE: usize -> #v_Hasher: Type0 -> {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - t_Array u8 (sz 32) - -> Type0; + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == shared_secret}; f_kdf: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -142,7 +142,7 @@ let impl: t_Variant t_MlKem = (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) (out1: t_Array u8 (sz 32)) -> - true); + out1 == shared_secret); f_kdf = (fun @@ -243,7 +243,14 @@ val encapsulate v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + = + result + in + (result._1.f_value, result._2) == + Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness) /// Packed API /// Generate a key pair. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 51ca994db..d6d1d387e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -173,7 +173,14 @@ val encrypt (public_key: t_Slice u8) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) + (requires + Spec.MLKEM.is_rank v_K /\ length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE) + (ensures + fun result -> + let result:t_Array u8 v_CIPHERTEXT_SIZE = result in + result == Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness) /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 9e6a138ab..8c8b5545e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -57,7 +57,12 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip /// A reference to the raw byte slice. val impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) - : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SIZE) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_SIZE = result in + result == self.f_value) ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -101,7 +106,12 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPri /// A reference to the raw byte slice. val impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) - : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SIZE) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_SIZE = result in + result == self.f_value) ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -145,7 +155,12 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu /// A reference to the raw byte slice. val impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) - : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SIZE) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_SIZE = result in + result == self.f_value) [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_4 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index df9ce411d..85ac8d1c5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -7,4 +7,7 @@ open FStar.Mul val into_padded_array (v_LEN: usize) (slice: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) (requires (Core.Slice.impl__len #u8 slice <: usize) <=. v_LEN) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array u8 v_LEN = res in + Seq.slice res 0 (Seq.length slice) == slice) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index e5f29a92b..6ffdad401 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -44,7 +44,7 @@ pub(crate) mod instantiations; ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] -#[hax_lib::ensures(|result| fstar!("result == Seq.append $private_key ( +#[hax_lib::ensures(|result| fstar!("$result == Seq.append $private_key ( Seq.append $public_key ( Seq.append (Spec.Utils.v_H $public_key) $implicit_rejection_value))"))] @@ -64,24 +64,24 @@ fn serialize_kem_secret_key(&randomness); let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice())); + hax_lib::fstar!("assert (Seq.slice $to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == $randomness); + lemma_slice_append $to_hash $randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #$K ${public_key}.f_value); + assert ($to_hash == concat $randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #$K ${public_key}.f_value))"); let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); @@ -532,6 +537,7 @@ pub mod unpacked { #[hax_lib::attributes] pub(crate) trait Variant { #[requires(shared_secret.len() == 32)] + #[ensures(|res| fstar!("$res == $shared_secret"))] fn kdf>( shared_secret: &[u8], ciphertext: &MlKemCiphertext, @@ -580,6 +586,8 @@ pub(crate) struct MlKem {} impl Variant for MlKem { #[inline(always)] #[requires(shared_secret.len() == 32)] + // Output name has be `out1` https://github.com/hacspec/hax/issues/832 + #[ensures(|out1| fstar!("$out1 == $shared_secret"))] fn kdf>( shared_secret: &[u8], _: &MlKemCiphertext, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index b046d879c..9ded927ab 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -382,6 +382,12 @@ pub(crate) fn encrypt_unpacked< } #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] +#[hax_lib::ensures(|result| + fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") +)] pub(crate) fn encrypt< const K: usize, const CIPHERTEXT_SIZE: usize, diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 6481737ae..851eb95a0 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -42,8 +42,10 @@ macro_rules! impl_generic_struct { } } + #[hax_lib::attributes] impl $name { /// A reference to the raw byte slice. + #[ensures(|result| fstar!("$result == self.f_value"))] pub fn as_slice(&self) -> &[u8; SIZE] { &self.value } diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index 3c3be2bcc..707ee55d5 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -8,6 +8,9 @@ #[cfg_attr(hax, hax_lib::requires( slice.len() <= LEN ))] +#[cfg_attr(hax, hax_lib::ensures(|res| + fstar!("Seq.slice $res 0 (Seq.length $slice) == $slice") +))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); From 0cd001e5615786a5942cd3a319e26e00fe1db86d Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 12 Aug 2024 14:42:39 +0000 Subject: [PATCH 034/348] Replace v_Hasher with $:Hasher --- .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 1 + libcrux-ml-kem/src/ind_cca.rs | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index b81af1ab0..1c6fed552 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -417,6 +417,7 @@ let encapsulate shared_secret ciphertext in + let _:Prims.unit = admit () in ciphertext, shared_secret_array <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 6ffdad401..99d8b063a 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -72,7 +72,7 @@ fn serialize_kem_secret_key(shared_secret, &ciphertext); + // For some reason F* manages to assert the post-condition but fails to verify it + // as a part of function signature + hax_lib::fstar!("admit()"); (ciphertext, shared_secret_array) } From 633943745f839317b7444351456f44f184cc70bb Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 12 Aug 2024 20:10:26 +0000 Subject: [PATCH 035/348] Set full pre-conditions for ind_cpa::encrypt --- libcrux-ml-kem/src/ind_cpa.rs | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 9ded927ab..253884393 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -383,8 +383,19 @@ pub(crate) fn encrypt_unpacked< #[allow(non_snake_case)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $ETA1 = Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 = Spec.MLKEM.v_ETA2 $K /\\ + $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $ETA2_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] + length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ + $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))] #[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") )] From c1935b9cf8cfb37e04853b24b9f38faa508de332 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 12 Aug 2024 16:13:12 -0400 Subject: [PATCH 036/348] spec --- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 69 +++++++++++++++++++ .../proofs/fstar/spec/Spec.MLKEM.fst | 67 ------------------ 2 files changed, 69 insertions(+), 67 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index 18fb880df..2bfc58384 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -166,3 +166,72 @@ let matrix_vector_mul_ntt #r m v = val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e + + +type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} +let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS +type field_element_d (d:dT) = n:nat{n < max_d d} +type polynomial_d (d:dT) = t_Array (field_element_d d) (sz 256) +type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r + +let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) + : Pure (t_Array u8 bytes) + (requires True) + (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) + = bit_vec_to_int_t_array 8 bv + +let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) + : Pure (i: bit_vec (v bytes * 8)) + (requires True) + (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) + = bit_vec_of_int_t_array r 8 + +unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x + + +let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d + = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in + assert (r * v v_FIELD_MODULUS <= pow2 d * x + 1664); + assert (r * v v_FIELD_MODULUS <= pow2 d * (v v_FIELD_MODULUS - 1) + 1664); + Math.Lemmas.lemma_div_le (r * v v_FIELD_MODULUS) (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) (v v_FIELD_MODULUS); + Math.Lemmas.cancel_mul_div r (v v_FIELD_MODULUS); + assert (r <= (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) / v v_FIELD_MODULUS); + Math.Lemmas.lemma_div_mod_plus (1664 - pow2 d) (pow2 d) (v v_FIELD_MODULUS); + assert (r <= pow2 d + (1664 - pow2 d) / v v_FIELD_MODULUS); + assert (r <= pow2 d); + if r = pow2 d then 0 else r + +let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element + = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in + r + + +let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) + = let coefficients' : t_Array nat (sz 256) = map_array #(field_element_d d) (fun x -> x <: nat) coefficients in + bits_to_bytes #(sz (32 * d)) + (retype_bit_vector (bit_vec_of_nat_array coefficients' d)) + +let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d + = let bv = bytes_to_bits coefficients in + let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in + let p: polynomial_d d = + createi (sz 256) (fun i -> + let x_f : field_element = arr.[i] % v v_FIELD_MODULUS in + assert (d < 12 ==> arr.[i] < pow2 d); + let x_m : field_element_d d = x_f in + x_m) + in + p + +let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p +let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v + +let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) + = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients + in + byte_encode d coefs + +let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt + = map_array (decompress_d d) (byte_decode d b) + + diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 5e081b5b7..30536bd68 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -103,20 +103,6 @@ type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_CIPHERTEXT_SIZE r) type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) -let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) - : Pure (t_Array u8 bytes) - (requires True) - (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) - = bit_vec_to_int_t_array 8 bv - -let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) - : Pure (i: bit_vec (v bytes * 8)) - (requires True) - (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) - = bit_vec_of_int_t_array r 8 - -unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x - assume val sample_max: n:usize{v n < pow2 32 /\ v n >= 128 * 3 /\ v n % 3 = 0} val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial true & bool) @@ -186,51 +172,6 @@ let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v d let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = vector_ntt (sample_vector_cbd1 #r seed domain_sep) - -type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} -let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS -type field_element_d (d:dT) = n:nat{n < max_d d} -type polynomial_d (d:dT) = t_Array (field_element_d d) (sz 256) -type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r - - -let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d - = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in - assert (r * v v_FIELD_MODULUS <= pow2 d * x + 1664); - assert (r * v v_FIELD_MODULUS <= pow2 d * (v v_FIELD_MODULUS - 1) + 1664); - Math.Lemmas.lemma_div_le (r * v v_FIELD_MODULUS) (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) (v v_FIELD_MODULUS); - Math.Lemmas.cancel_mul_div r (v v_FIELD_MODULUS); - assert (r <= (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) / v v_FIELD_MODULUS); - Math.Lemmas.lemma_div_mod_plus (1664 - pow2 d) (pow2 d) (v v_FIELD_MODULUS); - assert (r <= pow2 d + (1664 - pow2 d) / v v_FIELD_MODULUS); - assert (r <= pow2 d); - if r = pow2 d then 0 else r - -let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element - = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in - r - - -let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) - = let coefficients' : t_Array nat (sz 256) = map_array #(field_element_d d) (fun x -> x <: nat) coefficients in - bits_to_bytes #(sz (32 * d)) - (retype_bit_vector (bit_vec_of_nat_array coefficients' d)) - -let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d - = let bv = bytes_to_bits coefficients in - let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in - let p: polynomial_d d = - createi (sz 256) (fun i -> - let x_f : field_element = arr.[i] % v v_FIELD_MODULUS in - assert (d < 12 ==> arr.[i] < pow2 d); - let x_m : field_element_d d = x_f in - x_m) - in - p - -let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p -let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v - let vector_encode_12 (#r:rank) (#ntt:bool) (v: vector r ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) = let s: t_Array (t_Array _ (sz 384)) r = map_array (byte_encode 12) (coerce_vector_12 v) in flatten s @@ -243,14 +184,6 @@ let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_ byte_decode 12 slice ) -let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) - = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients - in - byte_encode d coefs - -let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt - = map_array (decompress_d d) (byte_decode d b) - let compress_then_encode_message #ntt (p:polynomial ntt) : t_Array u8 v_SHARED_SECRET_SIZE = compress_then_byte_encode 1 p From 0d63653584a6d46fa04012f38c580f3471136aa2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 12 Aug 2024 20:32:38 -0400 Subject: [PATCH 037/348] ind-cca panic free --- Cargo.lock | 70 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 24 ++++--- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 9 ++- .../proofs/fstar/extraction/Makefile | 2 +- libcrux-ml-kem/src/ind_cca.rs | 21 +++--- 5 files changed, 71 insertions(+), 55 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 281693ce8..2956ec494 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.72", + "syn 2.0.74", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.8" +version = "1.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" +checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" +checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" dependencies = [ "anstream", "anstyle", @@ -318,7 +318,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -362,9 +362,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" dependencies = [ "libc", ] @@ -482,7 +482,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "num-bigint", @@ -721,33 +721,33 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "proc-macro2", "quote", @@ -1228,7 +1228,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -1395,7 +1395,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -1646,29 +1646,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.205" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" +checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.205" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" +checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] name = "serde_json" -version = "1.0.122" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" +checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" dependencies = [ "itoa", "memchr", @@ -1760,9 +1760,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" dependencies = [ "proc-macro2", "quote", @@ -1880,7 +1880,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", "wasm-bindgen-shared", ] @@ -1914,7 +1914,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1947,7 +1947,7 @@ checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -2105,7 +2105,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -2125,5 +2125,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 1c6fed552..a1acf392c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -311,16 +311,20 @@ let decapsulate shared_secret ciphertext in - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + let shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (Rust_primitives.unsize shared_secret <: t_Slice u8) + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + in + let _:Prims.unit = admit () in + shared_secret let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 98c724eec..da968f80b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -196,6 +196,8 @@ let impl: t_Variant t_MlKem = out } +#push-options "--z3rlimit 1234" + val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -220,7 +222,12 @@ val decapsulate v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value) + +#pop-options val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 41ea6d360..446128dd0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -143,7 +143,7 @@ FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/ ../../../../libcrux-intrinsics/proofs/fstar/extraction/ \ ../../../../libcrux-sha3/proofs/fstar/extraction/ -FSTAR_FLAGS = --cmi \ +FSTAR_FLAGS = --cmi --query_stats \ --warn_error -331-321-274 \ --cache_checked_modules --cache_dir $(CACHE_DIR) \ --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 99d8b063a..9a7b82a8b 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -162,6 +162,7 @@ fn generate_keypair< MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } + #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -227,13 +228,13 @@ fn encapsulate< let ciphertext = MlKemCiphertext::from(ciphertext); let shared_secret_array = Scheme::kdf::(shared_secret, &ciphertext); - // For some reason F* manages to assert the post-condition but fails to verify it // as a part of function signature - hax_lib::fstar!("admit()"); + hax_lib::fstar!("admit() (* Panic Free *)"); (ciphertext, shared_secret_array) } +#[hax_lib::fstar::options("--z3rlimit 150")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -250,6 +251,8 @@ fn encapsulate< $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] +#[hax_lib::ensures(|result| fstar!("${result} == + Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value"))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, @@ -319,12 +322,14 @@ pub(crate) fn decapsulate< Scheme::kdf::(&implicit_rejection_shared_secret, ciphertext); let shared_secret = Scheme::kdf::(shared_secret, ciphertext); - compare_ciphertexts_select_shared_secret_in_constant_time( - ciphertext.as_ref(), - &expected_ciphertext, - &shared_secret, - &implicit_rejection_shared_secret, - ) + let shared_secret = compare_ciphertexts_select_shared_secret_in_constant_time( + ciphertext.as_ref(), + &expected_ciphertext, + &shared_secret, + &implicit_rejection_shared_secret, + ); + hax_lib::fstar!("admit() (* Panic Free *)"); + shared_secret } // Unpacked API From 643c4df3b62df3a6f37ccccf2ef941dbd9a028c3 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 04:31:48 +0000 Subject: [PATCH 038/348] refreshed c code --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 110 ++++---- .../c/internal/libcrux_mlkem_avx2.h | 62 +++-- .../c/internal/libcrux_mlkem_portable.h | 62 +++-- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 110 ++++---- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 42 +-- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 30 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 42 +-- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 34 +-- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 42 +-- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 30 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 256 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 184 +++++++------ libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 44 +-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 217 ++++++++------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 129 ++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 749 insertions(+), 699 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index b902bff7c..d20926d66 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b +Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 540d71b3b..fac5a90e9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_core_H @@ -68,75 +68,75 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( uint8_t value[1568U]); /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( uint8_t value[1568U]); /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -149,75 +149,75 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( uint8_t value[1184U]); /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( uint8_t value[1088U]); /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -230,63 +230,63 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( uint8_t value[800U]); /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( uint8_t value[768U]); /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -330,14 +330,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 9b26cfb7f..e44ef6e5a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -35,8 +35,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -47,7 +48,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -57,7 +59,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -65,7 +67,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -82,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -99,7 +101,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -110,7 +112,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -130,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -171,8 +173,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 @@ -183,7 +186,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -193,7 +197,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -201,7 +205,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -218,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -235,7 +239,7 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -246,7 +250,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -266,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -307,8 +311,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 @@ -319,7 +324,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -329,7 +335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -337,7 +343,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -354,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -371,7 +377,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -382,7 +388,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -402,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 13eee5030..9f54b0800 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -40,8 +40,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 @@ -53,7 +54,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -64,7 +66,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -72,7 +74,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -90,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -107,7 +109,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -118,7 +120,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -139,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -180,8 +182,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 @@ -193,7 +196,8 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -204,7 +208,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -212,7 +216,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -230,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -247,7 +251,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -258,7 +262,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -279,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -320,8 +324,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -333,7 +338,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -344,7 +350,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -352,7 +358,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -370,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -387,7 +393,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -398,7 +404,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -419,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 2c845fe8e..6f37ca94f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d47ba4344..16040085f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 01f6cf1f1..2528afe9b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_core.h" @@ -80,14 +80,14 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); @@ -98,15 +98,15 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -115,14 +115,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( uint8_t value[3168U]) { uint8_t uu____0[3168U]; memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); @@ -133,14 +133,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); @@ -150,28 +150,28 @@ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); @@ -197,14 +197,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); @@ -215,15 +215,15 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -232,14 +232,14 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); @@ -250,14 +250,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); @@ -267,28 +267,28 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -314,14 +314,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( uint8_t value[800U]) { uint8_t uu____0[800U]; memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); @@ -332,15 +332,15 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -348,14 +348,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( uint8_t value[1632U]) { uint8_t uu____0[1632U]; memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); @@ -366,14 +366,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( uint8_t value[768U]) { uint8_t uu____0[768U]; memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); @@ -383,14 +383,14 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -453,14 +453,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 2493baec1..ea2178ff4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 6581a305a..8693d2383 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 03fdbde61..a230fa8ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d8( +static void decapsulate_69( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -46,7 +46,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d8(private_key, ciphertext, ret); + decapsulate_69(private_key, ciphertext, ret); } /** @@ -70,18 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ca( +static void decapsulate_unpacked_18( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ca(private_key, ciphertext, ret); + decapsulate_unpacked_18(private_key, ciphertext, ret); } /** @@ -95,13 +96,13 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_b2( +static tuple_21 encapsulate_c4( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -116,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b2(uu____0, uu____1); + return encapsulate_c4(uu____0, uu____1); } /** @@ -137,14 +138,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_16( +static tuple_21 encapsulate_unpacked_f1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0(uu____0, + uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( @@ -154,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_16(uu____0, uu____1); + return encapsulate_unpacked_f1(uu____0, uu____1); } /** @@ -164,11 +166,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b7( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -179,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f6(uu____0); + return generate_keypair_b7(uu____0); } /** @@ -195,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_d9(uint8_t randomness[64U]) { +generate_keypair_unpacked_24(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 @@ -206,7 +208,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(uu____0); + return generate_keypair_unpacked_24(uu____0); } /** @@ -217,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_570(uint8_t *public_key) { +static bool validate_public_key_e00(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_570(public_key.value)) { + if (validate_public_key_e00(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index a8ef77d6f..46115ce9d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 311d81992..7f94659d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem1024_portable.h" @@ -35,7 +35,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -46,7 +46,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_0b(private_key, ciphertext, ret); } /** @@ -70,18 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_ef( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_ef(private_key, ciphertext, ret); } /** @@ -95,7 +96,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -137,14 +138,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81(uu____0, + uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( @@ -154,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, uu____1); + return encapsulate_unpacked_9d(uu____0, uu____1); } /** @@ -165,7 +167,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -196,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_b3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -207,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); + return generate_keypair_unpacked_b3(uu____0); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index ca0a26b44..96c3b9743 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 015904411..16abd9845 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 76b1c8601..c9b430e4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem512_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_42(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); @@ -44,7 +44,7 @@ static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1d(private_key, ciphertext, ret); + decapsulate_42(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_50( +static void decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_50(private_key, ciphertext, ret); + decapsulate_unpacked_4b(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_00( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, uu____1); + return encapsulate_00(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_14( +static tuple_ec encapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c(uu____0, + uu____1); } tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, uu____1); + return encapsulate_unpacked_62(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_27(uu____0); + return generate_keypair_9a(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_2c(uint8_t randomness[64U]) { +generate_keypair_unpacked_df(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2c(uu____0); + return generate_keypair_unpacked_df(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_57(uint8_t *public_key) { +static bool validate_public_key_e0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_57(public_key.value)) { + if (validate_public_key_e0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index b5b99a9b1..9623db789 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index eda334653..87719217f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { +static void decapsulate_64(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_64(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_40( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_40(private_key, ciphertext, ret); } /** @@ -91,7 +92,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_da( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80(uu____0, + uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, uu____1); + return encapsulate_unpacked_da(uu____0, uu____1); } /** @@ -161,7 +163,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -192,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_a8(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -203,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(uu____0); + return generate_keypair_unpacked_a8(uu____0); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 90fc6cf2d..507bc843c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e7767f6d7..e84654b77 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 515ad73b4..659c863ae 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem768_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_15( +static void decapsulate_1e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); @@ -44,7 +44,7 @@ static void decapsulate_15( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_1e(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_e1( +static void decapsulate_unpacked_d5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_e1(private_key, ciphertext, ret); + decapsulate_unpacked_d5(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_54( +static tuple_3c encapsulate_d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_54(uu____0, uu____1); + return encapsulate_d0(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_94( +static tuple_3c encapsulate_unpacked_1f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1(uu____0, + uu____1); } tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_94(uu____0, uu____1); + return encapsulate_unpacked_1f(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e4(uu____0); + return generate_keypair_4e(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_35(uint8_t randomness[64U]) { +generate_keypair_unpacked_94(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_35(uu____0); + return generate_keypair_unpacked_94(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_571(uint8_t *public_key) { +static bool validate_public_key_e01(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_571(public_key.value)) { + if (validate_public_key_e01(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 60ac8f723..3feac85db 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 71d2574ee..9396f2fb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem768_portable.h" @@ -35,7 +35,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_78( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); @@ -44,7 +44,7 @@ static void decapsulate_be( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_78(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_bc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_bc(private_key, ciphertext, ret); } /** @@ -91,7 +92,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_c5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8(uu____0, + uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, uu____1); + return encapsulate_unpacked_c5(uu____0, uu____1); } /** @@ -161,7 +163,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -192,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_d3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -203,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(uu____0); + return generate_keypair_unpacked_d3(uu____0); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 374afe9fa..717f49e01 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 947545b34..d6ac877ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1383,7 +1383,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_98(core_core_arch_x86___m256i vector) { +shift_right_aa(core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); } @@ -1397,9 +1397,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_92( +static core_core_arch_x86___m256i shift_right_ea_e8( core_core_arch_x86___m256i vector) { - return shift_right_98(vector); + return shift_right_aa(vector); } /** @@ -1410,7 +1410,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static core_core_arch_x86___m256i to_unsigned_representative_a4( core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_92(a); + core_core_arch_x86___m256i t = shift_right_ea_e8(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2508,7 +2508,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -2519,7 +2519,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e31( +static void closure_ee1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -2535,7 +2535,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -2560,8 +2560,9 @@ static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -2572,7 +2573,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -2587,12 +2589,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_ee1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_6a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2732,7 +2734,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -2762,12 +2764,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); } /** @@ -3137,7 +3139,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e7(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3202,9 +3204,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_80( +static core_core_arch_x86___m256i compress_ea_a1( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a(vector); + return compress_ciphertext_coefficient_e7(vector); } /** @@ -3220,7 +3222,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_a1(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3241,7 +3243,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e70(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3306,9 +3308,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_800( +static core_core_arch_x86___m256i compress_ea_a10( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); + return compress_ciphertext_coefficient_e70(vector); } /** @@ -3367,7 +3369,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e71(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3432,9 +3434,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_801( +static core_core_arch_x86___m256i compress_ea_a11( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); + return compress_ciphertext_coefficient_e71(vector); } /** @@ -3450,7 +3452,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_a11(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3469,7 +3471,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e72(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3534,9 +3536,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_802( +static core_core_arch_x86___m256i compress_ea_a12( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); + return compress_ciphertext_coefficient_e72(vector); } /** @@ -3552,7 +3554,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_a12(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3648,7 +3650,7 @@ static void encrypt_unpacked_881( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3665,7 +3667,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3704,7 +3706,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -3860,7 +3862,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -3883,7 +3885,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( size_t, Eurydice_slice); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -3901,7 +3903,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -3910,7 +3912,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t shared_secret_array[32U]; kdf_af_501(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -3929,7 +3931,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e4(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3992,9 +3994,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d6( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_55(vector); + return decompress_ciphertext_coefficient_e4(vector); } /** @@ -4016,7 +4018,7 @@ deserialize_then_decompress_10_a7(Eurydice_slice serialized) { Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); } return re; } @@ -4028,7 +4030,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e40(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4091,9 +4093,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d60( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_550(vector); + return decompress_ciphertext_coefficient_e40(vector); } /** @@ -4115,7 +4117,7 @@ deserialize_then_decompress_11_8d(Eurydice_slice serialized) { Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); } return re; } @@ -4199,7 +4201,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e41(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4262,9 +4264,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d61( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_551(vector); + return decompress_ciphertext_coefficient_e41(vector); } /** @@ -4285,7 +4287,7 @@ deserialize_then_decompress_4_9a(Eurydice_slice serialized) { Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); } return re; } @@ -4297,7 +4299,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e42(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4360,9 +4362,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d62( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_552(vector); + return decompress_ciphertext_coefficient_e42(vector); } /** @@ -4384,7 +4386,7 @@ deserialize_then_decompress_5_75(Eurydice_slice serialized) { Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); } return re; } @@ -4529,7 +4531,7 @@ static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4549,7 +4551,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -4587,7 +4589,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4600,7 +4602,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4760,7 +4762,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4775,19 +4777,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_501(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5517,7 +5519,7 @@ static tuple_54 generate_keypair_unpacked_6c0( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -5528,7 +5530,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e30( +static void closure_ee0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -5548,8 +5550,9 @@ static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 @@ -5560,7 +5563,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5575,12 +5579,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_ee0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_6a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5720,7 +5724,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -5750,12 +5754,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); } /** @@ -5916,7 +5920,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_a10(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6064,7 +6068,7 @@ static void encrypt_unpacked_880( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -6081,7 +6085,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6120,7 +6124,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -6276,7 +6280,7 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -6299,7 +6303,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( size_t, Eurydice_slice); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6317,7 +6321,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -6326,7 +6330,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t shared_secret_array[32U]; kdf_af_500(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -6484,7 +6488,7 @@ static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -6504,7 +6508,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6543,7 +6547,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -6556,7 +6560,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6695,7 +6699,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -6710,19 +6714,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_500(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -7444,7 +7448,7 @@ static tuple_4c generate_keypair_unpacked_6c( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -7455,7 +7459,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_e3( +static void closure_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -7475,8 +7479,9 @@ static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 @@ -7487,7 +7492,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7502,12 +7508,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_ee(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_6a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7647,7 +7653,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -7677,12 +7683,12 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -7983,7 +7989,7 @@ static void encrypt_unpacked_88( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -8000,7 +8006,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8039,7 +8045,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -8195,7 +8201,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -8218,7 +8224,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( size_t, Eurydice_slice); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8236,7 +8242,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -8245,7 +8251,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; kdf_af_50(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -8362,7 +8368,7 @@ static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -8382,7 +8388,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -8420,7 +8426,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8433,7 +8439,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8571,7 +8577,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8586,17 +8592,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_50(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 08d38f679..c28196f56 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 5f3affba0..9f33e8f2f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 0d1f0e4b8..dbe30739d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 787004952..d251d45b0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_mlkem_portable.h" @@ -3455,7 +3455,7 @@ static tuple_540 generate_keypair_unpacked_f41( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -3467,7 +3467,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -3483,7 +3483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3510,8 +3510,9 @@ static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 @@ -3523,7 +3524,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3538,12 +3540,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_931(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_97(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3685,7 +3687,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -3715,12 +3717,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); } /** @@ -4437,7 +4439,7 @@ static void encrypt_unpacked_6c1( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -4455,7 +4457,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4494,7 +4496,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4651,7 +4653,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -4674,7 +4676,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4692,7 +4694,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -4701,7 +4703,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t shared_secret_array[32U]; kdf_af_c2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -5181,7 +5183,7 @@ static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -5202,7 +5204,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5241,7 +5243,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5254,7 +5256,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5417,7 +5419,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5432,19 +5434,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_c2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6159,7 +6161,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -6171,7 +6173,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -6191,8 +6193,9 @@ static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 @@ -6204,7 +6207,8 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6219,12 +6223,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_930(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_97(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6366,7 +6370,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -6396,12 +6400,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -6744,7 +6748,7 @@ static void encrypt_unpacked_6c0( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -6762,7 +6766,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6801,7 +6805,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6958,7 +6962,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -6981,7 +6985,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6999,7 +7003,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -7008,7 +7012,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; kdf_af_e8(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -7166,7 +7170,7 @@ static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -7187,7 +7191,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -7225,7 +7229,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -7238,7 +7242,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7376,7 +7380,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -7391,19 +7395,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e8(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -8108,7 +8112,7 @@ static tuple_9b generate_keypair_unpacked_f4( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -8120,7 +8124,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -8140,8 +8144,9 @@ static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -8153,7 +8158,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8168,12 +8174,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_93(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_97(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8315,7 +8321,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -8345,12 +8351,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); } /** @@ -8607,7 +8613,7 @@ static void encrypt_unpacked_6c( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -8625,7 +8631,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8664,7 +8670,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8821,7 +8827,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -8844,7 +8850,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8862,7 +8868,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -8871,7 +8877,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t shared_secret_array[32U]; kdf_af_b6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -8988,7 +8994,7 @@ static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -9009,7 +9015,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -9047,7 +9053,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -9060,7 +9066,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9198,7 +9204,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -9213,17 +9219,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_b6(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c5afc2a8b..6d716c024 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7c6b8dc3b..55c1eb7c3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 62ace3bfe..03bc68b29 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index efdecdccd..4c7cd868d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 834f6dd19..3158b0431 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index da0caa7ff..e7228e4e2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 1510c3862..161fce491 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index b902bff7c..d20926d66 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b +Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 92f568d7c..61930afda 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_core_H @@ -214,29 +214,29 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#5} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 +A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_8a( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -260,16 +260,16 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -277,15 +277,15 @@ libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -306,15 +306,15 @@ typedef struct tuple_3c_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -323,14 +323,14 @@ libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -407,14 +407,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_47( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 865ca4449..8d20f24d7 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index b184d8770..720830b0b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1519,7 +1519,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1585,9 +1585,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( vector); } @@ -1614,7 +1614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( coefficient); } return re; @@ -1628,7 +1628,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1694,9 +1694,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( vector); } @@ -1723,7 +1723,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( coefficient); } return re; @@ -1976,7 +1976,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2042,9 +2042,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( vector); } @@ -2070,7 +2070,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( coefficient); } return re; @@ -2084,7 +2084,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2150,9 +2150,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( vector); } @@ -2178,7 +2178,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( re.coefficients[i0]); } return re; @@ -2471,7 +2471,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2488,9 +2488,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_4e( +libcrux_ml_kem_vector_avx2_shift_right_ea_f9( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb(vector); } /** @@ -2504,7 +2504,7 @@ static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + libcrux_ml_kem_vector_avx2_shift_right_ea_f9(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3710,7 +3710,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3778,8 +3778,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_ea_07(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( vector); } @@ -3798,7 +3798,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_avx2_compress_ea_07( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3822,7 +3822,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3890,8 +3890,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_ea_070(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( vector); } @@ -3910,7 +3910,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_avx2_compress_ea_070( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3987,7 +3987,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4055,8 +4055,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_ea_071(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( vector); } @@ -4075,7 +4075,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b7( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_avx2_compress_ea_071( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[8U]; @@ -4097,7 +4097,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4165,8 +4165,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_ea_072(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( vector); } @@ -4185,7 +4185,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_35( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_avx2_compress_ea_072( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4447,7 +4447,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4463,19 +4463,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -4499,7 +4499,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); @@ -4509,7 +4509,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58(private_key, ciphertext, ret); } @@ -4548,7 +4548,7 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4569,7 +4569,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -4607,7 +4607,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4621,7 +4621,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4656,17 +4656,18 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d(key_pair, ciphertext, + ret); } KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( private_key, ciphertext, ret); } @@ -4718,7 +4719,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -4743,7 +4744,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4761,7 +4762,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -4771,7 +4772,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, shared_secret_array); @@ -4795,7 +4796,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -4803,7 +4804,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -4819,12 +4820,12 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c(uu____0, uu____1); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4842,7 +4843,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4882,7 +4883,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -4911,14 +4912,15 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a(uu____0, + uu____1); } KRML_ATTRIBUTE_TARGET("avx2") @@ -4929,7 +4931,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( uu____0, uu____1); } @@ -5327,7 +5329,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -5358,12 +5360,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -5373,13 +5375,13 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -5391,14 +5393,14 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( uu____0); } /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -5410,13 +5412,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_f7( + size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -5428,7 +5431,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); @@ -5447,7 +5451,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_25( +libcrux_ml_kem_polynomial_clone_d5_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5459,8 +5463,9 @@ libcrux_ml_kem_polynomial_clone_d5_25( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -5472,7 +5477,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5489,14 +5495,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac(i, + A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_b8(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5557,11 +5564,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13(uu____0); } KRML_ATTRIBUTE_TARGET("avx2") @@ -5570,7 +5577,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( uu____0); } @@ -5597,7 +5604,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -5680,7 +5687,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -5696,19 +5703,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5733,7 +5740,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); @@ -5743,7 +5750,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( private_key, ciphertext, ret); } @@ -5776,7 +5783,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -5801,7 +5808,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5819,7 +5826,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -5829,7 +5836,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, shared_secret_array); @@ -5861,7 +5868,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -5877,7 +5884,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( uu____0, uu____1); } @@ -5968,7 +5975,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } @@ -5978,7 +5985,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 738eb3f73..c805c83b2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_portable_H @@ -5099,7 +5099,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -5115,19 +5115,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5151,7 +5151,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); @@ -5160,7 +5160,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( private_key, ciphertext, ret); } @@ -5199,7 +5199,7 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5220,7 +5220,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -5258,7 +5258,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -5272,7 +5272,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5306,16 +5306,17 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92(key_pair, ciphertext, + ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( private_key, ciphertext, ret); } @@ -5365,7 +5366,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -5389,7 +5390,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5407,7 +5408,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -5417,7 +5418,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, shared_secret_array); @@ -5441,7 +5442,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -5468,7 +5469,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5486,7 +5487,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5526,7 +5527,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -5554,14 +5555,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54(uu____0, + uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -5571,7 +5573,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( uu____0, uu____1); } @@ -5965,7 +5967,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -5995,12 +5997,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -6011,7 +6013,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -6033,8 +6035,8 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -6046,13 +6048,14 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e0( + size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -6064,7 +6067,8 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); @@ -6082,7 +6086,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_5e( +libcrux_ml_kem_polynomial_clone_d5_75( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6096,8 +6100,9 @@ libcrux_ml_kem_polynomial_clone_d5_5e( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -6109,7 +6114,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6126,14 +6132,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0(i, + A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_75(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6193,11 +6200,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -6205,7 +6212,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( uu____0); } @@ -6231,7 +6238,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -6313,7 +6320,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -6329,19 +6336,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6366,7 +6373,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); @@ -6375,7 +6382,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( private_key, ciphertext, ret); } @@ -6407,7 +6414,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -6431,7 +6438,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6449,7 +6456,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -6459,7 +6466,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, shared_secret_array); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 8fab63dea..92b3e6d06 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 384edfddf..108f13034 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_portable_H From 85141bcc69843b366fddb26c98a69cd49328b16e Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 13 Aug 2024 08:08:29 +0000 Subject: [PATCH 039/348] Set pre/post-conditions for ind_cpa::decrypt --- libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 17c9fb2fe..eb58042e2 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -252,7 +252,7 @@ fn encapsulate< $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("${result} == +#[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value"))] pub(crate) fn decapsulate< const K: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 253884393..555d323fc 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -398,7 +398,7 @@ pub(crate) fn encrypt_unpacked< $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))] #[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") -)] +)] pub(crate) fn encrypt< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -544,6 +544,15 @@ pub(crate) fn decrypt_unpacked< } #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K"))] +#[hax_lib::ensures(|result| + fstar!("$result == Spec.MLKEM.ind_cpa_decrypt $K $secret_key $ciphertext") +)] pub(crate) fn decrypt< const K: usize, const CIPHERTEXT_SIZE: usize, From 72c166ff78769ce63b3bd3edfe2efc5cc0abd8e6 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 13 Aug 2024 11:18:20 +0200 Subject: [PATCH 040/348] Factorize makefiles --- .gitignore | 1 + fstar-helpers/Makefile.template | 254 ++++++++++++++++++ .../proofs/fstar/extraction/Makefile | 1 + .../proofs/fstar/extraction/Makefile | 190 +------------ libcrux-ml-kem/proofs/fstar/spec/Makefile | 123 +-------- proofs/fstar/extraction-edited/Makefile | 151 +---------- .../extraction-secret-independent/Makefile | 135 +--------- proofs/fstar/extraction/Makefile | 128 +-------- 8 files changed, 261 insertions(+), 722 deletions(-) create mode 100644 fstar-helpers/Makefile.template create mode 100644 fstar-helpers/proofs/fstar/extraction/Makefile diff --git a/.gitignore b/.gitignore index 16802d82b..982c75cf3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ benches/boringssl/build proofs/fstar/extraction/.depend proofs/fstar/extraction/#*# proofs/fstar/extraction/.#* +hax.fst.config.json fuzz/corpus fuzz/artifacts proofs/fstar/extraction/.cache diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template new file mode 100644 index 000000000..aebdbe33f --- /dev/null +++ b/fstar-helpers/Makefile.template @@ -0,0 +1,254 @@ +# This is a generically useful Makefile for F* that is self-contained +# +# We expect: +# 1. `fstar.exe` to be in PATH (alternatively, you can also set +# $FSTAR_HOME to be set to your F* repo/install directory) +# +# 2. `cargo`, `rustup`, `hax` and `jq` to be installed and in PATH. +# +# 3. the extracted Cargo crate to have "hax-lib" as a dependency: +# `hax-lib = { version = "0.1.0-pre.1", git = "https://github.com/hacspec/hax"}` +# +# Optionally, you can set `HACL_HOME`. +# +# ROOTS contains all the top-level F* files you wish to verify +# The default target `verify` verified ROOTS and its dependencies +# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line +# +# To make F* emacs mode use the settings in this file, you need to +# add the following lines to your .emacs +# +# (setq-default fstar-executable "/bin/fstar.exe") +# (setq-default fstar-smt-executable "/bin/z3") +# +# (defun my-fstar-compute-prover-args-using-make () +# "Construct arguments to pass to F* by calling make." +# (with-demoted-errors "Error when constructing arg string: %S" +# (let* ((fname (file-name-nondirectory buffer-file-name)) +# (target (concat fname "-in")) +# (argstr (car (process-lines "make" "--quiet" target)))) +# (split-string argstr)))) +# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) +# + +HACL_HOME ?= $(HOME)/.hax/hacl_home +# Expand variable FSTAR_BIN_DETECT now, so that we don't run this over and over + +FSTAR_BIN_DETECT := $(if $(shell command -v fstar.exe), fstar.exe, $(FSTAR_HOME)/bin/fstar.exe) +FSTAR_BIN ?= $(FSTAR_BIN_DETECT) + +GIT_ROOT_DIR := $(shell git rev-parse --show-toplevel)/ +CACHE_DIR ?= ${GIT_ROOT_DIR}.fstar-cache/checked +HINT_DIR ?= ${GIT_ROOT_DIR}.fstar-cache/hints + +# Makes command quiet by default +Q ?= @ + +# Verify the required executable are in PATH +EXECUTABLES = cargo cargo-hax jq +K := $(foreach exec,$(EXECUTABLES),\ + $(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) + +export ANSI_COLOR_BLUE=\033[34m +export ANSI_COLOR_RED=\033[31m +export ANSI_COLOR_BBLUE=\033[1;34m +export ANSI_COLOR_GRAY=\033[90m +export ANSI_COLOR_TONE=\033[35m +export ANSI_COLOR_RESET=\033[0m + +ifdef NO_COLOR +export ANSI_COLOR_BLUE= +export ANSI_COLOR_RED= +export ANSI_COLOR_BBLUE= +export ANSI_COLOR_GRAY= +export ANSI_COLOR_BOLD_BLUE= +export ANSI_COLOR_TONE= +export ANSI_COLOR_RESET= +endif + +# The following is a bash script that discovers F* libraries. +# Due to incompatibilities with make 4.3, I had to make a "oneliner" bash script... +define FINDLIBS + : "Prints a path if and only if it exists. Takes one argument: the path."; \ + function print_if_exists() { \ + if [ -d "$$1" ]; then \ + echo "$$1"; \ + fi; \ + } ; \ + : "Asks Cargo all the dependencies for the current crate or workspace,"; \ + : "and extract all "root" directories for each. Takes zero argument."; \ + function dependencies() { \ + cargo metadata --format-version 1 | \ + jq -r ".packages | .[] | .manifest_path | split(\"/\") | .[:-1] | join(\"/\")"; \ + } ; \ + : "Find hax libraries *around* a given path. Takes one argument: the"; \ + : "path."; \ + function find_hax_libraries_at_path() { \ + path="$$1" ; \ + : "if there is a [proofs/fstar/extraction] subfolder, then that s a F* library" ; \ + print_if_exists "$$path/proofs/fstar/extraction" ; \ + : "Maybe the [proof-libs] folder of hax is around?" ; \ + MAYBE_PROOF_LIBS=$$(realpath -q "$$path/../proof-libs/fstar") ; \ + if [ $$? -eq 0 ]; then \ + print_if_exists "$$MAYBE_PROOF_LIBS/core" ; \ + print_if_exists "$$MAYBE_PROOF_LIBS/rust_primitives" ; \ + fi ; \ + } ; \ + { while IFS= read path; do \ + find_hax_libraries_at_path "$$path"; \ + done < <(dependencies) ; } | sort -u +endef +export FINDLIBS + +FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FINDLIBS_OUTPUT) + +# Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and +# an error message otherwise +ifneq (,$(findstring proof-libs/fstar,$(FSTAR_INCLUDE_DIRS))) +else + K += $(info ) + ERROR := $(shell printf '${ANSI_COLOR_RED}Error: could not detect `proof-libs`!${ANSI_COLOR_RESET}') + K += $(info ${ERROR}) + ERROR := $(shell printf ' > Do you have `${ANSI_COLOR_BLUE}hax-lib${ANSI_COLOR_RESET}` in your `${ANSI_COLOR_BLUE}Cargo.toml${ANSI_COLOR_RESET}` as a ${ANSI_COLOR_BLUE}git${ANSI_COLOR_RESET} or ${ANSI_COLOR_BLUE}path${ANSI_COLOR_RESET} dependency?') + K += $(info ${ERROR}) + ERROR := $(shell printf ' ${ANSI_COLOR_BLUE}> Tip: you may want to run `cargo add --git https://github.com/hacspec/hax hax-lib`${ANSI_COLOR_RESET}') + K += $(info ${ERROR}) + K += $(info ) + K += $(error Fatal error: `proof-libs` is required.) +endif + +.PHONY: all verify clean + +all: + $(Q)rm -f .depend + $(Q)$(MAKE) .depend vscode verify + +all-keep-going: + $(Q)rm -f .depend + $(Q)$(MAKE) --keep-going .depend vscode verify + +# If $HACL_HOME doesn't exist, clone it +${HACL_HOME}: + $(Q)mkdir -p "${HACL_HOME}" + $(info Clonning Hacl* in ${HACL_HOME}...) + git clone --depth 1 https://github.com/hacl-star/hacl-star.git "${HACL_HOME}" + $(info Clonning Hacl* in ${HACL_HOME}... done!) + +# If no any F* file is detected, we run hax +ifeq "$(wildcard *.fst *fsti)" "" +$(shell cargo hax into fstar) +endif + +# By default, we process all the files in the current directory +ROOTS ?= $(wildcard *.fst *fsti) +ADMIT_MODULES ?= + +ADMIT_MODULE_FLAGS ?= "--admit_smt_queries true" + +# Can be useful for debugging purposes +FINDLIBS.sh: + $(Q)echo '${FINDLIBS}' > FINDLIBS.sh +include-dirs: + $(Q)bash -c '${FINDLIBS}' + +FSTAR_FLAGS = \ + --warn_error -321-331-241-274-239-271 \ + --cache_checked_modules --cache_dir $(CACHE_DIR) \ + --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ + $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) + +FSTAR := $(FSTAR_BIN) $(FSTAR_FLAGS) + +.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) $(HACL_HOME) + @$(FSTAR) --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ + +include .depend + +$(HINT_DIR) $(CACHE_DIR): + $(Q)mkdir -p $@ + +define HELPMESSAGE +echo "hax' default Makefile for F*" +echo "" +echo "The available targets are:" +echo "" +function target() { + printf ' ${ANSI_COLOR_BLUE}%-20b${ANSI_COLOR_RESET} %s\n' "$$1" "$$2" +} +target "all" "Verify every F* files (stops whenever an F* fails first)" +target "all-keep-going" "Verify every F* files (tries as many F* module as possible)" +target "" "" +target "run:${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' +target "" "" +target "vscode" 'Generates a `hax.fst.config.json` file' +target "${ANSI_COLOR_TONE}${ANSI_COLOR_BLUE}-in " 'Useful for Emacs, outputs the F* prefix command to be used' +target "" "" +target "clean" 'Cleanup the target' +target "include-dirs" 'List the F* include directories' +target "" "" +target "roots" 'List the F* root modules.' +echo "" +echo "Environment variables:" +target "NO_COLOR" "Set to anything to disable colors" +endef +export HELPMESSAGE + +roots: + @for root in ${ROOTS}; do \ + filename=$$(basename -- "$$root") ;\ + ext="$${filename##*.}" ;\ + noext="$${filename%.*}" ;\ + printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}\n" "$$noext" "$$ext"; \ + done + +help: ;@bash -c "$$HELPMESSAGE" +h: ;@bash -c "$$HELPMESSAGE" + +HEADER = $(Q)printf '${ANSI_COLOR_BBLUE}[CHECK] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" + +run:%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) + ${HEADER} + $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run:%=%) + + +ADMIT_MODULE_FLAGS = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/, ${ADMIT_MODULES})) +$(ADMIT_MODULE_FLAGS): + $(Q)printf '${ANSI_COLOR_BBLUE}[${ANSI_COLOR_TONE}ADMIT${ANSI_COLOR_BBLUE}] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" + $(Q)$(FSTAR) $(OTHERFLAGS) $(LAX_MODULE_FLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + echo "" ; \ + exit 1 ; \ + } + $(Q)printf "\n\n" + +$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) + ${HEADER} + $(Q)$(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + echo "" ; \ + exit 1 ; \ + } + touch $@ + $(Q)printf "\n\n" + +verify: $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) $(HACL_HOME) + +# Targets for interactive mode + +%.fst-in: + $(info $(FSTAR_FLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) +%.fsti-in: + $(info $(FSTAR_FLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) + +# Targets for VSCode +hax.fst.config.json: + $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar, includes: .}' > $@ +vscode: hax.fst.config.json + +SHELL=bash + +# Clean target +clean: + rm -rf $(CACHE_DIR)/* + rm *.fst \ No newline at end of file diff --git a/fstar-helpers/proofs/fstar/extraction/Makefile b/fstar-helpers/proofs/fstar/extraction/Makefile new file mode 100644 index 000000000..ec420d509 --- /dev/null +++ b/fstar-helpers/proofs/fstar/extraction/Makefile @@ -0,0 +1 @@ +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 10feefae2..ec420d509 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,189 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - -VERIFIED = Libcrux_ml_kem.Types.fst \ - Libcrux_ml_kem.Types.fsti \ - Libcrux_ml_kem.Types.Unpacked.fsti \ - Libcrux_ml_kem.Constants.fsti \ - Libcrux_ml_kem.Hash_functions.Avx2.fsti \ - Libcrux_ml_kem.Hash_functions.fsti \ - Libcrux_ml_kem.Hash_functions.Neon.fsti \ - Libcrux_ml_kem.Hash_functions.Portable.fsti \ - Libcrux_ml_kem.Utils.fst \ - Libcrux_ml_kem.Utils.fsti - -PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ - Libcrux_ml_kem.Constant_time_ops.fsti \ - Libcrux_ml_kem.Ind_cca.fsti \ - Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ - Libcrux_ml_kem.Ind_cpa.fsti \ - Libcrux_ml_kem.Ind_cpa.Unpacked.fsti \ - Libcrux_ml_kem.Sampling.fsti \ - Libcrux_ml_kem.Serialize.fsti \ - Libcrux_ml_kem.Matrix.fsti \ - Libcrux_ml_kem.Polynomial.fsti \ - Libcrux_ml_kem.Ntt.fsti \ - Libcrux_ml_kem.Invert_ntt.fsti \ - Libcrux_ml_kem.Vector.Traits.fsti \ - Libcrux_ml_kem.Vector.Portable.fsti \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Portable.Compress.fsti \ - Libcrux_ml_kem.Vector.Portable.Ntt.fsti \ - Libcrux_ml_kem.Vector.Portable.Sampling.fsti \ - Libcrux_ml_kem.Vector.Portable.Serialize.fsti \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fsti \ - Libcrux_ml_kem.Vector.Avx2.fsti \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Avx2.Compress.fsti \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fsti \ - Libcrux_ml_kem.Vector.Avx2.Portable.fsti \ - Libcrux_ml_kem.Vector.Avx2.Sampling.fsti \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fsti \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \ - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst \ - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst \ - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti \ - Libcrux_ml_kem.Ind_cca.Multiplexing.fst \ - Libcrux_ml_kem.Ind_cca.Multiplexing.fsti \ - Libcrux_ml_kem.Mlkem512.Avx2.fst \ - Libcrux_ml_kem.Mlkem512.Avx2.fsti \ - Libcrux_ml_kem.Mlkem512.fst \ - Libcrux_ml_kem.Mlkem512.fsti \ - Libcrux_ml_kem.Mlkem512.Neon.fst \ - Libcrux_ml_kem.Mlkem512.Neon.fsti \ - Libcrux_ml_kem.Mlkem512.Portable.fst \ - Libcrux_ml_kem.Mlkem512.Portable.fsti \ - Libcrux_ml_kem.Mlkem768.Avx2.fst \ - Libcrux_ml_kem.Mlkem768.Avx2.fsti \ - Libcrux_ml_kem.Mlkem768.fst \ - Libcrux_ml_kem.Mlkem768.fsti \ - Libcrux_ml_kem.Mlkem768.Neon.fst \ - Libcrux_ml_kem.Mlkem768.Neon.fsti \ - Libcrux_ml_kem.Mlkem768.Portable.fst \ - Libcrux_ml_kem.Mlkem768.Portable.fsti \ - Libcrux_ml_kem.Mlkem1024.Avx2.fst \ - Libcrux_ml_kem.Mlkem1024.Avx2.fsti \ - Libcrux_ml_kem.Mlkem1024.fst \ - Libcrux_ml_kem.Mlkem1024.fsti \ - Libcrux_ml_kem.Mlkem1024.Neon.fst \ - Libcrux_ml_kem.Mlkem1024.Neon.fsti \ - Libcrux_ml_kem.Mlkem1024.Portable.fst \ - Libcrux_ml_kem.Mlkem1024.Portable.fsti \ - Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Neon.Compress.fsti \ - Libcrux_ml_kem.Vector.Neon.fsti \ - Libcrux_ml_kem.Vector.Neon.Ntt.fsti \ - Libcrux_ml_kem.Vector.Neon.Serialize.fsti \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fsti - -UNVERIFIED = $(filter-out $(PANIC_FREE),$(wildcard *.fst)) - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -PANIC_FREE_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(PANIC_FREE))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(PANIC_FREE) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives \ - $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) \ - ../spec/ \ - ../../../../sys/platform/proofs/fstar/extraction/ \ - ../../../../libcrux-intrinsics/proofs/fstar/extraction/ \ - ../../../../libcrux-sha3/proofs/fstar/extraction/ - -FSTAR_FLAGS = --cmi \ - --warn_error -331-321-274 \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(PANIC_FREE_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* - rm *.fst +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index 6eda7cef5..ec420d509 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -1,122 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel) - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - -ifeq ($(OTHERFLAGS),$(subst --admit_smt_queries true,,$(OTHERFLAGS))) -FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints -else -FSTAR_HINTS ?= --use_hints --use_hint_hashes -endif - -VERIFIED = Spec.Utils.fst Spec.MLKEM.fst - -UNVERIFIED = - - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) - -FSTAR_FLAGS = $(FSTAR_HINTS) \ - --cmi \ - --warn_error -331 \ - --warn_error -321 \ - --warn_error -274 \ - --query_stats \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -# --log_queries \ -# --z3version 4.12.3 \ -# --smtencoding.l_arith_repr native \ -# --smtencoding.nl_arith_repr native \ - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/proofs/fstar/extraction-edited/Makefile b/proofs/fstar/extraction-edited/Makefile index 6b294a42d..ec420d509 100644 --- a/proofs/fstar/extraction-edited/Makefile +++ b/proofs/fstar/extraction-edited/Makefile @@ -1,150 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - -ifeq ($(OTHERFLAGS),$(subst --admit_smt_queries true,,$(OTHERFLAGS))) -FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints -else -FSTAR_HINTS ?= --use_hints --use_hint_hashes -endif - -VERIFIED = \ - Libcrux.Digest.fsti \ - Libcrux.Kem.Kyber.Constants.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fst \ - Libcrux.Kem.Kyber.Types.fst \ - Libcrux.Kem.Kyber.Kyber768.fsti \ - Libcrux.Kem.Kyber.Kyber768.fst \ - Libcrux.Kem.Kyber.Kyber1024.fsti \ - Libcrux.Kem.Kyber.Kyber1024.fst \ - Libcrux.Kem.Kyber.Kyber512.fsti \ - Libcrux.Kem.Kyber.Kyber512.fst \ - Libcrux.Kem.Kyber.Ind_cpa.fsti \ - Libcrux.Kem.Kyber.Ind_cpa.fst \ - Libcrux.Kem.Kyber.fsti \ - Libcrux.Kem.Kyber.fst \ - Libcrux.Kem.Kyber.Arithmetic.fsti \ - Libcrux.Kem.Kyber.Arithmetic.fst \ - Libcrux.Kem.Kyber.Compress.fsti \ - Libcrux.Kem.Kyber.Compress.fst \ - Libcrux.Kem.Kyber.Constant_time_ops.fsti \ - Libcrux.Kem.Kyber.Constant_time_ops.fst \ - Libcrux.Kem.Kyber.Matrix.fsti \ - Libcrux.Kem.Kyber.Matrix.fst \ - Libcrux.Kem.Kyber.Ntt.fsti \ - Libcrux.Kem.Kyber.Ntt.fst \ - Libcrux.Kem.Kyber.Sampling.fst \ - Libcrux.Kem.Kyber.Serialize.fsti \ - Libcrux.Kem.Kyber.Serialize.fst - -UNVERIFIED = - - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) - -FSTAR_FLAGS = $(FSTAR_HINTS) \ - --cmi \ - --warn_error -331 \ - --warn_error -321 \ - --warn_error -274 \ - --query_stats \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -# --log_queries \ -# --z3version 4.12.3 \ -# --smtencoding.l_arith_repr native \ -# --smtencoding.nl_arith_repr native \ - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/proofs/fstar/extraction-secret-independent/Makefile b/proofs/fstar/extraction-secret-independent/Makefile index 3c4a3f008..ec420d509 100644 --- a/proofs/fstar/extraction-secret-independent/Makefile +++ b/proofs/fstar/extraction-secret-independent/Makefile @@ -1,134 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar-secret-integers -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - - -SECRET_INDEPENDENT = \ - Libcrux.Kem.Kyber.Constants.fsti \ - Libcrux.Digest.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fst \ - Libcrux.Kem.Kyber.Kyber768.fsti \ - Libcrux.Kem.Kyber.Kyber768.fst \ - Libcrux.Kem.Kyber.Kyber1024.fsti \ - Libcrux.Kem.Kyber.Kyber1024.fst \ - Libcrux.Kem.Kyber.Kyber512.fsti \ - Libcrux.Kem.Kyber.Kyber512.fst \ - Libcrux.Kem.Kyber.Types.fst \ - Libcrux.Kem.Kyber.fsti \ - Libcrux.Kem.Kyber.fst \ - Libcrux.Kem.Kyber.Ind_cpa.fsti \ - Libcrux.Kem.Kyber.Ind_cpa.fst \ - Libcrux.Kem.Kyber.Arithmetic.fsti \ - Libcrux.Kem.Kyber.Arithmetic.fst \ - Libcrux.Kem.Kyber.Compress.fsti \ - Libcrux.Kem.Kyber.Compress.fst \ - Libcrux.Kem.Kyber.Constant_time_ops.fsti \ - Libcrux.Kem.Kyber.Constant_time_ops.fst \ - Libcrux.Kem.Kyber.Matrix.fsti \ - Libcrux.Kem.Kyber.Matrix.fst \ - Libcrux.Kem.Kyber.Ntt.fsti \ - Libcrux.Kem.Kyber.Ntt.fst \ - Libcrux.Kem.Kyber.Sampling.fst \ - Libcrux.Kem.Kyber.Serialize.fsti \ - Libcrux.Kem.Kyber.Serialize.fst - -SECRET_INDEPENDENT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(SECRET_INDEPENDENT))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(SECRET_INDEPENDENT) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) - -FSTAR_FLAGS = --cmi \ - --warn_error -331-321-274 \ - --admit_smt_queries true \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(SECRET_INDEPENDENT_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(SECRET_INDEPENDENT_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* - rm *.fst +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/proofs/fstar/extraction/Makefile b/proofs/fstar/extraction/Makefile index 763274af1..ec420d509 100644 --- a/proofs/fstar/extraction/Makefile +++ b/proofs/fstar/extraction/Makefile @@ -1,127 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - - -VERIFIED = \ - Libcrux.Kem.Kyber.Constants.fsti \ - Libcrux.Kem.Kyber.Kyber768.fst \ - Libcrux.Kem.Kyber.Kyber1024.fst \ - Libcrux.Kem.Kyber.Kyber512.fst - - -UNVERIFIED = \ - Libcrux.Kem.Kyber.Types.fst \ - Libcrux.Kem.Kyber.fst \ - Libcrux.Kem.Kyber.Ind_cpa.fst \ - Libcrux.Kem.Kyber.Arithmetic.fst \ - Libcrux.Kem.Kyber.Arithmetic.fsti \ - Libcrux.Kem.Kyber.Compress.fst \ - Libcrux.Kem.Kyber.Constant_time_ops.fst \ - Libcrux.Digest.fsti \ - Libcrux.Digest.Incremental_x4.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fst \ - Libcrux.Kem.Kyber.Matrix.fst \ - Libcrux.Kem.Kyber.Ntt.fst \ - Libcrux.Kem.Kyber.Sampling.fst \ - Libcrux.Kem.Kyber.Serialize.fst - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) ../../../sys/platform/proofs/fstar/extraction/ - -FSTAR_FLAGS = --cmi \ - --warn_error -331-321-274 \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* - rm *.fst +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From 15e87acd6bab82bb882fa672f55c95bcc7ed1553 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 13 Aug 2024 11:20:26 +0200 Subject: [PATCH 041/348] Use a workspace-wide dependency `hax-lib` --- Cargo.lock | 51 ++++++--------------------------------- Cargo.toml | 6 ++--- libcrux-ml-kem/Cargo.toml | 3 ++- libcrux-sha3/Cargo.toml | 2 +- 4 files changed, 13 insertions(+), 49 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d59075911..3c0e1010a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,42 +701,19 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hax-lib-macros", "num-bigint", "num-traits", ] -[[package]] -name = "hax-lib" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" -dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib-macros" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" -dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.72", -] - [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", @@ -747,19 +724,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - -[[package]] -name = "hax-lib-macros-types" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "proc-macro2", "quote", @@ -933,8 +898,6 @@ version = "0.0.2-alpha.3" dependencies = [ "clap", "getrandom", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", "libcrux", "libcrux-ecdh", @@ -1039,7 +1002,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hax-lib", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1086,7 +1049,7 @@ version = "0.0.2-alpha.3" dependencies = [ "cavp", "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib", "hex", "libcrux-intrinsics", "libcrux-platform", diff --git a/Cargo.toml b/Cargo.toml index b2e2765e3..5ecbea800 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -75,9 +75,9 @@ wasm-bindgen = { version = "0.2.87", optional = true } # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. -[target.'cfg(hax)'.dependencies] -hax-lib-macros = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax", branch = "main" } -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/", branch = "main" } +# [target.'cfg(hax)'.workspace.dependencies] +[workspace.dependencies] +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 99424ea5b..1e5bf3333 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -25,7 +25,8 @@ libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } # This is only required for verification, but we are setting it as default until some hax attributes are fixed -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +# [target.'cfg(hax)'.dependencies] +hax-lib.workspace = true [features] # By default all variants and std are enabled. diff --git a/libcrux-sha3/Cargo.toml b/libcrux-sha3/Cargo.toml index c93712c4b..dfed28011 100644 --- a/libcrux-sha3/Cargo.toml +++ b/libcrux-sha3/Cargo.toml @@ -17,7 +17,7 @@ libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" # This is only required for verification. # The hax config is set by the hax toolchain. [target.'cfg(hax)'.dependencies] -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } +hax-lib.workspace = true [features] simd128 = [] From 004ec4a282edcb03eed3aee15b64a693ccc703e4 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 13:02:03 +0000 Subject: [PATCH 042/348] verified --- .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 8 -------- libcrux-ml-kem/src/ind_cca.rs | 4 ---- 2 files changed, 12 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a1acf392c..35647a3bc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -377,14 +377,6 @@ let encapsulate <: t_Slice u8) in - let _:Prims.unit = - assert (Seq.slice to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == randomness); - lemma_slice_append to_hash - randomness - (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value); - assert (to_hash == - concat randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value)) - in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index eb58042e2..24ad1d419 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -203,10 +203,6 @@ fn encapsulate< let randomness = Scheme::entropy_preprocess::(&randomness); let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice())); - hax_lib::fstar!("assert (Seq.slice $to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == $randomness); - lemma_slice_append $to_hash $randomness (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K ${public_key}.f_value); - assert ($to_hash == concat $randomness (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K ${public_key}.f_value))"); - let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); From 6fb20ad6335232da2c422225f0527f15d290cd49 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 13:17:52 +0000 Subject: [PATCH 043/348] verified again --- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index d6d1d387e..cb4e44a7c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -116,7 +116,17 @@ val decrypt {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.MLKEM.ind_cpa_decrypt v_K secret_key ciphertext) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. @@ -175,8 +185,17 @@ val encrypt (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) (requires - Spec.MLKEM.is_rank v_K /\ length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE) + Spec.MLKEM.is_rank v_K /\ v_ETA1 = Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 = Spec.MLKEM.v_ETA2 v_K /\ v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ + v_ETA2_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_LEN == Spec.MLKEM.v_C2_SIZE v_K) (ensures fun result -> let result:t_Array u8 v_CIPHERTEXT_SIZE = result in From efb652c72b2186abf292991ad7372dd83085d109 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 14:53:35 +0000 Subject: [PATCH 044/348] cargo lock --- Cargo.lock | 64 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9112f10a5..0f6d51371 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -721,7 +721,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", @@ -734,7 +734,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", @@ -747,7 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "proc-macro2", "quote", @@ -883,9 +883,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a" dependencies = [ "wasm-bindgen", ] @@ -1143,6 +1143,16 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +[[package]] +name = "minicov" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c71e683cd655513b99affab7d317deb690528255a0d5f717f1024093c12b169" +dependencies = [ + "cc", + "walkdir", +] + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -1861,19 +1871,20 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" dependencies = [ "cfg-if", + "once_cell", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" dependencies = [ "bumpalo", "log", @@ -1886,9 +1897,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.42" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" +checksum = "61e9300f63a621e96ed275155c108eb6f843b6a26d053f122ab69724559dc8ed" dependencies = [ "cfg-if", "js-sys", @@ -1898,9 +1909,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1908,9 +1919,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", @@ -1921,18 +1932,19 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" +checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" [[package]] name = "wasm-bindgen-test" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" +checksum = "68497a05fb21143a08a7d24fc81763384a3072ee43c44e86aad1744d6adef9d9" dependencies = [ "console_error_panic_hook", "js-sys", + "minicov", "scoped-tls", "wasm-bindgen", "wasm-bindgen-futures", @@ -1941,9 +1953,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" +checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", @@ -1952,9 +1964,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" +checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0" dependencies = [ "js-sys", "wasm-bindgen", From 676254549713b18c6ce74cf0c8328101229105f4 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 17:09:54 +0000 Subject: [PATCH 045/348] restored panic freedom for top-level apis --- Cargo.lock | 12 ++++++------ .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 8 ++++++++ .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti | 8 -------- libcrux-ml-kem/src/mlkem1024.rs | 2 +- libcrux-ml-kem/src/mlkem512.rs | 2 +- libcrux-ml-kem/src/mlkem768.rs | 2 +- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0f6d51371..8bbf720f9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -721,7 +721,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", @@ -734,7 +734,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", @@ -747,7 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "proc-macro2", "quote", diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 35647a3bc..380854419 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -191,6 +191,8 @@ let validate_public_key in public_key =. public_key_serialized +#push-options "--z3rlimit 150" + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -326,6 +328,10 @@ let decapsulate let _:Prims.unit = admit () in shared_secret +#pop-options + +#push-options "--z3rlimit 150" + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -418,6 +424,8 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +#pop-options + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index ada53c2d0..76092b776 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -196,8 +196,6 @@ let impl: t_Variant t_MlKem = out } -#push-options "--z3rlimit 150" - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -227,10 +225,6 @@ val decapsulate let result:t_Array u8 (sz 32) = result in result == Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value) -#pop-options - -#push-options "--z3rlimit 150" - val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -261,8 +255,6 @@ val encapsulate (result._1.f_value, result._2) == Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness) -#pop-options - /// Packed API /// Generate a key pair. /// Depending on the `Vector` and `Hasher` used, this requires different hardware diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 78d21d7b9..cf5158a68 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -233,7 +233,7 @@ macro_rules! instantiate { /// https://github.com/hacspec/hax/issues/770 #[cfg_attr( hax, - hax_lib::fstar::before( + hax_lib::fstar::before(interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 8f7d72172..1ef9bd691 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -226,7 +226,7 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. #[cfg_attr( hax, - hax_lib::fstar::before( + hax_lib::fstar::before(interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 82666e8bc..8595f7272 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -229,7 +229,7 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. #[cfg_attr( hax, - hax_lib::fstar::before( + hax_lib::fstar::before(interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) From f2667042029881654cb1c1429f78566b63574bd5 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 13 Aug 2024 22:33:13 -0400 Subject: [PATCH 046/348] wip --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 13 ++++++----- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 6 +++-- .../proofs/fstar/spec/Spec.MLKEM.fst | 5 +++-- libcrux-ml-kem/src/ind_cca.rs | 22 ++++++++----------- libcrux-ml-kem/src/ind_cpa.rs | 6 +++-- 6 files changed, 29 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 380854419..e834fa266 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -191,7 +191,7 @@ let validate_public_key in public_key =. public_key_serialized -#push-options "--z3rlimit 150" +#push-options "--z3rlimit 500" let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 76092b776..b2a826d0a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -223,7 +223,10 @@ val decapsulate (ensures fun result -> let result:t_Array u8 (sz 32) = result in - result == Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value) + let expected, valid = + Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value + in + valid ==> result == expected) val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: @@ -252,8 +255,8 @@ val encapsulate = result in - (result._1.f_value, result._2) == - Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness) + let expected, valid = Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness in + valid ==> (result._1.f_value, result._2) == expected) /// Packed API /// Generate a key pair. @@ -279,5 +282,5 @@ val generate_keypair let result:Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = result in - (result.f_sk.f_value, result.f_pk.f_value) == - Spec.MLKEM.ind_cca_generate_keypair v_K randomness) + let expected, valid = Spec.MLKEM.ind_cca_generate_keypair v_K randomness in + valid ==> (result.f_sk.f_value, result.f_pk.f_value) == expected) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index cb4e44a7c..7d65134d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -199,7 +199,8 @@ val encrypt (ensures fun result -> let result:t_Array u8 v_CIPHERTEXT_SIZE = result in - result == Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness) + let expected, valid = Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness in + valid ==> result == expected) /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. @@ -263,4 +264,5 @@ val generate_keypair (ensures fun result -> let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = result in - result == Spec.MLKEM.ind_cpa_generate_keypair v_K key_generation_seed) + let expected, valid = Spec.MLKEM.ind_cpa_generate_keypair v_K key_generation_seed in + valid ==> result == expected) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 737230ccf..f33b2f4c0 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -2,8 +2,9 @@ module Spec.MLKEM #set-options "--fuel 0 --ifuel 1 --z3rlimit 30" open FStar.Mul open Core -open Spec.Utils -open Spec.MLKEM.Math + +include Spec.Utils +include Spec.MLKEM.Math (** ML-KEM Constants *) let v_BITS_PER_COEFFICIENT: usize = sz 12 diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 24ad1d419..73d1bc1bd 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -122,8 +122,8 @@ fn validate_public_key< $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("(${result}.f_sk.f_value, ${result}.f_pk.f_value) == - Spec.MLKEM.ind_cca_generate_keypair $K $randomness"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_generate_keypair $K $randomness in + valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"))] fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -177,8 +177,8 @@ fn generate_keypair< $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("(${result}._1.f_value, ${result}._2) == - Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness in + valid ==> (${result}._1.f_value, ${result}._2) == expected"))] fn encapsulate< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -231,7 +231,7 @@ fn encapsulate< (ciphertext, shared_secret_array) } -#[hax_lib::fstar::options("--z3rlimit 150")] +#[hax_lib::fstar::options("--z3rlimit 500")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -248,8 +248,8 @@ fn encapsulate< $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("$result == - Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value in + valid ==> $result == expected"))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, @@ -597,16 +597,12 @@ impl Variant for MlKem { shared_secret: &[u8], _: &MlKemCiphertext, ) -> [u8; 32] { - let mut out = [0u8; 32]; - out.copy_from_slice(shared_secret); - out + shared_secret.try_into().unwrap() } #[inline(always)] #[requires(randomness.len() == 32)] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { - let mut out = [0u8; 32]; - out.copy_from_slice(randomness); - out + randomness.try_into().unwrap() } } diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 555d323fc..663da1dfb 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -215,7 +215,8 @@ pub(crate) fn generate_keypair_unpacked< $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed in + valid ==> $result == expected"))] pub(crate) fn generate_keypair< const K: usize, const PRIVATE_KEY_SIZE: usize, @@ -397,7 +398,8 @@ pub(crate) fn encrypt_unpacked< $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))] #[hax_lib::ensures(|result| - fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") + fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness in + valid ==> $result == expected") )] pub(crate) fn encrypt< const K: usize, From de2b7515df24c7c168b991c1ad4e011a66d69520 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 14 Aug 2024 04:42:31 +0000 Subject: [PATCH 047/348] Add pre-conditions for Ind_cpa functions --- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 36 ++++++++++++++----- libcrux-ml-kem/src/ind_cpa.rs | 24 ++++++++++++- 2 files changed, 51 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index cb4e44a7c..312b925ec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -19,7 +19,9 @@ val sample_ring_element_cbd (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K) (fun _ -> Prims.l_True) /// Sample a vector of ring elements from a centered binomial distribution and @@ -32,7 +34,9 @@ val sample_vector_cbd_then_ntt (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA == Spec.MLKEM.v_ETA1 v_K) (fun _ -> Prims.l_True) /// Call [`compress_then_serialize_ring_element_u`] on each ring element. @@ -42,7 +46,12 @@ val compress_then_serialize_u {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (out: t_Slice u8) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice u8) + (requires + Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ + v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) + (fun _ -> Prims.l_True) /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. @@ -52,7 +61,9 @@ val deserialize_then_decompress_u {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K) (fun _ -> Prims.l_True) /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. @@ -62,7 +73,8 @@ val deserialize_secret_key {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: t_Slice u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True + (requires Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K + ) (fun _ -> Prims.l_True) /// Call [`serialize_uncompressed_ring_element`] for each ring element. @@ -71,7 +83,9 @@ val serialize_secret_key (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + (fun _ -> Prims.l_True) /// Concatenate `t` and `ρ` into the public key. val serialize_public_key @@ -80,7 +94,12 @@ val serialize_public_key {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) - : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) + (fun _ -> Prims.l_True) /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. @@ -259,7 +278,8 @@ val generate_keypair v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ - v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE) (ensures fun result -> let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = result in diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 555d323fc..810cb6272 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -39,6 +39,10 @@ use unpacked::*; /// Concatenate `t` and `ρ` into the public key. #[inline(always)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + length $seed_for_a == sz 32"))] pub(crate) fn serialize_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -58,6 +62,8 @@ pub(crate) fn serialize_public_key< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] fn serialize_secret_key( key: &[PolynomialRingElement; K], ) -> [u8; OUT_LEN] { @@ -75,6 +81,9 @@ fn serialize_secret_key( secret_key: &[u8], ) -> [PolynomialRingElement; K] { From 60296bf4f0a3bfce3325e90a2a7b1db537e3cbf7 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 14 Aug 2024 05:02:29 +0000 Subject: [PATCH 048/348] Add pre-conditions for functions in matrix --- .../fstar/extraction/Libcrux_ml_kem.Matrix.fsti | 14 +++++++------- libcrux-ml-kem/src/matrix.rs | 5 +++++ 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index dce9ae911..fdc3296c6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -20,10 +20,10 @@ val compute_As_plus_e (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True + (requires Spec.MLKEM.is_rank v_K) (fun _ -> Prims.l_True) -/// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +/// Compute InverseNTT(tᵀ ◦ r\u{302}) + e₂ + message val compute_ring_element_v (v_K: usize) (#v_Vector: Type0) @@ -31,10 +31,10 @@ val compute_ring_element_v (tt_as_ntt r_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires Spec.MLKEM.is_rank v_K) (fun _ -> Prims.l_True) -/// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +/// Compute u := InvertNTT(Aᵀ ◦ r\u{302}) + e₁ val compute_vector_u (v_K: usize) (#v_Vector: Type0) @@ -43,7 +43,7 @@ val compute_vector_u t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True + (requires Spec.MLKEM.is_rank v_K) (fun _ -> Prims.l_True) /// The following functions compute various expressions involving @@ -58,7 +58,7 @@ val compute_message (secret_as_ntt u_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires Spec.MLKEM.is_rank v_K) (fun _ -> Prims.l_True) val sample_matrix_A @@ -70,5 +70,5 @@ val sample_matrix_A (transpose: bool) : Prims.Pure (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) - Prims.l_True + (requires Spec.MLKEM.is_rank v_K) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index d07c95f93..3e9f8a40a 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -5,6 +5,7 @@ use crate::{ #[inline(always)] #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn sample_matrix_A>( seed: [u8; 34], transpose: bool, @@ -41,6 +42,7 @@ pub(crate) fn sample_matrix_A( v: &PolynomialRingElement, secret_as_ntt: &[PolynomialRingElement; K], @@ -61,6 +63,7 @@ pub(crate) fn compute_message( /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message #[inline(always)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn compute_ring_element_v( t_as_ntt: &[PolynomialRingElement; K], r_as_ntt: &[PolynomialRingElement; K], @@ -82,6 +85,7 @@ pub(crate) fn compute_ring_element_v( /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ #[inline(always)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn compute_vector_u( a_as_ntt: &[[PolynomialRingElement; K]; K], r_as_ntt: &[PolynomialRingElement; K], @@ -109,6 +113,7 @@ pub(crate) fn compute_vector_u( /// Compute  ◦ ŝ + ê #[inline(always)] #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn compute_As_plus_e( matrix_A: &[[PolynomialRingElement; K]; K], s_as_ntt: &[PolynomialRingElement; K], From df53a93a606b73db84d789840464d5ad4da833ac Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 14 Aug 2024 11:00:13 +0000 Subject: [PATCH 049/348] Proof for inz/is_non_zero --- .../Libcrux_ml_kem.Constant_time_ops.fst | 39 +++++++++++-- .../Libcrux_ml_kem.Constant_time_ops.fsti | 30 +++++++++- libcrux-ml-kem/src/constant_time_ops.rs | 55 ++++++++++++++++++- 3 files changed, 116 insertions(+), 8 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..0a0963d22 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -4,12 +4,43 @@ open Core open FStar.Mul let inz (value: u8) = + let orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in - let result:u16 = - ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) >>! 8l <: u16) &. - 1us + let result:u8 = + cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) <: u8 in - cast (result <: u16) <: u8 + let res:u8 = result &. 1uy in + let _:Prims.unit = + if v orig_value = 0 + then + (assert (value == zero); + lognot_lemma value; + assert ((~.value +. 1us) == zero); + assert ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero); + logor_lemma value zero; + assert ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == + value); + assert (v result == v ((value >>! 8l))); + assert ((v value / pow2 8) == 0); + assert (result == 0uy); + logand_lemma 1uy result; + assert (res == 0uy)) + else + (assert (v value <> 0); + lognot_lemma value; + assert (v (~.value) = pow2 16 - 1 - v value); + assert (v (~.value) + 1 = pow2 16 - v value); + assert (v (value) <= pow2 8 - 1); + assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); + assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); + assert ((v (~.value) + 1) / pow2 8 = (pow2 8 - 1)); + assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = + pow2 8 - 1); + assert (result = ones); + logand_lemma 1uy result; + assert (res = 1uy)) + in + res let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 0d28bb910..a827672e1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -4,9 +4,35 @@ open Core open FStar.Mul /// Return 1 if `value` is not zero and 0 otherwise. -val inz (value: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val inz (value: u8) + : Prims.Pure u8 + Prims.l_True + (ensures + fun result -> + let result:u8 = result in + Hax_lib.implies (value =. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 0uy <: bool) && + Hax_lib.implies (value <>. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 1uy <: bool)) -val is_non_zero (value: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val is_non_zero (value: u8) + : Prims.Pure u8 + Prims.l_True + (ensures + fun result -> + let result:u8 = result in + Hax_lib.implies (value =. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 0uy <: bool) && + Hax_lib.implies (value <>. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 1uy <: bool)) /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index b37bad7a1..27369139a 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -11,13 +11,56 @@ use crate::constants::SHARED_SECRET_SIZE; // XXX: We have to disable this for C extraction for now. See eurydice/issues#37 /// Return 1 if `value` is not zero and 0 otherwise. +#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($value =. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 0uy <: bool) && + Hax_lib.implies ($value <>. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 1uy <: bool)"))] fn inz(value: u8) -> u8 { + let orig_value = value; let value = value as u16; - let result = ((value | (!value).wrapping_add(1)) >> 8) & 1; - result as u8 + let result = ((!value).wrapping_add(1) >> 8) as u8; + let res = result & 1; + hax_lib::fstar!("if v $orig_value = 0 then ( + assert($value == zero); + lognot_lemma $value; + assert((~.$value +. 1us) == zero); + assert((Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) == zero); + logor_lemma $value zero; + assert(($value |. (Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) <: u16) == $value); + assert (v $result == v (($value >>! 8l))); + assert ((v $value / pow2 8) == 0); + assert ($result == 0uy); + logand_lemma 1uy $result; + assert ($res == 0uy)) + else ( + assert (v $value <> 0); + lognot_lemma $value; + assert (v (~.$value) = pow2 16 - 1 - v $value); + assert (v (~.$value) + 1 = pow2 16 - v $value); + assert (v ($value) <= pow2 8 - 1); + assert ((v (~.$value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v $value)); + assert ((v (~.$value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v $value)); + assert ((v (~.$value) + 1)/pow2 8 = (pow2 8 - 1)); + assert (v ((Core.Num.impl__u16__wrapping_add (~.$value <: u16) 1us <: u16) >>! 8l) = pow2 8 - 1); + assert ($result = ones); + logand_lemma 1uy $result; + assert ($res = 1uy))"); + res } #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. +#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($value =. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 0uy <: bool) && + Hax_lib.implies ($value <>. 0uy <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 1uy <: bool)"))] fn is_non_zero(value: u8) -> u8 { #[cfg(eurydice)] return inz(value); @@ -31,6 +74,14 @@ fn is_non_zero(value: u8) -> u8 { #[cfg_attr(hax, hax_lib::requires( lhs.len() == rhs.len() ))] +#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($lhs =. $rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 0uy <: bool) && + Hax_lib.implies ($lhs <>. $rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 1uy <: bool)"))] fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { let mut r: u8 = 0; for i in 0..lhs.len() { From f1bea0d7b2aa991081228ec6fdab0934ba408b12 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 14 Aug 2024 14:20:29 +0200 Subject: [PATCH 050/348] Makefile: add `FSTAR_INCLUDE_DIRS_EXTRA` --- fstar-helpers/Makefile.template | 2 +- .../proofs/fstar/extraction/Makefile | 30 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template index aebdbe33f..b1971d30e 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.template @@ -101,7 +101,7 @@ endef export FINDLIBS FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FINDLIBS_OUTPUT) +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) # Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and # an error message otherwise diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index ec420d509..25b8ff81b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1 +1,31 @@ +LAX_MODULES = Libcrux_ml_kem.Ind_cca.fst \ + Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Invert_ntt.fst \ + Libcrux_ml_kem.Matrix.fst \ + Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Polynomial.fst \ + Libcrux_ml_kem.Sampling.fst \ + Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ + Libcrux_ml_kem.Vector.Avx2.Portable.fst \ + Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.Ntt.fst \ + Libcrux_ml_kem.Vector.Neon.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Portable.Compress.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.Sampling.fst \ + Libcrux_ml_kem.Vector.Portable.Serialize.fst \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Traits.fst + +FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From 45eb61916d0316c1692501afe0eb9f031de32e0e Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 14 Aug 2024 14:44:38 +0000 Subject: [PATCH 051/348] User verification_status for inda_cpa.rs and matrix.rs --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 54 +++++++++++++++++-- .../extraction/Libcrux_ml_kem.Matrix.fst | 16 ++++++ libcrux-ml-kem/src/ind_cpa.rs | 13 +++++ libcrux-ml-kem/src/matrix.rs | 5 ++ 4 files changed, 85 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2dc3193fa..2a7815bf6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -10,6 +10,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let sample_ring_element_cbd (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) (#v_Vector #v_Hasher: Type0) @@ -98,6 +100,10 @@ let sample_ring_element_cbd <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -195,6 +201,10 @@ let sample_vector_cbd_then_ntt <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) (#v_Vector: Type0) @@ -268,6 +278,8 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = () <: Prims.unit in out +#pop-options + let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -332,7 +344,9 @@ let deserialize_then_decompress_u in u_as_ntt) in - u_as_ntt + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_secret_key (v_K: usize) @@ -382,7 +396,13 @@ let deserialize_secret_key <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in - secret_as_ntt + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + secret_as_ntt + in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +#push-options "--admit_smt_queries true" let serialize_secret_key (v_K v_OUT_LEN: usize) @@ -458,6 +478,8 @@ let serialize_secret_key in out +#pop-options + let serialize_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) @@ -510,7 +532,11 @@ let serialize_public_key <: t_Slice u8) in - public_key_serialized + let result:t_Array u8 v_PUBLIC_KEY_SIZE = public_key_serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +#push-options "--admit_smt_queries true" let decrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: @@ -543,6 +569,10 @@ let decrypt_unpacked in Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message +#pop-options + +#push-options "--admit_smt_queries true" + let decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -570,6 +600,10 @@ let decrypt secret_key_unpacked ciphertext +#pop-options + +#push-options "--admit_smt_queries true" + let encrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -671,6 +705,10 @@ let encrypt_unpacked in ciphertext +#pop-options + +#push-options "--admit_smt_queries true" + let encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -730,6 +768,10 @@ let encrypt v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key_unpacked message randomness +#pop-options + +#push-options "--admit_smt_queries true" + let generate_keypair_unpacked (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -808,6 +850,10 @@ let generate_keypair_unpacked (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) +#pop-options + +#push-options "--admit_smt_queries true" + let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -846,3 +892,5 @@ let generate_keypair secret_key_serialized, public_key_serialized <: (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c6c53893c..924e13025 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -10,6 +10,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let compute_As_plus_e (v_K: usize) (#v_Vector: Type0) @@ -131,6 +133,8 @@ let compute_As_plus_e in result +#pop-options + let compute_ring_element_v (v_K: usize) (#v_Vector: Type0) @@ -172,8 +176,12 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce #v_Vector error_2_ message result in + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--admit_smt_queries true" + let compute_vector_u (v_K: usize) (#v_Vector: Type0) @@ -303,6 +311,8 @@ let compute_vector_u in result +#pop-options + let compute_message (v_K: usize) (#v_Vector: Type0) @@ -345,8 +355,12 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl__subtract_reduce #v_Vector v result in + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--admit_smt_queries true" + let sample_matrix_A (v_K: usize) (#v_Vector #v_Hasher: Type0) @@ -499,3 +513,5 @@ let sample_matrix_A v_A_transpose)) in v_A_transpose + +#pop-options diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 810cb6272..a5368419d 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -39,6 +39,7 @@ use unpacked::*; /// Concatenate `t` and `ρ` into the public key. #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -62,6 +63,7 @@ pub(crate) fn serialize_public_key< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] fn serialize_secret_key( @@ -81,6 +83,7 @@ fn serialize_secret_key. #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, @@ -221,6 +226,7 @@ pub(crate) fn generate_keypair_unpacked< } #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -259,6 +265,7 @@ pub(crate) fn generate_keypair< } /// Call [`compress_then_serialize_ring_element_u`] on each ring element. +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ @@ -325,6 +332,7 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -399,6 +407,7 @@ pub(crate) fn encrypt_unpacked< } #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA1 = Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ @@ -476,6 +485,7 @@ pub(crate) fn encrypt< /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] @@ -502,6 +512,7 @@ fn deserialize_then_decompress_u< /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] fn deserialize_secret_key( @@ -539,6 +550,7 @@ fn deserialize_secret_key( /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn decrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -566,6 +578,7 @@ pub(crate) fn decrypt_unpacked< } #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 3e9f8a40a..366a53ac5 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -5,6 +5,7 @@ use crate::{ #[inline(always)] #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn sample_matrix_A>( seed: [u8; 34], @@ -42,6 +43,7 @@ pub(crate) fn sample_matrix_A( v: &PolynomialRingElement, @@ -63,6 +65,7 @@ pub(crate) fn compute_message( /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn compute_ring_element_v( t_as_ntt: &[PolynomialRingElement; K], @@ -85,6 +88,7 @@ pub(crate) fn compute_ring_element_v( /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn compute_vector_u( a_as_ntt: &[[PolynomialRingElement; K]; K], @@ -113,6 +117,7 @@ pub(crate) fn compute_vector_u( /// Compute  ◦ ŝ + ê #[inline(always)] #[allow(non_snake_case)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] pub(crate) fn compute_As_plus_e( matrix_A: &[[PolynomialRingElement; K]; K], From c3378af46e3f61d3c82b49c4e4e5e678fc403b24 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 15 Aug 2024 17:21:52 -0700 Subject: [PATCH 052/348] admit to pass decap --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 25 ++++++++--------- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 28 +++++++++++++------ libcrux-ml-kem/src/ind_cca.rs | 6 ++-- 3 files changed, 33 insertions(+), 26 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index e834fa266..8d81bed6a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -207,6 +207,7 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = + let _:Prims.unit = admit () in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -313,20 +314,16 @@ let decapsulate shared_secret ciphertext in - let shared_secret:t_Array u8 (sz 32) = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) - in - let _:Prims.unit = admit () in - shared_secret + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (Rust_primitives.unsize shared_secret <: t_Slice u8) + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index b2a826d0a..1ff7c7914 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -140,9 +140,9 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (out1: t_Array u8 (sz 32)) + (out: t_Array u8 (sz 32)) -> - out1 == shared_secret); + out == shared_secret); f_kdf = (fun @@ -155,9 +155,14 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in - out); + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + shared_secret + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)); f_entropy_preprocess_pre = (fun @@ -178,7 +183,7 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) - (out1: t_Array u8 (sz 32)) + (out: t_Array u8 (sz 32)) -> true); f_entropy_preprocess @@ -191,9 +196,14 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in - out + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + randomness + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) } val decapsulate diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 73d1bc1bd..706c82160 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -274,6 +274,7 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { + hax_lib::fstar!("admit() (* takes too long on CI *)"); let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); @@ -325,7 +326,6 @@ pub(crate) fn decapsulate< &shared_secret, &implicit_rejection_shared_secret, ); - hax_lib::fstar!("admit() (* Panic Free *)"); shared_secret } @@ -591,8 +591,8 @@ pub(crate) struct MlKem {} impl Variant for MlKem { #[inline(always)] #[requires(shared_secret.len() == 32)] - // Output name has be `out1` https://github.com/hacspec/hax/issues/832 - #[ensures(|out1| fstar!("$out1 == $shared_secret"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("$out == $shared_secret"))] fn kdf>( shared_secret: &[u8], _: &MlKemCiphertext, From aa9bd20a413d1a81bbe287fd4b5378b0aa68a2a6 Mon Sep 17 00:00:00 2001 From: mamonet Date: Fri, 16 Aug 2024 09:16:16 +0000 Subject: [PATCH 053/348] Implement to_spec_vector --- .../proofs/fstar/spec/Spec.MLKEM.fst | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 021ea0b4b..d145d2ac3 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -112,6 +112,26 @@ type polynomial (ntt:bool) = t_Array field_element (sz 256) type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r +type t_PolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) } + +let int_to_spec_fe (m:int) : field_element = + let m_v = m % v v_FIELD_MODULUS in + assert (m_v > - v v_FIELD_MODULUS); + if m_v < 0 then + m_v + v v_FIELD_MODULUS + else m_v + +let to_spec_fe (m:i32) : field_element = + int_to_spec_fe (v m) + +let to_spec_poly (m:t_PolynomialRingElement) : (polynomial false) = + createi #field_element (sz 256) (fun i -> to_spec_fe (m.f_coefficients.[i])) + +let to_spec_vector (#r:rank) + (m:t_Array (t_PolynomialRingElement) r) + : (vector r false) = + createi r (fun i -> to_spec_poly (m.[i])) + val field_add: field_element -> field_element -> field_element let field_add a b = (a + b) % v v_FIELD_MODULUS From 91b33a7e18b7844808f9d6e4a9c0bbc6e24b3d0e Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 16 Aug 2024 16:48:44 -0700 Subject: [PATCH 054/348] fixed unsize --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 37 +++++++++++-------- libcrux-ml-kem/src/ind_cca.rs | 9 ++--- 2 files changed, 26 insertions(+), 20 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 8d81bed6a..a86c331ae 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -207,7 +207,6 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - let _:Prims.unit = admit () in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -314,16 +313,21 @@ let decapsulate shared_secret ciphertext in - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + let shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (Rust_primitives.unsize shared_secret <: t_Slice u8) + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + in + let result:t_Array u8 (sz 32) = shared_secret in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options @@ -416,10 +420,13 @@ let encapsulate shared_secret ciphertext in - let _:Prims.unit = admit () in - ciphertext, shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) = + ciphertext, shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 706c82160..e617ee712 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -162,8 +162,10 @@ fn generate_keypair< MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } - +// For some reason F* manages to assert the post-condition but fails to verify it +// as a part of function signature #[hax_lib::fstar::options("--z3rlimit 150")] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -225,13 +227,11 @@ fn encapsulate< let ciphertext = MlKemCiphertext::from(ciphertext); let shared_secret_array = Scheme::kdf::(shared_secret, &ciphertext); - // For some reason F* manages to assert the post-condition but fails to verify it - // as a part of function signature - hax_lib::fstar!("admit() (* Panic Free *)"); (ciphertext, shared_secret_array) } #[hax_lib::fstar::options("--z3rlimit 500")] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -274,7 +274,6 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - hax_lib::fstar!("admit() (* takes too long on CI *)"); let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); From e76f63bad89ae19c40e486db60ddf80473195d06 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 16 Aug 2024 18:39:29 -0700 Subject: [PATCH 055/348] fixed include --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 3566d3166..adcc6529f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,5 +1,5 @@ -ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.fst \ - Libcrux_ml_kem.Ind_cca.Unpacked.fst \ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cpa.fst \ Libcrux_ml_kem.Ind_cpa.fsti \ Libcrux_ml_kem.Invert_ntt.fst \ @@ -30,5 +30,5 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Traits.fst -FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/../hacl-star/specs +FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From bdc808d474b930f7b55b662e4cce04f0d01680fa Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 17 Aug 2024 04:58:13 +0000 Subject: [PATCH 056/348] Set post-conditions for Ind_cpa functions --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 52 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 51 +++++++++++++++--- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 11 ++++ .../fstar/spec/ML.KEM.Spec.fst.config.json | 25 +++++++++ .../proofs/fstar/spec/Spec.MLKEM.fst | 10 ++-- libcrux-ml-kem/src/ind_cpa.rs | 32 ++++++++++-- libcrux-ml-kem/src/polynomial.rs | 9 ++++ 7 files changed, 149 insertions(+), 41 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2a7815bf6..30de9643e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -571,8 +571,6 @@ let decrypt_unpacked #pop-options -#push-options "--admit_smt_queries true" - let decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -591,16 +589,18 @@ let decrypt <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector in - decrypt_unpacked v_K - v_CIPHERTEXT_SIZE - v_VECTOR_U_ENCODED_SIZE - v_U_COMPRESSION_FACTOR - v_V_COMPRESSION_FACTOR - #v_Vector - secret_key_unpacked - ciphertext - -#pop-options + let result:t_Array u8 (sz 32) = + decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_VECTOR_U_ENCODED_SIZE + v_U_COMPRESSION_FACTOR + v_V_COMPRESSION_FACTOR + #v_Vector + secret_key_unpacked + ciphertext + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #push-options "--admit_smt_queries true" @@ -707,8 +707,6 @@ let encrypt_unpacked #pop-options -#push-options "--admit_smt_queries true" - let encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -764,11 +762,13 @@ let encrypt <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector in - encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN - v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key_unpacked message randomness - -#pop-options + let result:t_Array u8 v_CIPHERTEXT_SIZE = + encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN + v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 + v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key_unpacked message randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #push-options "--admit_smt_queries true" @@ -852,8 +852,6 @@ let generate_keypair_unpacked #pop-options -#push-options "--admit_smt_queries true" - let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -889,8 +887,10 @@ let generate_keypair #v_Vector sk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt in - secret_key_serialized, public_key_serialized - <: - (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) - -#pop-options + let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = + secret_key_serialized, public_key_serialized + <: + (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 312b925ec..ecf16af93 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -37,7 +37,17 @@ val sample_vector_cbd_then_ntt (requires Spec.MLKEM.is_rank v_K /\ v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA == Spec.MLKEM.v_ETA1 v_K) - (fun _ -> Prims.l_True) + (ensures + fun temp_0_ -> + let x, ds:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + = + temp_0_ + in + v ds == v domain_separator + v v_K /\ + Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector x == + Spec.MLKEM.sample_vector_cbd_then_ntt #v_K + (Seq.slice prf_input 0 32) + (sz (v domain_separator))) /// Call [`compress_then_serialize_ring_element_u`] on each ring element. val compress_then_serialize_u @@ -51,7 +61,13 @@ val compress_then_serialize_u Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun out_future -> + let out_future:t_Slice u8 = out_future in + out_future == + Spec.MLKEM.compress_then_encode_u #v_K + #false + (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector input)) /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. @@ -64,7 +80,13 @@ val deserialize_then_decompress_u (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in + Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector res == + Spec.MLKEM.(vector_ntt (decode_then_decompress_u #v_K + #false + (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K)))))) /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. val deserialize_secret_key @@ -75,7 +97,11 @@ val deserialize_secret_key : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (requires Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K ) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in + Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector res == + Spec.MLKEM.vector_decode_12 #v_K #false secret_key) /// Call [`serialize_uncompressed_ring_element`] for each ring element. val serialize_secret_key @@ -85,7 +111,13 @@ val serialize_secret_key (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array u8 v_OUT_LEN) (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array u8 v_OUT_LEN = res in + res == + Spec.MLKEM.vector_encode_12 #v_K + #false + (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector key)) /// Concatenate `t` and `ρ` into the public key. val serialize_public_key @@ -99,7 +131,14 @@ val serialize_public_key Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in + res == + Seq.append (Spec.MLKEM.vector_encode_12 #v_K + #false + (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector tt_as_ntt)) + seed_for_a) /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 51dae0e12..da6a3b2ff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -36,6 +36,17 @@ type t_PolynomialRingElement (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_coefficients:t_Array v_Vector (sz 16) } +let to_spec_poly_t (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (p: t_PolynomialRingElement v_Vector) : Spec.MLKEM.polynomial false = + admit() + +let to_spec_array_poly_t (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (#r:Spec.MLKEM.rank) + (m:t_Array (t_PolynomialRingElement v_Vector) r) = + createi r (fun i -> to_spec_poly_t #v_Vector (m.[i])) + val impl__ZERO: #v_Vector: Type0 -> {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> diff --git a/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json b/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json new file mode 100644 index 000000000..2509bf529 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json @@ -0,0 +1,25 @@ +{ + "fstar_exe": "fstar.exe", + "options": [ + "--warn_error", + "-274-321-331", + "--cache_checked_modules", + "--query_stats", + "--record_hints", + "--log_queries", + "--cache_dir", + ".cache", + "--no_location_info", + "--use_hints" + ], + "include_dirs": [ + "${HACL_HOME}/lib", + "${HACL_HOME}/specs", + "${HAX_HOME}/proof-libs/fstar/rust_primitives", + "${HAX_HOME}/proof-libs/fstar/core", + "${HAX_HOME}/hax-lib/proofs/fstar/extraction", + "../../../../sys/platform/proofs/fstar/extraction", + "../../../../libcrux-sha3/proofs/fstar/extraction", + "../../../../libcrux-intrinsics/proofs/fstar/extraction" + ] +} diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index d145d2ac3..0ac7aac85 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -112,8 +112,6 @@ type polynomial (ntt:bool) = t_Array field_element (sz 256) type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r -type t_PolynomialRingElement = { f_coefficients:t_Array i32 (sz 256) } - let int_to_spec_fe (m:int) : field_element = let m_v = m % v v_FIELD_MODULUS in assert (m_v > - v v_FIELD_MODULUS); @@ -121,14 +119,14 @@ let int_to_spec_fe (m:int) : field_element = m_v + v v_FIELD_MODULUS else m_v -let to_spec_fe (m:i32) : field_element = +let to_spec_fe (m:i16) : field_element = int_to_spec_fe (v m) -let to_spec_poly (m:t_PolynomialRingElement) : (polynomial false) = - createi #field_element (sz 256) (fun i -> to_spec_fe (m.f_coefficients.[i])) +let to_spec_poly (m:t_Array i16 (sz 256)) : (polynomial false) = + createi #field_element (sz 256) (fun i -> to_spec_fe (m.[i])) let to_spec_vector (#r:rank) - (m:t_Array (t_PolynomialRingElement) r) + (m:t_Array (t_Array i16 (sz 256)) r) : (vector r false) = createi r (fun i -> to_spec_poly (m.[i])) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index a5368419d..30964fa4d 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -44,6 +44,11 @@ use unpacked::*; $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ length $seed_for_a == sz 32"))] +#[hax_lib::ensures(|res| + fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K #false + (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $t_as_ntt)) + $seed_for_a)") +)] pub(crate) fn serialize_public_key< const K: usize, const RANKED_BYTES_PER_RING_ELEMENT: usize, @@ -66,6 +71,10 @@ pub(crate) fn serialize_public_key< #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] +#[hax_lib::ensures(|res| + fstar!("$res == Spec.MLKEM.vector_encode_12 #$K #false + (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $key)") +)] fn serialize_secret_key( key: &[PolynomialRingElement; K], ) -> [u8; OUT_LEN] { @@ -117,6 +126,11 @@ fn sample_ring_element_cbd< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA == Spec.MLKEM.v_ETA1 $K"))] +#[hax_lib::ensures(|(x,ds)| + fstar!("v $ds == v $domain_separator + v $K /\\ + Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $x == + Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))") +)] fn sample_vector_cbd_then_ntt< const K: usize, const ETA: usize, @@ -226,7 +240,7 @@ pub(crate) fn generate_keypair_unpacked< } #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -270,6 +284,10 @@ pub(crate) fn generate_keypair< $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ $BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE $K"))] +#[hax_lib::ensures(|()| { + fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K #false + (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $input)") +})] fn compress_then_serialize_u< const K: usize, const OUT_LEN: usize, @@ -407,7 +425,7 @@ pub(crate) fn encrypt_unpacked< } #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA1 = Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ @@ -489,6 +507,10 @@ pub(crate) fn encrypt< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] +#[hax_lib::ensures(|res| + fstar!("Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $res == + Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K #false (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))") +)] fn deserialize_then_decompress_u< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -515,6 +537,10 @@ fn deserialize_then_decompress_u< #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] +#[hax_lib::ensures(|res| + fstar!("Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $res == + Spec.MLKEM.vector_decode_12 #$K #false $secret_key") +)] fn deserialize_secret_key( secret_key: &[u8], ) -> [PolynomialRingElement; K] { @@ -578,7 +604,7 @@ pub(crate) fn decrypt_unpacked< } #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index f7efc95a7..9d4313a02 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -16,6 +16,15 @@ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = #[cfg_attr(eurydice, derive(Clone, Copy))] #[cfg_attr(not(eurydice), derive(Clone))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_array_poly_t (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (#r:Spec.MLKEM.rank) + (m:t_Array (t_PolynomialRingElement v_Vector) r) = + createi r (fun i -> to_spec_poly_t #v_Vector (m.[i]))"))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_poly_t (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (p: t_PolynomialRingElement v_Vector) : Spec.MLKEM.polynomial false = + admit()"))] pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } From 5884e2a7e76475ccc1704c4486e7e163d8b9a920 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 16 Aug 2024 23:15:09 -0700 Subject: [PATCH 057/348] spec --- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst index bf9261111..f598ee0ff 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst @@ -32,11 +32,12 @@ let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) & bool = ind_cca_generate_keypair mlkem1024_rank randomness +#set-options "--z3rlimit 100" let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) & bool = + assert (v_CPA_CIPHERTEXT_SIZE mlkem1024_rank == sz 1568); ind_cca_encapsulate mlkem1024_rank public_key randomness - let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): t_Array u8 (sz 32) & bool = ind_cca_decapsulate mlkem1024_rank secret_key ciphertext @@ -51,6 +52,7 @@ let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 768) & t_Array u8 (sz 32)) & bool = + assert (v_CPA_CIPHERTEXT_SIZE mlkem512_rank == sz 768); ind_cca_encapsulate mlkem512_rank public_key randomness From 334fb31b9ba0f3a1f11c6cda92fcaf9353706df5 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 17 Aug 2024 07:40:18 +0000 Subject: [PATCH 058/348] Set post-conditions for matrix functions --- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 12 ++-- .../extraction/Libcrux_ml_kem.Matrix.fsti | 56 +++++++++++++++++-- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 10 +++- libcrux-ml-kem/src/ind_cpa.rs | 12 ++-- libcrux-ml-kem/src/matrix.rs | 38 +++++++++++++ libcrux-ml-kem/src/polynomial.rs | 9 ++- 6 files changed, 114 insertions(+), 23 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ecf16af93..540e14930 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -44,7 +44,7 @@ val sample_vector_cbd_then_ntt temp_0_ in v ds == v domain_separator + v v_K /\ - Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector x == + Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector x == Spec.MLKEM.sample_vector_cbd_then_ntt #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator))) @@ -67,7 +67,7 @@ val compress_then_serialize_u out_future == Spec.MLKEM.compress_then_encode_u #v_K #false - (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector input)) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input)) /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. @@ -83,7 +83,7 @@ val deserialize_then_decompress_u (ensures fun res -> let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in - Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector res == + Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res == Spec.MLKEM.(vector_ntt (decode_then_decompress_u #v_K #false (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K)))))) @@ -100,7 +100,7 @@ val deserialize_secret_key (ensures fun res -> let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in - Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector res == + Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res == Spec.MLKEM.vector_decode_12 #v_K #false secret_key) /// Call [`serialize_uncompressed_ring_element`] for each ring element. @@ -117,7 +117,7 @@ val serialize_secret_key res == Spec.MLKEM.vector_encode_12 #v_K #false - (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector key)) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key)) /// Concatenate `t` and `ρ` into the public key. val serialize_public_key @@ -137,7 +137,7 @@ val serialize_public_key res == Seq.append (Spec.MLKEM.vector_encode_12 #v_K #false - (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #v_Vector tt_as_ntt)) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt)) seed_for_a) /// This function implements Algorithm 14 of the diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index fdc3296c6..1937ab43a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -21,7 +21,14 @@ val compute_As_plus_e t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (requires Spec.MLKEM.is_rank v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in + let open Libcrux_ml_kem.Polynomial in + to_spec_vector_t res = + Spec.MLKEM.compute_As_plus_e_ntt (to_spec_matrix_t matrix_A) + (to_spec_vector_t s_as_ntt) + (to_spec_vector_t error_as_ntt)) /// Compute InverseNTT(tᵀ ◦ r\u{302}) + e₂ + message val compute_ring_element_v @@ -32,7 +39,18 @@ val compute_ring_element_v (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires Spec.MLKEM.is_rank v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = res in + let open Libcrux_ml_kem.Polynomial in + let tt_spec = to_spec_vector_t tt_as_ntt in + let r_spec = to_spec_vector_t r_as_ntt in + let e2_spec = to_spec_poly_t error_2_ in + let m_spec = to_spec_poly_t message in + let res_spec = to_spec_poly_t res in + res_spec == + Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #v_K tt_spec r_spec) e2_spec) + m_spec)) /// Compute u := InvertNTT(Aᵀ ◦ r\u{302}) + e₁ val compute_vector_u @@ -44,7 +62,16 @@ val compute_vector_u (r_as_ntt error_1_: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (requires Spec.MLKEM.is_rank v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in + let open Libcrux_ml_kem.Polynomial in + let a_spec = to_spec_matrix_t a_as_ntt in + let r_spec = to_spec_vector_t r_as_ntt in + let e_spec = to_spec_vector_t error_1_ in + let res_spec = to_spec_vector_t res in + res_spec == + Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)) /// The following functions compute various expressions involving /// vectors and matrices. The computation of these expressions has been @@ -59,7 +86,16 @@ val compute_message t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires Spec.MLKEM.is_rank v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = res in + let open Libcrux_ml_kem.Polynomial in + let secret_spec = to_spec_vector_t secret_as_ntt in + let u_spec = to_spec_vector_t u_as_ntt in + let v_spec = to_spec_poly_t v in + to_spec_poly_t res == + Spec.MLKEM.(poly_sub v_spec + (poly_inv_ntt #v_K (vector_dot_product_ntt #v_K secret_spec u_spec)))) val sample_matrix_A (v_K: usize) @@ -71,4 +107,14 @@ val sample_matrix_A : Prims.Pure (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (requires Spec.MLKEM.is_rank v_K) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + res + in + let matrix_A = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in + if transpose + then Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == matrix_A + else + Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == Spec.MLKEM.matrix_transpose matrix_A) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index da6a3b2ff..6ba50a14f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -41,12 +41,16 @@ let to_spec_poly_t (#v_Vector: Type0) (p: t_PolynomialRingElement v_Vector) : Spec.MLKEM.polynomial false = admit() -let to_spec_array_poly_t (#v_Vector: Type0) +let to_spec_vector_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (#r:Spec.MLKEM.rank) - (m:t_Array (t_PolynomialRingElement v_Vector) r) = + (m:t_Array (t_PolynomialRingElement v_Vector) r) : Spec.MLKEM.vector r false = createi r (fun i -> to_spec_poly_t #v_Vector (m.[i])) +let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r false = + createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i])) + val impl__ZERO: #v_Vector: Type0 -> {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 30964fa4d..d27098532 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -46,7 +46,7 @@ use unpacked::*; length $seed_for_a == sz 32"))] #[hax_lib::ensures(|res| fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K #false - (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $t_as_ntt)) + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt)) $seed_for_a)") )] pub(crate) fn serialize_public_key< @@ -73,7 +73,7 @@ pub(crate) fn serialize_public_key< $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| fstar!("$res == Spec.MLKEM.vector_encode_12 #$K #false - (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $key)") + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)") )] fn serialize_secret_key( key: &[PolynomialRingElement; K], @@ -128,7 +128,7 @@ fn sample_ring_element_cbd< $ETA == Spec.MLKEM.v_ETA1 $K"))] #[hax_lib::ensures(|(x,ds)| fstar!("v $ds == v $domain_separator + v $K /\\ - Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $x == + Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $x == Spec.MLKEM.sample_vector_cbd_then_ntt #$K (Seq.slice $prf_input 0 32) (sz (v $domain_separator))") )] fn sample_vector_cbd_then_ntt< @@ -286,7 +286,7 @@ pub(crate) fn generate_keypair< $BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE $K"))] #[hax_lib::ensures(|()| { fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K #false - (Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $input)") + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)") })] fn compress_then_serialize_u< const K: usize, @@ -508,7 +508,7 @@ pub(crate) fn encrypt< $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] #[hax_lib::ensures(|res| - fstar!("Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $res == + fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K #false (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))") )] fn deserialize_then_decompress_u< @@ -538,7 +538,7 @@ fn deserialize_then_decompress_u< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| - fstar!("Libcrux_ml_kem.Polynomial.to_spec_array_poly_t #$:Vector $res == + fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == Spec.MLKEM.vector_decode_12 #$K #false $secret_key") )] fn deserialize_secret_key( diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 366a53ac5..22146a4c7 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -7,6 +7,11 @@ use crate::{ #[allow(non_snake_case)] #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] +#[hax_lib::ensures(|res| + fstar!("let matrix_A = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in + if $transpose then Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == matrix_A + else Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == Spec.MLKEM.matrix_transpose matrix_A") +)] pub(crate) fn sample_matrix_A>( seed: [u8; 34], transpose: bool, @@ -45,6 +50,14 @@ pub(crate) fn sample_matrix_A( v: &PolynomialRingElement, secret_as_ntt: &[PolynomialRingElement; K], @@ -67,6 +80,15 @@ pub(crate) fn compute_message( #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] +#[hax_lib::ensures(|res| + fstar!("let open Libcrux_ml_kem.Polynomial in + let tt_spec = to_spec_vector_t $t_as_ntt in + let r_spec = to_spec_vector_t $r_as_ntt in + let e2_spec = to_spec_poly_t $error_2 in + let m_spec = to_spec_poly_t $message in + let res_spec = to_spec_poly_t $res in + res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec)") +)] pub(crate) fn compute_ring_element_v( t_as_ntt: &[PolynomialRingElement; K], r_as_ntt: &[PolynomialRingElement; K], @@ -90,6 +112,14 @@ pub(crate) fn compute_ring_element_v( #[inline(always)] #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] +#[hax_lib::ensures(|res| + fstar!("let open Libcrux_ml_kem.Polynomial in + let a_spec = to_spec_matrix_t $a_as_ntt in + let r_spec = to_spec_vector_t $r_as_ntt in + let e_spec = to_spec_vector_t $error_1 in + let res_spec = to_spec_vector_t $res in + res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)") +)] pub(crate) fn compute_vector_u( a_as_ntt: &[[PolynomialRingElement; K]; K], r_as_ntt: &[PolynomialRingElement; K], @@ -119,6 +149,14 @@ pub(crate) fn compute_vector_u( #[allow(non_snake_case)] #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] +#[hax_lib::ensures(|res| + fstar!("let open Libcrux_ml_kem.Polynomial in + to_spec_vector_t $res = + Spec.MLKEM.compute_As_plus_e_ntt + (to_spec_matrix_t $matrix_A) + (to_spec_vector_t $s_as_ntt) + (to_spec_vector_t $error_as_ntt)") +)] pub(crate) fn compute_As_plus_e( matrix_A: &[[PolynomialRingElement; K]; K], s_as_ntt: &[PolynomialRingElement; K], diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 9d4313a02..daf7f0667 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -16,10 +16,13 @@ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = #[cfg_attr(eurydice, derive(Clone, Copy))] #[cfg_attr(not(eurydice), derive(Clone))] -#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_array_poly_t (#v_Vector: Type0) +#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (#r:Spec.MLKEM.rank) - (m:t_Array (t_PolynomialRingElement v_Vector) r) = + (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r false = + createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i]))"))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_vector_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (m:t_Array (t_PolynomialRingElement v_Vector) r) : Spec.MLKEM.vector r false = createi r (fun i -> to_spec_poly_t #v_Vector (m.[i]))"))] #[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_poly_t (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} From 72c8faeaf2f8771011dfac834ff3acfad872a93f Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 17 Aug 2024 07:27:56 -0700 Subject: [PATCH 059/348] bump rlimit --- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index f33b2f4c0..caa0eff42 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -1,5 +1,5 @@ module Spec.MLKEM -#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open FStar.Mul open Core From 60b28afb7bf09eeff64f7bd63b12a821496645f2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 17 Aug 2024 07:49:25 -0700 Subject: [PATCH 060/348] spec fixes --- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 46 +++++++++---------- .../proofs/fstar/spec/Spec.MLKEM.fst | 41 +++++++++-------- 2 files changed, 44 insertions(+), 43 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index 2bfc58384..31fb4837b 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -14,9 +14,9 @@ type rank = r:usize{is_rank r} (** MLKEM Math and Sampling *) type field_element = n:nat{n < v v_FIELD_MODULUS} -type polynomial (ntt:bool) = t_Array field_element (sz 256) -type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r -type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r +type polynomial = t_Array field_element (sz 256) +type vector (r:rank) = t_Array polynomial r +type matrix (r:rank) = t_Array (vector r) r val field_add: field_element -> field_element -> field_element let field_add a b = (a + b) % v v_FIELD_MODULUS @@ -30,10 +30,10 @@ let field_neg a = (0 - a) % v v_FIELD_MODULUS val field_mul: field_element -> field_element -> field_element let field_mul a b = (a * b) % v v_FIELD_MODULUS -val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +val poly_add: polynomial -> polynomial -> polynomial let poly_add a b = map2 field_add a b -val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +val poly_sub: polynomial -> polynomial -> polynomial let poly_sub a b = map2 field_sub a b @@ -68,7 +68,7 @@ let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let a = field_add a t in (a,b) -let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = +let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (128 / len) - 1 in Rust_primitives.Arrays.createi (sz 256) (fun i -> @@ -78,7 +78,7 @@ let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in if idx < len then a_ntt else b_ntt) -val poly_ntt: polynomial false -> polynomial true +val poly_ntt: polynomial -> polynomial let poly_ntt p = let p = poly_ntt_layer p 7 in let p = poly_ntt_layer p 6 in @@ -95,7 +95,7 @@ let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let b = field_mul b_minus_a zetas.[sz i] in (a,b) -let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = +let poly_inv_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (256 / len) - 1 in Rust_primitives.Arrays.createi (sz 256) (fun i -> @@ -105,7 +105,7 @@ let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in if idx < len then a_ntt else b_ntt) -val poly_inv_ntt: polynomial true -> polynomial false +val poly_inv_ntt: polynomial -> polynomial let poly_inv_ntt p = let p = poly_inv_ntt_layer p 1 in let p = poly_inv_ntt_layer p 2 in @@ -121,7 +121,7 @@ let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in (c0,c1) -val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true +val poly_mul_ntt: polynomial -> polynomial -> polynomial let poly_mul_ntt a b = Rust_primitives.Arrays.createi (sz 256) (fun i -> let a0 = a.[sz (2 * (v i / 2))] in @@ -134,36 +134,36 @@ let poly_mul_ntt a b = if v i % 2 = 0 then c0 else c1) -val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt +val vector_add: #r:rank -> vector r -> vector r -> vector r let vector_add #p a b = map2 poly_add a b -val vector_ntt: #r:rank -> vector r false -> vector r true +val vector_ntt: #r:rank -> vector r -> vector r let vector_ntt #p v = map_array poly_ntt v -val vector_inv_ntt: #r:rank -> vector r true -> vector r false +val vector_inv_ntt: #r:rank -> vector r -> vector r let vector_inv_ntt #p v = map_array poly_inv_ntt v -val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true +val vector_mul_ntt: #r:rank -> vector r -> vector r -> vector r let vector_mul_ntt #p a b = map2 poly_mul_ntt a b -val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt +val vector_sum: #r:rank -> vector r -> polynomial let vector_sum #r a = repeati (r -! sz 1) (fun i x -> assert (v i < v r - 1); poly_add x (a.[i +! sz 1])) a.[sz 0] -val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true +val vector_dot_product_ntt: #r:rank -> vector r -> vector r -> polynomial let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) -val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt +val matrix_transpose: #r:rank -> matrix r -> matrix r let matrix_transpose #r m = createi r (fun i -> createi r (fun j -> m.[j].[i])) -val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true +val matrix_vector_mul_ntt: #r:rank -> matrix r -> vector r -> vector r let matrix_vector_mul_ntt #r m v = createi r (fun i -> vector_dot_product_ntt m.[i] v) -val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true +val compute_As_plus_e_ntt: #r:rank -> a:matrix r -> s:vector r -> e:vector r -> vector r let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e @@ -223,15 +223,15 @@ let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d in p -let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p -let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v +let coerce_polynomial_12 (p:polynomial): polynomial_d 12 = p +let coerce_vector_12 (#r:rank) (v:vector r): vector_d r 12 = v -let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) +let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d)) = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients in byte_encode d coefs -let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt +let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial = map_array (decompress_d d) (byte_decode d b) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index caa0eff42..44ae4d7af 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -106,7 +106,7 @@ type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) assume val sample_max: n:usize{v n < pow2 32 /\ v n >= 128 * 3 /\ v n % 3 = 0} -val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial true & bool) +val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial & bool) let sample_polynomial_ntt seed = let randomness = v_XOF sample_max seed in let bv = bytes_to_bits randomness in @@ -114,10 +114,11 @@ let sample_polynomial_ntt seed = let bv: bit_vec ((v (sz ((v sample_max / 3) * 2))) * 12) = retype_bit_vector bv in let i16s = bit_vec_to_nat_array #(sz ((v sample_max / 3) * 2)) 12 bv in assert ((v sample_max / 3) * 2 >= 256); - let poly0: polynomial true = Seq.create 256 0 in + let poly0: polynomial = Seq.create 256 0 in + let index_t = n:nat{n <= 256} in let (sampled, poly1) = - repeati #((n:nat{n <= 256}) & polynomial true) (sz ((v sample_max / 3) * 2)) - (fun i (sampled,acc) -> + repeati #(index_t & polynomial) (sz ((v sample_max / 3) * 2)) + (fun i (sampled,acc) -> if sampled < 256 then let sample = Seq.index i16s (v i) in if sample < 3329 then @@ -127,13 +128,13 @@ let sample_polynomial_ntt seed = (0,poly0) in if sampled < 256 then poly0, false else poly1, true -let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial true & bool = +let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial & bool = let seed34 = Seq.append seed (Seq.create 2 0uy) in let seed34 = Rust_primitives.Hax.update_at seed34 (sz 32) (mk_int #u8_inttype (v i)) in let seed34 = Rust_primitives.Hax.update_at seed34 (sz 33) (mk_int #u8_inttype (v j)) in sample_polynomial_ntt seed34 -val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r true & bool) +val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r & bool) let sample_matrix_A_ntt #r seed = let m = createi r (fun i -> @@ -148,36 +149,36 @@ let sample_matrix_A_ntt #r seed = b && v) b) true in (m, sufficient_randomness) -assume val sample_poly_cbd: v_ETA:usize{v v_ETA == 2 \/ v v_ETA == 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false +assume val sample_poly_cbd: v_ETA:usize{v v_ETA == 2 \/ v v_ETA == 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial open Rust_primitives.Integers -val sample_poly_cbd2: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +val sample_poly_cbd2: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial let sample_poly_cbd2 #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE r) prf_input in sample_poly_cbd (v_ETA2 r) prf_output -val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial let sample_poly_cbd1 #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in let prf_output = v_PRF (v_ETA1_RANDOMNESS_SIZE r) prf_input in sample_poly_cbd (v_ETA1 r) prf_output -let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = +let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r = createi r (fun i -> sample_poly_cbd1 #r seed (domain_sep +! i)) -let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = +let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r = createi r (fun i -> sample_poly_cbd2 #r seed (domain_sep +! i)) -let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = +let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r = vector_ntt (sample_vector_cbd1 #r seed domain_sep) -let vector_encode_12 (#r:rank) (#ntt:bool) (v: vector r ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) +let vector_encode_12 (#r:rank) (v: vector r) : t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) = let s: t_Array (t_Array _ (sz 384)) r = map_array (byte_encode 12) (coerce_vector_12 v) in flatten s -let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r)): vector r ntt +let vector_decode_12 (#r:rank) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r)): vector r = createi r (fun block -> let block_size = (sz (32 * 12)) in let slice = Seq.slice arr (v block * v block_size) @@ -185,17 +186,17 @@ let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_ byte_decode 12 slice ) -let compress_then_encode_message #ntt (p:polynomial ntt) : t_Array u8 v_SHARED_SECRET_SIZE +let compress_then_encode_message (p:polynomial) : t_Array u8 v_SHARED_SECRET_SIZE = compress_then_byte_encode 1 p -let decode_then_decompress_message #ntt (b:t_Array u8 v_SHARED_SECRET_SIZE): polynomial ntt +let decode_then_decompress_message (b:t_Array u8 v_SHARED_SECRET_SIZE): polynomial = byte_decode_then_decompress 1 b -let compress_then_encode_u (#r:rank) (#ntt:bool) (vec: vector r ntt): t_Array u8 (v_C1_SIZE r) +let compress_then_encode_u (#r:rank) (vec: vector r): t_Array u8 (v_C1_SIZE r) = let d = v (v_VECTOR_U_COMPRESSION_FACTOR r) in flatten (map_array (compress_then_byte_encode d) vec) -let decode_then_decompress_u (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE r)): vector r ntt +let decode_then_decompress_u (#r:rank) (arr: t_Array u8 (v_C1_SIZE r)): vector r = let d = v_VECTOR_U_COMPRESSION_FACTOR r in createi r (fun block -> let block_size = v_C1_BLOCK_SIZE r in @@ -204,10 +205,10 @@ let decode_then_decompress_u (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE r byte_decode_then_decompress (v d) slice ) -let compress_then_encode_v (#r:rank) (#ntt:bool): polynomial ntt -> t_Array u8 (v_C2_SIZE r) +let compress_then_encode_v (#r:rank): polynomial -> t_Array u8 (v_C2_SIZE r) = compress_then_byte_encode (v (v_VECTOR_V_COMPRESSION_FACTOR r)) -let decode_then_decompress_v (#r:rank) (#ntt:bool): t_Array u8 (v_C2_SIZE r) -> polynomial ntt +let decode_then_decompress_v (#r:rank): t_Array u8 (v_C2_SIZE r) -> polynomial = byte_decode_then_decompress (v (v_VECTOR_V_COMPRESSION_FACTOR r)) (** IND-CPA Functions *) From dfef7d40ac791f0da2b04362deaf1b1a7b7ffb08 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 17 Aug 2024 23:31:37 +0000 Subject: [PATCH 061/348] Use valid return value in matrix.rs --- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 10 +++------- .../fstar/extraction/Libcrux_ml_kem.Matrix.fsti | 12 +++++++----- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 5 +++++ libcrux-ml-kem/src/ind_cpa.rs | 17 +++++++++-------- libcrux-ml-kem/src/matrix.rs | 6 +++--- 5 files changed, 27 insertions(+), 23 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ef93cbe75..4f8adb13f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -36,7 +36,7 @@ val sample_vector_cbd_then_ntt : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires Spec.MLKEM.is_rank v_K /\ v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ - v_ETA == Spec.MLKEM.v_ETA1 v_K) + v_ETA == Spec.MLKEM.v_ETA1 v_K /\ v domain_separator < 2 * v v_K) (ensures fun temp_0_ -> let x, ds:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) @@ -63,10 +63,9 @@ val compress_then_serialize_u v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) (ensures fun temp_0_ -> - let out_future, ():(t_Slice u8 & Prims.unit) = temp_0_ in + let out_future:(t_Slice u8) = temp_0_ in out_future == Spec.MLKEM.compress_then_encode_u #v_K - #false (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input)) /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element @@ -85,7 +84,6 @@ val deserialize_then_decompress_u let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res == Spec.MLKEM.(vector_ntt (decode_then_decompress_u #v_K - #false (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K)))))) /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. @@ -101,7 +99,7 @@ val deserialize_secret_key fun res -> let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res == - Spec.MLKEM.vector_decode_12 #v_K #false secret_key) + Spec.MLKEM.vector_decode_12 #v_K secret_key) /// Call [`serialize_uncompressed_ring_element`] for each ring element. val serialize_secret_key @@ -116,7 +114,6 @@ val serialize_secret_key let res:t_Array u8 v_OUT_LEN = res in res == Spec.MLKEM.vector_encode_12 #v_K - #false (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key)) /// Concatenate `t` and `ρ` into the public key. @@ -136,7 +133,6 @@ val serialize_public_key let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in res == Seq.append (Spec.MLKEM.vector_encode_12 #v_K - #false (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt)) seed_for_a) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 741b09e74..8eb07756d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -113,8 +113,10 @@ val sample_matrix_A v_K = res in - let matrix_A = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in - if transpose - then Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == matrix_A - else - Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == Spec.MLKEM.matrix_transpose matrix_A) + let matrix_A, valid = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in + valid ==> + (if transpose + then Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == matrix_A + else + Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == Spec.MLKEM.matrix_transpose matrix_A + )) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index 15b158b8a..a1b9d71ac 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -55,6 +55,11 @@ let to_spec_vector (#r:rank) : (vector r) = createi r (fun i -> to_spec_poly (m.[i])) +let to_spec_matrix (#r:rank) + (m:t_Array (t_Array (t_Array i16 (sz 256)) r) r) + : (matrix r) = + createi r (fun i -> to_spec_vector (m.[i])) + (* Specifying NTT: bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] zetas = [pow(17,x) % 3329 for x in bitrev7] diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index bc834c7f0..53e10135b 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -45,7 +45,7 @@ use unpacked::*; $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ length $seed_for_a == sz 32"))] #[hax_lib::ensures(|res| - fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K #false + fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt)) $seed_for_a)") )] @@ -72,7 +72,7 @@ pub(crate) fn serialize_public_key< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| - fstar!("$res == Spec.MLKEM.vector_encode_12 #$K #false + fstar!("$res == Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)") )] fn serialize_secret_key( @@ -125,7 +125,8 @@ fn sample_ring_element_cbd< #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ - $ETA == Spec.MLKEM.v_ETA1 $K"))] + $ETA == Spec.MLKEM.v_ETA1 $K /\\ + v $domain_separator < 2 * v $K"))] #[hax_lib::ensures(|(x,ds)| fstar!("v $ds == v $domain_separator + v $K /\\ Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $x == @@ -285,10 +286,10 @@ pub(crate) fn generate_keypair< $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ $BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE $K"))] -#[hax_lib::ensures(|()| { - fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K #false +#[hax_lib::ensures(|()| + fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)") -})] +)] fn compress_then_serialize_u< const K: usize, const OUT_LEN: usize, @@ -511,7 +512,7 @@ pub(crate) fn encrypt< $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] #[hax_lib::ensures(|res| fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == - Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K #false (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))") + Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))") )] fn deserialize_then_decompress_u< const K: usize, @@ -541,7 +542,7 @@ fn deserialize_then_decompress_u< length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == - Spec.MLKEM.vector_decode_12 #$K #false $secret_key") + Spec.MLKEM.vector_decode_12 #$K $secret_key") )] fn deserialize_secret_key( secret_key: &[u8], diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index d0caac742..d4f11c3fc 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -8,9 +8,9 @@ use crate::{ #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| - fstar!("let matrix_A = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in - if $transpose then Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == matrix_A - else Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == Spec.MLKEM.matrix_transpose matrix_A") + fstar!("let (matrix_A, valid) = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in + valid ==> (if $transpose then Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == matrix_A + else Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == Spec.MLKEM.matrix_transpose matrix_A)") )] pub(crate) fn sample_matrix_A>( seed: [u8; 34], From f8f78bd98a1b8fc3d76d763b04c3d90890d5e43b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 17 Aug 2024 21:24:33 -0700 Subject: [PATCH 062/348] fixes --- .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti | 9 +++------ .../fstar/extraction/Libcrux_ml_kem.Matrix.fsti | 12 +++++++----- libcrux-ml-kem/src/ind_cpa.rs | 12 ++++++------ libcrux-ml-kem/src/matrix.rs | 5 +++-- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ef93cbe75..2f1bbd227 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -63,10 +63,9 @@ val compress_then_serialize_u v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) (ensures fun temp_0_ -> - let out_future, ():(t_Slice u8 & Prims.unit) = temp_0_ in + let out_future:t_Slice u8 = temp_0_ in (* hax bug *) out_future == Spec.MLKEM.compress_then_encode_u #v_K - #false (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input)) /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element @@ -85,7 +84,6 @@ val deserialize_then_decompress_u let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res == Spec.MLKEM.(vector_ntt (decode_then_decompress_u #v_K - #false (Seq.slice ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE v_K)))))) /// Call [`deserialize_to_uncompressed_ring_element`] for each ring element. @@ -101,7 +99,7 @@ val deserialize_secret_key fun res -> let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector res == - Spec.MLKEM.vector_decode_12 #v_K #false secret_key) + Spec.MLKEM.vector_decode_12 #v_K secret_key) /// Call [`serialize_uncompressed_ring_element`] for each ring element. val serialize_secret_key @@ -116,7 +114,7 @@ val serialize_secret_key let res:t_Array u8 v_OUT_LEN = res in res == Spec.MLKEM.vector_encode_12 #v_K - #false + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key)) /// Concatenate `t` and `ρ` into the public key. @@ -136,7 +134,6 @@ val serialize_public_key let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in res == Seq.append (Spec.MLKEM.vector_encode_12 #v_K - #false (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt)) seed_for_a) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 741b09e74..8eb07756d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -113,8 +113,10 @@ val sample_matrix_A v_K = res in - let matrix_A = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in - if transpose - then Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == matrix_A - else - Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == Spec.MLKEM.matrix_transpose matrix_A) + let matrix_A, valid = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in + valid ==> + (if transpose + then Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == matrix_A + else + Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == Spec.MLKEM.matrix_transpose matrix_A + )) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index bc834c7f0..87f14d81f 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -45,7 +45,7 @@ use unpacked::*; $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ length $seed_for_a == sz 32"))] #[hax_lib::ensures(|res| - fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K #false + fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt)) $seed_for_a)") )] @@ -72,7 +72,7 @@ pub(crate) fn serialize_public_key< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| - fstar!("$res == Spec.MLKEM.vector_encode_12 #$K #false + fstar!("$res == Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)") )] fn serialize_secret_key( @@ -285,8 +285,8 @@ pub(crate) fn generate_keypair< $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ $BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE $K"))] -#[hax_lib::ensures(|()| { - fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K #false +#[hax_lib::ensures(|_| { + fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)") })] fn compress_then_serialize_u< @@ -511,7 +511,7 @@ pub(crate) fn encrypt< $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] #[hax_lib::ensures(|res| fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == - Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K #false (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))") + Spec.MLKEM.(vector_ntt (decode_then_decompress_u #$K (Seq.slice $ciphertext 0 (v (Spec.MLKEM.v_C1_SIZE $K)))))") )] fn deserialize_then_decompress_u< const K: usize, @@ -541,7 +541,7 @@ fn deserialize_then_decompress_u< length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == - Spec.MLKEM.vector_decode_12 #$K #false $secret_key") + Spec.MLKEM.vector_decode_12 #$K $secret_key") )] fn deserialize_secret_key( secret_key: &[u8], diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index d0caac742..fa35dcf4d 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -8,9 +8,10 @@ use crate::{ #[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| - fstar!("let matrix_A = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in + fstar!("let (matrix_A, valid) = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in + valid ==> ( if $transpose then Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == matrix_A - else Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == Spec.MLKEM.matrix_transpose matrix_A") + else Libcrux_ml_kem.Polynomial.to_spec_matrix_t $res == Spec.MLKEM.matrix_transpose matrix_A)") )] pub(crate) fn sample_matrix_A>( seed: [u8; 34], From 0f400626739febac00e1291eead5b793db04c1a9 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 18 Aug 2024 05:14:41 +0000 Subject: [PATCH 063/348] Add post-conditions for mlkem512/768/1024 --- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 27 ++++++++++++++++--- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 27 ++++++++++++++++--- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 27 ++++++++++++++++--- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/mlkem1024.rs | 13 +++++++++ libcrux-ml-kem/src/mlkem512.rs | 13 +++++++++ libcrux-ml-kem/src/mlkem768.rs | 13 +++++++++ 7 files changed, 112 insertions(+), 10 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index d85dd7674..04b7b047e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -75,7 +75,15 @@ val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 val decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + Prims.l_True + (ensures + fun res -> + let res:t_Array u8 (sz 32) = res in + let shared_secret, valid = + Spec.MLKEM.Instances.mlkem1024_decapsulate private_key.f_value ciphertext.f_value + in + valid ==> res == shared_secret) /// Encapsulate ML-KEM 1024 /// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. @@ -86,7 +94,14 @@ val encapsulate (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = res in + let (ciphertext, shared_secret), valid = + Spec.MLKEM.Instances.mlkem1024_encapsulate public_key.f_value randomness + in + let res_ciphertext, res_shared_secret = res in + valid ==> (res_ciphertext.f_value == ciphertext /\ res_shared_secret == shared_secret)) /// Generate ML-KEM 1024 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size @@ -95,4 +110,10 @@ val encapsulate val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = res in + let (secret_key, public_key), valid = + Spec.MLKEM.Instances.mlkem1024_generate_keypair randomness + in + valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index 5000bbfeb..ad9388559 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -75,7 +75,15 @@ val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 8 val decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + Prims.l_True + (ensures + fun res -> + let res:t_Array u8 (sz 32) = res in + let shared_secret, valid = + Spec.MLKEM.Instances.mlkem512_decapsulate private_key.f_value ciphertext.f_value + in + valid ==> res == shared_secret) /// Encapsulate ML-KEM 512 /// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. @@ -86,7 +94,14 @@ val encapsulate (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = res in + let (ciphertext, shared_secret), valid = + Spec.MLKEM.Instances.mlkem512_encapsulate public_key.f_value randomness + in + let res_ciphertext, res_shared_secret = res in + valid ==> (res_ciphertext.f_value == ciphertext /\ res_shared_secret == shared_secret)) /// Generate ML-KEM 512 Key Pair /// The input is a byte array of size @@ -95,4 +110,10 @@ val encapsulate val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = res in + let (secret_key, public_key), valid = + Spec.MLKEM.Instances.mlkem512_generate_keypair randomness + in + valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index f8f0efabb..156654afd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -75,7 +75,15 @@ val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1 val decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + Prims.l_True + (ensures + fun res -> + let res:t_Array u8 (sz 32) = res in + let shared_secret, valid = + Spec.MLKEM.Instances.mlkem768_decapsulate private_key.f_value ciphertext.f_value + in + valid ==> res == shared_secret) /// Encapsulate ML-KEM 768 /// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. @@ -86,7 +94,14 @@ val encapsulate (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = res in + let (ciphertext, shared_secret), valid = + Spec.MLKEM.Instances.mlkem768_encapsulate public_key.f_value randomness + in + let res_ciphertext, res_shared_secret = res in + valid ==> (res_ciphertext.f_value == ciphertext /\ res_shared_secret == shared_secret)) /// Generate ML-KEM 768 Key Pair /// Generate an ML-KEM key pair. The input is a byte array of size @@ -95,4 +110,10 @@ val encapsulate val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = res in + let (secret_key, public_key), valid = + Spec.MLKEM.Instances.mlkem768_generate_keypair randomness + in + valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 2fd3def5d..08acceb02 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -286,7 +286,7 @@ pub(crate) fn generate_keypair< $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ $BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE $K"))] -#[hax_lib::ensures(|_| { +#[hax_lib::ensures(|_| fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)") )] diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index cf5158a68..dcd227715 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -328,6 +328,10 @@ pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)") +)] pub fn generate_key_pair( randomness: [u8; KEY_GENERATION_SEED_SIZE], ) -> MlKemKeyPair { @@ -348,6 +352,11 @@ pub fn generate_key_pair( /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(not(eurydice))] +#[hax_lib::ensures(|res| + fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem1024_encapsulate ${public_key}.f_value $randomness in + let (res_ciphertext, res_shared_secret) = $res in + valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)") +)] pub fn encapsulate( public_key: &MlKem1024PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -374,6 +383,10 @@ pub fn encapsulate( /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. #[cfg(not(eurydice))] +#[hax_lib::ensures(|res| + fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem1024_decapsulate ${private_key}.f_value ${ciphertext}.f_value in + valid ==> $res == shared_secret") +)] pub fn decapsulate( private_key: &MlKem1024PrivateKey, ciphertext: &MlKem1024Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 1ef9bd691..849f866ab 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -321,6 +321,10 @@ pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)") +)] pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512KeyPair { multiplexing::generate_keypair::< RANK_512, @@ -339,6 +343,11 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512 /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(not(eurydice))] +#[hax_lib::ensures(|res| + fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem512_encapsulate ${public_key}.f_value $randomness in + let (res_ciphertext, res_shared_secret) = $res in + valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)") +)] pub fn encapsulate( public_key: &MlKem512PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -365,6 +374,10 @@ pub fn encapsulate( /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. #[cfg(not(eurydice))] +#[hax_lib::ensures(|res| + fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem512_decapsulate ${private_key}.f_value ${ciphertext}.f_value in + valid ==> $res == shared_secret") +)] pub fn decapsulate( private_key: &MlKem512PrivateKey, ciphertext: &MlKem512Ciphertext, diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 8595f7272..67a4e7ee3 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -324,6 +324,10 @@ pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)") +)] pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768KeyPair { multiplexing::generate_keypair::< RANK_768, @@ -342,6 +346,11 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768 /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(not(eurydice))] +#[hax_lib::ensures(|res| + fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem768_encapsulate ${public_key}.f_value $randomness in + let (res_ciphertext, res_shared_secret) = $res in + valid ==> (res_ciphertext.f_value == ciphertext /\\ res_shared_secret == shared_secret)") +)] pub fn encapsulate( public_key: &MlKem768PublicKey, randomness: [u8; SHARED_SECRET_SIZE], @@ -368,6 +377,10 @@ pub fn encapsulate( /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. #[cfg(not(eurydice))] +#[hax_lib::ensures(|res| + fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem768_decapsulate ${private_key}.f_value ${ciphertext}.f_value in + valid ==> $res == shared_secret") +)] pub fn decapsulate( private_key: &MlKem768PrivateKey, ciphertext: &MlKem768Ciphertext, From 0e5b4e2a2fdc518f7ff7df825cd1a4da95d2ac40 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 18 Aug 2024 04:28:04 -0700 Subject: [PATCH 064/348] admitted decap --- Cargo.lock | 67 ++-- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 341 ++++++++++-------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 3 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 222 ++++++------ .../extraction/Libcrux_ml_kem.Sampling.fst | 96 ++--- .../extraction/Libcrux_ml_kem.Serialize.fst | 274 ++++++++------ .../proofs/fstar/extraction/Makefile | 3 + libcrux-ml-kem/src/helper.rs | 4 +- libcrux-ml-kem/src/polynomial.rs | 4 +- 10 files changed, 567 insertions(+), 449 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b7b58c2c7..023030c24 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.74", + "syn 2.0.75", "which", ] @@ -191,12 +191,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.10" +version = "1.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" +checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -289,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.15" +version = "4.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" +checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" dependencies = [ "clap_builder", "clap_derive", @@ -318,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] @@ -482,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] @@ -701,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#2a17a0beefedf59c4942064e6d65e883d7fc26f3" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,20 +712,20 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#2a17a0beefedf59c4942064e6d65e883d7fc26f3" dependencies = [ "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#2a17a0beefedf59c4942064e6d65e883d7fc26f3" dependencies = [ "proc-macro2", "quote", @@ -741,9 +742,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.9" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" [[package]] name = "hex" @@ -798,9 +799,9 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ "hermit-abi", "libc", @@ -888,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.157" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "374af5f94e54fa97cf75e945cce8a6b201e88a1a07e688b47dfd2a59c66dbd86" [[package]] name = "libcrux" @@ -1201,7 +1202,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] @@ -1368,7 +1369,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] @@ -1619,29 +1620,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.207" +version = "1.0.208" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" +checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.207" +version = "1.0.208" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" +checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] name = "serde_json" -version = "1.0.124" +version = "1.0.125" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" +checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" dependencies = [ "itoa", "memchr", @@ -1733,9 +1734,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.74" +version = "2.0.75" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" +checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" dependencies = [ "proc-macro2", "quote", @@ -1854,7 +1855,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", "wasm-bindgen-shared", ] @@ -1888,7 +1889,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1922,7 +1923,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] @@ -2080,7 +2081,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] [[package]] @@ -2100,5 +2101,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.75", ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index f88152db0..97ba9aea5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -207,6 +207,7 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = + let _:Prims.unit = admit () in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -326,7 +327,6 @@ let decapsulate (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) in let result:t_Array u8 (sz 32) = shared_secret in - let _:Prims.unit = admit () in result #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 62e6fa187..f357ae802 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -215,65 +215,63 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - input - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Rust_primitives.unsize input + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - )) + Core.Ops.Range.t_Range usize) out - (fun out temp_1_ -> + (fun out i -> let out:t_Slice u8 = out in - let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - temp_1_ - in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ - Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; - Core.Ops.Range.f_end = (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (out.[ { - Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u - v_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - re + let i:usize = i in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = input.[ i ] in + let out:t_Slice u8 = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start = i *! (v_OUT_LEN /! v_K <: usize) <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize) <: usize + } <: - t_Array u8 v_BLOCK_LEN) - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Slice u8) + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u + v_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + re + <: + t_Array u8 v_BLOCK_LEN) + <: + t_Slice u8) + <: + t_Slice u8) + in + out) in let hax_temp_output:Prims.unit = () <: Prims.unit in out @@ -298,13 +296,49 @@ let deserialize_then_decompress_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - (Rust_primitives.unsize ciphertext <: t_Slice u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 (Rust_primitives.unsize ciphertext <: t_Slice u8) <: usize) /! + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 + <: + usize) + <: + usize + } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + u_as_ntt + (fun u_as_ntt i -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let i:usize = i in + let u_bytes:t_Slice u8 = + ciphertext.[ { + Core.Ops.Range.f_start + = + i *! + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 + <: + usize) + <: + usize; + Core.Ops.Range.f_end + = + (i *! ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: @@ -312,18 +346,20 @@ let deserialize_then_decompress_u sz 8 <: usize) + <: + usize) +! + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 + <: + usize) <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - u_as_ntt - (fun u_as_ntt temp_1_ -> - let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - u_as_ntt + usize + } + <: + Core.Ops.Range.t_Range usize ] in - let i, u_bytes:(usize & t_Slice u8) = temp_1_ in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i @@ -366,35 +402,54 @@ let deserialize_secret_key Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - secret_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 secret_key <: usize) /! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) secret_as_ntt - (fun secret_as_ntt temp_1_ -> + (fun secret_as_ntt i -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = secret_as_ntt in - let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt - i - (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector - secret_bytes + let i:usize = i in + let secret_bytes:t_Slice u8 = + secret_key.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize) +! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Core.Ops.Range.t_Range usize ] + in + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt + i + (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector + secret_bytes + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + secret_as_ntt) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = secret_as_ntt @@ -414,67 +469,67 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - key - <: - Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Rust_primitives.unsize key + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Ops.Range.t_Range usize) out - (fun out temp_1_ -> + (fun out i -> let out:t_Array u8 v_OUT_LEN = out in - let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - temp_1_ - in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (out.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + let i:usize = i in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = key.[ i ] in + let out:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - usize - } + Core.Ops.Range.t_Range usize ] <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element - #v_Vector - re - <: - t_Array u8 (sz 384)) - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 v_OUT_LEN) + t_Slice u8) + (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element + #v_Vector + re + <: + t_Array u8 (sz 384)) + <: + t_Slice u8) + <: + t_Slice u8) + in + out) in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index f1de4104b..18f27f345 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -63,7 +63,7 @@ val compress_then_serialize_u v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) (ensures fun temp_0_ -> - let out_future:t_Slice u8 = temp_0_ in (* hax bug *) + let out_future, _:(t_Slice u8 & Prims.unit) = temp_0_,() (* hax bug *) in out_future == Spec.MLKEM.compress_then_encode_u #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input)) @@ -114,7 +114,6 @@ val serialize_secret_key let res:t_Array u8 v_OUT_LEN = res in res == Spec.MLKEM.vector_encode_12 #v_K - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key)) /// Concatenate `t` and `ρ` into the public key. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 6b13cdf42..f3e80aaf9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -33,72 +33,64 @@ let compute_As_plus_e Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize matrix_A - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Rust_primitives.unsize matrix_A + <: + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + ) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Core.Ops.Range.t_Range usize) result - (fun result temp_1_ -> + (fun result i -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let i, row:(usize & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - temp_1_ + let i:usize = i in + let row:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + matrix_A.[ i ] in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize row + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + Core.Ops.Range.t_Range usize) result - (fun result temp_1_ -> + (fun result j -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let j, matrix_element:(usize & - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - temp_1_ + let j:usize = j in + let matrix_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + row.[ j ] in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector @@ -202,72 +194,64 @@ let compute_vector_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize a_as_ntt - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (Rust_primitives.unsize a_as_ntt + <: + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + ) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Core.Ops.Range.t_Range usize) result - (fun result temp_1_ -> + (fun result i -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let i, row:(usize & - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - temp_1_ + let i:usize = i in + let row:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + a_as_ntt.[ i ] in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize row + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + Core.Ops.Range.t_Range usize) result - (fun result temp_1_ -> + (fun result j -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let j, a_element:(usize & - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - temp_1_ + let j:usize = j in + let a_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + row.[ j ] in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector @@ -447,36 +431,34 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - sampled - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + (Rust_primitives.unsize sampled + <: + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Core.Ops.Range.t_Range usize) v_A_transpose - (fun v_A_transpose temp_1_ -> + (fun v_A_transpose j -> let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A_transpose in - let j, sample:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - temp_1_ + let j:usize = j in + let sample:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + sampled.[ j ] in if transpose then diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 20253a46c..dc95bce35 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -154,22 +154,29 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 randomness <: usize) /! sz 4 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) sampled_i16s - (fun sampled_i16s temp_1_ -> + (fun sampled_i16s chunk_number -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in - let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in + let chunk_number:usize = chunk_number in + let byte_chunk:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = chunk_number *! sz 4 <: usize; + Core.Ops.Range.f_end = (chunk_number *! sz 4 <: usize) +! sz 4 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let (random_bits_as_u32: u32):u32 = (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range u32)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + u32) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS - } - <: - Core.Ops.Range.t_Range u32) - (sz 4) + ({ + Core.Ops.Range.f_start = 0ul; + Core.Ops.Range.f_end = Core.Num.impl__u32__BITS /! 4ul <: u32 + } <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Core.Ops.Range.t_Range u32) <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Core.Ops.Range.t_Range u32) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let outcome_set:u32 = outcome_set in + let outcome_set:u32 = outcome_set *! 4ul in let outcome_1_:i16 = cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i16 in @@ -231,22 +234,29 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 randomness <: usize) /! sz 3 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) sampled_i16s - (fun sampled_i16s temp_1_ -> + (fun sampled_i16s chunk_number -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in - let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in + let chunk_number:usize = chunk_number in + let byte_chunk:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = chunk_number *! sz 3 <: usize; + Core.Ops.Range.f_end = (chunk_number *! sz 3 <: usize) +! sz 3 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let (random_bits_as_u24: u32):u32 = ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range i32)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + i32) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } - <: - Core.Ops.Range.t_Range i32) - (sz 6) + ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l /! 6l <: i32 } <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Core.Ops.Range.t_Range i32) <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Core.Ops.Range.t_Range i32) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let outcome_set:i32 = outcome_set in + let outcome_set:i32 = outcome_set *! 6l in let outcome_1_:i16 = cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i16 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index aed7b3675..106563259 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -377,22 +377,31 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 serialized <: usize) /! sz 20 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) re - (fun re temp_1_ -> + (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in + let i:usize = i in + let bytes:t_Slice u8 = + serialized.[ { + Core.Ops.Range.f_start = i *! sz 20 <: usize; + Core.Ops.Range.f_end = (i *! sz 20 <: usize) +! sz 20 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_10_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -431,22 +440,31 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 serialized <: usize) /! sz 22 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) re - (fun re temp_1_ -> + (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in + let i:usize = i in + let bytes:t_Slice u8 = + serialized.[ { + Core.Ops.Range.f_start = i *! sz 22 <: usize; + Core.Ops.Range.f_end = (i *! sz 22 <: usize) +! sz 22 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -485,22 +503,29 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 serialized <: usize) /! sz 8 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) re - (fun re temp_1_ -> + (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in + let i:usize = i in + let bytes:t_Slice u8 = + serialized.[ { + Core.Ops.Range.f_start = i *! sz 8 <: usize; + Core.Ops.Range.f_end = (i *! sz 8 <: usize) +! sz 8 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_4_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -539,22 +564,31 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 serialized <: usize) /! sz 10 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) re - (fun re temp_1_ -> + (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in + let i:usize = i in + let bytes:t_Slice u8 = + serialized.[ { + Core.Ops.Range.f_start = i *! sz 10 <: usize; + Core.Ops.Range.f_end = (i *! sz 10 <: usize) +! sz 10 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -693,22 +727,31 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) re - (fun re temp_1_ -> + (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in + let i:usize = i in + let bytes:t_Slice u8 = + serialized.[ { + Core.Ops.Range.f_start = i *! sz 24 <: usize; + Core.Ops.Range.f_end = (i *! sz 24 <: usize) +! sz 24 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -753,34 +796,53 @@ let deserialize_ring_elements_reduced Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - public_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 public_key <: usize) /! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) deserialized_pk - (fun deserialized_pk temp_1_ -> + (fun deserialized_pk i -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = deserialized_pk in - let i, ring_element:(usize & t_Slice u8) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk - i - (deserialize_to_reduced_ring_element #v_Vector ring_element + let i:usize = i in + let ring_element:t_Slice u8 = + public_key.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize) +! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + Core.Ops.Range.t_Range usize ] + in + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk + i + (deserialize_to_reduced_ring_element #v_Vector ring_element + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + deserialized_pk) in deserialized_pk @@ -795,39 +857,49 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + (Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize + } <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Core.Ops.Range.t_Range usize) re - (fun re temp_1_ -> + (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i, bytes:(usize & t_Slice u8) = temp_1_ in - { - re with - Libcrux_ml_kem.Polynomial.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Polynomial.f_coefficients - i - (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector - #FStar.Tactics.Typeclasses.solve - bytes - <: - v_Vector) + let i:usize = i in + let bytes:t_Slice u8 = + serialized.[ { + Core.Ops.Range.f_start = i *! sz 24 <: usize; + Core.Ops.Range.f_end = (i *! sz 24 <: usize) +! sz 24 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + i + (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector + #FStar.Tactics.Typeclasses.solve + bytes + <: + v_Vector) + } <: - t_Array v_Vector (sz 16) - } - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector + in + re) in re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index adcc6529f..79a9679a7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,3 +1,5 @@ +# This is the list of modules that are fully admitted. +# All other modules have individual annotations on their functions indicating verification status ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cpa.fst \ @@ -30,5 +32,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Traits.fst +OTHERFLAGS="--query_stats" FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/src/helper.rs b/libcrux-ml-kem/src/helper.rs index 22308a179..7455a821e 100644 --- a/libcrux-ml-kem/src/helper.rs +++ b/libcrux-ml-kem/src/helper.rs @@ -1,7 +1,7 @@ /// The following macros are defined so that the extraction from Rust to C code /// can go through. -#[cfg(eurydice)] +#[cfg(any(eurydice,hax))] macro_rules! cloop { (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => { for $i in 0..$val.$values.len() / ($($chunk_size)*) { @@ -35,7 +35,7 @@ macro_rules! cloop { }; } -#[cfg(not(eurydice))] +#[cfg(all(not(eurydice),not(hax)))] macro_rules! cloop { (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => { for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 1160576c6..e6f8f65ef 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,8 +14,8 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(eurydice, derive(Clone, Copy))] -#[cfg_attr(not(eurydice), derive(Clone))] +#[cfg_attr(any(eurydice,hax), derive(Clone, Copy))] +#[cfg_attr(all(not(eurydice),not(hax)), derive(Clone))] #[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r = From 84c1c250bd7c7576075cc146cc144ef1537e00dd Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 18 Aug 2024 20:28:32 +0000 Subject: [PATCH 065/348] Make sample_ring_element_cbd panic-free --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 47 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 5 +- libcrux-ml-kem/src/ind_cpa.rs | 9 ++-- 3 files changed, 30 insertions(+), 31 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 62e6fa187..aa389090d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -10,8 +10,6 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--admit_smt_queries true" - let sample_ring_element_cbd (v_K v_ETA2_RANDOMNESS_SIZE v_ETA2: usize) (#v_Vector #v_Hasher: Type0) @@ -34,7 +32,7 @@ let sample_ring_element_cbd Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range usize) #FStar.Tactics.Typeclasses.solve @@ -43,24 +41,23 @@ let sample_ring_element_cbd Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) - (fun temp_0_ i -> - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + prf_inputs + (fun prf_inputs i -> + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in let i:usize = i in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] - <: - t_Array u8 (sz 33)) - (sz 32) - domain_separator - <: - t_Array u8 (sz 33)) - in - let domain_separator:u8 = domain_separator +! 1uy in - domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] + <: + t_Array u8 (sz 33)) + (sz 32) + (domain_separator +! (cast (i <: usize) <: u8) <: u8) + <: + t_Array u8 (sz 33)) + <: + t_Array (t_Array u8 (sz 33)) v_K) in + let domain_separator:u8 = domain_separator +! (cast (v_K <: usize) <: u8) in let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher @@ -96,11 +93,13 @@ let sample_ring_element_cbd <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in - error_1_, domain_separator - <: - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - -#pop-options + let result:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + error_1_, domain_separator + <: + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + in + let _:Prims.unit = admit () in + result #push-options "--admit_smt_queries true" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index f1de4104b..024fd5924 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -21,7 +21,7 @@ val sample_ring_element_cbd : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires Spec.MLKEM.is_rank v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ - v_ETA2 == Spec.MLKEM.v_ETA2 v_K) + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ range (v domain_separator + v v_K) u8_inttype) (fun _ -> Prims.l_True) /// Sample a vector of ring elements from a centered binomial distribution and @@ -63,7 +63,7 @@ val compress_then_serialize_u v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) (ensures fun temp_0_ -> - let out_future:t_Slice u8 = temp_0_ in (* hax bug *) + let out_future:t_Slice u8 = temp_0_ in out_future == Spec.MLKEM.compress_then_encode_u #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input)) @@ -114,7 +114,6 @@ val serialize_secret_key let res:t_Array u8 v_OUT_LEN = res in res == Spec.MLKEM.vector_encode_12 #v_K - (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key)) /// Concatenate `t` and `ρ` into the public key. diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 08acceb02..99ba57f24 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -92,10 +92,11 @@ fn serialize_secret_key::ZERO()); let mut prf_inputs = [prf_input; K]; for i in 0..K { - prf_inputs[i][32] = domain_separator; - domain_separator += 1; + prf_inputs[i][32] = domain_separator + (i as u8); } + domain_separator += K as u8; let prf_outputs: [[u8; ETA2_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs); for i in 0..K { error_1[i] = sample_from_binomial_distribution::(&prf_outputs[i]); From c97b6358f4406d85208a5cf3c27a89634ee52d7d Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 18 Aug 2024 20:36:58 +0000 Subject: [PATCH 066/348] Make sample_vector_cbd_then_ntt panic-free --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 61 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 7 ++- libcrux-ml-kem/src/ind_cpa.rs | 9 +-- 3 files changed, 39 insertions(+), 38 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 427149ce0..5c0f1c2cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -98,11 +98,9 @@ let sample_ring_element_cbd <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -125,7 +123,7 @@ let sample_vector_cbd_then_ntt Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range usize) #FStar.Tactics.Typeclasses.solve @@ -134,24 +132,23 @@ let sample_vector_cbd_then_ntt Core.Ops.Range.t_Range usize) <: Core.Ops.Range.t_Range usize) - (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) - (fun temp_0_ i -> - let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + prf_inputs + (fun prf_inputs i -> + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in let i:usize = i in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] - <: - t_Array u8 (sz 33)) - (sz 32) - domain_separator - <: - t_Array u8 (sz 33)) - in - let domain_separator:u8 = domain_separator +! 1uy in - domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] + <: + t_Array u8 (sz 33)) + (sz 32) + (domain_separator +! (cast (i <: usize) <: u8) <: u8) + <: + t_Array u8 (sz 33)) + <: + t_Array (t_Array u8 (sz 33)) v_K) in + let domain_separator:u8 = domain_separator +! (cast (v_K <: usize) <: u8) in let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher @@ -196,11 +193,13 @@ let sample_vector_cbd_then_ntt in re_as_ntt) in - re_as_ntt, domain_separator - <: - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) - -#pop-options + let result:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + re_as_ntt, domain_separator + <: + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #push-options "--admit_smt_queries true" @@ -380,7 +379,7 @@ let deserialize_then_decompress_u u_as_ntt) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result let deserialize_secret_key @@ -453,7 +452,7 @@ let deserialize_secret_key let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = secret_as_ntt in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result #push-options "--admit_smt_queries true" @@ -587,7 +586,7 @@ let serialize_public_key t_Slice u8) in let result:t_Array u8 v_PUBLIC_KEY_SIZE = public_key_serialized in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result #push-options "--admit_smt_queries true" @@ -653,7 +652,7 @@ let decrypt secret_key_unpacked ciphertext in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result #push-options "--admit_smt_queries true" @@ -821,7 +820,7 @@ let encrypt v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key_unpacked message randomness in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result #push-options "--admit_smt_queries true" @@ -946,5 +945,5 @@ let generate_keypair <: (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 024fd5924..e21f8e265 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -36,7 +36,8 @@ val sample_vector_cbd_then_ntt : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) (requires Spec.MLKEM.is_rank v_K /\ v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ - v_ETA == Spec.MLKEM.v_ETA1 v_K /\ v domain_separator < 2 * v v_K) + v_ETA == Spec.MLKEM.v_ETA1 v_K /\ v domain_separator < 2 * v v_K /\ + range (v domain_separator + v v_K) u8_inttype) (ensures fun temp_0_ -> let x, ds:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) @@ -62,8 +63,8 @@ val compress_then_serialize_u v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) (ensures - fun temp_0_ -> - let out_future:t_Slice u8 = temp_0_ in + fun out_future -> + let out_future:t_Slice u8 = out_future in out_future == Spec.MLKEM.compress_then_encode_u #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector input)) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 99ba57f24..e15cb3b8f 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -123,11 +123,12 @@ fn sample_ring_element_cbd< /// Sample a vector of ring elements from a centered binomial distribution and /// convert them into their NTT representations. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA == Spec.MLKEM.v_ETA1 $K /\\ - v $domain_separator < 2 * v $K"))] + v $domain_separator < 2 * v $K /\\ + range (v $domain_separator + v $K) u8_inttype"))] #[hax_lib::ensures(|(x,ds)| fstar!("v $ds == v $domain_separator + v $K /\\ Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $x == @@ -146,9 +147,9 @@ fn sample_vector_cbd_then_ntt< let mut re_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); let mut prf_inputs = [prf_input; K]; for i in 0..K { - prf_inputs[i][32] = domain_separator; - domain_separator += 1; + prf_inputs[i][32] = domain_separator + (i as u8); } + domain_separator += K as u8; let prf_outputs: [[u8; ETA_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs); for i in 0..K { re_as_ntt[i] = sample_from_binomial_distribution::(&prf_outputs[i]); From 0160f309890ff67f01cbf3b7d2b80a9b523d246e Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 18 Aug 2024 19:02:39 -0700 Subject: [PATCH 067/348] refreshed c code --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 229 +- .../c/internal/libcrux_mlkem_neon.h | 70 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- .../c/internal/libcrux_sha3_internal.h | 42 +- libcrux-ml-kem/c/libcrux_core.c | 306 +- libcrux-ml-kem/c/libcrux_core.h | 120 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8582 +------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 530 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8712 ++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 575 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3315 +++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 184 +- libcrux-ml-kem/c/libcrux_sha3.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2539 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 740 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3568 +++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 27 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 166 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5967 +--------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 9924 +++++++++++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2741 +---- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5487 +++++++-- 41 files changed, 27429 insertions(+), 26818 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index d20926d66..d54ca40b1 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 +F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 +Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fac5a90e9..253615d5f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_core_H @@ -23,8 +23,6 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -73,10 +71,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( + uint8_t value[800U]); /** This function found in impl @@ -85,12 +83,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -99,10 +97,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -111,10 +109,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -122,10 +120,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -134,18 +132,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]); /** This function found in impl {(core::convert::From<@Array> for @@ -154,10 +152,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( + uint8_t value[1568U]); /** This function found in impl @@ -166,12 +164,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -180,10 +178,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -192,10 +190,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( - uint8_t value[1088U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -203,10 +201,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -215,18 +213,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -235,10 +233,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( + uint8_t value[1184U]); /** This function found in impl @@ -247,12 +245,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -261,10 +259,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -273,10 +271,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( - uint8_t value[768U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -284,17 +282,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -325,7 +323,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -335,95 +333,36 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; /** A monomorphic instance of core.result.Result @@ -448,10 +387,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 3d5888d57..8aaaa97ef 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -34,8 +34,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 @@ -46,7 +47,8 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -56,7 +58,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -64,7 +66,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 @@ -81,7 +83,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); @@ -98,7 +100,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -109,7 +111,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 @@ -129,7 +131,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -155,7 +157,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_821( +void libcrux_ml_kem_ind_cca_decapsulate_5b1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -170,8 +172,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -182,7 +185,8 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -192,7 +196,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -200,7 +204,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 @@ -217,7 +221,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); @@ -234,7 +238,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -245,7 +249,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 @@ -265,7 +269,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -291,7 +295,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_820( +void libcrux_ml_kem_ind_cca_decapsulate_5b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -306,8 +310,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 @@ -318,7 +323,8 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -328,7 +334,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -336,7 +342,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 @@ -353,7 +359,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); @@ -370,7 +376,7 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -381,7 +387,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 @@ -401,7 +407,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -427,7 +433,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_82( +void libcrux_ml_kem_ind_cca_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 9f54b0800..c480f371d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_a01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_a00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 16040085f..983924def 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_sha3_internal_H @@ -26,14 +26,14 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_25(s, buf); } /** @@ -44,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); } #define libcrux_sha3_Sha224 0 @@ -134,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 2528afe9b..a24172405 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "internal/libcrux_core.h" @@ -85,14 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -103,14 +103,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -120,14 +119,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -138,14 +137,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -155,10 +154,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -169,22 +168,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -192,7 +191,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -202,14 +201,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -220,14 +219,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -237,14 +236,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -255,14 +254,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -272,10 +271,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -286,22 +285,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -309,7 +308,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -319,14 +318,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -337,13 +336,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -353,14 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -371,14 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -388,10 +388,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -400,7 +400,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +458,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,7 +481,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -489,7 +489,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,66 +502,6 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ea2178ff4..36f322946 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_core_H @@ -49,6 +49,64 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -145,64 +203,6 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8693d2383..a19337f1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 178092bfb..f6efd0915 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem1024_neon.h" @@ -35,18 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_f8( +static void decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_b0(private_key, ciphertext, ret); } /** @@ -70,18 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_c2( +static void decapsulate_unpacked_54( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_c2(private_key, ciphertext, ret); + decapsulate_unpacked_54(private_key, ciphertext, ret); } /** @@ -95,13 +96,13 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_6b( +static tuple_21 encapsulate_24( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -116,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, uu____1); + return encapsulate_24(uu____0, uu____1); } /** @@ -137,14 +138,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_1c( +static tuple_21 encapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad(uu____0, + uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( @@ -154,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, uu____1); + return encapsulate_unpacked_ed(uu____0, uu____1); } /** @@ -164,11 +166,11 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_62( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -179,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(uu____0); + return generate_keypair_62(uu____0); } /** @@ -195,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -generate_keypair_unpacked_87(uint8_t randomness[64U]) { +generate_keypair_unpacked_bc(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c @@ -206,7 +208,7 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(uu____0); + return generate_keypair_unpacked_bc(uu____0); } /** @@ -217,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_a3(uint8_t *public_key) { +static bool validate_public_key_ef(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_a3(public_key.value)) { + if (validate_public_key_ef(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 7e0bbc8a3..038fa0d89 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 7f94659d5..201cf1e6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_0b( +static void decapsulate_03( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a01(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0b(private_key, ciphertext, ret); + decapsulate_03(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ef( +static void decapsulate_unpacked_fe( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ef(private_key, ciphertext, ret); + decapsulate_unpacked_fe(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_52( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + return encapsulate_52(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9d( +static tuple_21 encapsulate_unpacked_70( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9d(uu____0, uu____1); + return encapsulate_unpacked_70(uu____0, uu____1); } /** @@ -171,18 +171,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + return generate_keypair_6e(uu____0); } /** @@ -198,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b3(uint8_t randomness[64U]) { +generate_keypair_unpacked_c3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -209,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b3(uu____0); + return generate_keypair_unpacked_c3(uu____0); } /** @@ -220,14 +220,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_2a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_2a1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 96c3b9743..deb259ece 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 16abd9845..a766a23ce 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 83108e30f..d55b146b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem512_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_29(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b1(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_55(private_key, ciphertext, ret); + decapsulate_29(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_53( +static void decapsulate_unpacked_50( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_53(private_key, ciphertext, ret); + decapsulate_unpacked_50(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f8( +static tuple_ec encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, uu____1); + return encapsulate_7d(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ce( +static tuple_ec encapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1(uu____0, + uu____1); } tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, uu____1); + return encapsulate_unpacked_f2(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_da( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); + return generate_keypair_da(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -generate_keypair_unpacked_38(uint8_t randomness[64U]) { +generate_keypair_unpacked_c3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(uu____0); + return generate_keypair_unpacked_c3(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_a31(uint8_t *public_key) { +static bool validate_public_key_ef1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_a31(public_key.value)) { + if (validate_public_key_ef1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index cd6856831..2aaedd672 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 87719217f..96f88f71f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_64(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a00(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_64(private_key, ciphertext, ret); + decapsulate_80(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_40( +static void decapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_40(private_key, ciphertext, ret); + decapsulate_unpacked_ff(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_69( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, uu____1); + return encapsulate_69(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_da( +static tuple_ec encapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_da(uu____0, uu____1); + return encapsulate_unpacked_ed(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + return generate_keypair_f9(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_a8(uint8_t randomness[64U]) { +generate_keypair_unpacked_aa(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_a8(uu____0); + return generate_keypair_unpacked_aa(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_2a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_2a0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 507bc843c..825e036d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e84654b77..2ac469e6e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 6d20b2d78..1881c272a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem768_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_67( +static void decapsulate_e4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_67(private_key, ciphertext, ret); + decapsulate_e4(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_70( +static void decapsulate_unpacked_27( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_70(private_key, ciphertext, ret); + decapsulate_unpacked_27(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ea( +static tuple_3c encapsulate_f5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, uu____1); + return encapsulate_f5(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_29( +static tuple_3c encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0(uu____0, + uu____1); } tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, uu____1); + return encapsulate_unpacked_1b(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c4( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(uu____0); + return generate_keypair_c4(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -generate_keypair_unpacked_42(uint8_t randomness[64U]) { +generate_keypair_unpacked_1e(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(uu____0); + return generate_keypair_unpacked_1e(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_a30(uint8_t *public_key) { +static bool validate_public_key_ef0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_a30(public_key.value)) { + if (validate_public_key_ef0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 8182ff91a..1eb060b82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 9396f2fb5..3cb9bd2bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_78( +static void decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_78(private_key, ciphertext, ret); + decapsulate_d6(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_bc( +static void decapsulate_unpacked_64( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_bc(private_key, ciphertext, ret); + decapsulate_unpacked_64(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_ba( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, uu____1); + return encapsulate_ba(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_c5( +static tuple_3c encapsulate_unpacked_99( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c5(uu____0, uu____1); + return encapsulate_unpacked_99(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + return generate_keypair_64(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_d3(uint8_t randomness[64U]) { +generate_keypair_unpacked_69(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d3(uu____0); + return generate_keypair_unpacked_69(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_2a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_2a(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 717f49e01..da2b0fc35 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d6ac877ef..b7cac78d0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,15 +7,11 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_mlkem_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -34,8575 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_aa(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -static core_core_arch_x86___m256i shift_right_ea_e8( - core_core_arch_x86___m256i vector) { - return shift_right_aa(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static core_core_arch_x86___m256i to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_e8(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_d01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_6b1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_1b1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_b01( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a21( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_971( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i to_standard_domain_42( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_6c1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_ee1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_ee1(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6a(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_d01( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_001( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i decompress_1_91( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e7(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i compress_ea_a1( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e7(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_a1(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e70(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i compress_ea_a10( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e70(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_841( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e71(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i compress_ea_a11( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e71(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_a11(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e72(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i compress_ea_a12( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e72(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_ea_a12(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_881( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e4(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d6( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e4(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e40(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d60( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e40(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e41(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d61( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e41(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e42(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d62( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e42(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_201( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c41( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_501(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_d00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_6b0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_1b0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_b00( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a20( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_6c0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_ee0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_ee0(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6a(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_d00( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_000( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_a10(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_880( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_100(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_8c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_200( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_500(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_6b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_1b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_b0( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - uint8_t out3[192U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_ee( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_ee(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6a(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_20( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_50(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index c28196f56..36b278db1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,9 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -30,530 +28,6 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 9f33e8f2f..e3c234634 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,11 +7,14 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ -#include "libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +33,8706 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right_2c(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_72( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right_2c(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_72(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_701( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_5d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + deserialize_ring_elements_reduced_a64( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_701( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] + +*/ +typedef struct tuple_4c0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; +} tuple_4c0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static void closure_de1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; +} Simd128Hash; + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( + Simd128Hash *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( + Simd128Hash *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_b71(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( + Simd128Hash *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( + Simd128Hash *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_7d1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_c01( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e63( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_48_ad1(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e64( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_d51(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_481( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_de1(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; + sample_from_xof_c01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_891(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_27(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_48_a91(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_951( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c0 generate_keypair_unpacked_ff1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_771(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_481(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_661( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_ec( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_661(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_ec(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_701( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( + Eurydice_slice key_generation_seed) { + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_701(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d81( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_851(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_161(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_d81( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_e7_e01(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c1( + uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_892(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c3(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_48_a92(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_621( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + invert_ntt_montgomery_621(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_message_23(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_69(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_69(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_69(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_69(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_69(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_22( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_ca0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_22(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_690(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_690(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_690(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_690(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_690(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_220( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_ca0(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_691(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d1(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_691(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_691(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_691(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_691(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_221( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_221(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_692(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d2(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_692(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_692(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_692(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_692(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_222( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress_20_222(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_4_21(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_541( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; + compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d71( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_15_201(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_ef1(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + deserialize_ring_elements_reduced_a63( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_481(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_021(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_ef1( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_851(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_15_201(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_021(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b7(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b7(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b7(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b7(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b7(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_60( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_10_13(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_60(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b70(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b70(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b70(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b70(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b70(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_600( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_11_cd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_600(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_da0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_13(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7e1( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_da0(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_700(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b71(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b71(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b71(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b71(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b71(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_601( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_4_bf(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_601(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b72(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b72(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b72(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b72(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b72(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_602( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_5_46(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient_20_602(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_7b0(Eurydice_slice serialized) { + return deserialize_then_decompress_4_bf(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +subtract_reduce_89_b3(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_441( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = subtract_reduce_89_b3(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_571( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + deserialize_then_decompress_u_7e1(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_7b0( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_441(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_a0(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_571(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_uncompressed_ring_element_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b71( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_e9(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_9b1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + deserialize_secret_key_b71(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_571(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_5b1( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_9b1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_021( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_021(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_5d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + deserialize_ring_elements_reduced_a62( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static void closure_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( + Simd128Hash *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( + Simd128Hash *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_b70(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( + Simd128Hash *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( + Simd128Hash *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_7d0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_c00( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e61( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_48_ad0(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e62( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_d50(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_480( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_de0(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + sample_from_xof_c00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_890(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_950( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_ff0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_770(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_480(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_660( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_660(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_ec(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_700( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d80( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_850(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_160(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_d80( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_620( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + invert_ntt_montgomery_620(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_540( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d70( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_ef0(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + deserialize_ring_elements_reduced_a61( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_480(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_020(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_ef0( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_850(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_020(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7e0( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_da0(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_700(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_440( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = subtract_reduce_89_b3(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_570( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + deserialize_then_decompress_u_7e0(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_7b0( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_440(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_a0(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_570(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b70( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_e9(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_9b0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + deserialize_secret_key_b70(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_570(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_5b0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_9b0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_020( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_020(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static void closure_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( + Simd128Hash *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( + Simd128Hash *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_b7(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( + Simd128Hash *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( + Simd128Hash *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_7d(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_c0( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_48_ad(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_d5(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_de(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; + sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_89(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_66( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_66(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_ec(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_85(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_e7_e00(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c0( + uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + invert_ntt_montgomery_62(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_220(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_55(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_84(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_5_2b(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; + compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d7( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_200(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_ef(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_02(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_ef( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_85(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_200(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_02(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_da(Eurydice_slice serialized) { + return deserialize_then_decompress_11_cd(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7e( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_da(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_70(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_7b(Eurydice_slice serialized) { + return deserialize_then_decompress_5_46(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_44( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = subtract_reduce_89_b3(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_57( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + deserialize_then_decompress_u_7e(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_7b( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_44(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_a0(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_57(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b7( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_e9(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_9b(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + deserialize_secret_key_b7(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_57(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_5b( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_9b(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_02( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_02(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index dbe30739d..39cdcd9d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem_neon_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -28,6 +29,576 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d251d45b0..66a522c1e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,6 +68,123 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -93,192 +210,227 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_11_0d( +void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - (int16_t)7) + (int16_t)3) << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - (int16_t)63) - << 5U | + (int16_t)15) + << 6U | (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & - (int16_t)127) + (int16_t)63) << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) >> 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) >> - 5U; + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -290,35 +442,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, Eurydice_slice)); int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); @@ -346,548 +476,252 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1450,338 +1284,36 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + KRML_MAYBE_FOR8( + i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; } /** @@ -1789,8 +1321,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } KRML_MUSTINLINE uint8_t_x5 @@ -1879,112 +1470,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); -} - KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -2233,7 +1718,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2261,8 +1746,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2287,12 +1772,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2304,7 +1789,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2318,7 +1803,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2337,8 +1822,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_83(v); } /** @@ -2348,10 +1833,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2364,14 +1849,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_af(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2392,7 +1877,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2411,7 +1896,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2428,7 +1913,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2436,7 +1921,7 @@ static KRML_MUSTINLINE void serialize_public_key_801( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_e81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2457,15 +1942,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_524( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2496,7 +1981,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2507,10 +1992,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -2529,7 +2014,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_411(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2559,10 +2044,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(uu____0); + return shake128_init_absorb_final_411(uu____0); } /** @@ -2571,7 +2056,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2593,9 +2078,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_101(self, ret); + shake128_squeeze_first_three_blocks_541(self, ret); } /** @@ -2605,7 +2090,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2644,7 +2129,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_881( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2665,9 +2150,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ed1(self, ret); + shake128_squeeze_next_block_881(self, ret); } /** @@ -2677,7 +2162,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2721,8 +2206,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_48(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2743,9 +2228,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2756,29 +2241,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_f61( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( + bool done = sample_from_uniform_distribution_next_023( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_c11(&xof_state, randomness); + shake128_squeeze_next_block_f1_681(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( + done = sample_from_uniform_distribution_next_024( uu____2, sampled_coefficients, out); } } @@ -2786,7 +2271,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_131(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2799,12 +2284,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2817,7 +2302,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_f61(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2856,7 +2341,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2878,9 +2363,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_632(input, ret); } /** @@ -2890,7 +2375,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2926,7 +2411,7 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2937,7 +2422,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2972,7 +2457,7 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2983,8 +2468,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_e3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c8(randomness); } /** @@ -2993,7 +2478,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3022,7 +2507,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3036,12 +2521,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3055,7 +2540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3068,7 +2553,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3085,7 +2570,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3103,7 +2588,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3123,7 +2608,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3151,7 +2636,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3169,17 +2654,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -3191,11 +2676,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3206,14 +2691,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3237,9 +2722,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3272,7 +2757,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3299,7 +2784,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3315,14 +2800,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3337,14 +2822,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3367,10 +2852,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3386,10 +2871,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_111(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3397,14 +2882,14 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_551(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3415,10 +2900,10 @@ static tuple_540 generate_keypair_unpacked_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3467,10 +2952,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_931( +static void closure_011( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -3483,7 +2968,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_97( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3505,7 +2990,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3524,7 +3009,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3534,18 +3019,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_931(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_011(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_97(&ind_cpa_public_key.A[j][i1]); + clone_d5_22(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3555,13 +3040,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3601,18 +3086,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, + serialize_public_key_9a1(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3630,7 +3115,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_6b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3659,7 +3144,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_af1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3692,7 +3177,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3702,13 +3187,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_e81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( + serialize_kem_secret_key_6b( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3717,12 +3202,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_from_e7_e00(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); + return libcrux_ml_kem_types_from_64_2c0( + uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); } /** @@ -3735,10 +3220,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3749,11 +3234,11 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3773,7 +3258,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3791,9 +3276,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -3802,7 +3287,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3826,7 +3311,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3846,7 +3331,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3866,7 +3351,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3874,7 +3359,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3886,7 +3371,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3901,7 +3386,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3918,18 +3403,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -3942,7 +3427,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3966,14 +3451,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3995,11 +3480,11 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d41(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4013,7 +3498,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4027,8 +3512,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4038,7 +3523,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4054,7 +3539,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4084,18 +3569,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -4105,7 +3590,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4126,9 +3611,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_94(v); } /** @@ -4137,7 +3622,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4159,8 +3644,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_940(v); } /** @@ -4169,14 +3654,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4197,10 +3682,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_2d0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4213,7 +3698,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_251( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4231,7 +3716,7 @@ static void compress_then_serialize_u_241( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_d80(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4245,7 +3730,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4267,8 +3752,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_941(v); } /** @@ -4277,14 +3762,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4302,7 +3787,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4324,8 +3809,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_942(v); } /** @@ -4334,14 +3819,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4360,9 +3845,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_b9(re, out); } /** @@ -4383,14 +3868,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_651( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4398,7 +3883,7 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4406,32 +3891,32 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( + PRF_f1_6f4( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( + compress_then_serialize_u_251( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( + compress_then_serialize_ring_element_v_d60( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4457,11 +3942,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4473,7 +3958,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4487,7 +3972,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -4496,7 +3981,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_200(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4515,13 +4000,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_46(Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -4531,12 +4015,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4548,7 +4032,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4574,10 +4058,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( + deserialize_ring_elements_reduced_523( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4585,8 +4069,8 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_551(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4616,7 +4100,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4631,13 +4115,12 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -4659,15 +4142,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( + entropy_preprocess_af_46( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4675,8 +4158,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), + H_f1_af1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4684,7 +4167,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4694,25 +4177,25 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_200(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_ab(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -4722,7 +4205,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4747,9 +4230,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_41(v); } /** @@ -4759,8 +4242,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_26(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4772,7 +4255,7 @@ deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_cc(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4785,7 +4268,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4810,9 +4293,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_410(v); } /** @@ -4822,8 +4305,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_29(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4835,7 +4318,7 @@ deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_cc0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4848,8 +4331,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_380(Eurydice_slice serialized) { + return deserialize_then_decompress_11_29(serialized); } /** @@ -4858,17 +4341,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -4879,12 +4362,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ec1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4904,9 +4387,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_890(u_bytes); + deserialize_then_decompress_ring_element_u_380(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_ed0(&u_as_ntt[i0]); + ntt_vector_u_820(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4920,7 +4403,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4945,9 +4428,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_411(v); } /** @@ -4957,8 +4440,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_51(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4969,7 +4452,7 @@ deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_cc1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4982,7 +4465,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5007,9 +4490,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_412(v); } /** @@ -5019,8 +4502,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_bc(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -5033,7 +4516,7 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5046,8 +4529,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_0b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_bc(serialized); } /** @@ -5061,7 +4544,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_52(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5086,17 +4569,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = subtract_reduce_89_52(v, result); return result; } @@ -5106,13 +4589,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_72( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_af(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5138,20 +4621,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_e51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_ec1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_0b0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ac1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_72(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5160,7 +4643,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5178,8 +4661,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -5204,15 +4687,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e51(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5224,7 +4707,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5234,7 +4717,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_973( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5243,9 +4726,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5253,10 +4736,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5275,8 +4758,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5298,12 +4781,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_491( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5315,7 +4798,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5333,10 +4816,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5d1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_491(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -5347,7 +4830,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e51(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5373,7 +4856,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_a01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5393,9 +4876,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5d1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5404,7 +4887,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5414,31 +4897,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( + kdf_af_ab( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_c2(shared_secret0, shared_secret1); + kdf_af_ab(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -5446,7 +4929,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5456,12 +4941,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5473,7 +4958,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5488,7 +4973,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5507,7 +4992,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5524,14 +5009,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_e80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5552,15 +5037,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_522( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5577,10 +5062,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c0_s { +typedef struct tuple_4c_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; +} tuple_4c; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5591,7 +5076,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5602,10 +5087,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -5624,7 +5109,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_410(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5654,10 +5139,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(uu____0); + return shake128_init_absorb_final_410(uu____0); } /** @@ -5666,7 +5151,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5688,9 +5173,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_100(self, ret); + shake128_squeeze_first_three_blocks_540(self, ret); } /** @@ -5700,7 +5185,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5739,7 +5224,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_880( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5760,9 +5245,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ed0(self, ret); + shake128_squeeze_next_block_880(self, ret); } /** @@ -5772,7 +5257,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5812,9 +5297,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5825,29 +5310,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_f60( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( + bool done = sample_from_uniform_distribution_next_021( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_c10(&xof_state, randomness); + shake128_squeeze_next_block_f1_680(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( + done = sample_from_uniform_distribution_next_022( uu____2, sampled_coefficients, out); } } @@ -5855,7 +5340,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_130(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5868,12 +5353,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5886,7 +5371,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_f60(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5914,10 +5399,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { +typedef struct tuple_74_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_740; +} tuple_74; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5925,7 +5410,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5947,9 +5432,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_630(input, ret); } /** @@ -5959,8 +5444,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_e30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b8(randomness); } /** @@ -5972,11 +5457,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5987,19 +5472,19 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_770(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( + sample_from_binomial_distribution_e30(Eurydice_array_to_slice( (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6017,7 +5502,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6043,14 +5528,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6073,10 +5558,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6092,10 +5577,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_110(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6103,14 +5588,14 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_550(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6121,10 +5606,10 @@ static tuple_4c0 generate_keypair_unpacked_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6156,7 +5641,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } /** @@ -6173,10 +5658,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_930( +static void closure_010( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6188,7 +5673,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6207,7 +5692,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6217,18 +5702,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_930(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_010(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_97(&ind_cpa_public_key.A[j][i1]); + clone_d5_22(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6238,13 +5723,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6284,18 +5769,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, + serialize_public_key_9a0(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -6313,7 +5798,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_b4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6342,7 +5827,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_af0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6375,7 +5860,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6385,13 +5870,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_e80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( + serialize_kem_secret_key_b4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6400,12 +5885,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_e01(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + return libcrux_ml_kem_types_from_64_2c1( + uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); } /** @@ -6414,7 +5899,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6436,9 +5921,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_631(input, ret); } /** @@ -6450,11 +5935,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6465,18 +5950,18 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_771(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6494,9 +5979,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -6505,18 +5990,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -6525,14 +6010,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6554,11 +6039,11 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d40(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6572,18 +6057,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -6593,14 +6078,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6621,10 +6106,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6637,7 +6122,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6655,7 +6140,7 @@ static void compress_then_serialize_u_240( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6670,9 +6155,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_09(re, out); } /** @@ -6693,14 +6178,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_650( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6708,7 +6193,7 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6716,31 +6201,31 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( + PRF_f1_6f2( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_250( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6766,11 +6251,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6782,7 +6267,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6796,7 +6281,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6805,7 +6290,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_201(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6824,13 +6309,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -6840,12 +6324,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6857,7 +6341,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6883,10 +6367,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( + deserialize_ring_elements_reduced_521( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6894,8 +6378,8 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_550(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6925,7 +6409,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6940,13 +6424,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_d3(Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -6968,15 +6451,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( + entropy_preprocess_af_4f( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6984,8 +6467,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), + H_f1_af0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6993,7 +6476,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7003,25 +6486,25 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_201(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_d3(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -7031,8 +6514,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_38(Eurydice_slice serialized) { + return deserialize_then_decompress_10_26(serialized); } /** @@ -7041,17 +6524,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -7062,12 +6545,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ec0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7087,9 +6570,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); + deserialize_then_decompress_ring_element_u_38(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_ed(&u_as_ntt[i0]); + ntt_vector_u_82(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7103,8 +6586,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_0b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_51(serialized); } /** @@ -7114,17 +6597,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = subtract_reduce_89_52(v, result); return result; } @@ -7138,20 +6621,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_e50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_ec0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_0b( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ac0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_72(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7165,8 +6648,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -7191,14 +6674,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e50(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7210,7 +6693,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7220,7 +6703,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_974( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7229,9 +6712,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7239,10 +6722,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7260,12 +6743,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_490( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7277,7 +6760,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7295,10 +6778,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5d0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_490(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -7309,7 +6792,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e50(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7335,7 +6818,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_a00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -7354,9 +6837,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5d0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7365,7 +6848,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -7375,31 +6858,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( + kdf_af_d3( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e8(shared_secret0, shared_secret1); + kdf_af_d3(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -7407,7 +6890,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -7417,12 +6902,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7434,7 +6919,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7449,7 +6934,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7468,7 +6953,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -7485,7 +6970,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -7493,7 +6978,7 @@ static KRML_MUSTINLINE void serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -7514,15 +6999,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7553,7 +7038,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7564,10 +7049,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -7586,7 +7071,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7616,10 +7101,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(uu____0); + return shake128_init_absorb_final_41(uu____0); } /** @@ -7628,7 +7113,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7650,9 +7135,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_10(self, ret); + shake128_squeeze_first_three_blocks_54(self, ret); } /** @@ -7662,7 +7147,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7701,7 +7186,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( +static KRML_MUSTINLINE void shake128_squeeze_next_block_88( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7722,9 +7207,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ed(self, ret); + shake128_squeeze_next_block_88(self, ret); } /** @@ -7734,7 +7219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7774,9 +7259,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7787,29 +7272,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( + bool done = sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_c1(&xof_state, randomness); + shake128_squeeze_next_block_f1_68(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( + done = sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -7817,7 +7302,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_13(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7830,12 +7315,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7848,7 +7333,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7887,7 +7372,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7909,9 +7394,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_63(input, ret); } /** @@ -7923,11 +7408,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7938,14 +7423,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7968,7 +7453,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7994,14 +7479,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8024,10 +7509,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8043,10 +7528,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8054,14 +7539,14 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8072,10 +7557,10 @@ static tuple_9b generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8124,10 +7609,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_93( +static void closure_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8139,7 +7624,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8158,7 +7643,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8168,18 +7653,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_93(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_01(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_97(&ind_cpa_public_key.A[j][i1]); + clone_d5_22(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8189,13 +7674,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -8235,18 +7720,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, + serialize_public_key_9a(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -8264,7 +7749,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8293,7 +7778,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -8326,7 +7811,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8336,13 +7821,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -8351,12 +7836,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_from_e7_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); } /** @@ -8369,10 +7854,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8383,11 +7868,11 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -8412,9 +7897,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -8423,18 +7908,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -8443,14 +7928,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8472,11 +7957,11 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d4(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8490,18 +7975,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -8514,7 +7999,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8532,7 +8017,7 @@ static void compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8558,14 +8043,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8573,7 +8058,7 @@ static void encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8581,31 +8066,31 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( + PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8631,11 +8116,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8647,7 +8132,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8661,7 +8146,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8670,7 +8155,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8689,13 +8174,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_39(Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -8705,12 +8189,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8722,7 +8206,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8748,10 +8232,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( + deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8759,8 +8243,8 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8790,7 +8274,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8805,13 +8289,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -8833,15 +8316,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( + entropy_preprocess_af_39( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8849,8 +8332,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), + H_f1_af(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8858,7 +8341,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8868,25 +8351,25 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_6d(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -8897,12 +8380,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ec( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8922,9 +8405,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); + deserialize_then_decompress_ring_element_u_38(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_ed(&u_as_ntt[i0]); + ntt_vector_u_82(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8938,17 +8421,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = subtract_reduce_89_52(v, result); return result; } @@ -8962,20 +8445,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_e5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_ec(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_0b( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ac(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_72(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8989,8 +8472,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -9015,14 +8498,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e5(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9034,7 +8517,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9044,7 +8527,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9053,9 +8536,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9063,10 +8546,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9084,12 +8567,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_49( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9101,7 +8584,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9119,10 +8602,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_49(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -9133,7 +8616,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9159,7 +8642,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -9178,9 +8661,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -9189,7 +8672,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -9199,31 +8682,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( + kdf_af_6d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_b6(shared_secret0, shared_secret1); + kdf_af_6d(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -9231,5 +8714,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6d716c024..add9d4b95 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem_portable_H @@ -39,10 +39,49 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -53,6 +92,55 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -82,23 +170,9 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -109,22 +183,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -419,55 +477,6 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -483,19 +492,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 55c1eb7c3..0adf52479 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_H @@ -26,35 +26,35 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -113,7 +113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 03bc68b29..454d3c0cf 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,2530 +7,85 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = zero_ef(); - lit.st[0U][1U] = zero_ef(); - lit.st[0U][2U] = zero_ef(); - lit.st[0U][3U] = zero_ef(); - lit.st[0U][4U] = zero_ef(); - lit.st[1U][0U] = zero_ef(); - lit.st[1U][1U] = zero_ef(); - lit.st[1U][2U] = zero_ef(); - lit.st[1U][3U] = zero_ef(); - lit.st[1U][4U] = zero_ef(); - lit.st[2U][0U] = zero_ef(); - lit.st[2U][1U] = zero_ef(); - lit.st[2U][2U] = zero_ef(); - lit.st[2U][3U] = zero_ef(); - lit.st[2U][4U] = zero_ef(); - lit.st[3U][0U] = zero_ef(); - lit.st[3U][1U] = zero_ef(); - lit.st[3U][2U] = zero_ef(); - lit.st[3U][3U] = zero_ef(); - lit.st[3U][4U] = zero_ef(); - lit.st[4U][0U] = zero_ef(); - lit.st[4U][1U] = zero_ef(); - lit.st[4U][2U] = zero_ef(); - lit.st[4U][3U] = zero_ef(); - lit.st[4U][4U] = zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); - uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_77(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_29 +KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 4c7cd868d..f031b706b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_avx2_H @@ -20,53 +20,46 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; +#include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState_29 +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; + +libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 3158b0431..cd1f05dbb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -198,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -274,12 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -289,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -316,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -327,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -354,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -365,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -392,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -403,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -430,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -441,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -457,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -468,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -495,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -506,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -533,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -544,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -571,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -582,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -609,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -620,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -647,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -658,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -685,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -696,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -723,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -734,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -761,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -772,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -799,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -810,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -837,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -848,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -875,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -886,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -913,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -924,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -951,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -989,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -1000,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1027,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1038,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1065,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1076,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1103,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1114,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1141,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1152,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1179,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1189,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1225,76 +1225,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1389,7 +1389,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1417,7 +1417,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1454,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1466,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1477,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1518,12 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1534,7 +1534,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1562,7 +1562,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1599,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1611,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1626,12 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -1641,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1655,12 +1655,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -1689,10 +1689,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1715,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1743,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1768,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -1815,11 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } /** @@ -1827,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -1871,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1885,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -1901,12 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1945,7 +1945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1966,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -2000,10 +2000,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2040,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2052,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2065,11 +2065,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2093,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2107,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2118,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } } @@ -2165,11 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** @@ -2177,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); } /** @@ -2221,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2235,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de2(s, buf); } /** @@ -2251,12 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); } /** @@ -2267,7 +2267,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2295,7 +2295,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2316,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_392(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); } /** @@ -2350,10 +2350,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_392(a, b); } /** @@ -2390,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2402,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2415,11 +2415,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2443,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2468,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } } @@ -2515,11 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } /** @@ -2531,12 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -2546,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2560,12 +2560,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -2594,10 +2594,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2620,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2648,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2662,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2673,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2720,11 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } /** @@ -2735,7 +2735,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2766,10 +2766,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2838,11 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } /** @@ -2850,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** @@ -2894,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2908,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_de1(s, buf); } /** @@ -2924,12 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); } /** @@ -2940,7 +2940,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2968,7 +2968,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2989,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_391(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -3022,10 +3022,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_391(a, b); } /** @@ -3062,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3074,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3087,11 +3087,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3115,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3129,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -3187,11 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e7228e4e2..3130b58fc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,76 +7,3560 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_sha3_neon.h" +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = zero_fa(); + lit.st[0U][1U] = zero_fa(); + lit.st[0U][2U] = zero_fa(); + lit.st[0U][3U] = zero_fa(); + lit.st[0U][4U] = zero_fa(); + lit.st[1U][0U] = zero_fa(); + lit.st[1U][1U] = zero_fa(); + lit.st[1U][2U] = zero_fa(); + lit.st[1U][3U] = zero_fa(); + lit.st[1U][4U] = zero_fa(); + lit.st[2U][0U] = zero_fa(); + lit.st[2U][1U] = zero_fa(); + lit.st[2U][2U] = zero_fa(); + lit.st[2U][3U] = zero_fa(); + lit.st[2U][4U] = zero_fa(); + lit.st[3U][0U] = zero_fa(); + lit.st[3U][1U] = zero_fa(); + lit.st[3U][2U] = zero_fa(); + lit.st[3U][3U] = zero_fa(); + lit.st[3U][4U] = zero_fa(); + lit.st[4U][0U] = zero_fa(); + lit.st[4U][1U] = zero_fa(); + lit.st[4U][2U] = zero_fa(); + lit.st[4U][3U] = zero_fa(); + lit.st[4U][4U] = zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_eb(s); + pi_a0(s); + chi_b0(s); + iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_07(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a5(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a5(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(uu____0, out); +} + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f0(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a50(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a50(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(uu____0, out); } void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } } -KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(uu____0, out); } -KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2_6e1(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c1(s, buf); } -KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_071(uu____3, uu____4); + keccakf1600_3e(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final_fe2(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d1(s, o1); + squeeze_next_block_5d1(s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks_2e(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block_5d1(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f1(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_072(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f2(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a1(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a51(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f2(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a51(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block_451(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe3(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e71(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f2(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_701(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(uu____0, out); } KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e2(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f2(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_073(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f3(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a2(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a52(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a52(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block_452(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe4(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e72(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f3(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_702(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(uu____0, out); } KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e3(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 161fce491..6a5424103 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_neon_H @@ -20,8 +20,19 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" +#include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- $2size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -29,23 +40,19 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d20926d66..d54ca40b1 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 +F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 +Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 61930afda..e43445be6 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_core_H @@ -53,8 +53,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -78,118 +76,6 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_6f_tags; - -/** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_1c(core_result_Result_6f self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_34(core_result_Result_7a self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_e8(core_result_Result_cd self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -221,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_06( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +122,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_57(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -269,7 +155,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -285,7 +171,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_e0(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -314,7 +200,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_20(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -330,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -340,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -353,13 +239,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_00_tags; + /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -392,7 +283,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -414,7 +305,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_88( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -425,7 +316,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -443,7 +334,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -456,13 +347,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t + +*/ +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; + /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -490,13 +391,18 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; + /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8d20f24d7..5303fbfc1 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 720830b0b..e67555cd5 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,8 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_ct_ops.h" -#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -45,5965 +43,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( - void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - core_core_arch_x86___m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, - Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( - Eurydice_slice input, Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( - vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( - vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( - re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_56( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_f9( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_f9(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( - Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } -} - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState - libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( - uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( - self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( - uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( - Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_07(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_07( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_070(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_070( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_071(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_071( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_072(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_072( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d(key_pair, ciphertext, - ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a(uu____0, - uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( - uu____0, uu____1); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( - self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_f7( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_b8(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13(uu____0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), - uint8_t, Eurydice_slice), - ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); - memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( - uu____0, uu____1); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} +typedef libcrux_sha3_avx2_x4_incremental_KeccakState + libcrux_ml_kem_hash_functions_avx2_Simd256Hash; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index c805c83b2..474841aed 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,6 +21,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -47,7 +48,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -122,268 +123,870 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); } -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; lit.elements[5U] = (int16_t)0; lit.elements[6U] = (int16_t)0; lit.elements[7U] = (int16_t)0; @@ -399,14 +1002,13 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -433,8 +1035,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } static KRML_MUSTINLINE void @@ -454,565 +1056,43 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -1020,124 +1100,192 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; - } +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +static inline void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -1146,87 +1294,216 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } - return v; -} +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +static inline void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -1235,296 +1512,293 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +static inline void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** @@ -1532,67 +1806,290 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } - return result; + return lhs; } /** @@ -1600,144 +2097,45 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } return v; } @@ -1746,171 +2144,101 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1919,191 +2247,87 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } return v; } @@ -2112,313 +2336,5163 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x3_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; -} uint8_t_x3; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x3 -libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); - return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_12( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[24U]) { - uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); - uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); - uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); - uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); - uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); -} - -typedef struct int16_t_x2_s { - int16_t fst; - int16_t snd; -} int16_t_x2; - -static KRML_MUSTINLINE int16_t_x2 -libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; + +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + +typedef struct uint8_t_x3_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; +} uint8_t_x3; + +static KRML_MUSTINLINE uint8_t_x3 +libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) >> + 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U); + uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 4U & + (int16_t)255); + return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]) { + uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, + Eurydice_slice)); + uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, + Eurydice_slice)); + uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, + Eurydice_slice)); + uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, + Eurydice_slice)); + uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[24U] = {0U}; + result[0U] = r0_2.fst; + result[1U] = r0_2.snd; + result[2U] = r0_2.thd; + result[3U] = r3_5.fst; + result[4U] = r3_5.snd; + result[5U] = r3_5.thd; + result[6U] = r6_8.fst; + result[7U] = r6_8.snd; + result[8U] = r6_8.thd; + result[9U] = r9_11.fst; + result[10U] = r9_11.snd; + result[11U] = r9_11.thd; + result[12U] = r12_14.fst; + result[13U] = r12_14.snd; + result[14U] = r12_14.thd; + result[15U] = r15_17.fst; + result[16U] = r15_17.snd; + result[17U] = r15_17.thd; + result[18U] = r18_20.fst; + result[19U] = r18_20.snd; + result[20U] = r18_20.thd; + result[21U] = r21_23.fst; + result[22U] = r21_23.snd; + result[23U] = r21_23.thd; + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + +typedef struct int16_t_x2_s { + int16_t fst; + int16_t snd; +} int16_t_x2; + +static KRML_MUSTINLINE int16_t_x2 +libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice bytes) { + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + size_t i0 = i; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); +} + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, + uint8_t ret[64U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, + uint8_t ret[32U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, + uint8_t ret[32U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( + uint8_t input[3U][34U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( + uint8_t input[3U][34U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][504U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][168U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[3U][128U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[3U][128U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, + uint8_t ret[128U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]); + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +void libcrux_ml_kem_ind_cca_kdf_43_33( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_24(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_46( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a9(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( + v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( + v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4(serialized); +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( + v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( + v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5d( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( + re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_ntt_multiply_89_16( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_subtract_reduce_89_88( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_message_cc( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_88(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_shift_right_20_97( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_shift_right_20_97(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_36( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + libcrux_ml_kem_matrix_compute_message_cc(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_36(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static inline void libcrux_ml_kem_ind_cpa_decrypt_e1(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_46(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_f3( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = + libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b0 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b0 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_27(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_ca( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_91( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_270( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_910( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_270(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_910( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_271( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_911( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_271(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_911( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_272( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_912( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_272(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + libcrux_ml_kem_vector_neon_compress_20_912( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + libcrux_ml_kem_matrix_compute_ring_element_v_9b( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_6e( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_33( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +void libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d(Eurydice_slice randomness, + uint8_t ret[32U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]); + +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fa( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]); + +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( + uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_to_standard_domain_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_fc( + self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( + uint8_t randomness[64U]); + +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e6( + size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_clone_d5_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a(i, + A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_polynomial_clone_d5_8c(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( + uint8_t randomness[64U]); + +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +void libcrux_ml_kem_ind_cca_kdf_6c_f5( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_6e0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_f5( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28(Eurydice_slice randomness, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]); + +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( + uu____0, uu____1); } -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + ring_element); + deserialized_pk[i0] = uu____0; } - return sampled; + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 */ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( + uint8_t *public_key); -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -2440,7 +7514,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2468,8 +7542,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_1d(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -2479,10 +7553,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2504,12 +7578,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -2522,7 +7596,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2550,8 +7624,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c0(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -2561,7 +7635,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2586,9 +7660,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( v); } @@ -2599,10 +7673,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_77( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -2614,7 +7688,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( coefficient); re.coefficients[i0] = uu____0; } @@ -2628,7 +7702,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2653,9 +7727,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( v); } @@ -2666,10 +7740,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_580( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -2681,7 +7755,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( coefficient); re.coefficients[i0] = uu____0; } @@ -2695,9 +7769,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_77(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +7786,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +7800,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +7819,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +7832,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +7849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,7 +7869,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2818,7 +7892,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2849,7 +7923,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2867,21 +7941,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -2893,12 +7967,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -2919,10 +7993,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_f0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2936,7 +8010,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2961,9 +8035,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( v); } @@ -2974,10 +8048,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_08( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -2988,7 +8062,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( coefficient); re.coefficients[i0] = uu____0; } @@ -3002,7 +8076,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3027,9 +8101,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( v); } @@ -3040,10 +8114,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -3056,7 +8130,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,9 +8144,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_08(serialized); } /** @@ -3086,11 +8160,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_89_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3123,7 +8197,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3149,7 +8223,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3176,7 +8250,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3199,7 +8273,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3221,7 +8295,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3229,7 +8303,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3242,7 +8316,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3257,7 +8331,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3274,22 +8348,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -3303,7 +8377,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_79( +libcrux_ml_kem_polynomial_subtract_reduce_89_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3329,21 +8403,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b8( +libcrux_ml_kem_matrix_compute_message_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_60(v, result); return result; } @@ -3353,7 +8427,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3373,9 +8447,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); } /** @@ -3385,10 +8459,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3402,13 +8476,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_fb( +libcrux_ml_kem_serialize_compress_then_serialize_message_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3437,21 +8511,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_37(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d0(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3465,11 +8539,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_e8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -3480,7 +8554,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3494,7 +8568,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3504,7 +8578,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3523,9 +8597,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); } /** @@ -3536,9 +8610,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -3548,10 +8622,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -3577,12 +8651,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -3595,7 +8669,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( ring_element); deserialized_pk[i0] = uu____0; } @@ -3612,8 +8686,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -3623,10 +8697,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } } @@ -3646,7 +8720,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3678,11 +8752,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( uu____0); } @@ -3693,7 +8767,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3718,10 +8792,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( self, ret); } @@ -3733,7 +8807,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3776,7 +8850,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3801,10 +8875,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, ret); } @@ -3816,7 +8890,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3863,9 +8937,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3887,8 +8961,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( +libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_48( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -3900,7 +8974,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3908,25 +8982,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -3934,7 +9008,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); } memcpy( ret, ret0, @@ -3948,12 +9022,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3971,7 +9045,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -4012,10 +9086,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b0_s { +typedef struct tuple_b00_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b0; +} tuple_b00; /** A monomorphic instance of @@ -4028,8 +9102,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4038,7 +9112,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4061,9 +9135,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); } /** @@ -4073,7 +9147,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4110,7 +9184,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4121,7 +9195,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4157,7 +9231,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4168,9 +9242,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( randomness); } @@ -4180,7 +9254,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4204,20 +9278,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -4229,12 +9303,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4248,21 +9322,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4280,8 +9354,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4293,12 +9367,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4312,11 +9386,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -4325,7 +9399,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4338,7 +9412,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4357,9 +9431,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); } /** @@ -4369,8 +9443,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4383,7 +9457,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4407,14 +9481,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -4437,12 +9511,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4456,7 +9530,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_e9( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4471,10 +9545,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4484,7 +9558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4501,7 +9575,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4531,22 +9605,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( error_2, message, result); return result; } @@ -4557,7 +9631,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_94( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4580,9 +9654,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_94(v); } /** @@ -4592,15 +9666,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4621,7 +9695,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_940( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4644,9 +9718,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_9b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_940(v); } /** @@ -4656,15 +9730,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4687,10 +9761,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4703,7 +9777,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4721,7 +9795,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4736,7 +9810,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_941( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4759,9 +9833,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_9b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_941(v); } /** @@ -4771,15 +9845,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4798,7 +9872,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_942( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4821,9 +9895,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_9b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_942(v); } /** @@ -4833,15 +9907,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4862,9 +9936,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); } /** @@ -4885,15 +9959,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4901,7 +9975,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4910,33 +9984,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_c8( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4961,12 +10035,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4974,8 +10048,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -5005,7 +10079,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5021,14 +10095,13 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_44( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -5053,7 +10126,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_88( +static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -5072,10 +10145,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5084,7 +10157,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5094,32 +10167,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc( + libcrux_ml_kem_ind_cca_kdf_43_44( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -5127,7 +10200,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5151,16 +10226,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_cb(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( private_key, ciphertext, ret); } @@ -5220,14 +10295,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5239,7 +10314,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5249,7 +10324,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5258,9 +10333,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5268,11 +10343,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5306,17 +10381,17 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( private_key, ciphertext, ret); } @@ -5330,13 +10405,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -5348,7 +10422,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5372,15 +10446,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5388,9 +10462,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5398,7 +10472,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5408,27 +10482,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -5449,13 +10523,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -5464,7 +10538,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, uu____1); } @@ -5487,11 +10561,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5503,7 +10577,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5517,7 +10591,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5527,7 +10601,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -5555,14 +10629,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4(uu____0, uu____1); } @@ -5573,7 +10647,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( uu____0, uu____1); } @@ -5585,10 +10659,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b_s { +typedef struct tuple_9b0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; +} tuple_9b0; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -5597,8 +10671,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -5608,7 +10682,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5625,7 +10699,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5633,7 +10707,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_a1( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5649,14 +10723,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -5680,12 +10754,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5702,10 +10776,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5713,15 +10787,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5732,12 +10806,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5770,7 +10844,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } /** @@ -5780,14 +10854,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5809,7 +10883,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5828,7 +10902,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5845,7 +10919,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5853,7 +10927,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -5879,19 +10953,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5910,7 +10984,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5939,7 +11013,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5972,7 +11046,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5982,13 +11056,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -5997,12 +11071,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); } /** @@ -6018,18 +11092,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( uu____0); } @@ -6048,9 +11122,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_86( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -6068,10 +11142,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } } @@ -6086,7 +11160,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_75( +libcrux_ml_kem_polynomial_clone_d5_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6114,7 +11188,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6124,7 +11198,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6132,7 +11206,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6140,7 +11214,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_75(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_ea(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6152,13 +11226,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -6200,11 +11274,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -6212,7 +11286,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( uu____0); } @@ -6227,18 +11301,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), + libcrux_ml_kem_types_as_slice_a8_06(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -6246,7 +11320,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -6274,7 +11348,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_880( +static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6293,10 +11367,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6305,7 +11379,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6315,32 +11389,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72( + libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -6348,7 +11422,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -6373,16 +11449,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_cb0(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( private_key, ciphertext, ret); } @@ -6396,9 +11472,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); } /** @@ -6420,15 +11496,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6436,9 +11512,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6446,7 +11522,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6456,27 +11532,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -6498,13 +11574,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -6513,7 +11589,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( uu____0, uu____1); } @@ -6525,9 +11601,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -6538,12 +11614,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -6556,7 +11632,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( ring_element); deserialized_pk[i0] = uu____0; } @@ -6573,16 +11649,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -6600,16 +11676,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -6619,6 +11695,16 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 92b3e6d06..432df7253 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_avx2_H @@ -20,2759 +20,98 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" #include "libcrux_sha3_portable.h" -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, - uint64_t c) { - return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( - Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( - Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); - } - } -} - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -typedef libcrux_sha3_generic_keccak_KeccakState_29 - libcrux_sha3_avx2_x4_incremental_KeccakState; +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 108f13034..44f2cfac1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_portable_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -79,14 +80,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -198,7 +199,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +234,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -262,12 +263,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -277,7 +278,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -288,9 +289,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -304,8 +305,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -315,7 +316,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -326,9 +327,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -342,8 +343,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -353,7 +354,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -364,9 +365,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -380,8 +381,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -391,7 +392,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -402,9 +403,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -418,8 +419,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -429,9 +430,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -445,8 +446,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -456,7 +457,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -467,9 +468,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -483,8 +484,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -494,7 +495,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -505,9 +506,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -521,8 +522,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -532,7 +533,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -543,9 +544,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -559,8 +560,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -570,7 +571,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -581,9 +582,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -597,8 +598,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -608,7 +609,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -619,9 +620,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -635,8 +636,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -646,7 +647,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -657,9 +658,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -673,8 +674,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -684,7 +685,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -695,9 +696,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -711,8 +712,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -722,7 +723,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -733,9 +734,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -749,8 +750,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -760,7 +761,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -771,9 +772,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -787,8 +788,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -798,7 +799,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -809,9 +810,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -825,8 +826,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -836,7 +837,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -847,9 +848,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -863,8 +864,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -874,7 +875,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -885,9 +886,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -901,8 +902,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -912,7 +913,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -923,9 +924,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -939,8 +940,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -950,7 +951,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -961,9 +962,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -977,8 +978,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -988,7 +989,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -999,9 +1000,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1015,8 +1016,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1026,7 +1027,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1037,9 +1038,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1053,8 +1054,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1064,7 +1065,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1075,9 +1076,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1091,8 +1092,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1102,7 +1103,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1113,9 +1114,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1129,8 +1130,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1140,7 +1141,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1151,9 +1152,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1167,8 +1168,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1177,7 +1178,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1213,76 +1214,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1292,7 +1293,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1328,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1349,7 +1350,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1361,14 +1362,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1379,13 +1380,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1393,11 +1394,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -1409,12 +1410,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -1425,7 +1426,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1445,8 +1446,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1454,7 +1455,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1475,12 +1476,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1495,9 +1496,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -1508,10 +1509,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1536,9 +1537,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1548,9 +1549,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1560,10 +1561,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1573,11 +1574,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1601,10 +1602,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1615,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1626,12 +1627,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1639,7 +1640,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1657,12 +1658,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -1673,18 +1674,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } /** @@ -1692,7 +1693,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1721,12 +1722,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -1736,13 +1737,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1750,11 +1751,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1766,12 +1767,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1782,7 +1783,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1802,8 +1803,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1811,7 +1812,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1832,12 +1833,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1853,9 +1854,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -1866,10 +1867,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1894,9 +1895,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1906,9 +1907,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1918,10 +1919,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1931,11 +1932,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1959,10 +1960,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1973,7 +1974,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1984,12 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1997,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2015,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2031,18 +2032,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } /** @@ -2053,7 +2054,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2073,8 +2074,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2085,10 +2086,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2099,7 +2100,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2110,12 +2111,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2123,7 +2124,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2141,12 +2142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2157,293 +2158,3079 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); } -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); } -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_58( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); +} -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_and_not_xor_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); } -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_constant_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( + Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( + Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- RATE= 168 +- $2size_t */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_generic_keccak_new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa with const generics -- RATE= 168 +- BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 */ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_580( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- BLOCKSIZE= 168 +- LEFT= 36 +- RIGHT= 28 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c1( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_580(ab); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 +- LEFT= 36 +- RIGHT= 28 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_581( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- RATE= 168 +- LEFT= 3 +- RIGHT= 61 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c10( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_581(ab); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- BLOCKSIZE= 168 +- LEFT= 3 +- RIGHT= 61 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_582( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c11( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_582(ab); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_583( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c12( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_583(ab); } -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); +} -typedef uint8_t libcrux_sha3_Algorithm; +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c13( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_58(ab); +} -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_584( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c14( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_585( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c15( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_586( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c16( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_587( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c17( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_588( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c18( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_589( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c19( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5810( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c110( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5811( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c111( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5812( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c112( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5813( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c113( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5814( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c114( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5815( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c115( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5816( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c116( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5817( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c117( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5818( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c118( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5819( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c119( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5820( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c120( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5821( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c121( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5822( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c122( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_a0(s); + libcrux_sha3_generic_keccak_chi_b0(s); + libcrux_sha3_generic_keccak_iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_59(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_590(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_591(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_neon_keccakx2_6e1(buf0, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState_fc + libcrux_sha3_neon_x2_incremental_KeccakState; + +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); +} + +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); +} + +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; + +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_7a(); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_252(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_391(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); +} + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { case libcrux_sha3_Sha224: { uu____0 = (size_t)28U; break; @@ -2456,27 +5243,385 @@ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { uu____0 = (size_t)48U; break; } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_392(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_392(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_7a(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } - return uu____0; } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics - RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; core_result_Result_56 dst; @@ -2501,14 +5646,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -2516,27 +5661,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -2546,14 +5691,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -2561,10 +5706,10 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2578,24 +5723,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; + size_t uu____2 = (size_t)104U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, @@ -2612,14 +5757,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2632,12 +5777,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -2645,13 +5790,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2674,11 +5819,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2686,11 +5831,11 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2698,12 +5843,276 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_7a(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_391(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types uint64_t +with const generics +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } } /** @@ -2711,13 +6120,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2738,27 +6147,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 144 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -2766,20 +6175,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2792,17 +6201,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -2810,123 +6219,183 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 144 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); } +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.simd.arm64.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_simd_arm64_load_block_3c2(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2936,81 +6405,121 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.arm64.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f2(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3026,57 +6535,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f2(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3093,51 +6602,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3146,174 +6655,308 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); + } + } } -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_592(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); } -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } } -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); } -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c3(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa with const generics -- BLOCKSIZE= 168 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.store_block with const generics -- RATE= 168 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f3(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa with const generics -- BLOCKSIZE= 168 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3328,19 +6971,58 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( } } +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); +} + /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3357,51 +7039,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 +- N= 2 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3413,78 +7095,43 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.portable.keccakx1 +A monomorphic instance of libcrux_sha3.neon.keccakx2 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); -} - -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_593(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); } /** @@ -3495,7 +7142,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3503,62 +7150,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_251(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** @@ -3635,6 +7282,12 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } +typedef core_core_arch_arm_shared_neon_uint64x2_t + libcrux_sha3_simd_arm64_uint64x2_t; + +typedef libcrux_sha3_generic_keccak_KeccakState_fc + libcrux_sha3_neon_x2_incremental_KeccakState2Internal; + typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From 3b167081b5099827f761c1760e0427765c45b825 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 19 Aug 2024 05:24:20 +0000 Subject: [PATCH 068/348] Set verification_status for mlkem --- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 38 ++++++++++++------- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 38 ++++++++++++------- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 38 ++++++++++++------- libcrux-ml-kem/src/mlkem1024.rs | 3 ++ libcrux-ml-kem/src/mlkem512.rs | 3 ++ libcrux-ml-kem/src/mlkem768.rs | 3 ++ 6 files changed, 84 insertions(+), 39 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index dbb30e27b..89228f7dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -22,23 +22,35 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) - private_key ciphertext + let result:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 4) (sz 3168) (sz 1536) (sz 1568) (sz 1568) + (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1600) + private_key ciphertext + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) - (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 4) (sz 1568) (sz 1568) (sz 1536) (sz 1408) + (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) - (sz 1536) - (sz 3168) - (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 4) + (sz 1536) + (sz 3168) + (sz 1568) + (sz 1536) + (sz 2) + (sz 128) + randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index c86f78fff..ff822c32d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -20,23 +20,35 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) - private_key ciphertext + let result:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 2) (sz 1632) (sz 768) (sz 800) (sz 768) + (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) (sz 800) + private_key ciphertext + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 2) (sz 768) (sz 800) (sz 768) (sz 640) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) - (sz 768) - (sz 1632) - (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 2) + (sz 768) + (sz 1632) + (sz 800) + (sz 768) + (sz 3) + (sz 192) + randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 32636e9a5..76724125e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -22,23 +22,35 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) - private_key ciphertext + let result:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cca.Multiplexing.decapsulate (sz 3) (sz 2400) (sz 1152) (sz 1184) (sz 1088) + (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) (sz 1120) + private_key ciphertext + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let encapsulate (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) (randomness: t_Array u8 (sz 32)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) - (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.encapsulate (sz 3) (sz 1088) (sz 1184) (sz 1152) (sz 960) + (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let generate_key_pair (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) - (sz 1152) - (sz 2400) - (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184) = + Libcrux_ml_kem.Ind_cca.Multiplexing.generate_keypair (sz 3) + (sz 1152) + (sz 2400) + (sz 1184) + (sz 1152) + (sz 2) + (sz 128) + randomness + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index dcd227715..276f83e67 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -328,6 +328,7 @@ pub fn validate_public_key(public_key: MlKem1024PublicKey) -> Option (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)") @@ -352,6 +353,7 @@ pub fn generate_key_pair( /// The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(not(eurydice))] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|res| fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem1024_encapsulate ${public_key}.f_value $randomness in let (res_ciphertext, res_shared_secret) = $res in @@ -383,6 +385,7 @@ pub fn encapsulate( /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. #[cfg(not(eurydice))] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|res| fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem1024_decapsulate ${private_key}.f_value ${ciphertext}.f_value in valid ==> $res == shared_secret") diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 849f866ab..88916a625 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -321,6 +321,7 @@ pub fn validate_public_key(public_key: MlKem512PublicKey) -> Option (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)") @@ -343,6 +344,7 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem512 /// The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(not(eurydice))] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|res| fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem512_encapsulate ${public_key}.f_value $randomness in let (res_ciphertext, res_shared_secret) = $res in @@ -374,6 +376,7 @@ pub fn encapsulate( /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. #[cfg(not(eurydice))] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|res| fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem512_decapsulate ${private_key}.f_value ${ciphertext}.f_value in valid ==> $res == shared_secret") diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 67a4e7ee3..e2733a16f 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -324,6 +324,7 @@ pub fn validate_public_key(public_key: MlKem768PublicKey) -> Option (${res}.f_sk.f_value == secret_key /\\ ${res}.f_pk.f_value == public_key)") @@ -346,6 +347,7 @@ pub fn generate_key_pair(randomness: [u8; KEY_GENERATION_SEED_SIZE]) -> MlKem768 /// The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] /// bytes of `randomness`. #[cfg(not(eurydice))] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|res| fstar!("let ((ciphertext, shared_secret), valid) = Spec.MLKEM.Instances.mlkem768_encapsulate ${public_key}.f_value $randomness in let (res_ciphertext, res_shared_secret) = $res in @@ -377,6 +379,7 @@ pub fn encapsulate( /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. #[cfg(not(eurydice))] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|res| fstar!("let (shared_secret, valid) = Spec.MLKEM.Instances.mlkem768_decapsulate ${private_key}.f_value ${ciphertext}.f_value in valid ==> $res == shared_secret") From 225340ea05967fa66a0abc566e3a9d417aef0980 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 19 Aug 2024 05:35:49 +0000 Subject: [PATCH 069/348] Update MLKEM Makefile --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 79a9679a7..a13b693fc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,16 +1,12 @@ # This is the list of modules that are fully admitted. # All other modules have individual annotations on their functions indicating verification status ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Ind_cca.fst \ - Libcrux_ml_kem.Ind_cpa.fst \ - Libcrux_ml_kem.Ind_cpa.fsti \ + Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Matrix.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ Libcrux_ml_kem.Vector.Avx2.Compress.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ From 98038ceab5a0037433b38d1fa442d27d786a8d7c Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 19 Aug 2024 11:24:41 +0000 Subject: [PATCH 070/348] Make polynomial.rs panic-free --- .../extraction/Libcrux_ml_kem.Polynomial.fst | 87 ++++++++++--------- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 27 +++--- .../Libcrux_ml_kem.Vector.Traits.fsti | 83 ++++++++++-------- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/polynomial.rs | 10 +++ libcrux-ml-kem/src/vector/traits.rs | 35 ++++++++ 6 files changed, 156 insertions(+), 87 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index f56e0f64e..e9d375205 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let impl__ZERO +let impl_2__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -29,7 +29,7 @@ let impl__ZERO <: t_PolynomialRingElement v_Vector -let impl__add_error_reduce +let impl_2__add_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -81,7 +81,7 @@ let impl__add_error_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl__add_message_error_reduce +let impl_2__add_message_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -139,7 +139,7 @@ let impl__add_message_error_reduce in result -let impl__add_standard_error_reduce +let impl_2__add_standard_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -189,7 +189,7 @@ let impl__add_standard_error_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl__add_to_ring_element +let impl_2__add_to_ring_element (#v_Vector: Type0) (v_K: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -239,14 +239,14 @@ let impl__add_to_ring_element let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl__from_i16_array +let impl_2__from_i16_array (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a: t_Slice i16) = - let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in + let result:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range usize) @@ -286,14 +286,14 @@ let impl__from_i16_array in result -let impl__ntt_multiply +let impl_2__ntt_multiply (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = - let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in + let out:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range usize) @@ -307,43 +307,50 @@ let impl__ntt_multiply (fun out i -> let out:t_PolynomialRingElement v_Vector = out in let i:usize = i in - { - out with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients - i - (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector - #FStar.Tactics.Typeclasses.solve - (self.f_coefficients.[ i ] <: v_Vector) - (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 + let _:Prims.unit = + assert (64 + 4 * v i < 128); + assert (64 + 4 * v i + 1 < 128); + assert (64 + 4 * v i + 2 < 128); + assert (64 + 4 * v i + 3 < 128) + in + let out:t_PolynomialRingElement v_Vector = + { + out with + f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients + i + (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector + #FStar.Tactics.Typeclasses.solve + (self.f_coefficients.[ i ] <: v_Vector) + (rhs.f_coefficients.[ i ] <: v_Vector) + (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 + <: + usize ] <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 + <: + usize ] <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 + <: + usize ] <: - usize ] - <: - i16) - <: - v_Vector) + i16) + <: + v_Vector) + } <: - t_Array v_Vector (sz 16) - } - <: - t_PolynomialRingElement v_Vector) + t_PolynomialRingElement v_Vector + in + out) in out -let impl__poly_barrett_reduce +let impl_2__poly_barrett_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -383,7 +390,7 @@ let impl__poly_barrett_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl__subtract_reduce +let impl_2__subtract_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 1f69a8536..ad9e5e1b4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -51,25 +51,25 @@ let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r = createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i])) -val impl__ZERO: +val impl_2__ZERO: #v_Vector: Type0 -> {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> Prims.unit -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__add_error_reduce +val impl_2__add_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__add_message_error_reduce +val impl_2__add_message_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self message result: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__add_standard_error_reduce +val impl_2__add_standard_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) @@ -77,22 +77,25 @@ val impl__add_standard_error_reduce /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise /// sum of their constituent coefficients. -val impl__add_to_ring_element +val impl_2__add_to_ring_element (#v_Vector: Type0) (v_K: usize) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__from_i16_array +val impl_2__from_i16_array (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a: t_Slice i16) - : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_PolynomialRingElement v_Vector) + (requires + (v_VECTORS_IN_RING_ELEMENT *! sz 16 <: usize) <=. (Core.Slice.impl__len #i16 a <: usize)) + (fun _ -> Prims.l_True) /// Given two `KyberPolynomialRingElement`s in their NTT representations, /// compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, -/// the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: +/// the `iᵗʰ` coefficient of the product `k\u{302}` is determined by the calculation: /// ```plaintext /// ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - ζ^(2·BitRev₇(i) + 1)) /// ``` @@ -106,23 +109,23 @@ val impl__from_i16_array /// end for /// return ĥ /// ``` -/// We say "almost" because the coefficients of the ring element output by +/// We say \"almost\" because the coefficients of the ring element output by /// this function are in the Montgomery domain. /// The NIST FIPS 203 standard can be found at /// . -val impl__ntt_multiply +val impl_2__ntt_multiply (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__poly_barrett_reduce +val impl_2__poly_barrett_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl__subtract_reduce +val impl_2__subtract_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self b: t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 2928b79ef..6f7a08406 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -6,180 +6,195 @@ open FStar.Mul class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; - f_ZERO_pre:Prims.unit -> Type0; + f_ZERO_pre:x: Prims.unit + -> pred: + Type0 + { (let _:Prims.unit = x in + true) ==> + pred }; f_ZERO_post:Prims.unit -> v_Self -> Type0; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); - f_from_i16_array_pre:t_Slice i16 -> Type0; + f_from_i16_array_pre:array: t_Slice i16 -> pred: Type0{true ==> pred}; f_from_i16_array_post:t_Slice i16 -> v_Self -> Type0; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); - f_to_i16_array_pre:v_Self -> Type0; + f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> Type0; f_to_i16_array:x0: v_Self -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); - f_add_pre:v_Self -> v_Self -> Type0; + f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_add_post:v_Self -> v_Self -> v_Self -> Type0; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); - f_sub_pre:v_Self -> v_Self -> Type0; + f_sub_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_sub_post:v_Self -> v_Self -> v_Self -> Type0; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); - f_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) (fun result -> f_multiply_by_constant_post x0 x1 result); - f_bitwise_and_with_constant_pre:v_Self -> i16 -> Type0; + f_bitwise_and_with_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> Type0; f_bitwise_and_with_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); - f_shift_right_pre:v_SHIFT_BY: i32 -> v_Self -> Type0; + f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self -> pred: Type0{true ==> pred}; f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); - f_cond_subtract_3329_pre:v_Self -> Type0; + f_cond_subtract_3329_pre:v: v_Self -> pred: Type0{true ==> pred}; f_cond_subtract_3329_post:v_Self -> v_Self -> Type0; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:v_Self -> Type0; + f_barrett_reduce_pre:v: v_Self -> pred: Type0{true ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); - f_montgomery_multiply_by_constant_pre:v_Self -> i16 -> Type0; + f_montgomery_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:v_Self -> Type0; + f_compress_1_pre:v: v_Self -> pred: Type0{true ==> pred}; f_compress_1_post:v_Self -> v_Self -> Type0; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self -> pred: Type0{true ==> pred}; f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); - f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v_Self -> Type0; + f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self + -> pred: Type0{true ==> pred}; f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); - f_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_layer_1_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> zeta2: i16 -> zeta3: i16 + -> pred: Type0{true ==> pred}; f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> pred: Type0{true ==> pred}; f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); - f_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0{true ==> pred}; f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) (fun result -> f_ntt_layer_3_step_post x0 x1 result); - f_inv_ntt_layer_1_step_pre:v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_inv_ntt_layer_1_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> zeta2: i16 -> zeta3: i16 + -> pred: Type0{true ==> pred}; f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_inv_ntt_layer_2_step_pre:v_Self -> i16 -> i16 -> Type0; + f_inv_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> pred: Type0{true ==> pred}; f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); - f_inv_ntt_layer_3_step_pre:v_Self -> i16 -> Type0; + f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0{true ==> pred}; f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) (fun result -> f_inv_ntt_layer_3_step_post x0 x1 result); - f_ntt_multiply_pre:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> Type0; + f_ntt_multiply_pre: + lhs: v_Self -> + rhs: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 + -> pred: Type0{true ==> pred}; f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:v_Self -> Type0; + f_serialize_1_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> Type0; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:t_Slice u8 -> Type0; + f_deserialize_1_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_1_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:v_Self -> Type0; + f_serialize_4_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> Type0; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:t_Slice u8 -> Type0; + f_deserialize_4_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_4_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:v_Self -> Type0; + f_serialize_5_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:t_Slice u8 -> Type0; + f_deserialize_5_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:v_Self -> Type0; + f_serialize_10_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> Type0; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:t_Slice u8 -> Type0; + f_deserialize_10_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_10_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:v_Self -> Type0; + f_serialize_11_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:t_Slice u8 -> Type0; + f_deserialize_11_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:v_Self -> Type0; + f_serialize_12_pre:a: v_Self -> pred: Type0{true ==> pred}; f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> Type0; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:t_Slice u8 -> Type0; + f_deserialize_12_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; f_deserialize_12_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); - f_rej_sample_pre:t_Slice u8 -> t_Slice i16 -> Type0; + f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index a13b693fc..c101dd0b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -4,7 +4,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Serialize.fst \ Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index e6f8f65ef..72a942f3b 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -32,6 +32,7 @@ pub(crate) struct PolynomialRingElement { pub(crate) coefficients: [Vector; VECTORS_IN_RING_ELEMENT], } +#[hax_lib::attributes] impl PolynomialRingElement { #[allow(non_snake_case)] pub(crate) fn ZERO() -> Self { @@ -42,6 +43,7 @@ impl PolynomialRingElement { } #[inline(always)] + #[requires(VECTORS_IN_RING_ELEMENT * 16 <= a.len())] pub(crate) fn from_i16_array(a: &[i16]) -> Self { let mut result = PolynomialRingElement::ZERO(); for i in 0..VECTORS_IN_RING_ELEMENT { @@ -193,6 +195,14 @@ impl PolynomialRingElement { let mut out = PolynomialRingElement::ZERO(); for i in 0..VECTORS_IN_RING_ELEMENT { + // hax_lib::assert!(64 + 4 * i < 128); + // hax_lib::assert!(64 + 4 * i + 1 < 128); + // hax_lib::assert!(64 + 4 * i + 2 < 128); + // hax_lib::assert!(64 + 4 * i + 3 < 128); + hax_lib::fstar!("assert(64 + 4 * v $i < 128); + assert(64 + 4 * v $i + 1 < 128); + assert(64 + 4 * v $i + 2 < 128); + assert(64 + 4 * v $i + 3 < 128)"); out.coefficients[i] = Vector::ntt_multiply( &self.coefficients[i], &rhs.coefficients[i], diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 87bb9138f..29e188c10 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -3,64 +3,99 @@ pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R +#[hax_lib::attributes] pub trait Operations: Copy + Clone { #[allow(non_snake_case)] + #[requires(true)] fn ZERO() -> Self; + #[requires(true)] fn from_i16_array(array: &[i16]) -> Self; + #[requires(true)] fn to_i16_array(x: Self) -> [i16; 16]; // Basic arithmetic + #[requires(true)] fn add(lhs: Self, rhs: &Self) -> Self; + #[requires(true)] fn sub(lhs: Self, rhs: &Self) -> Self; + #[requires(true)] fn multiply_by_constant(v: Self, c: i16) -> Self; // Bitwise operations + #[requires(true)] fn bitwise_and_with_constant(v: Self, c: i16) -> Self; + #[requires(true)] fn shift_right(v: Self) -> Self; // fn shift_left(v: Self) -> Self; // Modular operations + #[requires(true)] fn cond_subtract_3329(v: Self) -> Self; + #[requires(true)] fn barrett_reduce(v: Self) -> Self; + #[requires(true)] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; // Compression + #[requires(true)] fn compress_1(v: Self) -> Self; + #[requires(true)] fn compress(v: Self) -> Self; + #[requires(true)] fn decompress_ciphertext_coefficient(v: Self) -> Self; // NTT + #[requires(true)] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; + #[requires(true)] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; + #[requires(true)] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; + #[requires(true)] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; + #[requires(true)] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; + #[requires(true)] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; + #[requires(true)] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; // Serialization and deserialization + #[requires(true)] fn serialize_1(a: Self) -> [u8; 2]; + #[requires(true)] fn deserialize_1(a: &[u8]) -> Self; + #[requires(true)] fn serialize_4(a: Self) -> [u8; 8]; + #[requires(true)] fn deserialize_4(a: &[u8]) -> Self; + #[requires(true)] fn serialize_5(a: Self) -> [u8; 10]; + #[requires(true)] fn deserialize_5(a: &[u8]) -> Self; + #[requires(true)] fn serialize_10(a: Self) -> [u8; 20]; + #[requires(true)] fn deserialize_10(a: &[u8]) -> Self; + #[requires(true)] fn serialize_11(a: Self) -> [u8; 22]; + #[requires(true)] fn deserialize_11(a: &[u8]) -> Self; + #[requires(true)] fn serialize_12(a: Self) -> [u8; 24]; + #[requires(true)] fn deserialize_12(a: &[u8]) -> Self; + #[requires(true)] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } From d6111233152fe392e83036ad6c29da60f591aef9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 20 Aug 2024 08:31:15 +0200 Subject: [PATCH 071/348] use latest hax/main, that includes hacspec/hax#856 --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b7b58c2c7..1ff148870 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros-types", "paste", @@ -724,7 +724,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "proc-macro2", "quote", From ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 13:09:01 +0000 Subject: [PATCH 072/348] refresh from amd server --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 229 +- .../c/internal/libcrux_mlkem_avx2.h | 26 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 42 +- libcrux-ml-kem/c/libcrux_core.c | 306 +- libcrux-ml-kem/c/libcrux_core.h | 120 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8582 ++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 530 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8712 +-------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 575 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2859 +++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 184 +- libcrux-ml-kem/c/libcrux_sha3.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2539 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 740 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3568 +----- libcrux-ml-kem/c/libcrux_sha3_neon.h | 27 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 166 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5965 +++++++++- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 9588 ++++------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2741 ++++- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5499 ++-------- 42 files changed, 26399 insertions(+), 26994 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index d54ca40b1..cb530ac49 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 -Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 253615d5f..2dfcbe7fb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( + uint8_t value[1568U]); /** This function found in impl @@ -83,12 +85,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -97,10 +99,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -109,10 +111,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -120,10 +122,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -132,18 +134,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -152,10 +154,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( + uint8_t value[1184U]); /** This function found in impl @@ -164,12 +166,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -178,10 +180,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +192,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -201,10 +203,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -213,18 +215,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -233,10 +235,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( + uint8_t value[800U]); /** This function found in impl @@ -245,12 +247,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -259,10 +261,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -271,10 +273,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -282,17 +284,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -323,7 +325,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -333,36 +335,95 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -387,10 +448,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e44ef6e5a..28e377d29 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( uint8_t randomness[64U]); /** @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c41( +void libcrux_ml_kem_ind_cca_decapsulate_201( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( uint8_t randomness[64U]); /** @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c40( +void libcrux_ml_kem_ind_cca_decapsulate_200( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c4( +void libcrux_ml_kem_ind_cca_decapsulate_20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index c480f371d..f2a37e1b8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_a01( +void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_a00( +void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_a0( +void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 6f37ca94f..78a4a2cb4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 983924def..d110706a9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_sha3_internal_H @@ -26,14 +26,14 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -44,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } #define libcrux_sha3_Sha224 0 @@ -134,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index a24172405..605062f34 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "internal/libcrux_core.h" @@ -85,14 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -103,13 +103,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -119,14 +120,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -137,14 +138,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -154,10 +155,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -168,22 +169,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -191,7 +192,7 @@ void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -201,14 +202,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -219,14 +220,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -236,14 +237,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -254,14 +255,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -271,10 +272,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -285,22 +286,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -308,7 +309,7 @@ void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -318,14 +319,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -336,14 +337,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -353,14 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -371,14 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -388,10 +388,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -400,7 +400,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +458,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,7 +481,7 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -489,7 +489,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,6 +502,66 @@ void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 36f322946..b169a72c5 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index a19337f1b..55cdf6e81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index a230fa8ed..fbde59b63 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,18 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_69( +static void decapsulate_96( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_200(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_69(private_key, ciphertext, ret); + decapsulate_96(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_18( +static void decapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_18(private_key, ciphertext, ret); + decapsulate_unpacked_72(private_key, ciphertext, ret); } /** @@ -102,7 +102,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_c4( +static tuple_21 encapsulate_70( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c4(uu____0, uu____1); + return encapsulate_70(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_f1( +static tuple_21 encapsulate_unpacked_27( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f1(uu____0, uu____1); + return encapsulate_unpacked_27(uu____0, uu____1); } /** @@ -170,7 +170,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b7( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -181,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b7(uu____0); + return generate_keypair_ff(uu____0); } /** @@ -197,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_24(uint8_t randomness[64U]) { +generate_keypair_unpacked_d2(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 @@ -208,7 +208,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_24(uu____0); + return generate_keypair_unpacked_d2(uu____0); } /** @@ -219,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e00(uint8_t *public_key) { +static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e00(public_key.value)) { + if (validate_public_key_a30(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 46115ce9d..eaa977785 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 201cf1e6c..38d29afa1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_03( +static void decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a01(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e31(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_03(private_key, ciphertext, ret); + decapsulate_e5(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_fe( +static void decapsulate_unpacked_6e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fe(private_key, ciphertext, ret); + decapsulate_unpacked_6e(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_52( +static tuple_21 encapsulate_da( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_52(uu____0, uu____1); + return encapsulate_da(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_70( +static tuple_21 encapsulate_unpacked_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_70(uu____0, uu____1); + return encapsulate_unpacked_c8(uu____0, uu____1); } /** @@ -171,18 +171,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(uu____0); + return generate_keypair_0e(uu____0); } /** @@ -198,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_c3(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -209,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c3(uu____0); + return generate_keypair_unpacked_5a(uu____0); } /** @@ -220,14 +220,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_e11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2a1(public_key.value)) { + if (validate_public_key_e11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index deb259ece..da63b3e1e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a766a23ce..e8b65f32f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index c9b430e4e..4332da098 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem512_avx2.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_42(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_9f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_20(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_42(private_key, ciphertext, ret); + decapsulate_9f(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4b( +static void decapsulate_unpacked_a6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4b(private_key, ciphertext, ret); + decapsulate_unpacked_a6(private_key, ciphertext, ret); } /** @@ -98,7 +98,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_00( +static tuple_ec encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_00(uu____0, uu____1); + return encapsulate_8e(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_62( +static tuple_ec encapsulate_unpacked_ae( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_62(uu____0, uu____1); + return encapsulate_unpacked_ae(uu____0, uu____1); } /** @@ -166,7 +166,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9a( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b1( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -177,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9a(uu____0); + return generate_keypair_b1(uu____0); } /** @@ -193,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_df(uint8_t randomness[64U]) { +generate_keypair_unpacked_ad(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_df(uu____0); + return generate_keypair_unpacked_ad(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e0(uint8_t *public_key) { +static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e0(public_key.value)) { + if (validate_public_key_a3(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 9623db789..7138d4add 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 96f88f71f..fe1e4e668 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_4a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a00(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e30(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_80(private_key, ciphertext, ret); + decapsulate_4a(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_ff( +static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ff(private_key, ciphertext, ret); + decapsulate_unpacked_d4(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_69( +static tuple_ec encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_69(uu____0, uu____1); + return encapsulate_7d(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ed( +static tuple_ec encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ed(uu____0, uu____1); + return encapsulate_unpacked_84(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(uu____0); + return generate_keypair_df(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_aa(uint8_t randomness[64U]) { +generate_keypair_unpacked_bc(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_aa(uu____0); + return generate_keypair_unpacked_bc(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_e10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2a0(public_key.value)) { + if (validate_public_key_e10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 825e036d9..c7a16b3f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 2ac469e6e..fb6d7275c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 659c863ae..7ec20abe6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem768_avx2.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_1e( +static void decapsulate_3f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_201(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_1e(private_key, ciphertext, ret); + decapsulate_3f(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d5( +static void decapsulate_unpacked_e5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d5(private_key, ciphertext, ret); + decapsulate_unpacked_e5(private_key, ciphertext, ret); } /** @@ -98,7 +98,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_d0( +static tuple_3c encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d0(uu____0, uu____1); + return encapsulate_ec(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1f( +static tuple_3c encapsulate_unpacked_2b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1f(uu____0, uu____1); + return encapsulate_unpacked_2b(uu____0, uu____1); } /** @@ -166,7 +166,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c2( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -177,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_4e(uu____0); + return generate_keypair_c2(uu____0); } /** @@ -193,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_94(uint8_t randomness[64U]) { +generate_keypair_unpacked_51(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_94(uu____0); + return generate_keypair_unpacked_51(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e01(uint8_t *public_key) { +static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e01(public_key.value)) { + if (validate_public_key_a31(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 3feac85db..edc9d8b97 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 3cb9bd2bc..7595346ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_d6( +static void decapsulate_39( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e3(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d6(private_key, ciphertext, ret); + decapsulate_39(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_64( +static void decapsulate_unpacked_6b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_64(private_key, ciphertext, ret); + decapsulate_unpacked_6b(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ba( +static tuple_3c encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ba(uu____0, uu____1); + return encapsulate_4f(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_99( +static tuple_3c encapsulate_unpacked_08( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_99(uu____0, uu____1); + return encapsulate_unpacked_08(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(uu____0); + return generate_keypair_ff(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_69(uint8_t randomness[64U]) { +generate_keypair_unpacked_8b(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_69(uu____0); + return generate_keypair_unpacked_8b(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2a(public_key.value)) { + if (validate_public_key_e1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index da2b0fc35..f51a6740f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b7cac78d0..e66d6e928 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,11 +7,15 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +34,8575 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_a8(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +static core_core_arch_x86___m256i shift_right_ea_aa( + core_core_arch_x86___m256i vector) { + return shift_right_a8(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static core_core_arch_x86___m256i to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_ea_aa(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_ae1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_5d4( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_6b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_1b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca1(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_470(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c1(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_971( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_42(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_6c1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_451( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_75( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_451(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_75(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_d01( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_751( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_e11(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_751( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_571( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + invert_ntt_montgomery_571(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i decompress_1_91( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_711( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_00(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i compress_ea_d4( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_00(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_d4(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_000(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i compress_ea_d40( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_000(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_841( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_001(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i compress_ea_d41( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_001(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_d41(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_002(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i compress_ea_d42( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_002(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + compress_ea_d42(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_841( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_f50(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_121(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_5d3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_121( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f50(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_e51(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e9(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e9(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_f2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e90(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e90(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_cb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d0(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_52(Eurydice_slice serialized) { + return deserialize_then_decompress_10_f2(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_4b( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_52(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_4b(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e91(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d1( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e91(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_5e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d1(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e92(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d2( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e92(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_43(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_ea_5d2(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_29(Eurydice_slice serialized) { + return deserialize_then_decompress_4_5e(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_89_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_751( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = subtract_reduce_89_fe(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_07( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_251( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_29( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_751(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_07(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_251(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_051( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_c7(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_841(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_051(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_251(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_201( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_841(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_e51( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e51(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_ae0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_5d2( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_6b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_1b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca0(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_970( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_6c0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_450( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_450(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_75(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_d00( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_750( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_e10(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_750( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_570( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + invert_ntt_montgomery_570(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_710( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_d40(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_d10(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_b20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_35(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_840( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_390( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_f51(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_120(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_5d1( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_120( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f51(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_e50(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_520(Eurydice_slice serialized) { + return deserialize_then_decompress_11_cb(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_4b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_520(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_4b0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_290(Eurydice_slice serialized) { + return deserialize_then_decompress_5_43(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_750( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = subtract_reduce_89_fe(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_250( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_290( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_750(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_07(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_250(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_050( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_c7(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_840(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_050(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_250(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_200( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_840(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_e50( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e50(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_6b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_47(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_43(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_47(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_45(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_75(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + invert_ntt_montgomery_57(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_12(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_12( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_e5(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_52(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_4b(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_75( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = subtract_reduce_89_fe(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_25( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_29( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_07(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_25(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_05( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_c7(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_84(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_05(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_25(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_20( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_84(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_e5( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e5(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 36b278db1..e669d55c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,530 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index e3c234634..7dd1bf4f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,14 +7,11 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -33,8706 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_2c(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_72( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_2c(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_72(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_701( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_5d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_a64( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_701( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_b71(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( - Simd128Hash *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_7d1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_27(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_951( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_ff1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_661( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_661(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_ec(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_701( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_701(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d81( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_161(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d81( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_e01(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c1( - uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c3(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_621( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - invert_ntt_montgomery_621(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_23(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_69(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_69(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_69(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_69(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_69(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_22( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_ca0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_22(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_690(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_690(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_690(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_690(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_690(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_220( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_ca0(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_691(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d1(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_691(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_691(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_691(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_691(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_221( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_221(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_692(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d2(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_692(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_692(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_692(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_692(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_222( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_222(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_541( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d71( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_ef1(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_a63( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_021(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_ef1( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_201(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_021(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b7(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b7(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b7(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b7(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b7(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_60( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_13(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_60(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b70(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b70(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b70(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b70(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b70(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_600( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_cd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_600(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_da0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_13(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7e1( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_da0(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_700(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b71(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b71(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b71(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b71(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b71(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_601( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_bf(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_601(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b72(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b72(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b72(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b72(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b72(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_602( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_46(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_602(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_7b0(Eurydice_slice serialized) { - return deserialize_then_decompress_4_bf(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_89_b3(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_441( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = subtract_reduce_89_b3(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_571( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_7e1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_7b0( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_441(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a0(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_571(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_b71( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_e9(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_9b1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_b71(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_571(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_5b1( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_9b1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_021( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_021(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_5d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_a62( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_b70(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( - Simd128Hash *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_7d0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_950( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_ff0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_660( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_660(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_ec(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_700( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d80( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_160(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d80( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_620( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - invert_ntt_montgomery_620(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_540( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d70( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_ef0(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_a61( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_020(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_ef0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_020(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7e0( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_da0(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_700(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_440( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = subtract_reduce_89_b3(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_570( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_7e0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_7b0( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_440(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a0(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_570(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_b70( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_e9(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_9b0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_b70(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_570(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_5b0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_9b0(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_020( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_020(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_b7(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( - Simd128Hash *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_7d(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_66( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_66(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_ec(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_e00(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c0( - uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - invert_ntt_montgomery_62(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_220(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_55(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_84(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_2b(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d7( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_ef(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_02(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_ef( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_200(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_02(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_da(Eurydice_slice serialized) { - return deserialize_then_decompress_11_cd(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7e( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_da(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_70(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_7b(Eurydice_slice serialized) { - return deserialize_then_decompress_5_46(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_44( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = subtract_reduce_89_b3(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_57( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_7e(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_7b( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_44(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a0(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_57(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_b7( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_e9(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_9b(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_b7(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_57(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_5b( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_9b(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_02( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_02(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 39cdcd9d7..d224d23d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,576 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 66a522c1e..b3596a256 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,407 +68,20 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -476,8 +89,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } KRML_MUSTINLINE uint8_t_x11 @@ -676,6 +289,28 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -715,6 +350,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1320,68 +1486,311 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1470,6 +1879,112 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -1718,7 +2233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1746,8 +2261,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1772,12 +2287,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1789,7 +2304,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1803,7 +2318,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1822,8 +2337,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1833,10 +2348,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_af( +to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1849,14 +2364,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re->coefficients[i0]); + to_unsigned_representative_78(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1877,7 +2392,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_e81( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -1896,7 +2411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -1913,7 +2428,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_9a1( +static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -1921,7 +2436,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a1( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_e81(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -1942,15 +2457,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_524( + deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -1981,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -1992,10 +2507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2014,7 +2529,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_411(uint8_t input[4U][34U]) { +shake128_init_absorb_final_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2044,10 +2559,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_411(uu____0); + return shake128_init_absorb_final_751(uu____0); } /** @@ -2056,7 +2571,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2078,9 +2593,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_541(self, ret); + shake128_squeeze_first_three_blocks_101(self, ret); } /** @@ -2090,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2129,7 +2644,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_881( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2150,9 +2665,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_881(self, ret); + shake128_squeeze_next_block_ed1(self, ret); } /** @@ -2162,7 +2677,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2206,8 +2721,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); +from_i16_array_89_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2228,9 +2743,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2241,29 +2756,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( + bool done = sample_from_uniform_distribution_next_053( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_681(&xof_state, randomness); + shake128_squeeze_next_block_f1_c11(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( + done = sample_from_uniform_distribution_next_054( uu____2, sampled_coefficients, out); } } @@ -2271,7 +2786,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_991(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2284,12 +2799,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2302,7 +2817,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_2b1(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2341,7 +2856,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2363,9 +2878,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } /** @@ -2375,7 +2890,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2411,7 +2926,7 @@ sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2422,7 +2937,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2457,7 +2972,7 @@ sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2468,8 +2983,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c8(randomness); +sample_from_binomial_distribution_66(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_20(randomness); } /** @@ -2478,7 +2993,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_1c( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2507,7 +3022,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_29( +montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2521,12 +3036,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_29(b, zeta_r); + montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2540,7 +3055,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2553,7 +3068,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2570,7 +3085,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c1( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2588,7 +3103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_46( +static KRML_MUSTINLINE void ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2608,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c9( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2636,7 +3151,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2654,17 +3169,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_1c(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -2676,11 +3191,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -2691,14 +3206,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -2722,9 +3237,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2757,7 +3272,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e1( +static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -2784,7 +3299,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a1( +to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2800,14 +3315,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -2822,14 +3337,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a51( +static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2852,10 +3367,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -2871,10 +3386,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a91( +static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2882,14 +3397,14 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2900,10 +3415,10 @@ static tuple_540 generate_keypair_unpacked_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -2952,10 +3467,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_011( +static void closure_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2968,7 +3483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_22( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -2990,7 +3505,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3009,7 +3524,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3019,18 +3534,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_011(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_9d1(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_22(&ind_cpa_public_key.A[j][i1]); + clone_d5_1e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3040,13 +3555,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3086,18 +3601,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1(pk.t_as_ntt, + serialize_public_key_801(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3115,7 +3630,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6b( +static KRML_MUSTINLINE void serialize_kem_secret_key_f2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3144,7 +3659,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); + H_f1_2e1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3177,7 +3692,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3187,13 +3702,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e81(ind_cpa_keypair_randomness); + generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6b( + serialize_kem_secret_key_f2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3202,12 +3717,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_e00(uu____1); + libcrux_ml_kem_types_from_e7_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c0( - uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); } /** @@ -3220,10 +3735,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3234,11 +3749,11 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3258,7 +3773,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3276,9 +3791,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3287,7 +3802,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3311,7 +3826,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3331,7 +3846,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3351,7 +3866,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3359,7 +3874,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3371,7 +3886,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3386,7 +3901,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3403,18 +3918,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d41( +static KRML_MUSTINLINE void invert_ntt_montgomery_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -3427,7 +3942,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_b9( +static KRML_MUSTINLINE void add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3451,14 +3966,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_571( +static KRML_MUSTINLINE void compute_vector_u_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3480,11 +3995,11 @@ static KRML_MUSTINLINE void compute_vector_u_571( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_d41(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_861(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3498,7 +4013,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3512,8 +4027,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3523,7 +4038,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e9(coefficient_compressed); + decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3539,7 +4054,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_11( +add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3569,18 +4084,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c81( +compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -3590,7 +4105,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3611,9 +4126,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3622,7 +4137,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3644,8 +4159,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -3654,14 +4169,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_2d0( +static KRML_MUSTINLINE void compress_then_serialize_11_e10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3682,10 +4197,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_2d0(re, uu____0); + compress_then_serialize_11_e10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -3698,7 +4213,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_251( +static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3716,7 +4231,7 @@ static void compress_then_serialize_u_251( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d80(&re, ret); + compress_then_serialize_ring_element_u_2f0(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -3730,7 +4245,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3752,8 +4267,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -3762,14 +4277,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_09( +static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3787,7 +4302,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3809,8 +4324,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -3819,14 +4334,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_b9( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3845,9 +4360,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_b9(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -3868,14 +4383,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_651( +static void encrypt_unpacked_6c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -3883,7 +4398,7 @@ static void encrypt_unpacked_651( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -3891,32 +4406,32 @@ static void encrypt_unpacked_651( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( + PRF_f1_044( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_251( + compress_then_serialize_u_241( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d60( + compress_then_serialize_ring_element_v_310( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -3942,11 +4457,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -3958,7 +4473,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -3972,7 +4487,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -3981,7 +4496,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_200(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4000,7 +4515,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_46(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_3d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -4015,12 +4530,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4032,7 +4547,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4058,10 +4573,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_523( + deserialize_ring_elements_reduced_723( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4069,8 +4584,8 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4100,7 +4615,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4115,7 +4630,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -4142,15 +4657,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_46( + entropy_preprocess_af_3d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4158,8 +4673,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4167,7 +4682,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4177,18 +4692,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_200(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_ab(shared_secret, shared_secret_array); + kdf_af_ef(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4205,7 +4720,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4230,9 +4745,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4242,8 +4757,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_26(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_10_fc(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4255,7 +4770,7 @@ deserialize_then_decompress_10_26(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4268,7 +4783,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4293,9 +4808,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4305,8 +4820,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_29(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_11_ba(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4318,7 +4833,7 @@ deserialize_then_decompress_11_29(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4331,8 +4846,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_380(Eurydice_slice serialized) { - return deserialize_then_decompress_11_29(serialized); +deserialize_then_decompress_ring_element_u_980(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ba(serialized); } /** @@ -4341,17 +4856,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_820( +static KRML_MUSTINLINE void ntt_vector_u_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -4362,12 +4877,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_ec1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4387,9 +4902,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ec1( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_380(u_bytes); + deserialize_then_decompress_ring_element_u_980(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_820(&u_as_ntt[i0]); + ntt_vector_u_7a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4403,7 +4918,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4428,9 +4943,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4440,8 +4955,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_51(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_4_8f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4452,7 +4967,7 @@ deserialize_then_decompress_4_51(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4465,7 +4980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4490,9 +5005,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4502,8 +5017,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_bc(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_5_04(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4516,7 +5031,7 @@ deserialize_then_decompress_5_bc(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4529,8 +5044,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_bc(serialized); +deserialize_then_decompress_ring_element_v_df0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_04(serialized); } /** @@ -4544,7 +5059,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_52(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_70(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4569,17 +5084,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ac1( +compute_message_ff1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = subtract_reduce_89_52(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = subtract_reduce_89_70(v, result); return result; } @@ -4589,13 +5104,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_72( +static KRML_MUSTINLINE void compress_then_serialize_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re.coefficients[i0]); + to_unsigned_representative_78(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -4621,20 +5136,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e51( +static void decrypt_unpacked_5d1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_ec1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_af1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0b0( + deserialize_then_decompress_ring_element_v_df0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ac1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ff1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_72(message, ret0); + compress_then_serialize_message_c1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4643,7 +5158,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -4661,8 +5176,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -4687,15 +5202,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e51(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5d1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4707,7 +5222,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4717,7 +5232,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -4726,9 +5241,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -4736,10 +5251,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4758,8 +5273,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -4781,12 +5296,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_491( +static KRML_MUSTINLINE void deserialize_secret_key_591( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4798,7 +5313,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_491( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4816,10 +5331,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_5d1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_671(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_491(secret_key, secret_as_ntt); + deserialize_secret_key_591(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -4830,7 +5345,7 @@ static void decrypt_5d1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e51(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5d1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4856,7 +5371,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_a01( +void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4876,9 +5391,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a01( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_5d1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_671(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4887,7 +5402,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a01( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -4897,31 +5412,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a01( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab( + kdf_af_ef( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_ab(shared_secret0, shared_secret1); + kdf_af_ef(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -4941,12 +5456,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4958,7 +5473,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4973,7 +5488,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_e80( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -4992,7 +5507,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5009,14 +5524,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_9a0( +static KRML_MUSTINLINE void serialize_public_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_e80(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5037,15 +5552,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_522( + deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5062,10 +5577,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5076,7 +5591,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5087,10 +5602,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5109,7 +5624,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_410(uint8_t input[2U][34U]) { +shake128_init_absorb_final_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5139,10 +5654,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_410(uu____0); + return shake128_init_absorb_final_750(uu____0); } /** @@ -5151,7 +5666,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5173,9 +5688,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_540(self, ret); + shake128_squeeze_first_three_blocks_100(self, ret); } /** @@ -5185,7 +5700,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5224,7 +5739,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_880( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5245,9 +5760,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_880(self, ret); + shake128_squeeze_next_block_ed0(self, ret); } /** @@ -5257,7 +5772,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5297,9 +5812,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5310,29 +5825,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( + bool done = sample_from_uniform_distribution_next_051( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_680(&xof_state, randomness); + shake128_squeeze_next_block_f1_c10(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( + done = sample_from_uniform_distribution_next_052( uu____2, sampled_coefficients, out); } } @@ -5340,7 +5855,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_990(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5353,12 +5868,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5371,7 +5886,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_2b0(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5399,10 +5914,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5410,7 +5925,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5432,9 +5947,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -5444,8 +5959,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b8(randomness); +sample_from_binomial_distribution_660(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_85(randomness); } /** @@ -5457,11 +5972,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5472,19 +5987,19 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e30(Eurydice_array_to_slice( + sample_from_binomial_distribution_660(Eurydice_array_to_slice( (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5502,7 +6017,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e0( +static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -5528,14 +6043,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a50( +static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5558,10 +6073,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -5577,10 +6092,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_a90( +static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5588,14 +6103,14 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5606,10 +6121,10 @@ static tuple_4c generate_keypair_unpacked_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -5641,7 +6156,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -5658,10 +6173,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_010( +static void closure_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5673,7 +6188,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5692,7 +6207,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5702,18 +6217,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_010(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_9d0(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_22(&ind_cpa_public_key.A[j][i1]); + clone_d5_1e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -5723,13 +6238,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -5769,18 +6284,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0(pk.t_as_ntt, + serialize_public_key_800(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -5798,7 +6313,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b4( +static KRML_MUSTINLINE void serialize_kem_secret_key_41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -5827,7 +6342,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); + H_f1_2e0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5860,7 +6375,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5870,13 +6385,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e80(ind_cpa_keypair_randomness); + generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b4( + serialize_kem_secret_key_41( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -5885,12 +6400,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_e01(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c1( - uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -5899,7 +6414,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5921,9 +6436,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -5935,11 +6450,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5950,18 +6465,18 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5979,9 +6494,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -5990,18 +6505,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d40( +static KRML_MUSTINLINE void invert_ntt_montgomery_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -6010,14 +6525,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_570( +static KRML_MUSTINLINE void compute_vector_u_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6039,11 +6554,11 @@ static KRML_MUSTINLINE void compute_vector_u_570( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_d40(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_860(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6057,18 +6572,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c80( +compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -6078,14 +6593,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_54( +static KRML_MUSTINLINE void compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6106,10 +6621,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_54(re, uu____0); + compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6122,7 +6637,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_250( +static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6140,7 +6655,7 @@ static void compress_then_serialize_u_250( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6155,9 +6670,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_09(re, out); + compress_then_serialize_4_e5(re, out); } /** @@ -6178,14 +6693,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_650( +static void encrypt_unpacked_6c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6193,7 +6708,7 @@ static void encrypt_unpacked_650( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); + tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6201,31 +6716,31 @@ static void encrypt_unpacked_650( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( + PRF_f1_042( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_250( + compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6251,11 +6766,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6267,7 +6782,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6281,7 +6796,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6290,7 +6805,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_201(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6309,7 +6824,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_f4(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -6324,12 +6839,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6341,7 +6856,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6367,10 +6882,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_521( + deserialize_ring_elements_reduced_721( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6378,8 +6893,8 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6409,7 +6924,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6424,7 +6939,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_d3(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_f5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -6451,15 +6966,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4f( + entropy_preprocess_af_f4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6467,8 +6982,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6476,7 +6991,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6486,18 +7001,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_201(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_d3(shared_secret, shared_secret_array); + kdf_af_f5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6514,8 +7029,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_38(Eurydice_slice serialized) { - return deserialize_then_decompress_10_26(serialized); +deserialize_then_decompress_ring_element_u_98(Eurydice_slice serialized) { + return deserialize_then_decompress_10_fc(serialized); } /** @@ -6524,17 +7039,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_82( +static KRML_MUSTINLINE void ntt_vector_u_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -6545,12 +7060,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_ec0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -6570,9 +7085,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ec0( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_38(u_bytes); + deserialize_then_decompress_ring_element_u_98(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_82(&u_as_ntt[i0]); + ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6586,8 +7101,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_51(serialized); +deserialize_then_decompress_ring_element_v_df(Eurydice_slice serialized) { + return deserialize_then_decompress_4_8f(serialized); } /** @@ -6597,17 +7112,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ac0( +compute_message_ff0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = subtract_reduce_89_52(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = subtract_reduce_89_70(v, result); return result; } @@ -6621,20 +7136,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e50( +static void decrypt_unpacked_5d0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_ec0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_af0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0b( + deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ac0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ff0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_72(message, ret0); + compress_then_serialize_message_c1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6648,8 +7163,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -6674,14 +7189,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e50(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5d0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6693,7 +7208,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6703,7 +7218,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -6712,9 +7227,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -6722,10 +7237,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6743,12 +7258,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_490( +static KRML_MUSTINLINE void deserialize_secret_key_590( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6760,7 +7275,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_490( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6778,10 +7293,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_5d0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_670(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_490(secret_key, secret_as_ntt); + deserialize_secret_key_590(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -6792,7 +7307,7 @@ static void decrypt_5d0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e50(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5d0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6818,7 +7333,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_a00( +void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6837,9 +7352,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a00( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_5d0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_670(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6848,7 +7363,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a00( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6858,31 +7373,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a00( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_d3( + kdf_af_f5( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_d3(shared_secret0, shared_secret1); + kdf_af_f5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -6902,12 +7417,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6919,7 +7434,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6934,7 +7449,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_e8( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6953,7 +7468,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -6970,7 +7485,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_9a( +static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -6978,7 +7493,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_e8(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -6999,15 +7514,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_520( + deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7038,7 +7553,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7049,10 +7564,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7071,7 +7586,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_41(uint8_t input[3U][34U]) { +shake128_init_absorb_final_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7101,10 +7616,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_41(uu____0); + return shake128_init_absorb_final_75(uu____0); } /** @@ -7113,7 +7628,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7135,9 +7650,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_54(self, ret); + shake128_squeeze_first_three_blocks_10(self, ret); } /** @@ -7147,7 +7662,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7186,7 +7701,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_88( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7207,9 +7722,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_88(self, ret); + shake128_squeeze_next_block_ed(self, ret); } /** @@ -7219,7 +7734,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7259,9 +7774,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7272,29 +7787,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( + bool done = sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_68(&xof_state, randomness); + shake128_squeeze_next_block_f1_c1(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( + done = sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -7302,7 +7817,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_99(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7315,12 +7830,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7333,7 +7848,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7372,7 +7887,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7394,9 +7909,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -7408,11 +7923,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7423,14 +7938,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7453,7 +7968,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e( +static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7479,14 +7994,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a5( +static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7509,10 +8024,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7528,10 +8043,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a9( +static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7539,14 +8054,14 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7557,10 +8072,10 @@ static tuple_9b generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -7609,10 +8124,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_01( +static void closure_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7624,7 +8139,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7643,7 +8158,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7653,18 +8168,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_01(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_9d(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_22(&ind_cpa_public_key.A[j][i1]); + clone_d5_1e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -7674,13 +8189,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -7720,18 +8235,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a(pk.t_as_ntt, + serialize_public_key_80(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -7749,7 +8264,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_97( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7778,7 +8293,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); + H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -7811,7 +8326,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7821,13 +8336,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e8(ind_cpa_keypair_randomness); + generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_97( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -7836,12 +8351,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_from_e7_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); } /** @@ -7854,10 +8369,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7868,11 +8383,11 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -7897,9 +8412,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -7908,18 +8423,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -7928,14 +8443,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_57( +static KRML_MUSTINLINE void compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7957,11 +8472,11 @@ static KRML_MUSTINLINE void compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_d4(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_86(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7975,18 +8490,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c8( +compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -7999,7 +8514,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_25( +static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8017,7 +8532,7 @@ static void compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8043,14 +8558,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_65( +static void encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8058,7 +8573,7 @@ static void encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8066,31 +8581,31 @@ static void encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( + PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_25( + compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8116,11 +8631,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8132,7 +8647,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8146,7 +8661,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8155,7 +8670,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8174,7 +8689,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_39(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_56(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -8189,12 +8704,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8206,7 +8721,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8232,10 +8747,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_52( + deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8243,8 +8758,8 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8274,7 +8789,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8289,7 +8804,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_27(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -8316,15 +8831,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_39( + entropy_preprocess_af_56( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8332,8 +8847,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8341,7 +8856,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8351,18 +8866,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_6d(shared_secret, shared_secret_array); + kdf_af_27(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8380,12 +8895,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_ec( +static KRML_MUSTINLINE void deserialize_then_decompress_u_af( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8405,9 +8920,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ec( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_38(u_bytes); + deserialize_then_decompress_ring_element_u_98(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_82(&u_as_ntt[i0]); + ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8421,17 +8936,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ac( +compute_message_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = subtract_reduce_89_52(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = subtract_reduce_89_70(v, result); return result; } @@ -8445,20 +8960,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e5( +static void decrypt_unpacked_5d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_ec(ciphertext, u_as_ntt); + deserialize_then_decompress_u_af(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0b( + deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ac(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ff(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_72(message, ret0); + compress_then_serialize_message_c1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8472,8 +8987,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -8498,14 +9013,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e5(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5d(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8517,7 +9032,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8527,7 +9042,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -8536,9 +9051,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -8546,10 +9061,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8567,12 +9082,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_49( +static KRML_MUSTINLINE void deserialize_secret_key_59( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8584,7 +9099,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_49( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8602,10 +9117,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_5d(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_67(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_49(secret_key, secret_as_ntt); + deserialize_secret_key_59(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8616,7 +9131,7 @@ static void decrypt_5d(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8642,7 +9157,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_a0( +void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8661,9 +9176,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_5d(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_67(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -8672,7 +9187,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -8682,31 +9197,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6d( + kdf_af_27( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_6d(shared_secret0, shared_secret1); + kdf_af_27(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index add9d4b95..fb4bb6956 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -477,6 +419,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -492,6 +483,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 0adf52479..8330670f7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_H @@ -26,35 +26,35 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -113,7 +113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 454d3c0cf..74008b788 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,85 +7,2530 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index f031b706b..8c1635b0b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_avx2_H @@ -20,46 +20,53 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - -libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index cd1f05dbb..f39b36172 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -198,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -274,12 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -289,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -316,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -327,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -354,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -365,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -392,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -403,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -430,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -441,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -457,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -468,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -495,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -506,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -533,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -544,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -571,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -582,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -609,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -620,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -647,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -658,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -685,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -696,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -723,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -734,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -761,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -772,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -799,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -810,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -837,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -848,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -875,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -886,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -913,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -924,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -951,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -989,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1000,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1027,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1038,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1065,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1076,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1103,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1114,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1141,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1152,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1179,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1189,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1225,76 +1225,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1389,7 +1389,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1417,7 +1417,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1454,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1466,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1477,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1518,12 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1534,7 +1534,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1562,7 +1562,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1599,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1611,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1626,12 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -1641,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1655,12 +1655,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1689,10 +1689,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1715,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1743,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1768,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1815,11 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); } /** @@ -1827,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** @@ -1871,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1885,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1901,12 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1945,7 +1945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1966,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -2000,10 +2000,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2040,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2052,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2065,11 +2065,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2093,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2107,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2118,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2165,11 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); } /** @@ -2177,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -2221,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2235,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2251,12 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -2267,7 +2267,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2295,7 +2295,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2316,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2350,10 +2350,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2390,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2402,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2415,11 +2415,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2443,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2468,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2515,11 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } /** @@ -2531,12 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -2546,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2560,12 +2560,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2594,10 +2594,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2620,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2648,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2662,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2673,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2720,11 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } /** @@ -2735,7 +2735,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2766,10 +2766,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2838,11 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } /** @@ -2850,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** @@ -2894,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2908,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2924,12 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** @@ -2940,7 +2940,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2968,7 +2968,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2989,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3022,10 +3022,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3062,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3074,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3087,11 +3087,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3115,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3129,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3187,11 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 3130b58fc..460d5a51f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,3560 +7,76 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); -} - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6a5424103..a3fd0fbba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_neon_H @@ -20,19 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -40,19 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState_fc +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d54ca40b1..cb530ac49 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 -Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index e43445be6..4e1e51db7 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_core_H @@ -53,6 +53,8 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -76,6 +78,118 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_6f_tags; + +/** +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_1c(core_result_Result_6f self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_34(core_result_Result_7a self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_e8(core_result_Result_cd self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -107,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_06( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_63( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -122,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_57(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -155,7 +269,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -171,7 +285,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_e0(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -200,7 +314,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_20(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -216,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -226,7 +340,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -239,18 +353,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_00_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -283,7 +392,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -305,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_88( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_9f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -316,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -334,7 +443,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -347,23 +456,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t - -*/ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; - /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -391,18 +490,13 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; - /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 5303fbfc1..5af8da87c 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index e67555cd5..f078580e7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,6 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -43,9 +45,5968 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( + void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( + core_core_arch_x86___m256i x, int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, + int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, + Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( + Eurydice_slice input, Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_e1(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_8d(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b7( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b7( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f40( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b70( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f40( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_11_07( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b70( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f(serialized); +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f41( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b71( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f41( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b71( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f42( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f42( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( + re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ntt_multiply_89_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_subtract_reduce_89_8d( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_message_72( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_8d(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1a( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_shift_right_ea_eb( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1a(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_shift_right_ea_eb(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_77(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_1d(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_67(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( + Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + typedef libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_Simd256Hash; +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( + Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_slice input, uint8_t ret[128U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = + libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_1d( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b0( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d0(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b0( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_1d0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b1( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d1(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b1( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_1d1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b2( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d2(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b2( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + libcrux_ml_kem_vector_avx2_compress_ea_1d2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_71( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_01( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_1d(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_ca( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_01(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6(key_pair, ciphertext, + ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( + Eurydice_slice randomness, uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9(uu____0, + uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( + uu____0, uu____1); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_42( + self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_c6( + size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b5( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_clone_d5_60( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b5(i, + A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_14( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t kdf_input[64U]; + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1088U, + libcrux_ml_kem_types_as_slice_a8_63(ciphertext), + uint8_t, Eurydice_slice), + ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t ret1[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), + ret1); + memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_010( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_1d(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_14( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_010(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( + Eurydice_slice randomness, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( + uu____0, uu____1); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 474841aed..f54652b72 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,7 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -48,7 +47,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; + libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -123,862 +122,260 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; @@ -1002,13 +399,14 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1035,8 +433,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } static KRML_MUSTINLINE void @@ -1056,43 +454,565 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** @@ -1100,192 +1020,124 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1294,216 +1146,53 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } return v; } @@ -1512,292 +1201,159 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); return v; } @@ -1806,268 +1362,44 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** @@ -2075,21 +1407,34 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** @@ -2097,23 +1442,33 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; } /** @@ -2121,22 +1476,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; } /** @@ -2144,57 +1532,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; } - return v; + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } + return result; } /** @@ -2202,98 +1600,144 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2302,128 +1746,171 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2432,143 +1919,191 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2577,286 +2112,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -2969,4530 +2226,199 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { - size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); -} - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, - uint8_t ret[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( - uint8_t input[3U][34U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uint8_t input[3U][34U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_43_33( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_24(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_46( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a9(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4(serialized); -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5d( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ntt_multiply_89_16( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_subtract_reduce_89_88( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_message_cc( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_88(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_shift_right_20_97( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_shift_right_20_97(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_36( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - libcrux_ml_kem_matrix_compute_message_cc(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_36(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_e1(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_46(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_f3( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = - libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_27(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_ca( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_91( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_270( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_910( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_270(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_910( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_271( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_911( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_271(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_911( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_272( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_912( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_272(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - libcrux_ml_kem_vector_neon_compress_20_912( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_matrix_compute_ring_element_v_9b( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_6e( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_33( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fa( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( - uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_standard_domain_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_fc( - self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e6( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_clone_d5_8c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_polynomial_clone_d5_8c(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_6c_f5( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_6e0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_f5( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( - uu____0, uu____1); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return sampled; } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( - uint8_t *public_key); +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -7514,7 +2440,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_02(void) { +libcrux_ml_kem_polynomial_ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -7542,8 +2468,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_1d(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_fc(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7553,10 +2479,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -7578,12 +2504,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -7596,7 +2522,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -7624,8 +2550,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c0(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ef(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7635,7 +2561,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7660,9 +2586,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( v); } @@ -7673,10 +2599,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_77( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -7688,7 +2614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_77( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( coefficient); re.coefficients[i0] = uu____0; } @@ -7702,7 +2628,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7727,9 +2653,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( v); } @@ -7740,10 +2666,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_580( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_98( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -7755,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_580( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( coefficient); re.coefficients[i0] = uu____0; } @@ -7769,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_77(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -7786,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -7800,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -7819,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -7832,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -7849,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7869,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7892,7 +2818,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7923,7 +2849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -7941,21 +2867,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -7967,12 +2893,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -7993,10 +2919,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_f0(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_de(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8010,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8035,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( v); } @@ -8048,10 +2974,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_08( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_47( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -8062,7 +2988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_08( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( coefficient); re.coefficients[i0] = uu____0; } @@ -8076,7 +3002,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8101,9 +3027,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( v); } @@ -8114,10 +3040,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_c0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -8130,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -8144,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_08(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_47(serialized); } /** @@ -8160,11 +3086,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_f7( +libcrux_ml_kem_polynomial_ntt_multiply_89_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8197,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8223,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8250,7 +3176,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8273,7 +3199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8295,7 +3221,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -8303,7 +3229,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -8316,7 +3242,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -8331,7 +3257,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -8348,22 +3274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -8377,7 +3303,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_60( +libcrux_ml_kem_polynomial_subtract_reduce_89_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -8403,21 +3329,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_37( +libcrux_ml_kem_matrix_compute_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_60(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_78(v, result); return result; } @@ -8427,7 +3353,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8447,9 +3373,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_bf( +libcrux_ml_kem_vector_portable_shift_right_0d_4b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); } /** @@ -8459,10 +3385,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_af( +libcrux_ml_kem_vector_traits_to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); + libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -8476,13 +3402,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d0( +libcrux_ml_kem_serialize_compress_then_serialize_message_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -8511,21 +3437,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_37(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d0(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8539,11 +3465,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_e8(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_06(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8554,7 +3480,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_e8(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_34(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8568,7 +3494,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8578,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -8597,9 +3523,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); } /** @@ -8610,9 +3536,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8622,10 +3548,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -8651,12 +3577,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -8669,7 +3595,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -8686,8 +3612,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8697,10 +3623,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -8720,7 +3646,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -8752,11 +3678,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uu____0); } @@ -8767,7 +3693,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -8792,10 +3718,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( self, ret); } @@ -8807,7 +3733,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8850,7 +3776,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -8875,10 +3801,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, ret); } @@ -8890,7 +3816,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8937,9 +3863,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8961,8 +3887,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_48( +libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8974,7 +3900,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8982,25 +3908,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -9008,7 +3934,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); } memcpy( ret, ret0, @@ -9022,12 +3948,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -9045,7 +3971,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -9086,10 +4012,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b00_s { +typedef struct tuple_b0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b00; +} tuple_b0; /** A monomorphic instance of @@ -9102,8 +4028,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9112,7 +4038,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9135,9 +4061,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } /** @@ -9147,7 +4073,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9184,7 +4110,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9195,7 +4121,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9231,7 +4157,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9242,9 +4168,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( randomness); } @@ -9254,7 +4180,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -9278,20 +4204,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -9303,12 +4229,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9322,21 +4248,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9354,8 +4280,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9367,12 +4293,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9386,11 +4312,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -9399,7 +4325,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9412,7 +4338,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -9431,9 +4357,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); } /** @@ -9443,8 +4369,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9457,7 +4383,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -9481,14 +4407,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -9511,12 +4437,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9530,7 +4456,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_e9( +libcrux_ml_kem_vector_traits_decompress_1_89( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -9545,10 +4471,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9558,7 +4484,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -9575,7 +4501,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -9605,22 +4531,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_c8( +libcrux_ml_kem_matrix_compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( error_2, message, result); return result; } @@ -9631,7 +4557,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_94( +libcrux_ml_kem_vector_portable_compress_compress_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9654,9 +4580,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b( +libcrux_ml_kem_vector_portable_compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_94(v); + return libcrux_ml_kem_vector_portable_compress_compress_be(v); } /** @@ -9666,15 +4592,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_54( +libcrux_ml_kem_serialize_compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_31( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -9695,7 +4621,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_940( +libcrux_ml_kem_vector_portable_compress_compress_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9718,9 +4644,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b0( +libcrux_ml_kem_vector_portable_compress_0d_310( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_940(v); + return libcrux_ml_kem_vector_portable_compress_compress_be0(v); } /** @@ -9730,15 +4656,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_2d( +libcrux_ml_kem_serialize_compress_then_serialize_11_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_310( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -9761,10 +4687,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -9777,7 +4703,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9795,7 +4721,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -9810,7 +4736,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_941( +libcrux_ml_kem_vector_portable_compress_compress_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9833,9 +4759,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b1( +libcrux_ml_kem_vector_portable_compress_0d_311( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_941(v); + return libcrux_ml_kem_vector_portable_compress_compress_be1(v); } /** @@ -9845,15 +4771,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_09( +libcrux_ml_kem_serialize_compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_311( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -9872,7 +4798,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_942( +libcrux_ml_kem_vector_portable_compress_compress_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9895,9 +4821,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b2( +libcrux_ml_kem_vector_portable_compress_0d_312( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_942(v); + return libcrux_ml_kem_vector_portable_compress_compress_be2(v); } /** @@ -9907,15 +4833,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b9( +libcrux_ml_kem_serialize_compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_9b2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_312( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -9936,9 +4862,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } /** @@ -9959,15 +4885,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9975,7 +4901,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -9984,33 +4910,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c8( + libcrux_ml_kem_matrix_compute_ring_element_v_1f( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -10035,12 +4961,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -10048,8 +4974,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -10079,7 +5005,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -10095,7 +5021,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_44( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -10126,7 +5052,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( +static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -10145,10 +5071,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_06(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -10157,7 +5083,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -10167,32 +5093,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_44( + libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -10226,16 +5152,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_cb(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( private_key, ciphertext, ret); } @@ -10295,14 +5221,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10314,7 +5240,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10324,7 +5250,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -10333,9 +5259,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -10343,11 +5269,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -10381,17 +5307,17 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( private_key, ciphertext, ret); } @@ -10405,7 +5331,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -10422,7 +5348,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -10446,15 +5372,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -10462,9 +5388,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -10472,7 +5398,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10482,19 +5408,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -10523,13 +5449,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -10538,7 +5464,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d(uu____0, uu____1); } @@ -10561,11 +5487,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10577,7 +5503,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10591,7 +5517,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -10601,7 +5527,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -10629,14 +5555,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15(uu____0, uu____1); } @@ -10647,7 +5573,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( uu____0, uu____1); } @@ -10659,10 +5585,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b0_s { +typedef struct tuple_9b_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b0; +} tuple_9b; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -10671,8 +5597,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -10682,7 +5608,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_a1( +libcrux_ml_kem_vector_traits_to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -10699,7 +5625,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -10707,7 +5633,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_a1( + libcrux_ml_kem_vector_traits_to_standard_domain_3e( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -10723,14 +5649,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -10754,12 +5680,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -10776,10 +5702,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10787,15 +5713,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -10806,12 +5732,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -10844,7 +5770,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } /** @@ -10854,14 +5780,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -10883,7 +5809,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -10902,7 +5828,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -10919,7 +5845,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -10927,7 +5853,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -10953,19 +5879,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -10984,7 +5910,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -11013,7 +5939,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -11046,7 +5972,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -11056,13 +5982,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -11071,12 +5997,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -11092,18 +6018,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uu____0); } @@ -11122,9 +6048,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_86( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_ac( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11142,10 +6068,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_52( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -11160,7 +6086,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_ea( +libcrux_ml_kem_polynomial_clone_d5_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -11188,7 +6114,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -11198,7 +6124,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -11206,7 +6132,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_52(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -11214,7 +6140,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_ea(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_f7(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -11226,13 +6152,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -11274,11 +6200,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -11286,7 +6212,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( uu____0); } @@ -11301,18 +6227,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d2( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_06(ciphertext), + libcrux_ml_kem_types_as_slice_a8_63(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -11320,7 +6246,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -11348,7 +6274,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -11367,10 +6293,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_06(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -11379,7 +6305,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -11389,32 +6315,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da( + libcrux_ml_kem_ind_cca_kdf_6c_d2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -11449,16 +6375,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_cb0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( private_key, ciphertext, ret); } @@ -11472,9 +6398,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } /** @@ -11496,15 +6422,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -11512,9 +6438,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -11522,7 +6448,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -11532,19 +6458,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -11574,13 +6500,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -11589,7 +6515,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( uu____0, uu____1); } @@ -11601,9 +6527,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11614,12 +6540,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -11632,7 +6558,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -11649,16 +6575,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -11676,16 +6602,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -11695,16 +6621,6 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 432df7253..2e86dfce4 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_avx2_H @@ -20,98 +20,2759 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +#include "libcrux_core.h" #include "libcrux_sha3_portable.h" +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, + uint64_t c) { + return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_generic_keccak_new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_71(s); + libcrux_sha3_generic_keccak_pi_01(s); + libcrux_sha3_generic_keccak_chi_9b(s); + libcrux_sha3_generic_keccak_iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(&s); + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = + libcrux_sha3_generic_keccak_new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + } + } +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_keccak_14(buf0, buf); } -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; +typedef libcrux_sha3_generic_keccak_KeccakState_29 + libcrux_sha3_avx2_x4_incremental_KeccakState; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return libcrux_sha3_generic_keccak_new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 44f2cfac1..dd93141a1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -80,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -199,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -234,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -263,12 +262,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -278,7 +277,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -289,9 +288,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -305,8 +304,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -316,7 +315,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -327,9 +326,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -343,8 +342,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -354,7 +353,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -365,9 +364,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -381,8 +380,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -392,7 +391,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -403,9 +402,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -419,8 +418,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -430,9 +429,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -446,8 +445,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -457,7 +456,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -468,9 +467,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -484,8 +483,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -495,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -506,9 +505,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -522,8 +521,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -533,7 +532,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -544,9 +543,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -560,8 +559,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -571,7 +570,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -582,9 +581,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -598,8 +597,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -609,7 +608,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -620,9 +619,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -636,8 +635,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -647,7 +646,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -658,9 +657,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -674,8 +673,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -685,7 +684,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -696,9 +695,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -712,8 +711,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -723,7 +722,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -734,9 +733,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -750,8 +749,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -761,7 +760,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -772,9 +771,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -788,8 +787,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -799,7 +798,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -810,9 +809,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -826,8 +825,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -837,7 +836,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -848,9 +847,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -864,8 +863,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -875,7 +874,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -886,9 +885,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -902,8 +901,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -913,7 +912,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -924,9 +923,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -940,8 +939,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -951,7 +950,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -962,9 +961,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -978,8 +977,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -989,7 +988,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1000,9 +999,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1016,8 +1015,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1027,7 +1026,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1038,9 +1037,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1054,8 +1053,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1065,7 +1064,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1076,9 +1075,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1092,8 +1091,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1103,7 +1102,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1114,9 +1113,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1130,8 +1129,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1141,7 +1140,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1152,9 +1151,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1168,8 +1167,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1178,7 +1177,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1214,76 +1213,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1293,7 +1292,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1328,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1350,7 +1349,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1362,14 +1361,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1380,13 +1379,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1394,11 +1393,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -1410,12 +1409,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -1426,7 +1425,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1446,8 +1445,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1455,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1476,12 +1475,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1496,9 +1495,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -1509,10 +1508,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1537,9 +1536,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1549,9 +1548,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1561,10 +1560,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1574,11 +1573,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1602,10 +1601,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1616,7 +1615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1627,12 +1626,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1640,7 +1639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1658,12 +1657,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -1674,18 +1673,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -1693,7 +1692,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1722,12 +1721,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -1737,13 +1736,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1751,11 +1750,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1767,12 +1766,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1783,7 +1782,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1803,8 +1802,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1812,7 +1811,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1833,12 +1832,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1854,9 +1853,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -1867,10 +1866,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1895,9 +1894,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1907,9 +1906,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1919,10 +1918,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1932,11 +1931,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1960,10 +1959,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1974,7 +1973,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1985,12 +1984,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1998,7 +1997,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2016,12 +2015,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2032,18 +2031,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -2054,7 +2053,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2074,8 +2073,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2086,10 +2085,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2100,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2111,12 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2124,7 +2123,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2142,12 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2158,3470 +2157,326 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_58( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_and_not_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_constant_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); -} +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); +static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_generic_keccak_new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - return lit; +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- BLOCKSIZE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_580( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- LEFT= 36 -- RIGHT= 28 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_580(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t with const generics -- LEFT= 36 -- RIGHT= 28 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_581( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_722(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- LEFT= 3 -- RIGHT= 61 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_581(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- LEFT= 3 -- RIGHT= 61 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_582( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_582(ab); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_583( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_583(ab); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); -} +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_58(ab); -} +typedef uint8_t libcrux_sha3_Algorithm; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_584( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_585( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_586( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_587( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_588( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_589( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5810( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c110( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5811( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c111( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5812( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c112( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5813( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c113( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5814( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c114( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5815( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c115( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5816( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c116( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5817( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c117( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5818( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c118( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5819( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c119( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5820( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c120( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5821( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c121( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5822( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c122( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_a0(s); - libcrux_sha3_generic_keccak_chi_b0(s); - libcrux_sha3_generic_keccak_iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_59(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_590(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_591(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_neon_keccakx2_6e1(buf0, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, - Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_252(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); -} - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; core_result_Result_56 dst; @@ -5646,14 +2501,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -5661,27 +2516,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -5691,14 +2546,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -5706,10 +2561,10 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -5723,24 +2578,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, @@ -5757,14 +2612,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -5777,12 +2632,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -5790,13 +2645,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -5819,11 +2674,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -5831,288 +2686,24 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -6120,13 +2711,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -6147,27 +2738,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -6175,20 +2766,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6201,17 +2792,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -6219,183 +2810,123 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c2(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6405,121 +2936,81 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; + size_t uu____2 = (size_t)104U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f2(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6535,57 +3026,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f2(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6602,51 +3093,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6658,305 +3149,171 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_592(uu____0, out); +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t with const generics -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6971,58 +3328,19 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( } } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -7039,51 +3357,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -7095,43 +3413,78 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 104 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_593(uu____0, out); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); +} + +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -7142,7 +3495,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -7150,62 +3503,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_251(s, buf); + libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** @@ -7282,12 +3635,6 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } -typedef core_core_arch_arm_shared_neon_uint64x2_t - libcrux_sha3_simd_arm64_uint64x2_t; - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState2Internal; - typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From 8ea45081e35795a173f186d13f6c84d7f767c543 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 14:15:33 +0000 Subject: [PATCH 073/348] regen c --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 26 +- .../c/internal/libcrux_mlkem_avx2.h | 8 +- .../c/internal/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 38 +- libcrux-ml-kem/c/libcrux_core.c | 185 +- libcrux-ml-kem/c/libcrux_core.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 118 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 118 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 3415 ++++++++------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 14 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3928 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 90 +- libcrux-ml-kem/c/libcrux_sha3.h | 79 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 744 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 35 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 605 ++- libcrux-ml-kem/c/libcrux_sha3_neon.c | 39 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 39 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 84 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 35 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1694 ++++--- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2195 +++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 725 ++- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 731 +-- 43 files changed, 9365 insertions(+), 6471 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index cb530ac49..8f2f9d27d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 0576bfc67e99aae86c51930421072688138b672b +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 +Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,25 +90,26 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 2dfcbe7fb..95fb8cd69 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_core_H @@ -139,6 +139,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -220,6 +223,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -289,6 +295,9 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -320,6 +329,9 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -340,6 +352,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -348,6 +363,9 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 28e377d29..92f3e8455 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f2a37e1b8..def1624ad 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 78a4a2cb4..d603711fc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d110706a9..03ca80d96 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,11 +24,17 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -63,6 +69,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -70,6 +79,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -167,6 +182,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -174,6 +192,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -181,11 +202,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -193,6 +220,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 605062f34..a5f2f39b1 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,14 +28,17 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -43,6 +49,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -50,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -89,10 +98,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -124,10 +134,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -142,10 +153,11 @@ with const generics */ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -173,10 +185,12 @@ with const generics */ Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -186,12 +200,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } @@ -206,10 +218,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -241,10 +254,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -259,10 +273,11 @@ with const generics */ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -290,10 +305,12 @@ with const generics */ Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -303,12 +320,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -323,10 +338,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -357,10 +373,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -375,10 +392,11 @@ with const generics */ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -395,6 +413,9 @@ uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -404,12 +425,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -433,6 +452,9 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -442,12 +464,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -462,10 +482,12 @@ with const generics */ Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -475,15 +497,16 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -493,12 +516,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b169a72c5..943b4e083 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 55cdf6e81..b5cf3724c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index fbde59b63..05d316a3a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem1024_avx2.h" @@ -42,6 +42,13 @@ static void decapsulate_96( libcrux_ml_kem_ind_cca_decapsulate_200(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +56,9 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( decapsulate_96(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -78,6 +88,13 @@ static void decapsulate_unpacked_72( ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -106,20 +123,32 @@ static tuple_21 encapsulate_70( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_70(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_70(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -143,20 +172,32 @@ static tuple_21 encapsulate_unpacked_27( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_27(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_27(uu____0, copy_of_randomness); } /** @@ -172,18 +213,26 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_ff(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -198,17 +247,23 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 generate_keypair_unpacked_d2(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d2(copy_of_randomness); } /** @@ -223,6 +278,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index eaa977785..26425cbb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 38d29afa1..0032daf9a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem1024_portable.h" @@ -42,6 +42,13 @@ static void decapsulate_e5( libcrux_ml_kem_ind_cca_decapsulate_e31(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +56,9 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( decapsulate_e5(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -78,6 +88,13 @@ static void decapsulate_unpacked_6e( ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -106,20 +123,32 @@ static tuple_21 encapsulate_da( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_da(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_da(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -143,20 +172,32 @@ static tuple_21 encapsulate_unpacked_c8( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c8(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_c8(uu____0, copy_of_randomness); } /** @@ -173,18 +214,26 @@ generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_0e(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -199,17 +248,23 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 generate_keypair_unpacked_5a(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_5a(copy_of_randomness); } /** @@ -224,6 +279,11 @@ static bool validate_public_key_e11(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index da63b3e1e..624ef0798 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e8b65f32f..df871eb6d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 4332da098..364933d64 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem512_avx2.h" @@ -41,12 +41,22 @@ static void decapsulate_9f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_20(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_9f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_a6( ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_ec encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_8e(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_ec encapsulate_unpacked_ae( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ae(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ae(uu____0, copy_of_randomness); } /** @@ -168,18 +207,26 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b1( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_b1(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -194,17 +241,23 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 generate_keypair_unpacked_ad(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_ad(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_ad(copy_of_randomness); } /** @@ -219,6 +272,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 7138d4add..893c5c37d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index fe1e4e668..8a3ec38f0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem512_portable.h" @@ -41,12 +41,22 @@ static void decapsulate_4a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_e30(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_4a(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_d4( ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_ec encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_7d(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_ec encapsulate_unpacked_84( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_84(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_84(uu____0, copy_of_randomness); } /** @@ -169,18 +208,26 @@ generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_df(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -195,17 +242,23 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae generate_keypair_unpacked_bc(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_bc(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_bc(copy_of_randomness); } /** @@ -220,6 +273,11 @@ static bool validate_public_key_e10(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index c7a16b3f2..5626a47b6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index fb6d7275c..62edf65bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 7ec20abe6..7abc80c7d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem768_avx2.h" @@ -41,12 +41,22 @@ static void decapsulate_3f( libcrux_ml_kem_ind_cca_decapsulate_201(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_3f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_e5( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_3c encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ec(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_3c encapsulate_unpacked_2b( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2b(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_2b(uu____0, copy_of_randomness); } /** @@ -168,18 +207,26 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c2( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_c2(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -194,17 +241,23 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 generate_keypair_unpacked_51(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_51(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_51(copy_of_randomness); } /** @@ -219,6 +272,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index edc9d8b97..46c8025c0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7595346ef..bd8699614 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem768_portable.h" @@ -41,12 +41,22 @@ static void decapsulate_39( libcrux_ml_kem_ind_cca_decapsulate_e3(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_39(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_6b( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_3c encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4f(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_4f(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_3c encapsulate_unpacked_08( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_08(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_08(uu____0, copy_of_randomness); } /** @@ -169,18 +208,26 @@ generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_ff(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -195,17 +242,23 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 generate_keypair_unpacked_8b(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_8b(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_8b(copy_of_randomness); } /** @@ -220,6 +273,11 @@ static bool validate_public_key_e1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index f51a6740f..1efa41d23 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e66d6e928..e6f3a05e8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,8 +21,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -30,8 +29,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -66,7 +64,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -169,6 +167,10 @@ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( core_core_arch_x86___m256i vector) { @@ -651,38 +653,22 @@ KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, @@ -737,15 +723,13 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -763,38 +747,22 @@ KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, @@ -858,23 +826,20 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -891,22 +856,22 @@ void libcrux_ml_kem_vector_avx2_serialize_5_ea( KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); core_core_arch_x86___m256i coefficients_loaded0 = @@ -980,23 +945,21 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1021,16 +984,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1066,11 +1029,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1092,7 +1054,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -1141,20 +1103,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1179,16 +1139,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1239,8 +1199,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); core_core_arch_x86___m128i lower_coefficients0 = @@ -1254,8 +1214,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); @@ -1264,8 +1224,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1320,6 +1279,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1330,13 +1295,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = @@ -1345,6 +1307,12 @@ deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1359,7 +1327,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1367,7 +1335,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -1434,16 +1402,16 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1456,29 +1424,29 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1491,20 +1459,16 @@ static KRML_MUSTINLINE void serialize_public_key_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1520,14 +1484,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; deserialize_ring_elements_reduced_5d4( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_d01( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1582,11 +1546,10 @@ shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -1602,9 +1565,10 @@ generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(copy_of_input); } /** @@ -1621,10 +1585,10 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1652,6 +1616,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( shake128_squeeze_first_three_blocks_6b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1670,12 +1675,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1706,10 +1710,10 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1737,6 +1741,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( shake128_squeeze_next_block_1b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1755,12 +1800,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1795,8 +1839,7 @@ from_i16_array_89_10(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -1809,8 +1852,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -1824,33 +1867,38 @@ static KRML_MUSTINLINE void sample_from_xof_b01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(uu____0); + shake128_init_absorb_final_a9_ca1(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); + ret0[i] = closure_791(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1870,24 +1918,25 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( closure_b81(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); + sample_from_xof_b01(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1896,7 +1945,9 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -1927,14 +1978,14 @@ static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1962,6 +2013,55 @@ static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], PRFxN_1c2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1972,24 +2072,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2005,8 +2103,8 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2019,21 +2117,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2051,8 +2147,8 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2246,6 +2342,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2259,12 +2359,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2272,23 +2373,49 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( PRFxN_a9_512(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2323,6 +2450,10 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2337,11 +2468,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2385,6 +2515,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2400,22 +2533,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -2431,6 +2562,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2443,9 +2615,9 @@ static tuple_9b0 generate_keypair_unpacked_6c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -2455,53 +2627,59 @@ static tuple_9b0 generate_keypair_unpacked_6c1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -2577,12 +2755,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -2607,33 +2784,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( serialize_public_key_d01( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2655,19 +2835,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d01( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -2686,43 +2871,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -2742,12 +2921,11 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_e11(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -2756,22 +2934,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2785,12 +2967,13 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2799,16 +2982,17 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -2822,8 +3006,7 @@ with const generics static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2999,6 +3182,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3014,22 +3200,20 @@ static KRML_MUSTINLINE void compute_vector_u_001( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3073,8 +3257,8 @@ deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); + (size_t)2U * i0 + (size_t)2U, + uint8_t)); re.coefficients[i0] = decompress_1_91(coefficient_compressed);); return re; } @@ -3110,6 +3294,9 @@ add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3226,12 +3413,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3327,6 +3511,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3340,25 +3527,21 @@ static void compress_then_serialize_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3455,12 +3638,10 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( compress_ea_d41(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3557,12 +3738,10 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( compress_ea_d42(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3578,6 +3757,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3600,17 +3820,20 @@ static void encrypt_unpacked_881( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3618,18 +3841,18 @@ static void encrypt_unpacked_881( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); + deserialize_then_decompress_message_b9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -3640,12 +3863,11 @@ static void encrypt_unpacked_881( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); compress_then_serialize_u_841( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3672,46 +3894,46 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3728,11 +3950,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_121(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3747,7 +3974,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3755,7 +3982,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -3786,45 +4013,48 @@ static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a21(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3842,8 +4072,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -3871,54 +4100,51 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_121( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_e51(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4007,13 +4233,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_f2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d(coefficient); @@ -4106,13 +4329,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_cb(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d0(coefficient); @@ -4150,6 +4370,10 @@ static KRML_MUSTINLINE void ntt_vector_u_4b( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4165,10 +4389,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4181,10 +4404,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_52(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_52(u_bytes); ntt_vector_u_4b(&u_as_ntt[i0]); } memcpy( @@ -4277,12 +4498,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_5e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d1(coefficient); @@ -4375,13 +4594,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_43(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d2(re.coefficients[i0]); @@ -4426,6 +4642,12 @@ subtract_reduce_89_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4465,15 +4687,37 @@ static KRML_MUSTINLINE void compress_then_serialize_message_07( uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4492,8 +4736,7 @@ static void decrypt_unpacked_251( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = deserialize_then_decompress_ring_element_v_29( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = compute_message_751(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -4509,8 +4752,7 @@ with const generics static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4557,57 +4799,53 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4622,18 +4860,18 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4647,7 +4885,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_051( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4655,7 +4893,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_051( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -4679,14 +4917,15 @@ static void decrypt_841(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; deserialize_secret_key_051(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; decrypt_unpacked_251(&secret_key_unpacked, ciphertext, ret0); @@ -4718,17 +4957,16 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_201( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -4737,19 +4975,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( decrypt_841(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4758,40 +4993,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e51( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e51(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_e51(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4806,7 +5045,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4814,7 +5053,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -4824,6 +5063,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4836,29 +5078,29 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4871,20 +5113,16 @@ static KRML_MUSTINLINE void serialize_public_key_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4900,14 +5138,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; deserialize_ring_elements_reduced_5d2( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_d00( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4962,11 +5200,10 @@ shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); return state; } @@ -4982,9 +5219,10 @@ generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(copy_of_input); } /** @@ -5001,10 +5239,10 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -5035,6 +5273,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( shake128_squeeze_first_three_blocks_6b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5053,12 +5332,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5089,10 +5367,10 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -5123,6 +5401,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( shake128_squeeze_next_block_1b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5141,12 +5460,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5171,8 +5489,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5186,33 +5504,38 @@ static KRML_MUSTINLINE void sample_from_xof_b00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(uu____0); + shake128_init_absorb_final_a9_ca0(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); + ret0[i] = closure_790(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5232,24 +5555,25 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( closure_b80(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); + sample_from_xof_b00(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5258,7 +5582,9 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); @@ -5289,14 +5615,14 @@ static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5327,6 +5653,10 @@ static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], PRFxN_1c1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5340,12 +5670,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5353,23 +5684,26 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( PRFxN_a9_511(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5384,11 +5718,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5396,6 +5729,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5411,22 +5747,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5442,6 +5776,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5454,9 +5829,9 @@ static tuple_54 generate_keypair_unpacked_6c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; @@ -5466,53 +5841,59 @@ static tuple_54 generate_keypair_unpacked_6c0( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -5567,12 +5948,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; @@ -5597,33 +5977,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( serialize_public_key_d00( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5645,19 +6028,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d00( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -5676,43 +6064,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -5732,12 +6114,11 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_e10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5746,22 +6127,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5775,12 +6160,13 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5789,16 +6175,17 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -5839,6 +6226,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_570( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5854,22 +6244,20 @@ static KRML_MUSTINLINE void compute_vector_u_000( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -5885,6 +6273,9 @@ static KRML_MUSTINLINE void compute_vector_u_000( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5924,12 +6315,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -5948,6 +6336,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5961,25 +6352,21 @@ static void compress_then_serialize_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -5995,6 +6382,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( compress_then_serialize_5_35(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6017,17 +6445,20 @@ static void encrypt_unpacked_880( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6035,18 +6466,18 @@ static void encrypt_unpacked_880( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); + deserialize_then_decompress_message_b9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6056,14 +6487,12 @@ static void encrypt_unpacked_880( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6090,46 +6519,46 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6146,11 +6575,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_120(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6165,7 +6599,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6173,7 +6607,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -6204,45 +6638,48 @@ static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a20(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6260,8 +6697,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -6289,54 +6725,51 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_120( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_e50(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -6370,6 +6803,10 @@ static KRML_MUSTINLINE void ntt_vector_u_4b0( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6385,10 +6822,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6401,10 +6837,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_520(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_520(u_bytes); ntt_vector_u_4b0(&u_as_ntt[i0]); } memcpy( @@ -6423,6 +6857,12 @@ deserialize_then_decompress_ring_element_v_290(Eurydice_slice serialized) { return deserialize_then_decompress_5_43(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6444,6 +6884,30 @@ compute_message_750( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6462,8 +6926,7 @@ static void decrypt_unpacked_250( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = deserialize_then_decompress_ring_element_v_290( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = compute_message_750(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -6515,61 +6978,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6583,7 +7045,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_050( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6591,7 +7053,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_050( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -6615,14 +7077,15 @@ static void decrypt_840(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; deserialize_secret_key_050(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; decrypt_unpacked_250(&secret_key_unpacked, ciphertext, ret0); @@ -6655,17 +7118,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -6674,19 +7136,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( decrypt_840(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6695,40 +7154,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e50(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_e50(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6743,7 +7206,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6751,7 +7214,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -6761,6 +7224,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6773,29 +7239,29 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6809,18 +7275,15 @@ static KRML_MUSTINLINE void serialize_public_key_d0( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6836,14 +7299,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; deserialize_ring_elements_reduced_5d0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6898,11 +7361,10 @@ shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -6918,9 +7380,10 @@ generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(copy_of_input); } /** @@ -6937,10 +7400,10 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -6965,6 +7428,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( shake128_squeeze_first_three_blocks_6b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6983,12 +7487,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7019,10 +7522,10 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7047,6 +7550,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( shake128_squeeze_next_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7065,12 +7609,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7095,8 +7638,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7110,33 +7653,38 @@ static KRML_MUSTINLINE void sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(uu____0); + shake128_init_absorb_final_a9_ca(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_next_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); + ret0[i] = closure_79(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7156,24 +7704,25 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( closure_b8(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); + sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7182,7 +7731,9 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); @@ -7213,14 +7764,14 @@ static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7256,6 +7807,10 @@ sample_from_binomial_distribution_47(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_43(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7269,12 +7824,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7282,23 +7838,26 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( PRFxN_a9_51(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7313,11 +7872,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7325,6 +7883,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7340,22 +7901,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -7371,6 +7930,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7383,9 +7983,9 @@ static tuple_4c generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; @@ -7395,53 +7995,59 @@ static tuple_4c generate_keypair_unpacked_6c( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -7496,12 +8102,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; @@ -7526,33 +8131,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( serialize_public_key_d0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7574,19 +8182,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d0( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -7605,43 +8218,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -7661,12 +8268,11 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7675,20 +8281,21 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -7705,14 +8312,14 @@ static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -7737,6 +8344,9 @@ static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], PRFxN_1c0(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7750,12 +8360,13 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7764,16 +8375,17 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -7814,6 +8426,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_57( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7829,22 +8444,20 @@ static KRML_MUSTINLINE void compute_vector_u_00( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -7860,6 +8473,9 @@ static KRML_MUSTINLINE void compute_vector_u_00( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7882,6 +8498,9 @@ compute_ring_element_v_71( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7895,28 +8514,65 @@ static void compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7939,17 +8595,20 @@ static void encrypt_unpacked_88( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7957,18 +8616,18 @@ static void encrypt_unpacked_88( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); + deserialize_then_decompress_message_b9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -7979,12 +8638,11 @@ static void encrypt_unpacked_88( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -8011,46 +8669,46 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8067,11 +8725,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_12(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8086,7 +8749,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8094,7 +8757,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -8125,45 +8788,48 @@ static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8181,8 +8847,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -8210,57 +8875,58 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_12( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_e5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8276,10 +8942,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8292,10 +8957,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_52(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_52(u_bytes); ntt_vector_u_4b(&u_as_ntt[i0]); } memcpy( @@ -8303,6 +8966,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8324,6 +8993,30 @@ compute_message_75( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8342,8 +9035,7 @@ static void decrypt_unpacked_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = deserialize_then_decompress_ring_element_v_29( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -8394,61 +9086,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8462,7 +9153,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_05( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8470,7 +9161,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_05( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -8494,14 +9185,15 @@ static void decrypt_84(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; deserialize_secret_key_05(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; decrypt_unpacked_25(&secret_key_unpacked, ciphertext, ret0); @@ -8533,17 +9225,16 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -8552,19 +9243,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( decrypt_84(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -8573,34 +9261,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e5( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e5(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_e5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e669d55c8..9d7aa0ed7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem_avx2_H @@ -115,6 +115,10 @@ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( core_core_arch_x86___m256i vector); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 7dd1bf4f2..019effe21 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem_neon.h" @@ -17,8 +17,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index d224d23d5..e2979d8d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index b3596a256..f2edc753e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -75,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -95,68 +91,64 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -174,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -219,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -314,12 +295,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1018,6 +997,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +1045,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,6 +1077,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1102,6 +1119,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1413,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1465,19 +1526,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1493,26 +1552,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1523,11 +1582,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1553,32 +1612,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1594,11 +1653,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1632,40 +1689,24 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1674,11 +1715,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1706,44 +1746,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1758,11 +1798,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1795,37 +1833,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1834,17 +1871,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1882,60 +1917,52 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -1949,12 +1976,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1987,20 +2012,17 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2008,29 +2030,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2072,12 +2090,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2086,32 +2104,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2145,15 +2155,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2165,7 +2175,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2176,8 +2186,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2194,8 +2203,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2254,6 +2262,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2264,13 +2278,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2280,6 +2291,12 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2294,7 +2311,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2302,7 +2319,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -2375,16 +2392,16 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2397,29 +2414,29 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2432,20 +2449,16 @@ static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_f81(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2461,14 +2474,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2534,16 +2547,17 @@ shake128_init_absorb_final_751(uint8_t input[4U][34U]) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2560,9 +2574,10 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_751(copy_of_input); } /** @@ -2578,8 +2593,7 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2598,6 +2612,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( shake128_squeeze_first_three_blocks_101(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2616,12 +2671,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2647,11 +2701,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2670,6 +2724,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( shake128_squeeze_next_block_ed1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2688,12 +2783,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2729,8 +2823,7 @@ from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2745,8 +2838,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2761,32 +2854,37 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_053( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_next_block_f1_c11(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_054( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_991(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2807,24 +2905,25 @@ static KRML_MUSTINLINE void sample_matrix_A_231( closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2833,7 +2932,9 @@ static KRML_MUSTINLINE void sample_matrix_A_231( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2859,12 +2960,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2883,6 +2983,55 @@ static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], PRFxN_1d2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2893,24 +3042,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2926,8 +3073,8 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2940,21 +3087,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2972,8 +3117,8 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3001,9 +3146,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3108,13 +3252,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_7b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3128,7 +3272,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3138,7 +3282,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3182,6 +3326,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3196,12 +3344,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3209,23 +3358,49 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3262,6 +3437,10 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3276,13 +3455,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3331,6 +3508,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3346,22 +3526,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -3377,6 +3555,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3390,9 +3609,9 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; @@ -3402,53 +3621,59 @@ static tuple_540 generate_keypair_unpacked_f41( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3528,12 +3753,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; @@ -3558,33 +3782,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3607,19 +3834,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_801( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -3638,43 +3870,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -3695,12 +3921,11 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -3709,22 +3934,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_f2( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3739,12 +3968,13 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3753,16 +3983,17 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -3776,8 +4007,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3807,7 +4037,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3817,7 +4047,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3831,13 +4061,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3960,6 +4190,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3975,22 +4208,20 @@ static KRML_MUSTINLINE void compute_vector_u_a11( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -4036,7 +4267,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); @@ -4077,6 +4308,9 @@ add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4180,12 +4414,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_e10( uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4204,6 +4435,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4217,25 +4451,21 @@ static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; compress_then_serialize_ring_element_u_2f0(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -4287,12 +4517,10 @@ static KRML_MUSTINLINE void compress_then_serialize_4_e5( compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4344,12 +4572,10 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a3( compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4365,6 +4591,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( compress_then_serialize_5_a3(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4388,17 +4655,20 @@ static void encrypt_unpacked_6c1( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4406,18 +4676,18 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4427,14 +4697,12 @@ static void encrypt_unpacked_6c1( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); compress_then_serialize_u_241( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; compress_then_serialize_ring_element_v_310( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4462,46 +4730,46 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4518,11 +4786,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_3d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4537,7 +4810,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4545,7 +4818,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -4577,45 +4850,48 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_723( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4633,8 +4909,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4662,54 +4937,51 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_3d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_ef(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4760,13 +5032,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_fc(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4823,13 +5092,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_ba(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4869,6 +5135,10 @@ static KRML_MUSTINLINE void ntt_vector_u_7a0( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4884,10 +5154,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -4900,10 +5169,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_980(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_980(u_bytes); ntt_vector_u_7a0(&u_as_ntt[i0]); } memcpy( @@ -4958,12 +5225,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_8f(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5020,16 +5285,12 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_04(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -5077,6 +5338,12 @@ subtract_reduce_89_70(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5117,15 +5384,37 @@ static KRML_MUSTINLINE void compress_then_serialize_message_c1( uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5144,8 +5433,7 @@ static void decrypt_unpacked_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_df0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = compute_message_ff1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -5161,8 +5449,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5211,57 +5498,53 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5276,13 +5559,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5290,6 +5570,9 @@ deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5303,7 +5586,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_591( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5311,7 +5594,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_591( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -5335,14 +5618,15 @@ static void decrypt_671(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; deserialize_secret_key_591(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_5d1(&secret_key_unpacked, ciphertext, ret0); @@ -5375,17 +5659,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5394,19 +5677,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( decrypt_671(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5415,40 +5695,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ef( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_ef(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_ef(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5463,7 +5747,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5471,7 +5755,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -5481,6 +5765,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5493,29 +5780,29 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5529,18 +5816,15 @@ static KRML_MUSTINLINE void serialize_public_key_800( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_f80(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5556,14 +5840,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5629,16 +5913,17 @@ shake128_init_absorb_final_750(uint8_t input[2U][34U]) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5655,9 +5940,10 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_750(copy_of_input); } /** @@ -5673,8 +5959,7 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5693,6 +5978,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( shake128_squeeze_first_three_blocks_100(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5711,12 +6037,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5742,11 +6067,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -5765,6 +6090,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( shake128_squeeze_next_block_ed0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5783,12 +6149,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5814,8 +6179,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5830,32 +6195,37 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_051( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_next_block_f1_c10(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_052( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_990(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5876,24 +6246,25 @@ static KRML_MUSTINLINE void sample_matrix_A_230( closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -5902,7 +6273,9 @@ static KRML_MUSTINLINE void sample_matrix_A_230( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -5928,12 +6301,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -5963,6 +6335,10 @@ sample_from_binomial_distribution_660(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_85(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5977,12 +6353,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5990,23 +6367,26 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_660( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6021,13 +6401,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6037,6 +6415,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6052,22 +6433,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -6083,6 +6462,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6096,9 +6516,9 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; @@ -6108,53 +6528,59 @@ static tuple_4c0 generate_keypair_unpacked_f40( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -6211,12 +6637,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; @@ -6241,33 +6666,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6290,19 +6718,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_800( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -6321,43 +6754,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -6378,12 +6805,11 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -6392,20 +6818,21 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_41( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -6417,12 +6844,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6441,6 +6867,9 @@ static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], PRFxN_1d1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6455,12 +6884,13 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6469,16 +6899,17 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6519,6 +6950,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_860( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6534,22 +6968,20 @@ static KRML_MUSTINLINE void compute_vector_u_a10( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -6565,6 +6997,9 @@ static KRML_MUSTINLINE void compute_vector_u_a10( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6604,12 +7039,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_3b( uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -6628,6 +7060,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6641,25 +7076,21 @@ static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -6675,6 +7106,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6698,17 +7170,20 @@ static void encrypt_unpacked_6c0( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6716,18 +7191,18 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6738,12 +7213,11 @@ static void encrypt_unpacked_6c0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -6771,46 +7245,46 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6827,11 +7301,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_f4(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6846,7 +7325,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6854,7 +7333,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -6886,45 +7365,48 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_721( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6942,8 +7424,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_f5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -6971,54 +7452,51 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_f4( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_f5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -7052,6 +7530,10 @@ static KRML_MUSTINLINE void ntt_vector_u_7a( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7067,10 +7549,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7083,10 +7564,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_98(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_98(u_bytes); ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( @@ -7105,6 +7584,12 @@ deserialize_then_decompress_ring_element_v_df(Eurydice_slice serialized) { return deserialize_then_decompress_4_8f(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7126,6 +7611,30 @@ compute_message_ff0( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7144,8 +7653,7 @@ static void decrypt_unpacked_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = compute_message_ff0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -7197,61 +7705,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7265,7 +7772,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_590( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7273,7 +7780,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_590( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -7297,14 +7804,15 @@ static void decrypt_670(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; deserialize_secret_key_590(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_5d0(&secret_key_unpacked, ciphertext, ret0); @@ -7336,17 +7844,16 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -7355,19 +7862,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( decrypt_670(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -7376,40 +7880,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f5( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_f5(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_f5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7424,7 +7932,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7432,7 +7940,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -7442,6 +7950,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7454,29 +7965,29 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7489,20 +8000,16 @@ static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7518,14 +8025,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7591,16 +8098,17 @@ shake128_init_absorb_final_75(uint8_t input[3U][34U]) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7617,9 +8125,10 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_75(copy_of_input); } /** @@ -7635,8 +8144,7 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -7655,6 +8163,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( shake128_squeeze_first_three_blocks_10(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7673,12 +8222,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7704,11 +8252,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -7727,6 +8275,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( shake128_squeeze_next_block_ed(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7745,12 +8334,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7776,8 +8364,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7792,32 +8380,37 @@ static KRML_MUSTINLINE void sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_05( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_next_block_f1_c1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_050( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_99(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7838,24 +8431,25 @@ static KRML_MUSTINLINE void sample_matrix_A_23( closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -7864,7 +8458,9 @@ static KRML_MUSTINLINE void sample_matrix_A_23( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -7890,12 +8486,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -7914,6 +8509,10 @@ static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], PRFxN_1d(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7928,12 +8527,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7941,23 +8541,26 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7972,13 +8575,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -7988,6 +8589,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8003,22 +8607,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -8034,6 +8636,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8047,9 +8690,9 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -8059,53 +8702,59 @@ static tuple_9b generate_keypair_unpacked_f4( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8162,12 +8811,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -8192,33 +8840,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8241,19 +8892,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_80( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -8272,43 +8928,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -8329,12 +8979,11 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -8343,22 +8992,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8373,12 +9026,13 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8387,16 +9041,17 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8437,6 +9092,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_86( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8452,22 +9110,20 @@ static KRML_MUSTINLINE void compute_vector_u_a1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -8483,6 +9139,9 @@ static KRML_MUSTINLINE void compute_vector_u_a1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8505,6 +9164,9 @@ compute_ring_element_v_1f( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8518,28 +9180,65 @@ static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8563,17 +9262,20 @@ static void encrypt_unpacked_6c( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8581,18 +9283,18 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -8603,12 +9305,11 @@ static void encrypt_unpacked_6c( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -8636,46 +9337,46 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8692,11 +9393,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_56(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8711,7 +9417,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8719,7 +9425,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -8751,45 +9457,48 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_72( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8807,8 +9516,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_27(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -8836,57 +9544,58 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_56( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_27(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8902,10 +9611,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8918,10 +9626,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_98(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_98(u_bytes); ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( @@ -8929,6 +9635,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8950,6 +9662,30 @@ compute_message_ff( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8968,8 +9704,7 @@ static void decrypt_unpacked_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = compute_message_ff(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -9021,61 +9756,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9089,7 +9823,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_59( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9097,7 +9831,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_59( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -9121,14 +9855,15 @@ static void decrypt_67(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; deserialize_secret_key_59(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_5d(&secret_key_unpacked, ciphertext, ret0); @@ -9160,17 +9895,16 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -9179,19 +9913,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( decrypt_67(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -9200,34 +9931,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_27( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_27(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_27(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index fb4bb6956..6cd386f96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem_portable_H @@ -205,6 +205,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +239,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +282,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +413,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 8330670f7..0fe581b92 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_H @@ -22,6 +22,9 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -29,6 +32,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -36,6 +42,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -43,6 +52,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -50,6 +62,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -57,58 +72,88 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -116,11 +161,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 74008b788..fb35528f9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_sha3_avx2.h" @@ -119,14 +119,10 @@ xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -135,10 +131,11 @@ usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); + slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -148,19 +145,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -185,6 +182,9 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -236,21 +236,21 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -296,34 +296,30 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -332,34 +328,30 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -384,9 +376,10 @@ with const generics static KRML_MUSTINLINE void load_block_ef_6a( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); } /** @@ -1418,75 +1411,29 @@ static KRML_MUSTINLINE void theta_rho_71( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); core_core_arch_x86___m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1598,14 +1545,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_91( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c7(s, buf); } @@ -1621,9 +1565,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_ef_05( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); } /** @@ -1636,15 +1581,14 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -1704,23 +1648,19 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1729,36 +1669,31 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1766,40 +1701,31 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1815,22 +1741,25 @@ static KRML_MUSTINLINE void store_block_full_0b( uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1863,12 +1792,11 @@ static KRML_MUSTINLINE void squeeze_first_and_last_a4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1926,12 +1854,11 @@ static KRML_MUSTINLINE void squeeze_last_77( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1946,27 +1873,26 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2006,6 +1932,9 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], } } +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -2015,6 +1944,9 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, keccak_14(buf0, buf); } +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { return new_1e_16(); @@ -2030,21 +1962,21 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -2090,34 +2022,30 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -2126,34 +2054,30 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -2173,14 +2097,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_910( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c70(s, buf); } @@ -2196,9 +2117,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_ef_050( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); } /** @@ -2211,15 +2133,14 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -2230,6 +2151,9 @@ static KRML_MUSTINLINE void absorb_final_5e0( keccakf1600_07(s); } +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2286,23 +2210,19 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2311,36 +2231,31 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2348,40 +2263,31 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2450,6 +2356,9 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2457,6 +2366,9 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2504,6 +2416,9 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2512,6 +2427,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2519,6 +2437,9 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2527,6 +2448,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8c1635b0b..2f398d999 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_avx2_H @@ -33,38 +33,65 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index f39b36172..6a597aa5c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_internal_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,8 +262,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b3(s, buf); } @@ -277,9 +279,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1224,75 +1227,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1391,14 +1371,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1422,14 +1402,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1486,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1504,8 +1480,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b30(s, buf); } @@ -1521,9 +1497,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1536,14 +1513,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1567,14 +1544,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1629,9 +1603,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1659,11 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1699,12 +1675,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1726,12 +1702,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1748,28 +1724,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1817,9 +1792,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -1836,9 +1812,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1859,9 +1834,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -1887,8 +1863,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b33(s, buf); } @@ -1904,9 +1880,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -1919,14 +1896,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1950,14 +1927,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1970,11 +1944,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2010,12 +1985,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2076,12 +2051,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2098,28 +2073,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2167,9 +2141,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -2186,9 +2161,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2209,9 +2183,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2237,8 +2212,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b32(s, buf); } @@ -2254,9 +2229,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2269,14 +2245,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2300,14 +2276,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2320,11 +2293,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2360,12 +2334,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2426,12 +2400,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2448,28 +2422,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2517,9 +2490,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2534,9 +2508,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -2564,11 +2539,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2604,12 +2580,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2631,12 +2607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2653,28 +2629,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2722,9 +2697,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2737,14 +2713,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2771,28 +2747,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2840,9 +2815,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2859,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2882,9 +2857,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -2910,8 +2886,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b31(s, buf); } @@ -2927,9 +2903,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2942,14 +2919,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2973,14 +2950,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2993,11 +2967,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3032,12 +3007,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3098,12 +3073,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3120,28 +3095,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -3189,9 +3163,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 460d5a51f..c40d397e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,27 +4,38 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_sha3_neon.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -34,6 +45,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } +/** + Initialise the `KeccakState2`. +*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -41,6 +55,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -49,6 +66,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,6 +79,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -67,6 +92,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -74,6 +102,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index a3fd0fbba..f399cf819 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_neon_H @@ -22,10 +22,21 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -33,23 +44,43 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index cb530ac49..8f2f9d27d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 0576bfc67e99aae86c51930421072688138b672b +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 +Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 4e1e51db7..9b9fa652e 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_core_H @@ -237,10 +237,11 @@ with const generics */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -286,10 +287,11 @@ with const generics */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -315,10 +317,11 @@ with const generics */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -335,6 +338,9 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -344,12 +350,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -387,6 +391,9 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -396,12 +403,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -416,10 +421,12 @@ with const generics */ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_9f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -429,15 +436,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -447,12 +455,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 5af8da87c..f9f0d6642 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_ct_ops_H @@ -21,6 +21,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -36,15 +39,18 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } @@ -55,6 +61,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { @@ -64,11 +74,10 @@ static inline void libcrux_ml_kem_constant_time_ops_select_ct( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index f078580e7..787bb8e41 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_avx2_H @@ -30,8 +30,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -40,8 +39,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -84,7 +82,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -203,6 +201,10 @@ libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( @@ -721,38 +723,22 @@ static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, @@ -809,15 +795,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -837,38 +821,22 @@ static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, @@ -934,23 +902,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -969,22 +934,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); core_core_arch_x86___m256i coefficients_loaded0 = @@ -1060,23 +1025,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1103,16 +1066,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1150,11 +1113,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1178,7 +1140,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -1229,20 +1191,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1269,16 +1229,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1332,8 +1292,8 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); core_core_arch_x86___m128i lower_coefficients0 = @@ -1347,8 +1307,8 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); @@ -1357,8 +1317,7 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1441,18 +1400,18 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1468,7 +1427,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1476,7 +1435,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( secret_bytes); @@ -1604,13 +1563,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = @@ -1713,13 +1669,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = @@ -1922,6 +1875,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1940,10 +1897,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -1956,11 +1912,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + uint8_t); + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); } memcpy( @@ -2061,12 +2016,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = @@ -2169,13 +2122,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( @@ -2197,6 +2147,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2234,6 +2211,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_48( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2249,11 +2230,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2438,6 +2418,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_8d( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2532,16 +2518,37 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_77( uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2561,8 +2568,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, u_as_ntt); @@ -2587,14 +2593,15 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_1d(Eurydice_slice secret_key, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; libcrux_ml_kem_ind_cpa_deserialize_secret_key_67(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, @@ -2627,8 +2634,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -2662,6 +2668,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2675,13 +2687,10 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = @@ -2690,6 +2699,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2707,7 +2722,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2715,7 +2730,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( ring_element); @@ -2768,11 +2783,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -2790,10 +2804,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( - uu____0); + copy_of_input); } /** @@ -2812,10 +2827,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -2846,6 +2861,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2864,14 +2920,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -2907,10 +2962,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -2940,6 +2995,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2958,14 +3054,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3005,8 +3100,7 @@ libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -3021,8 +3115,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -3037,18 +3130,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( - uu____0); + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -3056,17 +3151,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); } memcpy( ret, ret0, @@ -3089,28 +3188,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -3179,14 +3279,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -3215,6 +3315,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3227,24 +3376,22 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3260,8 +3407,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3276,21 +3423,19 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3308,8 +3453,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3372,6 +3517,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3388,11 +3537,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3403,20 +3553,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3436,6 +3585,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3452,11 +3604,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3469,17 +3622,17 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3495,8 +3648,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3554,6 +3706,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3571,22 +3726,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3633,9 +3786,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); } @@ -3674,6 +3827,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3804,12 +3960,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3916,12 +4069,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3942,6 +4092,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3956,26 +4109,22 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -4080,12 +4229,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b7( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4190,12 +4337,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_35( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4213,6 +4358,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4236,19 +4422,21 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4257,19 +4445,19 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = libcrux_ml_kem_matrix_compute_ring_element_v_71( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4280,12 +4468,11 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -4313,46 +4500,49 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4372,8 +4562,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4403,17 +4592,16 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_decapsulate_01( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -4423,19 +4611,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4444,35 +4630,34 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -4506,6 +4691,13 @@ static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8( libcrux_ml_kem_ind_cca_decapsulate_01(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -4578,62 +4770,62 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -4664,6 +4856,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, @@ -4686,8 +4885,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4731,57 +4929,55 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4808,20 +5004,29 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( + uu____0, copy_of_randomness); } /** @@ -4848,50 +5053,53 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -4917,22 +5125,32 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -5001,6 +5219,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5018,22 +5239,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5052,6 +5271,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5065,9 +5325,9 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -5077,21 +5337,23 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5100,34 +5362,38 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -5152,16 +5418,16 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5175,29 +5441,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5211,20 +5477,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5248,20 +5510,24 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -5281,43 +5547,37 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5338,12 +5598,11 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5352,20 +5611,21 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -5383,18 +5643,23 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( - uu____0); + copy_of_randomness); } /** @@ -5481,12 +5746,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 @@ -5518,38 +5782,44 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( libcrux_ml_kem_ind_cpa_serialize_public_key_d0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -5566,19 +5836,25 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( - uu____0); + copy_of_randomness); } /** @@ -5600,21 +5876,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_14( libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, libcrux_ml_kem_types_as_slice_a8_63(ciphertext), - uint8_t, Eurydice_slice), + uint8_t), ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5644,17 +5917,16 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_decapsulate_010( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5664,19 +5936,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5685,41 +5955,43 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_6c_14( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics @@ -5748,6 +6020,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( libcrux_ml_kem_ind_cca_decapsulate_010(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -5797,60 +6076,61 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics @@ -5874,20 +6154,29 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -5904,6 +6193,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5921,7 +6216,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5929,7 +6224,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( ring_element); @@ -5954,14 +6249,14 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5982,6 +6277,11 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index f54652b72..3a4cb9119 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_portable_H @@ -32,8 +32,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -41,8 +40,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -54,8 +52,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -63,8 +60,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -136,10 +132,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -170,68 +164,64 @@ typedef struct uint8_t_x11_s { static KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -250,12 +240,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -306,66 +295,56 @@ typedef struct int16_t_x8_s { static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -401,12 +380,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1115,6 +1092,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1157,6 +1147,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1176,6 +1180,17 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1207,6 +1222,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { @@ -1481,6 +1518,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -1577,20 +1636,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U); } for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1613,26 +1670,26 @@ typedef struct uint8_t_x4_s { static KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1644,11 +1701,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1674,32 +1731,32 @@ static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1715,11 +1772,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1761,40 +1816,24 @@ typedef struct uint8_t_x5_s { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1804,11 +1843,10 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1836,44 +1874,44 @@ static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1888,11 +1926,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1925,37 +1961,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1965,17 +2000,15 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2013,60 +2046,52 @@ static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -2080,12 +2105,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2124,20 +2147,17 @@ typedef struct uint8_t_x3_s { static KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2146,29 +2166,25 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2215,12 +2231,12 @@ typedef struct int16_t_x2_s { static KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2229,32 +2245,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2289,15 +2297,15 @@ static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2309,7 +2317,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2320,8 +2328,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2338,8 +2345,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2484,13 +2490,10 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -2498,6 +2501,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2512,7 +2518,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2520,7 +2526,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( secret_bytes); @@ -2604,13 +2610,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2671,13 +2674,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2801,13 +2801,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2824,7 +2823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2834,7 +2833,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2884,6 +2882,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_de( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2901,10 +2903,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -2917,11 +2918,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + uint8_t); + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_de(&u_as_ntt[i0]); } memcpy( @@ -2979,12 +2979,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3045,16 +3043,12 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); @@ -3075,6 +3069,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_47(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3113,6 +3134,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_d5( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3127,13 +3152,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3155,7 +3178,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3165,7 +3188,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3182,13 +3204,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3322,6 +3343,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_78( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3417,16 +3444,37 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_66( libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3445,8 +3493,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = libcrux_ml_kem_matrix_compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); @@ -3470,14 +3517,15 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_06(Eurydice_slice secret_key, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; libcrux_ml_kem_ind_cpa_decrypt_unpacked_34(&secret_key_unpacked, ciphertext, @@ -3508,8 +3556,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -3541,6 +3588,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3553,13 +3606,10 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3569,6 +3619,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3585,7 +3641,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3593,7 +3649,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); @@ -3655,14 +3711,15 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], - uint8_t, Eurydice_slice)); + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); } - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -3680,10 +3737,11 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( - uu____0); + copy_of_input); } /** @@ -3701,8 +3759,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -3725,6 +3782,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3742,14 +3840,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3784,8 +3881,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -3808,6 +3904,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3825,14 +3962,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3872,8 +4008,7 @@ libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -3889,8 +4024,7 @@ generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { return libcrux_ml_kem_polynomial_from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -3905,18 +4039,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( - uu____0); + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -3924,17 +4060,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); } memcpy( ret, ret0, @@ -3957,28 +4097,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -4044,9 +4185,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -4066,6 +4206,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4077,24 +4266,22 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -4110,8 +4297,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4125,21 +4312,19 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -4157,8 +4342,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4188,9 +4373,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -4220,6 +4404,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4236,11 +4424,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4251,20 +4440,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4284,6 +4472,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4300,11 +4491,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4317,17 +4509,17 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4342,8 +4534,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4401,6 +4592,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4417,22 +4611,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -4482,7 +4674,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0; @@ -4524,6 +4716,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4605,12 +4800,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_3b( uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4669,12 +4861,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_e1( uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4694,6 +4883,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4707,26 +4899,22 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -4783,12 +4971,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_e5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4845,12 +5031,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_a3( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4867,6 +5051,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4890,19 +5115,21 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( - uu____2, domain_separator0); + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4911,19 +5138,19 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = libcrux_ml_kem_matrix_compute_ring_element_v_1f( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4934,12 +5161,11 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -4967,46 +5193,49 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5025,8 +5254,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -5055,17 +5283,16 @@ libcrux_ml_kem_ind_cca_MlKem with const generics static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5075,19 +5302,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5096,35 +5321,34 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -5158,6 +5382,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5229,62 +5460,62 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -5314,6 +5545,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5334,8 +5572,7 @@ with const generics static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -5377,57 +5614,55 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -5453,19 +5688,28 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( + uu____0, copy_of_randomness); } /** @@ -5492,50 +5736,53 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -5560,21 +5807,31 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -5643,6 +5900,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5659,22 +5919,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -5693,6 +5951,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5706,9 +6005,9 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -5718,21 +6017,23 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5741,34 +6042,38 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -5792,16 +6097,16 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5814,29 +6119,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5849,20 +6154,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5886,20 +6187,24 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_80( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -5918,43 +6223,37 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5975,12 +6274,11 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5989,20 +6287,21 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -6020,17 +6319,22 @@ generics static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( - uu____0); + copy_of_randomness); } /** @@ -6118,12 +6422,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 @@ -6155,38 +6458,44 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( libcrux_ml_kem_ind_cpa_serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -6202,18 +6511,24 @@ const generics static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( - uu____0); + copy_of_randomness); } /** @@ -6234,21 +6549,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d2( libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, libcrux_ml_kem_types_as_slice_a8_63(ciphertext), - uint8_t, Eurydice_slice), + uint8_t), ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6277,17 +6589,16 @@ libcrux_ml_kem_ind_cca_Kyber with const generics static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -6297,19 +6608,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6318,41 +6627,43 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_6c_d2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -6381,6 +6692,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6427,60 +6745,61 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -6504,19 +6823,28 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -6532,6 +6860,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6548,7 +6882,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6556,7 +6890,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); @@ -6580,14 +6914,14 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6607,6 +6941,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2e86dfce4..426dd490c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_avx2_H @@ -150,14 +150,10 @@ static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -167,10 +163,11 @@ usize> for core::core_arch::x86::__m256i)} KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + libcrux_sha3_simd_avx2_slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -181,19 +178,19 @@ libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -229,6 +226,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -282,21 +282,21 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -342,34 +342,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -378,34 +374,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -431,9 +423,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); } /** @@ -1595,75 +1588,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = + s->st[1U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = + s->st[2U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = + s->st[3U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = + s->st[4U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = + s->st[0U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = + s->st[1U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = + s->st[2U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = + s->st[3U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = + s->st[4U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = + s->st[0U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = + s->st[1U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = + s->st[2U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = + s->st[3U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = + s->st[4U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = + s->st[0U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = + s->st[1U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = + s->st[2U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = + s->st[3U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = + s->st[4U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = + s->st[0U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = + s->st[1U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = + s->st[2U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = + s->st[3U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; core_core_arch_x86___m256i uu____27 = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1784,14 +1754,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c7(s, buf); } @@ -1808,9 +1775,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); } /** @@ -1824,15 +1792,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -1896,23 +1863,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1921,36 +1884,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1958,40 +1916,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2008,22 +1957,25 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -2061,12 +2013,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2131,12 +2083,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2154,28 +2106,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( libcrux_sha3_generic_keccak_KeccakState_29 s = libcrux_sha3_generic_keccak_new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); + libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, + (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2215,6 +2166,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( } } +/** + Perform 4 SHAKE256 operations in parallel +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, @@ -2228,6 +2182,9 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** + Initialise the [`KeccakState`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { @@ -2245,21 +2202,21 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -2305,34 +2262,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -2341,34 +2294,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -2389,14 +2338,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c70(s, buf); } @@ -2413,9 +2359,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); } /** @@ -2429,15 +2376,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2451,6 +2397,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_keccakf1600_07(s); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -2510,23 +2459,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2535,36 +2480,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2572,40 +2512,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2679,6 +2610,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -2688,6 +2622,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } +/** + Squeeze another block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -2739,6 +2676,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( @@ -2748,6 +2688,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( @@ -2757,6 +2700,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( @@ -2766,6 +2712,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index dd93141a1..01a592f8b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_portable_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -265,9 +267,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1212,75 +1215,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1395,8 +1375,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b3(s, buf); } @@ -1412,9 +1392,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1427,15 +1408,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1459,14 +1439,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1479,11 +1456,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1518,12 +1496,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1584,12 +1562,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1606,28 +1584,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -1675,11 +1652,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -1701,9 +1682,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1724,9 +1704,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -1752,8 +1733,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b30(s, buf); } @@ -1769,9 +1750,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1784,15 +1766,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1816,14 +1797,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1836,11 +1814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1876,12 +1855,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1942,12 +1921,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1964,28 +1943,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2033,11 +2011,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2055,15 +2037,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2090,28 +2071,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2159,11 +2139,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2171,6 +2155,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2178,6 +2165,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2185,6 +2175,11 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -2201,6 +2196,9 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2208,6 +2206,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, @@ -2217,6 +2218,10 @@ libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2226,6 +2231,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2235,6 +2244,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); @@ -2254,9 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2272,8 +2283,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b31(s, buf); } @@ -2289,9 +2300,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2304,15 +2316,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2326,6 +2337,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_keccakf1600_85(s); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -2343,14 +2357,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2420,6 +2431,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2427,6 +2441,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2441,6 +2458,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -2483,9 +2503,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2506,9 +2525,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2534,8 +2554,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b32(s, buf); } @@ -2551,9 +2571,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2566,15 +2587,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2598,14 +2618,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2618,11 +2635,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2658,12 +2676,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2724,12 +2742,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2746,28 +2764,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2815,11 +2832,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2841,9 +2862,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2864,9 +2884,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -2892,8 +2913,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b33(s, buf); } @@ -2909,9 +2930,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -2924,15 +2946,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2956,14 +2977,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2976,11 +2994,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3016,12 +3035,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3082,12 +3101,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3104,28 +3123,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -3173,11 +3191,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3185,55 +3207,82 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -3249,9 +3298,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -3279,11 +3329,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3319,12 +3370,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3346,12 +3397,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3368,28 +3419,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -3437,11 +3487,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3449,11 +3503,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); @@ -3473,6 +3537,9 @@ static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3480,6 +3547,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3528,6 +3598,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -3535,6 +3608,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -3542,11 +3618,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -3554,6 +3636,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { From 93442bd7ae6bdc9e34ea17ec1b74847c634e3354 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 14:31:43 +0000 Subject: [PATCH 074/348] updated eurydice_glue.h from main --- libcrux-ml-kem/cg/eurydice_glue.h | 2799 +++++++++++++++++++++++++++-- 1 file changed, 2629 insertions(+), 170 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 2d6575328..d152baa36 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -1,170 +1,2629 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "karamel/target.h" - -// SLICES, ARRAYS, ETC. - -// The MSVC C++ compiler does not support compound literals. -// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++ -// compiler. -#if defined(__cplusplus) -#define CLITERAL(type) type -#else -#define CLITERAL(type) (type) -#endif - -// We represent a slice as a pair of an (untyped) pointer, along with the length -// of the slice, i.e. the number of elements in the slice (this is NOT the -// number of bytes). This design choice has two important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* -// performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the -// type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you -// need to multiply it -// by sizeof t, where t is the type of the elements. -// -// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that -// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL + -// start`). -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x -// (included), and an end index in x (excluded). The argument x must be suitably -// cast to something that can decay (see remark above about how pointer -// arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ - (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) -#define EURYDICE_SLICE_LEN(s, _) s.len -// This macro is a pain because in case the dereferenced element type is an -// array, you cannot simply write `t x` as it would yield `int[4] x` instead, -// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that -// adds an extra argument to this macro at the last minute so that we have the -// correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, r.start, r.end) -// Variant for when the start and end indices are statically known (i.e., the -// range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ - EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ - end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ - EURYDICE_SLICE((t *)x, r.start, r.end) -// Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ - EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ - EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ - EURYDICE_SLICE((t *)x, r, size) -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ - memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ - ((Eurydice_slice){.ptr = ptr_, .len = len_}) - -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ - (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ - (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ - .len = slice.len - mid}}) - -// Conversion of slice to an array, rewritten (by Eurydice) to name the -// destination array, since arrays are not values in C. -// N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ - sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, - Eurydice_slice src, size_t sz) { - *dst_tag = 0; - memcpy(dst_ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { - memcpy(buf, &v, sizeof(v)); -} -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - uint64_t v; - memcpy(&v, buf, sizeof(v)); - return v; -} - -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { - uint32_t v; - memcpy(&v, buf, sizeof(v)); - return v; -} - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { -#ifdef _MSC_VER - return __popcnt(x0); -#else - return __builtin_popcount(x0); -#endif -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { - return x + y; -} -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { - return x - y; -} - -// ITERATORS - -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = (iter_ptr)->start++})) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ - Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ - Eurydice_into_iter - -#if defined(__cplusplus) -} -#endif + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + libcrux/libcrux-ml-kem/cg/eurydice_glue.h at main · cryspen/libcrux · GitHub + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ Skip to content + + + + + + + + + + + +
+ + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+ + + + + +
+ + + + + + + + + +
+
+
+ + + + + + + + + + + + +
+ +
+ +
+ +
+ + + + / + + libcrux + + + Public +
+ + +
+ +
+ + +
+
+ +
+
+ + + + +
+ + + + + + +
+ + + + + + + + + + + + + + + + + + +

Latest commit

 

History

History
176 lines (153 loc) · 6.67 KB

eurydice_glue.h

File metadata and controls

176 lines (153 loc) · 6.67 KB
Raw
+ + + + + +
+ + + +
+
+ +
+ +
+

Footer

+ + + + +
+
+ + + + + © 2024 GitHub, Inc. + +
+ + +
+
+ + + + + + + + + + + + + + + + + + + +
+ +
+
+ + + From dfa66e6b264998443b6780081b0d0fabf014ce07 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 14:48:39 +0000 Subject: [PATCH 075/348] updated eurydice_glue.h from main --- libcrux-ml-kem/cg/eurydice_glue.h | 2805 ++--------------------------- 1 file changed, 176 insertions(+), 2629 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index d152baa36..4b994a998 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -1,2629 +1,176 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libcrux/libcrux-ml-kem/cg/eurydice_glue.h at main · cryspen/libcrux · GitHub - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- Skip to content - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
- -
- - - - - - - - -
- - - - - -
- - - - - - - - - -
-
-
- - - - - - - - - - - - -
- -
- -
- -
- - - - / - - libcrux - - - Public -
- - -
- -
- - -
-
- -
-
- - - - -
- - - - - - -
- - - - - - - - - - - - - - - - - - -

Latest commit

 

History

History
176 lines (153 loc) · 6.67 KB

eurydice_glue.h

File metadata and controls

176 lines (153 loc) · 6.67 KB
Raw
- - - - - -
- - - -
-
- -
- -
-

Footer

- - - - -
-
- - - - - © 2024 GitHub, Inc. - -
- - -
-
- - - - - - - - - - - - - - - - - - - -
- -
-
- - - +/* + * SPDX-FileCopyrightText: 2024 Eurydice Contributors + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "karamel/target.h" + +// SLICES, ARRAYS, ETC. + +// The MSVC C++ compiler does not support compound literals. +// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++ +// compiler. +#if defined(__cplusplus) +#define CLITERAL(type) type +#else +#define CLITERAL(type) (type) +#endif + +// We represent a slice as a pair of an (untyped) pointer, along with the length +// of the slice, i.e. the number of elements in the slice (this is NOT the +// number of bytes). This design choice has two important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* +// performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the +// type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you +// need to multiply it +// by sizeof t, where t is the type of the elements. +// +// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that +// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL + +// start`). +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x +// (included), and an end index in x (excluded). The argument x must be suitably +// cast to something that can decay (see remark above about how pointer +// arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) \ + (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) +#define EURYDICE_SLICE_LEN(s, _) s.len +// This macro is a pain because in case the dereferenced element type is an +// array, you cannot simply write `t x` as it would yield `int[4] x` instead, +// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that +// adds an extra argument to this macro at the last minute so that we have the +// correct type of *pointers* to elements. +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ + EURYDICE_SLICE((t *)s.ptr, r.start, r.end) +// Variant for when the start and end indices are statically known (i.e., the +// range argument `r` is a literal). +#define Eurydice_slice_subslice2(s, start, end, t) \ + EURYDICE_SLICE((t *)s.ptr, start, end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ + EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ + EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ + end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ + EURYDICE_SLICE((t *)x, r.start, r.end) +// Same as above, variant for when start and end are statically known +#define Eurydice_array_to_subslice2(x, start, end, t) \ + EURYDICE_SLICE((t *)x, start, end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ + EURYDICE_SLICE((t *)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ + EURYDICE_SLICE((t *)x, r, size) +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ + memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ + ((Eurydice_slice){.ptr = ptr_, .len = len_}) + +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ + (memcpy(dst, src, len * sizeof(elem_type))) +#define TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ + (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ + Eurydice_array_eq + +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ + .len = slice.len - mid}}) + +// Conversion of slice to an array, rewritten (by Eurydice) to name the +// destination array, since arrays are not values in C. +// N.B.: see note in karamel/lib/Inlining.ml if you change this. +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ + sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, + Eurydice_slice src, size_t sz) { + *dst_tag = 0; + memcpy(dst_ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { + memcpy(buf, &v, sizeof(v)); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + uint64_t v; + memcpy(&v, buf, sizeof(v)); + return v; +} + +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { + uint32_t v; + memcpy(&v, buf, sizeof(v)); + return v; +} + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { +#ifdef _MSC_VER + return __popcnt(x0); +#else + return __builtin_popcount(x0); +#endif +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { + return x + y; +} +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { + return x - y; +} + +// ITERATORS + +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = None}) \ + : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ + Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ + Eurydice_into_iter + +#if defined(__cplusplus) +} +#endif From 7ef53fdc335a466e6070ea8b092e96a5feac0833 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 15:38:25 +0000 Subject: [PATCH 076/348] fixes to none/tryfromslice --- libcrux-ml-kem/cg/eurydice_glue.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 4b994a998..2c1a560ef 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -93,7 +93,7 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define TryFromSliceError uint8_t +#define core_array_TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) @@ -160,8 +160,8 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None}) \ - : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next From c0829ccdf5a30923b490b50c3738e1a8bf83ff56 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 15:52:54 +0000 Subject: [PATCH 077/348] fixes to none/tryfromslice --- libcrux-ml-kem/cg/eurydice_glue.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 2c1a560ef..b9566a023 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -160,8 +160,9 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ + .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next From e83006cbf3d0d57c5b5e9cec5d198ff2134d1072 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 9 Aug 2024 09:30:12 -0400 Subject: [PATCH 078/348] WIP cca proof --- .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 8 +++++++- .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti | 16 ++++++++++++++-- .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti | 12 ++++++++++-- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst | 2 +- libcrux-ml-kem/src/ind_cca.rs | 6 ++++++ libcrux-ml-kem/src/ind_cpa.rs | 7 +++++++ 6 files changed, 45 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9f9bfdcf5..2f2333830 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -44,6 +44,7 @@ let serialize_kem_secret_key <: t_Slice u8) in + assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out @@ -68,8 +69,10 @@ let serialize_kem_secret_key <: t_Slice u8) in + assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); + assert (Seq.slice out (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + v (Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)) == public_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in - let out:t_Array u8 v_SERIALIZED_KEY_LEN = + let out1:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; @@ -123,6 +126,8 @@ let serialize_kem_secret_key <: t_Slice u8) in + admit(); + Seq.lemma_eq_intro out (Seq.append (Seq.append (Seq.append private_key public_key) (Spec.Utils.v_H public_key)) implicit_rejection_value); out let validate_public_key @@ -379,6 +384,7 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +#push-options "--z3rlimit 500" let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index a95f0965a..228954840 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -31,7 +31,13 @@ val serialize_kem_secret_key Core.Slice.impl__len #u8 private_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ Core.Slice.impl__len #u8 public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ Core.Slice.impl__len #u8 implicit_rejection_value == Spec.MLKEM.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 v_SERIALIZED_KEY_LEN = result in + result == + Seq.append private_key + (Seq.append public_key (Seq.append (Spec.Utils.v_H public_key) implicit_rejection_value) + )) /// Implements [`Variant`], to perform the ML-KEM-specific actions /// during encapsulation and decapsulation. @@ -258,4 +264,10 @@ val generate_keypair v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = + result + in + (result.f_sk.f_value, result.f_pk.f_value) == + Spec.MLKEM.ind_cca_generate_keypair v_K randomness) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index b9e8e9af3..51ca994db 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -228,5 +228,13 @@ val generate_keypair {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} (key_generation_seed: t_Slice u8) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.MLKEM.is_rank v_K /\ v_PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) + (ensures + fun result -> + let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = result in + result == Spec.MLKEM.ind_cpa_generate_keypair v_K key_generation_seed) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 021ea0b4b..3f9367017 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -295,7 +295,7 @@ val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATIO t_MLKEMCPAKeyPair r let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in - let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in + let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ed805ecee..ec21bf23c 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -44,6 +44,10 @@ pub(crate) mod instantiations; ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] +#[hax_lib::ensures(|result| fstar!("result == Seq.append $private_key ( + Seq.append $public_key ( + Seq.append (Spec.Utils.v_H $public_key) + $implicit_rejection_value))"))] fn serialize_kem_secret_key>( private_key: &[u8], public_key: &[u8], @@ -99,6 +103,8 @@ fn validate_public_key< $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] +#[hax_lib::ensures(|result| fstar!("(${result}.f_sk.f_value, ${result}.f_pk.f_value) == + Spec.MLKEM.ind_cca_generate_keypair $K $randomness"))] fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 0c3bc7f65..b046d879c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -209,6 +209,13 @@ pub(crate) fn generate_keypair_unpacked< } #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $PRIVATE_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] +#[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed"))] pub(crate) fn generate_keypair< const K: usize, const PRIVATE_KEY_SIZE: usize, From d5ce7188cada48bb2dd7fbf744d91e144a450873 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 11 Aug 2024 07:59:01 -0400 Subject: [PATCH 079/348] wip ntt --- .../proofs/fstar/spec/Spec.MLKEM.fst | 107 +++++++++++++++++- 1 file changed, 102 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 3f9367017..ee5558e74 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -118,6 +118,9 @@ let field_add a b = (a + b) % v v_FIELD_MODULUS val field_sub: field_element -> field_element -> field_element let field_sub a b = (a - b) % v v_FIELD_MODULUS +val field_neg: field_element -> field_element +let field_neg a = (0 - a) % v v_FIELD_MODULUS + val field_mul: field_element -> field_element -> field_element let field_mul a b = (a * b) % v v_FIELD_MODULUS @@ -127,18 +130,112 @@ let poly_add a b = map2 field_add a b val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt let poly_sub a b = map2 field_sub a b -assume val poly_ntt: #r:rank -> polynomial false -> polynomial true -assume val poly_inv_ntt: #r:rank -> polynomial true -> polynomial false -assume val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true + +(* +bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] +zetas = [pow(17,x) % 3329 for x in bitrev7] +zetas_mont = [pow(2,16) * x % 3329 for x in zetas] +zetas_mont_r = [(x - 3329 if x > 1664 else x) for x in zetas_mont] + +bitrev7 is +[0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120, 4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124, 2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122, 6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126, 1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121, 5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125, 3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123, 7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127] + +zetas = 17^bitrev7 is +[1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154] + +zetas_mont = zetas * 2^16 is +[2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628] + +zetas_mont_r = zetas_mont - 3329 if zetas_mont > 1664 else zetas_mont is +[-1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628] +*) + +let zetas_list : list field_element = [1; 1729; 2580; 3289; 2642; 630; 1897; 848; 1062; 1919; 193; 797; 2786; 3260; 569; 1746; 296; 2447; 1339; 1476; 3046; 56; 2240; 1333; 1426; 2094; 535; 2882; 2393; 2879; 1974; 821; 289; 331; 3253; 1756; 1197; 2304; 2277; 2055; 650; 1977; 2513; 632; 2865; 33; 1320; 1915; 2319; 1435; 807; 452; 1438; 2868; 1534; 2402; 2647; 2617; 1481; 648; 2474; 3110; 1227; 910; 17; 2761; 583; 2649; 1637; 723; 2288; 1100; 1409; 2662; 3281; 233; 756; 2156; 3015; 3050; 1703; 1651; 2789; 1789; 1847; 952; 1461; 2687; 939; 2308; 2437; 2388; 733; 2337; 268; 641; 1584; 2298; 2037; 3220; 375; 2549; 2090; 1645; 1063; 319; 2773; 757; 2099; 561; 2466; 2594; 2804; 1092; 403; 1026; 1143; 2150; 2775; 886; 1722; 1212; 1874; 1029; 2110; 2935; 885; 2154] + +let zetas : t_Array field_element (sz 128) = + assert_norm(List.Tot.length zetas_list == 128); + Rust_primitives.Arrays.of_list zetas_list + +let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let t = field_mul b zetas.[sz i] in + let b = field_sub a t in + let a = field_add a t in + (a,b) + +let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (128 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in + if idx < len then a_ntt else b_ntt) + +val poly_ntt: polynomial false -> polynomial true +let poly_ntt p = + let p = poly_ntt_layer p 7 in + let p = poly_ntt_layer p 6 in + let p = poly_ntt_layer p 5 in + let p = poly_ntt_layer p 4 in + let p = poly_ntt_layer p 3 in + let p = poly_ntt_layer p 2 in + let p = poly_ntt_layer p 1 in + p + +let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let b_minus_a = field_sub b a in + let a = field_add a b in + let b = field_mul b_minus_a zetas.[sz i] in + (a,b) + +let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (256 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in + if idx < len then a_ntt else b_ntt) + +val poly_inv_ntt: polynomial true -> polynomial false +let poly_inv_ntt p = + let p = poly_inv_ntt_layer p 1 in + let p = poly_inv_ntt_layer p 2 in + let p = poly_inv_ntt_layer p 3 in + let p = poly_inv_ntt_layer p 4 in + let p = poly_inv_ntt_layer p 5 in + let p = poly_inv_ntt_layer p 6 in + let p = poly_inv_ntt_layer p 7 in + p + +let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = + let c0 = field_add (field_mul a0 b0) (field_mul (field_mul a1 b1) zeta) in + let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in + (c0,c1) + +val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true +let poly_mul_ntt a b = + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let a0 = a.[sz (2 * (v i / 2))] in + let a1 = a.[sz (2 * (v i / 2) + 1)] in + let b0 = b.[sz (2 * (v i / 2))] in + let b1 = b.[sz (2 * (v i / 2) + 1)] in + let zeta_4 = zetas.[sz (64 + (v i/4))] in + let zeta = if v i % 4 < 2 then zeta_4 else field_neg zeta_4 in + let (c0,c1) = poly_base_case_multiply a0 a1 b0 b1 zeta in + if v i % 2 = 0 then c0 else c1) + val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt let vector_add #p a b = map2 poly_add a b val vector_ntt: #r:rank -> vector r false -> vector r true -let vector_ntt #p v = map_array (poly_ntt #p) v +let vector_ntt #p v = map_array poly_ntt v val vector_inv_ntt: #r:rank -> vector r true -> vector r false -let vector_inv_ntt #p v = map_array (poly_inv_ntt #p) v +let vector_inv_ntt #p v = map_array poly_inv_ntt v val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true let vector_mul_ntt #p a b = map2 poly_mul_ntt a b From 8b86d82d12404f33b5059a2641af8152b1488021 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 11 Aug 2024 08:08:24 -0400 Subject: [PATCH 080/348] refresh c code --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 42 +- .../c/internal/libcrux_mlkem_neon.h | 30 +- .../c/internal/libcrux_mlkem_portable.h | 30 +- .../c/internal/libcrux_sha3_internal.h | 36 +- libcrux-ml-kem/c/libcrux_core.c | 53 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 46 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 944 ++--------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 999 +----------------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 88 +- libcrux-ml-kem/c/libcrux_sha3.h | 61 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 33 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 33 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 78 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 132 +-- libcrux-ml-kem/c/libcrux_sha3_neon.h | 37 +- libcrux-ml-kem/cg/code_gen.txt | 6 +- libcrux-ml-kem/cg/libcrux_core.h | 27 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 17 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 989 +---------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 33 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 266 ++--- 41 files changed, 476 insertions(+), 4180 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 51ea8bdfc..78dff4819 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc +Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 +Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b +Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 9768fe0bb..7deb679b4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_core_H @@ -76,9 +76,6 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( uint8_t value[800U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -117,9 +114,6 @@ with const generics libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( uint8_t value[768U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -143,9 +137,6 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -166,9 +157,6 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( uint8_t value[1568U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -207,9 +195,6 @@ with const generics libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( uint8_t value[1568U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -233,9 +218,6 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -256,9 +238,6 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( uint8_t value[1184U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -297,9 +276,6 @@ with const generics libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( uint8_t value[1088U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -311,9 +287,6 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -345,9 +318,6 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -368,9 +338,6 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -379,9 +346,6 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, uint8_t ret[1120U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index d94069a73..3d5888d57 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,14 +48,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -192,14 +184,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -336,14 +320,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 37876592f..91c820eb4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -55,14 +55,6 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -203,14 +195,6 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -351,14 +335,6 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index dfbb1098a..868f1881d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,17 +24,11 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -69,9 +63,6 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -79,9 +70,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -96,9 +84,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -182,9 +167,6 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -192,9 +174,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -202,17 +181,11 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -220,9 +193,6 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d714c9f78..20d000c45 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "internal/libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -28,10 +25,6 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; @@ -50,10 +43,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -107,9 +96,6 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -162,9 +148,6 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -193,9 +176,6 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -232,9 +212,6 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -288,9 +265,6 @@ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -319,9 +293,6 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -358,9 +329,6 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -414,9 +382,6 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -430,9 +395,6 @@ uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -471,9 +433,6 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -507,9 +466,6 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -528,9 +484,6 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 7842067cd..e77989b62 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 2aeff4211..8e222f296 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 75b144194..178092bfb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -45,13 +42,6 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -59,9 +49,6 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -90,13 +77,6 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -130,13 +110,6 @@ static tuple_21 encapsulate_6b( return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -146,9 +119,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( return encapsulate_6b(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -177,16 +147,6 @@ static tuple_21 encapsulate_unpacked_1c( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { @@ -197,9 +157,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( return encapsulate_unpacked_1c(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -218,9 +175,6 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -228,9 +182,6 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_91(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -250,9 +201,6 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -261,9 +209,6 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_87(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -276,11 +221,6 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 2e9f988ca..7e0bbc8a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f826f0791..df92b5fc5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -45,13 +42,6 @@ static void decapsulate_3e( libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -59,9 +49,6 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( decapsulate_3e(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -90,13 +77,6 @@ static void decapsulate_unpacked_81( libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -130,13 +110,6 @@ static tuple_21 encapsulate_48( return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -146,9 +119,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( return encapsulate_48(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -177,16 +147,6 @@ static tuple_21 encapsulate_unpacked_ac( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { @@ -197,9 +157,6 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( return encapsulate_unpacked_ac(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -219,9 +176,6 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -229,9 +183,6 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_6e(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -251,9 +202,6 @@ generate_keypair_unpacked_f5(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -262,9 +210,6 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_f5(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -277,11 +222,6 @@ static bool validate_public_key_2a1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1b1312882..8ea1e9716 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 27da4b08a..9807a25ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 9dcf9e340..83108e30f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_ec encapsulate_f8( return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( return encapsulate_f8(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_ec encapsulate_unpacked_ce( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( return encapsulate_unpacked_ce(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,9 +171,6 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -222,9 +178,6 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1a(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -244,9 +197,6 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -255,9 +205,6 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_38(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -270,11 +217,6 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index c294c837f..cd6856831 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 822f1abca..6c174313d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_3f(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_73( libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_ec encapsulate_10( return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( return encapsulate_10(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_ec encapsulate_unpacked_49( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( return encapsulate_unpacked_49(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -213,9 +172,6 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -223,9 +179,6 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_f9(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -245,9 +198,6 @@ generate_keypair_unpacked_d6(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -256,9 +206,6 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_d6(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -271,11 +218,6 @@ static bool validate_public_key_2a0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 206d5dddf..90842b984 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 170195f36..ea3d3e6a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 45be1613b..6d20b2d78 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_3c encapsulate_ea( return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( return encapsulate_ea(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_3c encapsulate_unpacked_29( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( return encapsulate_unpacked_29(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,9 +171,6 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -222,9 +178,6 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1b(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -244,9 +197,6 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -255,9 +205,6 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_42(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -270,11 +217,6 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 1f07bf56a..8182ff91a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 3aa396cb9..6505a0266 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_03( libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_03(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_69( libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -126,13 +106,6 @@ static tuple_3c encapsulate_4b( return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -142,9 +115,6 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( return encapsulate_4b(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -173,14 +143,6 @@ static tuple_3c encapsulate_unpacked_10( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -191,9 +153,6 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( return encapsulate_unpacked_10(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -213,9 +172,6 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -223,9 +179,6 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_64(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -245,9 +198,6 @@ generate_keypair_unpacked_c5(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -256,9 +206,6 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_c5(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -271,11 +218,6 @@ static bool validate_public_key_2a(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0554a4336..1b4f22dec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 0e9d3bd4f..664d3491c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0ac3403ae..482143058 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 860605a54..7f7b104e4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "internal/libcrux_mlkem_neon.h" @@ -1324,12 +1324,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1356,12 +1350,6 @@ deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1465,9 +1453,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -1503,9 +1488,6 @@ static KRML_MUSTINLINE void serialize_secret_key_5d1( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -1683,47 +1665,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( shake128_squeeze_first_three_blocks_b71(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1807,47 +1748,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( shake128_squeeze_next_block_7d1(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2067,55 +1967,6 @@ static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], PRFxN_891(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2234,8 +2085,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_67( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = libcrux_ml_kem_vector_neon_multiply_by_constant_20( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -2336,12 +2188,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_d0( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -2355,16 +2208,17 @@ static KRML_MUSTINLINE void ntt_at_layer_1_39( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -2407,10 +2261,6 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( poly_barrett_reduce_89_5f(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -2435,11 +2285,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c0( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -2452,33 +2304,6 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2515,10 +2340,6 @@ ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2586,9 +2407,6 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -2635,47 +2453,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_951( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -2916,9 +2693,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -2974,14 +2748,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d81( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -3083,9 +2849,6 @@ sample_from_binomial_distribution_2c(Eurydice_slice randomness) { return sample_from_binomial_distribution_2_c3(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -3169,7 +2932,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3179,7 +2942,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3193,13 +2956,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3319,9 +3082,6 @@ static KRML_MUSTINLINE void add_error_reduce_89_24( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3438,9 +3198,6 @@ add_message_error_reduce_89_3a( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3672,9 +3429,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3942,47 +3696,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( compress_then_serialize_4_21(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -4139,12 +3852,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4571,10 +4278,6 @@ static KRML_MUSTINLINE void ntt_vector_u_3c0( poly_barrett_reduce_89_5f(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4607,7 +4310,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_331( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_060(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_3c0(&u_as_ntt[i0]); } memcpy( @@ -4811,7 +4516,9 @@ deserialize_then_decompress_5_25(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -4859,12 +4566,6 @@ subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4914,30 +4615,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ab( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5102,9 +4779,6 @@ deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5261,12 +4935,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_821( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5299,9 +4967,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5337,9 +5002,6 @@ static KRML_MUSTINLINE void serialize_secret_key_5d0( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5523,47 +5185,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( shake128_squeeze_first_three_blocks_b70(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5652,47 +5273,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( shake128_squeeze_next_block_7d0(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5894,10 +5474,6 @@ static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], PRFxN_890(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -5922,11 +5498,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -5939,10 +5517,6 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5972,9 +5546,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ae0( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6021,47 +5592,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_950( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6279,9 +5809,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -6337,14 +5864,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d80( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6391,9 +5910,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6471,9 +5987,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_620( poly_barrett_reduce_89_5f(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6520,9 +6033,6 @@ static KRML_MUSTINLINE void compute_vector_u_6a0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6545,9 +6055,6 @@ compute_ring_element_v_9b0( return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6583,47 +6090,6 @@ static void compress_then_serialize_u_d70( } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6780,12 +6246,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6976,10 +6436,6 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7012,7 +6468,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_330( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_060(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_3c0(&u_as_ntt[i0]); } memcpy( @@ -7020,12 +6478,6 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_330( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7047,30 +6499,6 @@ compute_message_c70( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7196,9 +6624,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7355,12 +6780,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_820( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7393,9 +6812,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7431,9 +6847,6 @@ static KRML_MUSTINLINE void serialize_secret_key_5d( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7620,47 +7033,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( shake128_squeeze_first_three_blocks_b7(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7752,47 +7124,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( shake128_squeeze_next_block_7d(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7997,10 +7328,6 @@ static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], PRFxN_89(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8025,11 +7352,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -8042,10 +7371,6 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8075,9 +7400,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ae( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8124,47 +7446,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_95( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8382,9 +7663,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -8440,14 +7718,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d8( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8494,9 +7764,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8574,9 +7841,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_62( poly_barrett_reduce_89_5f(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8623,9 +7887,6 @@ static KRML_MUSTINLINE void compute_vector_u_6a( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8689,9 +7950,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -8739,47 +7997,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( compress_then_serialize_5_2b(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8937,12 +8154,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9163,10 +8374,6 @@ static KRML_MUSTINLINE void ntt_vector_u_3c( poly_barrett_reduce_89_5f(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -9199,7 +8406,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_33( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_06(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_3c(&u_as_ntt[i0]); } memcpy( @@ -9218,12 +8427,6 @@ deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { return deserialize_then_decompress_5_25(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -9245,30 +8448,6 @@ compute_message_c7( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -9395,9 +8574,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index a9d9f68b7..ba986ba9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index dad0b9eb3..891fdfb9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "internal/libcrux_mlkem_portable.h" @@ -852,19 +852,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -900,20 +887,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -932,17 +905,6 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -974,28 +936,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1268,28 +1208,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1821,12 +1739,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1853,12 +1765,6 @@ deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1964,9 +1870,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2002,9 +1905,6 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2183,47 +2083,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( shake128_squeeze_first_three_blocks_541(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2296,47 +2155,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( shake128_squeeze_next_block_881(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2550,55 +2368,6 @@ static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], PRFxN_632(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2717,8 +2486,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -2823,13 +2593,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_46( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -2843,7 +2613,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_c9( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2853,7 +2623,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_c9( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -2897,10 +2667,6 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( poly_barrett_reduce_89_55(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -2926,11 +2692,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_f1_772(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -2943,33 +2711,6 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3006,10 +2747,6 @@ ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3079,9 +2816,6 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3128,47 +2862,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3413,9 +3106,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3471,14 +3161,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3526,9 +3208,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3611,7 +3290,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3621,7 +3300,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3635,13 +3314,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3764,9 +3443,6 @@ static KRML_MUSTINLINE void add_error_reduce_89_b9( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3884,9 +3560,6 @@ add_message_error_reduce_89_11( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4014,9 +3687,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4178,47 +3848,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( compress_then_serialize_5_b9(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4378,12 +4007,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4731,10 +4354,6 @@ static KRML_MUSTINLINE void ntt_vector_u_d70( poly_barrett_reduce_89_55(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4767,7 +4386,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_201( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_450(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_d70(&u_as_ntt[i0]); } memcpy( @@ -4891,8 +4512,9 @@ deserialize_then_decompress_5_9f(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -4940,12 +4562,6 @@ subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4995,30 +4611,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ef( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5183,9 +4775,6 @@ deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5343,12 +4932,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5381,9 +4964,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5419,9 +4999,6 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5599,47 +5176,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( shake128_squeeze_first_three_blocks_540(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5712,47 +5248,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( shake128_squeeze_next_block_880(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5951,10 +5446,6 @@ sample_from_binomial_distribution_e30(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_b8(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5980,11 +5471,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_f1_770(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e30( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_e30(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -5997,10 +5490,6 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6031,9 +5520,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_8e0( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6080,47 +5566,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6342,9 +5787,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6400,14 +5842,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6488,9 +5922,6 @@ static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], PRFxN_631(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6569,9 +6000,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_d40( poly_barrett_reduce_89_55(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6618,9 +6046,6 @@ static KRML_MUSTINLINE void compute_vector_u_570( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6684,9 +6109,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6734,47 +6156,6 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( compress_then_serialize_4_09(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6933,12 +6314,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7160,10 +6535,6 @@ static KRML_MUSTINLINE void ntt_vector_u_d7( poly_barrett_reduce_89_55(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7196,7 +6567,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_200( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_45(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( @@ -7215,12 +6588,6 @@ deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { return deserialize_then_decompress_4_b6(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7242,30 +6609,6 @@ compute_message_f60( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7392,9 +6735,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7551,12 +6891,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7589,9 +6923,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7627,9 +6958,6 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7808,47 +7136,6 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( shake128_squeeze_first_three_blocks_54(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7921,47 +7208,6 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( shake128_squeeze_next_block_88(self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8149,10 +7395,6 @@ static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], PRFxN_63(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8178,11 +7420,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_f1_77(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -8195,10 +7439,6 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8229,9 +7469,6 @@ static KRML_MUSTINLINE void add_to_ring_element_89_8e( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8278,47 +7515,6 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8540,9 +7736,6 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8598,14 +7791,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8653,9 +7838,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8734,9 +7916,6 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_d4( poly_barrett_reduce_89_55(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8783,9 +7962,6 @@ static KRML_MUSTINLINE void compute_vector_u_57( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8808,9 +7984,6 @@ compute_ring_element_v_c8( return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8846,47 +8019,6 @@ static void compress_then_serialize_u_25( } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9045,12 +8177,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9242,10 +8368,6 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9278,7 +8400,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_45(u_bytes); + u_as_ntt[i0] = uu____0; ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( @@ -9286,12 +8410,6 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9313,30 +8431,6 @@ compute_message_f6( return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9463,9 +8557,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index ab7ac8347..77d1b9896 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem_portable_H @@ -263,19 +263,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -297,34 +284,9 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -340,28 +302,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -471,28 +411,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 1c1a024bc..ad380eb57 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_H @@ -22,9 +22,6 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -32,9 +29,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd(buf0, buf); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -42,9 +36,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -52,9 +43,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -62,9 +50,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -72,20 +57,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -94,17 +70,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -113,17 +83,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -132,17 +96,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -151,9 +109,6 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -161,21 +116,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 868da4a2b..97d59fe45 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_sha3_avx2.h" -/** - Perform 4 SHAKE256 operations in parallel -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -25,9 +22,6 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( KRML_HOST_EXIT(255U); } -/** - Initialise the [`KeccakState`]. -*/ KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -35,9 +29,6 @@ libcrux_sha3_avx2_x4_incremental_init(void) { KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -46,9 +37,6 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze three blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,9 +46,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } -/** - Squeeze another block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -70,9 +55,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } -/** - Squeeze five blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -82,9 +64,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -93,9 +72,6 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, @@ -105,9 +81,6 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( KRML_HOST_EXIT(255U); } -/** - Squeeze next block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8896956fe..6066347d6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_avx2_H @@ -22,9 +22,6 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_sha3_neon.h" -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -34,57 +31,33 @@ typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; } libcrux_sha3_avx2_x4_incremental_KeccakState; -/** - Initialise the [`KeccakState`]. -*/ libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze five blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze next block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 5026cd25a..af76d13e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_internal_H @@ -187,9 +187,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1227,52 +1224,75 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = + uint64_t uu____4 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); - s->st[2U][0U] = + s->st[1U][0U] = uu____4; + uint64_t uu____5 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); - s->st[3U][0U] = + s->st[2U][0U] = uu____5; + uint64_t uu____6 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); - s->st[4U][0U] = + s->st[3U][0U] = uu____6; + uint64_t uu____7 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); - s->st[0U][1U] = + s->st[4U][0U] = uu____7; + uint64_t uu____8 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); - s->st[1U][1U] = + s->st[0U][1U] = uu____8; + uint64_t uu____9 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); - s->st[2U][1U] = + s->st[1U][1U] = uu____9; + uint64_t uu____10 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); - s->st[3U][1U] = + s->st[2U][1U] = uu____10; + uint64_t uu____11 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); - s->st[4U][1U] = + s->st[3U][1U] = uu____11; + uint64_t uu____12 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); - s->st[0U][2U] = + s->st[4U][1U] = uu____12; + uint64_t uu____13 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); - s->st[1U][2U] = + s->st[0U][2U] = uu____13; + uint64_t uu____14 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); - s->st[2U][2U] = + s->st[1U][2U] = uu____14; + uint64_t uu____15 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); - s->st[3U][2U] = + s->st[2U][2U] = uu____15; + uint64_t uu____16 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); - s->st[4U][2U] = + s->st[3U][2U] = uu____16; + uint64_t uu____17 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); - s->st[0U][3U] = + s->st[4U][2U] = uu____17; + uint64_t uu____18 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); - s->st[1U][3U] = + s->st[0U][3U] = uu____18; + uint64_t uu____19 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); - s->st[2U][3U] = + s->st[1U][3U] = uu____19; + uint64_t uu____20 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); - s->st[3U][3U] = + s->st[2U][3U] = uu____20; + uint64_t uu____21 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); - s->st[4U][3U] = + s->st[3U][3U] = uu____21; + uint64_t uu____22 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); - s->st[0U][4U] = + s->st[4U][3U] = uu____22; + uint64_t uu____23 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); - s->st[1U][4U] = + s->st[0U][4U] = uu____23; + uint64_t uu____24 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); - s->st[2U][4U] = + s->st[1U][4U] = uu____24; + uint64_t uu____25 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); - s->st[3U][4U] = + s->st[2U][4U] = uu____25; + uint64_t uu____26 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 586c4820e..11362bb06 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #include "libcrux_sha3_neon.h" @@ -178,9 +178,6 @@ split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { return split_at_mut_2(a, mid); } -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1398,29 +1395,75 @@ static KRML_MUSTINLINE void theta_rho_eb( rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; core_core_arch_arm_shared_neon_uint64x2_t uu____27 = xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1851,9 +1894,6 @@ static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], keccak_59(uu____0, out); } -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[64U] = {0U}; Eurydice_slice uu____0[2U] = {data, data}; @@ -2278,9 +2318,6 @@ static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], keccak_590(uu____0, out); } -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[32U] = {0U}; Eurydice_slice uu____0[2U] = {data, data}; @@ -2404,11 +2441,6 @@ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], keccak_591(uu____0, out); } -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1) { Eurydice_slice buf0[2U] = {input0, input1}; @@ -2416,9 +2448,6 @@ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, keccakx2_6e1(buf0, buf); } -/** - Initialise the `KeccakState2`. -*/ libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { return new_1e_12(); @@ -2543,9 +2572,6 @@ static KRML_MUSTINLINE void absorb_final_fe2( keccakf1600_3e(s); } -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -2675,10 +2701,6 @@ static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( squeeze_next_block_5d1(s, o2); } -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { @@ -2686,10 +2708,6 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( squeeze_first_three_blocks_2e(s, buf); } -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { @@ -3112,9 +3130,6 @@ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], keccak_592(uu____0, out); } -/** - A portable SHA3 224 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[28U] = {0U}; @@ -3540,9 +3555,6 @@ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], keccak_593(uu____0, out); } -/** - A portable SHA3 384 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[48U] = {0U}; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c172442d5..8b66fd17c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_neon_H @@ -33,61 +33,30 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_fc; -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -/** - Initialise the `KeccakState2`. -*/ libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -/** - A portable SHA3 224 implementation. -*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 384 implementation. -*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 51ea8bdfc..78dff4819 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc +Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 +Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b +Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 49c0f8565..b022c4fde 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_core_H @@ -99,9 +99,6 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ @@ -147,9 +144,6 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -214,9 +208,6 @@ libcrux_ml_kem_types_from_01_20(uint8_t value[1088U]) { return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -230,9 +221,6 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -290,9 +278,6 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -326,9 +311,6 @@ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_28( Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -347,9 +329,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 751101238..6705551b9 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_ct_ops_H @@ -21,9 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -39,10 +36,6 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; @@ -62,10 +55,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index e30a4fbd6..dbf15e8ae 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index ea01e9b3a..48da0d7e1 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_mlkem768_portable_H @@ -2216,19 +2216,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -2271,20 +2258,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -2304,17 +2277,6 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -2346,28 +2308,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { @@ -2642,28 +2582,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -3484,9 +3402,6 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3868,11 +3783,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -3889,15 +3806,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -3946,10 +3865,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_82( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -3984,9 +3899,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( u_bytes); + u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_82(&u_as_ntt[i0]); } memcpy( @@ -4199,7 +4115,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_17( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( re.coefficients[i0]); @@ -4220,33 +4138,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f(serialized); } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -4285,10 +4176,6 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_16( return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -4330,7 +4217,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -4340,6 +4227,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -4356,12 +4244,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -4492,12 +4381,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_e1( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4601,30 +4484,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_23( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -4696,12 +4555,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -4730,12 +4583,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4795,47 +4642,6 @@ static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( } } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -4880,47 +4686,6 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( return done; } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5139,55 +4904,6 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -5310,8 +5026,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = libcrux_ml_kem_vector_neon_multiply_by_constant_20( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -5341,10 +5058,6 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -5375,10 +5088,11 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - re_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; @@ -5406,9 +5120,6 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -5496,9 +5207,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5621,9 +5329,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -5902,9 +5607,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -6186,47 +5888,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6467,9 +6128,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_0c( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -6494,13 +6152,6 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6627,9 +6278,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_31( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -6655,13 +6303,6 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6793,13 +6434,6 @@ tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -6877,9 +6511,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_a7( return lit; } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -6902,14 +6533,6 @@ tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -6921,9 +6544,6 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uu____0, uu____1); } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_neon_Simd128Hash @@ -7001,9 +6621,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7054,47 +6671,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -7203,9 +6779,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7241,9 +6814,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -7309,14 +6879,6 @@ libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { return lit; } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -7363,9 +6925,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -7381,9 +6940,6 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair -*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -7538,9 +7094,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c4(uint8_t randomness[64U]) { return lit; } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -7557,9 +7110,6 @@ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -7683,9 +7233,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_0c0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics @@ -7710,13 +7257,6 @@ void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate Kyber 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -7815,9 +7355,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( return lit; } -/** - Portable encapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics @@ -7839,13 +7376,6 @@ tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate Kyber 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -7869,12 +7399,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( return libcrux_ml_kem_polynomial_ZERO_89_06(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7936,9 +7460,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -7950,11 +7471,6 @@ generics bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( uint8_t *public_key); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { @@ -8047,9 +7563,6 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8353,12 +7866,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -8375,7 +7889,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -8385,6 +7899,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -8434,10 +7949,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1e( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8472,9 +7983,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( u_bytes); + u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_1e(&u_as_ntt[i0]); } memcpy( @@ -8605,8 +8117,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - re.coefficients[i0] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( re.coefficients[i0]); @@ -8627,33 +8140,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_da(serialized); } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8692,10 +8178,6 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_f7( return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8738,7 +8220,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -8748,6 +8230,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -8764,12 +8247,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -8903,12 +8387,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_ed( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9014,30 +8492,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_d1( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9152,12 +8606,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( return libcrux_ml_kem_polynomial_ZERO_89_02(); } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -9186,12 +8634,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9348,47 +8790,6 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f self, ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -9472,47 +8873,6 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( ret); } -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -9771,55 +9131,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -9942,8 +9253,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -9973,10 +9285,6 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10008,10 +9316,11 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - re_as_ntt[i0] = + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -10040,9 +9349,6 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_02(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10160,9 +9466,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10286,9 +9589,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10459,9 +9759,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10635,47 +9932,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -10939,9 +10195,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -10969,13 +10222,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( libcrux_ml_kem_ind_cca_decapsulate_87(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -11103,9 +10349,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -11134,13 +10377,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -11286,13 +10522,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -11371,9 +10600,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( return lit; } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -11403,14 +10629,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -11488,9 +10706,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -11541,47 +10756,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11691,9 +10865,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -11729,9 +10900,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -11798,9 +10966,6 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -11856,14 +11021,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11911,9 +11068,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -11934,9 +11088,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -12094,9 +11245,6 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { return lit; } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -12117,9 +11265,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -12264,9 +11409,6 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -12295,13 +11437,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( libcrux_ml_kem_ind_cca_decapsulate_870(private_key, ciphertext, ret); } -/** - Decapsulate Kyber 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -12402,9 +11537,6 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( return lit; } -/** - Portable encapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -12433,13 +11565,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } -/** - Encapsulate Kyber 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -12463,12 +11588,6 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( return libcrux_ml_kem_polynomial_ZERO_89_02(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -12530,9 +11649,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -12547,11 +11663,6 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 00abf2c8a..c3d1f7ee3 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_avx2_H @@ -22,9 +22,6 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_avx2.h" #include "libcrux_sha3_portable.h" -/** - Perform 4 SHAKE256 operations in parallel -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, @@ -39,9 +36,6 @@ typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; } libcrux_sha3_avx2_x4_incremental_KeccakState; -/** - Initialise the [`KeccakState`]. -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { @@ -50,9 +44,6 @@ libcrux_sha3_avx2_x4_incremental_init(void) { KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -63,9 +54,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze three blocks -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -76,9 +64,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } -/** - Squeeze another block -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -89,9 +74,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } -/** - Squeeze five blocks -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( @@ -102,9 +84,6 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( @@ -115,9 +94,6 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze block -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( @@ -128,9 +104,6 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( KRML_HOST_EXIT(255U); } -/** - Squeeze next block -*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 3eea98060..d42aa9ea4 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: e995da16630e0a31b68af68773fd0e0bac8cf2dc + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 5aa9c4bc7883d37eafd38bb447a847e568473c2b + * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 */ #ifndef __libcrux_sha3_portable_H @@ -188,9 +188,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1216,52 +1213,75 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = + uint64_t uu____4 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); - s->st[2U][0U] = + s->st[1U][0U] = uu____4; + uint64_t uu____5 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); - s->st[3U][0U] = + s->st[2U][0U] = uu____5; + uint64_t uu____6 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); - s->st[4U][0U] = + s->st[3U][0U] = uu____6; + uint64_t uu____7 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); - s->st[0U][1U] = + s->st[4U][0U] = uu____7; + uint64_t uu____8 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); - s->st[1U][1U] = + s->st[0U][1U] = uu____8; + uint64_t uu____9 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); - s->st[2U][1U] = + s->st[1U][1U] = uu____9; + uint64_t uu____10 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); - s->st[3U][1U] = + s->st[2U][1U] = uu____10; + uint64_t uu____11 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); - s->st[4U][1U] = + s->st[3U][1U] = uu____11; + uint64_t uu____12 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); - s->st[0U][2U] = + s->st[4U][1U] = uu____12; + uint64_t uu____13 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); - s->st[1U][2U] = + s->st[0U][2U] = uu____13; + uint64_t uu____14 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); - s->st[2U][2U] = + s->st[1U][2U] = uu____14; + uint64_t uu____15 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); - s->st[3U][2U] = + s->st[2U][2U] = uu____15; + uint64_t uu____16 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); - s->st[4U][2U] = + s->st[3U][2U] = uu____16; + uint64_t uu____17 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); - s->st[0U][3U] = + s->st[4U][2U] = uu____17; + uint64_t uu____18 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); - s->st[1U][3U] = + s->st[0U][3U] = uu____18; + uint64_t uu____19 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); - s->st[2U][3U] = + s->st[1U][3U] = uu____19; + uint64_t uu____20 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); - s->st[3U][3U] = + s->st[2U][3U] = uu____20; + uint64_t uu____21 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); - s->st[4U][3U] = + s->st[3U][3U] = uu____21; + uint64_t uu____22 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); - s->st[0U][4U] = + s->st[4U][3U] = uu____22; + uint64_t uu____23 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); - s->st[1U][4U] = + s->st[0U][4U] = uu____23; + uint64_t uu____24 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); - s->st[2U][4U] = + s->st[1U][4U] = uu____24; + uint64_t uu____25 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); - s->st[3U][4U] = + s->st[2U][4U] = uu____25; + uint64_t uu____26 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1661,9 +1681,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2022,9 +2039,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2151,9 +2165,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2344,9 +2355,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_fc; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -3645,52 +3653,75 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); - s->st[1U][0U] = + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[2U][0U] = + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; core_core_arch_arm_shared_neon_uint64x2_t uu____27 = libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -4136,9 +4167,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( libcrux_sha3_generic_keccak_keccak_59(uu____0, out); } -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[64U] = {0U}; @@ -4576,9 +4604,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( libcrux_sha3_generic_keccak_keccak_590(uu____0, out); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[32U] = {0U}; @@ -4708,11 +4733,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( libcrux_sha3_generic_keccak_keccak_591(uu____0, out); } -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -4725,9 +4745,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, typedef libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_KeccakState; -/** - Initialise the `KeccakState2`. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_12(); @@ -4855,9 +4872,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( libcrux_sha3_generic_keccak_keccakf1600_3e(s); } -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, @@ -4989,10 +5003,6 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); } -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, @@ -5001,10 +5011,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); } -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, @@ -5016,9 +5022,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); @@ -5110,9 +5113,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_keccakf1600_13(s); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -5207,9 +5207,6 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -5217,9 +5214,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -5234,9 +5228,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -5616,9 +5607,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -5977,9 +5965,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -5987,20 +5972,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -6009,17 +5985,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -6028,17 +5998,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -6047,17 +6011,11 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -6271,9 +6229,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -6281,21 +6236,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); @@ -6742,9 +6687,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( libcrux_sha3_generic_keccak_keccak_592(uu____0, out); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[28U] = {0U}; @@ -7182,9 +7124,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( libcrux_sha3_generic_keccak_keccak_593(uu____0, out); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { uint8_t dummy[48U] = {0U}; @@ -7236,9 +7175,6 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -7246,9 +7182,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -7256,17 +7189,11 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_251(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -7274,9 +7201,6 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { From c2cb313e28e815ce096231a6dbd0dff314db9a0c Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 11 Aug 2024 12:27:45 +0000 Subject: [PATCH 081/348] refresh C code from avx2 machine --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 229 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 42 +- libcrux-ml-kem/c/libcrux_core.c | 306 +- libcrux-ml-kem/c/libcrux_core.h | 120 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8576 ++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 530 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8706 +-------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 575 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2859 +++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 184 +- libcrux-ml-kem/c/libcrux_sha3.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2539 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 740 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3568 +----- libcrux-ml-kem/c/libcrux_sha3_neon.h | 27 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 166 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5956 +++++++++- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 9579 ++++------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2741 ++++- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5499 ++-------- 42 files changed, 26328 insertions(+), 26923 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 78dff4819..b902bff7c 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 7deb679b4..540d71b3b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]); /** This function found in impl @@ -83,12 +85,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -97,10 +99,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -109,10 +111,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} @@ -120,10 +122,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -132,18 +134,18 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -152,10 +154,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]); /** This function found in impl @@ -164,12 +166,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -178,10 +180,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +192,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} @@ -201,10 +203,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -213,18 +215,18 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -233,10 +235,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]); /** This function found in impl @@ -245,12 +247,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -259,10 +261,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -271,10 +273,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} @@ -282,17 +284,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -323,7 +325,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -333,36 +335,95 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -387,10 +448,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b400ee5e8..9b26cfb7f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 91c820eb4..13eee5030 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -69,7 +69,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +90,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -139,7 +139,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -165,7 +165,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -177,7 +177,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -193,7 +193,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -209,7 +209,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -230,7 +230,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -253,7 +253,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -279,7 +279,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -305,7 +305,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -317,7 +317,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -333,7 +333,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -370,7 +370,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -393,7 +393,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -419,7 +419,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -445,7 +445,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f57c7bd3f..2c845fe8e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 868f1881d..d47ba4344 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __internal_libcrux_sha3_internal_H @@ -26,14 +26,14 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -44,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } #define libcrux_sha3_Sha224 0 @@ -134,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 20d000c45..01f6cf1f1 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "internal/libcrux_core.h" @@ -85,14 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -103,13 +103,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -119,14 +120,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -137,14 +138,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -154,10 +155,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -168,22 +169,22 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -191,7 +192,7 @@ void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -201,14 +202,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -219,14 +220,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -236,14 +237,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -254,14 +255,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -271,10 +272,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -285,22 +286,22 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -308,7 +309,7 @@ void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -318,14 +319,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -336,14 +337,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -353,14 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -371,14 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -388,10 +388,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -400,7 +400,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +458,22 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,7 +481,7 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -489,7 +489,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,6 +502,66 @@ void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e77989b62..2493baec1 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8e222f296..6581a305a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index b520aad16..03fdbde61 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 95e4be554..a8ef77d6f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index df92b5fc5..311d81992 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_3e( +static void decapsulate_52( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_52(private_key, ciphertext, ret); } /** @@ -70,18 +70,18 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_81( +static void decapsulate_unpacked_b6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_81(private_key, ciphertext, ret); + decapsulate_unpacked_b6(private_key, ciphertext, ret); } /** @@ -101,13 +101,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_48( +static tuple_21 encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -116,7 +116,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_48(uu____0, uu____1); + return encapsulate_ec(uu____0, uu____1); } /** @@ -137,14 +137,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ac( +static tuple_21 encapsulate_unpacked_9a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( @@ -154,7 +154,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ac(uu____0, uu____1); + return encapsulate_unpacked_9a(uu____0, uu____1); } /** @@ -169,18 +169,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(uu____0); + return generate_keypair_0e(uu____0); } /** @@ -196,10 +196,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_f5(uint8_t randomness[64U]) { +generate_keypair_unpacked_4a(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -207,7 +207,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(uu____0); + return generate_keypair_unpacked_4a(uu____0); } /** @@ -218,14 +218,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_e11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2a1(public_key.value)) { + if (validate_public_key_e11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8ea1e9716..ca0a26b44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 9807a25ef..015904411 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 84df57bde..76b1c8601 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 584ff9e81..b5b99a9b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 6c174313d..eda334653 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); +static void decapsulate_be0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3f(private_key, ciphertext, ret); + decapsulate_be0(private_key, ciphertext, ret); } /** @@ -68,16 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_73( +static void decapsulate_unpacked_06( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_73(private_key, ciphertext, ret); + decapsulate_unpacked_06(private_key, ciphertext, ret); } /** @@ -97,13 +97,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_10( +static tuple_ec encapsulate_f3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -112,7 +112,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, uu____1); + return encapsulate_f3(uu____0, uu____1); } /** @@ -133,14 +133,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_49( +static tuple_ec encapsulate_unpacked_01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( @@ -150,7 +150,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, uu____1); + return encapsulate_unpacked_01(uu____0, uu____1); } /** @@ -165,18 +165,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(uu____0); + return generate_keypair_df(uu____0); } /** @@ -192,10 +192,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d6(uint8_t randomness[64U]) { +generate_keypair_unpacked_c0(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -203,7 +203,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(uu____0); + return generate_keypair_unpacked_c0(uu____0); } /** @@ -214,14 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_e10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2a0(public_key.value)) { + if (validate_public_key_e10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 90842b984..90fc6cf2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index ea3d3e6a6..e7767f6d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index eb821bdb0..515ad73b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 74e2de796..60ac8f723 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 6505a0266..71d2574ee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_03( +static void decapsulate_be( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_03(private_key, ciphertext, ret); + decapsulate_be(private_key, ciphertext, ret); } /** @@ -68,16 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_69( +static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_69(private_key, ciphertext, ret); + decapsulate_unpacked_d4(private_key, ciphertext, ret); } /** @@ -97,13 +97,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4b( +static tuple_3c encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -112,7 +112,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4b(uu____0, uu____1); + return encapsulate_13(uu____0, uu____1); } /** @@ -133,14 +133,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_10( +static tuple_3c encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -150,7 +150,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_10(uu____0, uu____1); + return encapsulate_unpacked_1b(uu____0, uu____1); } /** @@ -165,18 +165,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(uu____0); + return generate_keypair_ff(uu____0); } /** @@ -192,10 +192,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_c5(uint8_t randomness[64U]) { +generate_keypair_unpacked_37(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -203,7 +203,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c5(uu____0); + return generate_keypair_unpacked_37(uu____0); } /** @@ -214,14 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2a(public_key.value)) { + if (validate_public_key_e1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 1b4f22dec..374afe9fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 664d3491c..947545b34 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,11 +7,15 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +34,8569 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_98(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +static core_core_arch_x86___m256i shift_right_ea_92( + core_core_arch_x86___m256i vector) { + return shift_right_98(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static core_core_arch_x86___m256i to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_ea_92(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_ae1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_5d4( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_6b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_1b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca1(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_470(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c1(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_971( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_42(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_6c1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e31( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_d01( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_751( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_e11(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_751( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_571( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + invert_ntt_montgomery_571(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i decompress_1_91( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_711( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i compress_ea_80( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i compress_ea_800( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a0(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_841( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i compress_ea_801( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a1(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i compress_ea_802( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_8a2(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_841( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f50(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_5d3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e21( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f50(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_501(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_55(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_550(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_8d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { + return deserialize_then_decompress_10_a7(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_10(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_551(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_9a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_552(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_75(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_9a(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_221( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ec( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_201( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_201(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c41( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_501( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_501(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_ae0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_5d2( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_6b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_1b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca0(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_970( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_6c0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e30( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_d00( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_750( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_e10(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_750( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_570( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + invert_ntt_montgomery_570(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_710( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_d10(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_b20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_35(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_840( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_390( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f51(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_5d1( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e20( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f51(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_500(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { + return deserialize_then_decompress_11_8d(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_100(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_fe0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_75(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_220( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_8c0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b0( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_200( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_200(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c40( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_500( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_500(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_6b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_47(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_43(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_47(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_e3( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + invert_ntt_montgomery_57(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e2( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_50(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_10(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_22( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_20( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_20(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c4( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_50( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_50(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 482143058..08d38f679 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,530 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 7f7b104e4..5f3affba0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,14 +7,11 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -33,8700 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_d3(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_701( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_5d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_a64( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_701( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_b71(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( - Simd128Hash *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_7d1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_27(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_951( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_ff1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_891( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_701( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_701(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d81( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_161(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d81( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c3(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_621( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - invert_ntt_montgomery_621(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_23(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_af(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_af(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_43(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_ca0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af0(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_af0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_af0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af0(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_430(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_ca0(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af1(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_af1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_af1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af1(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_431(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_af2(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_af2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_af2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_af2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_af2(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_432(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_541( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d71( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_a63( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c71( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_631(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_21( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_81(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_21(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a0(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a0(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_210( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_6b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_210(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { - return deserialize_then_decompress_10_81(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_331( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_060(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a1(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a1(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_211( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_211(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_7a2(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_7a2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_7a2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_7a2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_7a2(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_212( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_25(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { - return deserialize_then_decompress_4_60(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ab( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d61( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_331(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f1( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_4f1(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_821( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_631( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_631(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_5d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_a62( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_b70(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( - Simd128Hash *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_7d0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_950( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_ff0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_890( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_700( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d80( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_160(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d80( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_620( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - invert_ntt_montgomery_620(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_540( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d70( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_a61( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c70( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_630(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_330( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_060(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d60( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_330(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f0( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_4f0(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_820( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_630( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_630(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_b7(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( - Simd128Hash *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_7d(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_89( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - invert_ntt_montgomery_62(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_55(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_84(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_2b(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d7( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c7( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_63(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { - return deserialize_then_decompress_11_6b(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_33( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_06(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3c(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { - return deserialize_then_decompress_5_25(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_d6( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_33(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_44( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_4f(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_82( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_63( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_63(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index ba986ba9c..0d1f0e4b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,576 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 891fdfb9c..787004952 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "internal/libcrux_mlkem_portable.h" @@ -68,407 +68,20 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -476,8 +89,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } KRML_MUSTINLINE uint8_t_x11 @@ -676,6 +289,28 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -715,6 +350,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1320,68 +1486,311 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1470,6 +1879,112 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -1718,7 +2233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1746,8 +2261,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1772,12 +2287,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1789,7 +2304,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1803,7 +2318,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1822,8 +2337,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1833,10 +2348,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_af( +to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1849,14 +2364,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re->coefficients[i0]); + to_unsigned_representative_78(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1877,7 +2392,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_e81( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -1896,7 +2411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -1913,7 +2428,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_9a1( +static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -1921,7 +2436,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a1( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_e81(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -1942,15 +2457,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_524( + deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -1981,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -1992,10 +2507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2014,7 +2529,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_411(uint8_t input[4U][34U]) { +shake128_init_absorb_final_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2044,10 +2559,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_411(uu____0); + return shake128_init_absorb_final_751(uu____0); } /** @@ -2056,7 +2571,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2078,9 +2593,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_541(self, ret); + shake128_squeeze_first_three_blocks_101(self, ret); } /** @@ -2090,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2129,7 +2644,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_881( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2150,9 +2665,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_881(self, ret); + shake128_squeeze_next_block_ed1(self, ret); } /** @@ -2162,7 +2677,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2206,8 +2721,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); +from_i16_array_89_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2228,9 +2743,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2241,29 +2756,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( + bool done = sample_from_uniform_distribution_next_053( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_681(&xof_state, randomness); + shake128_squeeze_next_block_f1_c11(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( + done = sample_from_uniform_distribution_next_054( uu____2, sampled_coefficients, out); } } @@ -2271,7 +2786,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_991(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2284,12 +2799,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2302,7 +2817,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_2b1(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2341,7 +2856,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2363,9 +2878,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } /** @@ -2375,7 +2890,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2411,7 +2926,7 @@ sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2422,7 +2937,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2457,7 +2972,7 @@ sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2468,8 +2983,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c8(randomness); +sample_from_binomial_distribution_66(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_20(randomness); } /** @@ -2478,7 +2993,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_1c( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2507,7 +3022,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_29( +montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2521,12 +3036,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_29(b, zeta_r); + montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2540,7 +3055,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2553,7 +3068,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2570,7 +3085,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c1( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2588,7 +3103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_46( +static KRML_MUSTINLINE void ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2608,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c9( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2636,7 +3151,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2654,17 +3169,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_1c(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -2676,11 +3191,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -2691,14 +3206,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -2722,9 +3237,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2757,7 +3272,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e1( +static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -2784,7 +3299,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a1( +to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2800,14 +3315,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -2822,14 +3337,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a51( +static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2852,10 +3367,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -2871,10 +3386,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a91( +static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2882,14 +3397,14 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2900,10 +3415,10 @@ static tuple_540 generate_keypair_unpacked_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -2952,10 +3467,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f21( +static void closure_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2968,7 +3483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -2990,7 +3505,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3008,7 +3523,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3017,18 +3532,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3038,13 +3553,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3084,18 +3599,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1(pk.t_as_ntt, + serialize_public_key_801(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3113,7 +3628,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6b( +static KRML_MUSTINLINE void serialize_kem_secret_key_f2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3142,7 +3657,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); + H_f1_2e1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3175,7 +3690,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3185,13 +3700,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e81(ind_cpa_keypair_randomness); + generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6b( + serialize_kem_secret_key_f2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3200,12 +3715,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_from_05_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); } /** @@ -3218,10 +3733,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3232,11 +3747,11 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3256,7 +3771,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3274,9 +3789,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3285,7 +3800,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3309,7 +3824,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3329,7 +3844,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3349,7 +3864,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3357,7 +3872,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3369,7 +3884,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3384,7 +3899,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3401,18 +3916,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d41( +static KRML_MUSTINLINE void invert_ntt_montgomery_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -3425,7 +3940,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_b9( +static KRML_MUSTINLINE void add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3449,14 +3964,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_571( +static KRML_MUSTINLINE void compute_vector_u_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3478,11 +3993,11 @@ static KRML_MUSTINLINE void compute_vector_u_571( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_d41(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_861(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3496,7 +4011,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3510,8 +4025,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3521,7 +4036,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e9(coefficient_compressed); + decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3537,7 +4052,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_11( +add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3567,18 +4082,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c81( +compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -3588,7 +4103,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3609,9 +4124,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3620,7 +4135,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3642,8 +4157,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -3652,14 +4167,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_2d0( +static KRML_MUSTINLINE void compress_then_serialize_11_e10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3680,10 +4195,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_2d0(re, uu____0); + compress_then_serialize_11_e10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -3696,7 +4211,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_251( +static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3714,7 +4229,7 @@ static void compress_then_serialize_u_251( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d80(&re, ret); + compress_then_serialize_ring_element_u_2f0(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -3728,7 +4243,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3750,8 +4265,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -3760,14 +4275,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_09( +static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3785,7 +4300,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3807,8 +4322,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -3817,14 +4332,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_b9( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3843,9 +4358,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_b9(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -3866,14 +4381,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_651( +static void encrypt_unpacked_6c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -3881,7 +4396,7 @@ static void encrypt_unpacked_651( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -3889,32 +4404,32 @@ static void encrypt_unpacked_651( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( + PRF_f1_044( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_251( + compress_then_serialize_u_241( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d60( + compress_then_serialize_ring_element_v_310( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -3940,11 +4455,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -3956,7 +4471,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -3970,7 +4485,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -3979,7 +4494,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -3998,7 +4513,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4014,12 +4529,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4031,7 +4546,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4057,10 +4572,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_523( + deserialize_ring_elements_reduced_723( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4068,8 +4583,8 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4099,7 +4614,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4114,7 +4629,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4142,15 +4657,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a1( + entropy_preprocess_af_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4158,8 +4673,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4167,7 +4682,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4177,18 +4692,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_f51(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_f4(shared_secret, shared_secret_array); + kdf_af_c2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4205,7 +4720,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4230,9 +4745,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4242,8 +4757,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_02(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_10_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4255,7 +4770,7 @@ deserialize_then_decompress_10_02(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4268,7 +4783,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4293,9 +4808,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4305,8 +4820,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_a4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_11_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4318,7 +4833,7 @@ deserialize_then_decompress_11_a4(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4331,8 +4846,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { - return deserialize_then_decompress_11_a4(serialized); +deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f5(serialized); } /** @@ -4341,17 +4856,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_d70( +static KRML_MUSTINLINE void ntt_vector_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -4362,12 +4877,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_201( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4387,9 +4902,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_201( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_450(u_bytes); + deserialize_then_decompress_ring_element_u_890(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_d70(&u_as_ntt[i0]); + ntt_vector_u_ed0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4403,7 +4918,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4428,9 +4943,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4440,8 +4955,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_b6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_4_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4452,7 +4967,7 @@ deserialize_then_decompress_4_b6(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4465,7 +4980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4490,9 +5005,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4502,8 +5017,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_9f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_5_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4516,7 +5031,7 @@ deserialize_then_decompress_5_9f(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4529,8 +5044,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { - return deserialize_then_decompress_5_9f(serialized); +deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { + return deserialize_then_decompress_5_53(serialized); } /** @@ -4544,7 +5059,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4569,17 +5084,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f61( +compute_message_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -4589,13 +5104,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_ef( +static KRML_MUSTINLINE void compress_then_serialize_message_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re.coefficients[i0]); + to_unsigned_representative_78(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -4621,20 +5136,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_181( +static void decrypt_unpacked_e71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_201(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_670( + deserialize_then_decompress_ring_element_v_300( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4643,7 +5158,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -4661,8 +5176,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -4687,15 +5202,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4707,7 +5222,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4717,7 +5232,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -4726,9 +5241,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -4736,10 +5251,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4758,8 +5273,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -4781,12 +5296,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b1( +static KRML_MUSTINLINE void deserialize_secret_key_011( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4798,7 +5313,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4816,10 +5331,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_6b1(secret_key, secret_as_ntt); + deserialize_secret_key_011(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -4830,7 +5345,7 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4856,7 +5371,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4876,9 +5391,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4887,7 +5402,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -4897,31 +5412,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f4( + kdf_af_c2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_f4(shared_secret0, shared_secret); + kdf_af_c2(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -4939,12 +5454,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4956,7 +5471,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4971,7 +5486,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_e80( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -4990,7 +5505,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5007,14 +5522,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_9a0( +static KRML_MUSTINLINE void serialize_public_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_e80(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5035,15 +5550,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_522( + deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5060,10 +5575,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5074,7 +5589,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5085,10 +5600,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5107,7 +5622,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_410(uint8_t input[2U][34U]) { +shake128_init_absorb_final_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5137,10 +5652,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_410(uu____0); + return shake128_init_absorb_final_750(uu____0); } /** @@ -5149,7 +5664,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5171,9 +5686,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_540(self, ret); + shake128_squeeze_first_three_blocks_100(self, ret); } /** @@ -5183,7 +5698,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5222,7 +5737,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_880( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5243,9 +5758,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_880(self, ret); + shake128_squeeze_next_block_ed0(self, ret); } /** @@ -5255,7 +5770,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5295,9 +5810,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5308,29 +5823,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( + bool done = sample_from_uniform_distribution_next_051( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_680(&xof_state, randomness); + shake128_squeeze_next_block_f1_c10(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( + done = sample_from_uniform_distribution_next_052( uu____2, sampled_coefficients, out); } } @@ -5338,7 +5853,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_990(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5351,12 +5866,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5369,7 +5884,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_2b0(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5397,10 +5912,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5408,7 +5923,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5430,9 +5945,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -5442,8 +5957,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b8(randomness); +sample_from_binomial_distribution_660(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_85(randomness); } /** @@ -5455,11 +5970,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5470,19 +5985,19 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e30(Eurydice_array_to_slice( + sample_from_binomial_distribution_660(Eurydice_array_to_slice( (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5500,7 +6015,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e0( +static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -5526,14 +6041,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a50( +static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5556,10 +6071,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -5575,10 +6090,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_a90( +static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5586,14 +6101,14 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5604,10 +6119,10 @@ static tuple_4c generate_keypair_unpacked_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -5639,7 +6154,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -5656,10 +6171,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_f20( +static void closure_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5671,7 +6186,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5689,7 +6204,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5698,18 +6213,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -5719,13 +6234,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -5765,18 +6280,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0(pk.t_as_ntt, + serialize_public_key_800(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -5794,7 +6309,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b4( +static KRML_MUSTINLINE void serialize_kem_secret_key_41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -5823,7 +6338,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); + H_f1_2e0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5856,7 +6371,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5866,13 +6381,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e80(ind_cpa_keypair_randomness); + generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b4( + serialize_kem_secret_key_41( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -5881,12 +6396,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_from_05_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } /** @@ -5895,7 +6410,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5917,9 +6432,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -5931,11 +6446,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5946,18 +6461,18 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5975,9 +6490,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -5986,18 +6501,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d40( +static KRML_MUSTINLINE void invert_ntt_montgomery_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -6006,14 +6521,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_570( +static KRML_MUSTINLINE void compute_vector_u_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6035,11 +6550,11 @@ static KRML_MUSTINLINE void compute_vector_u_570( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_d40(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_860(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6053,18 +6568,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c80( +compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -6074,14 +6589,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_54( +static KRML_MUSTINLINE void compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6102,10 +6617,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_54(re, uu____0); + compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6118,7 +6633,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_250( +static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6136,7 +6651,7 @@ static void compress_then_serialize_u_250( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6151,9 +6666,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_09(re, out); + compress_then_serialize_4_e5(re, out); } /** @@ -6174,14 +6689,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_650( +static void encrypt_unpacked_6c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6189,7 +6704,7 @@ static void encrypt_unpacked_650( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); + tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6197,31 +6712,31 @@ static void encrypt_unpacked_650( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( + PRF_f1_042( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_250( + compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6247,11 +6762,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6263,7 +6778,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6277,7 +6792,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6286,7 +6801,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6305,7 +6820,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6321,12 +6836,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6338,7 +6853,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6364,10 +6879,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_521( + deserialize_ring_elements_reduced_721( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6375,8 +6890,8 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6406,7 +6921,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6421,7 +6936,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -6449,15 +6964,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_57( + entropy_preprocess_af_5d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6465,8 +6980,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6474,7 +6989,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6484,18 +6999,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_26(shared_secret, shared_secret_array); + kdf_af_e8(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6512,8 +7027,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { - return deserialize_then_decompress_10_02(serialized); +deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { + return deserialize_then_decompress_10_e9(serialized); } /** @@ -6522,17 +7037,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_d7( +static KRML_MUSTINLINE void ntt_vector_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -6543,12 +7058,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_200( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -6568,9 +7083,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_200( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_45(u_bytes); + deserialize_then_decompress_ring_element_u_89(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_d7(&u_as_ntt[i0]); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6584,8 +7099,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b6(serialized); +deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { + return deserialize_then_decompress_4_34(serialized); } /** @@ -6595,17 +7110,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f60( +compute_message_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -6619,20 +7134,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_180( +static void decrypt_unpacked_e70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_200(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6646,8 +7161,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -6672,14 +7187,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6691,7 +7206,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6701,7 +7216,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -6710,9 +7225,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -6720,10 +7235,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6741,12 +7256,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b0( +static KRML_MUSTINLINE void deserialize_secret_key_010( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6758,7 +7273,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6776,10 +7291,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_6b0(secret_key, secret_as_ntt); + deserialize_secret_key_010(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -6790,7 +7305,7 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6816,7 +7331,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6835,9 +7350,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6846,7 +7361,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6856,31 +7371,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_26( + kdf_af_e8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_26(shared_secret0, shared_secret); + kdf_af_e8(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -6898,12 +7413,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6915,7 +7430,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6930,7 +7445,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_e8( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6949,7 +7464,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -6966,7 +7481,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_9a( +static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -6974,7 +7489,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_e8(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -6995,15 +7510,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_520( + deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7034,7 +7549,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7045,10 +7560,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7067,7 +7582,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_41(uint8_t input[3U][34U]) { +shake128_init_absorb_final_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7097,10 +7612,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_41(uu____0); + return shake128_init_absorb_final_75(uu____0); } /** @@ -7109,7 +7624,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7131,9 +7646,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_54(self, ret); + shake128_squeeze_first_three_blocks_10(self, ret); } /** @@ -7143,7 +7658,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7182,7 +7697,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_88( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7203,9 +7718,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_88(self, ret); + shake128_squeeze_next_block_ed(self, ret); } /** @@ -7215,7 +7730,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7255,9 +7770,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7268,29 +7783,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( + bool done = sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_68(&xof_state, randomness); + shake128_squeeze_next_block_f1_c1(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( + done = sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -7298,7 +7813,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_99(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7311,12 +7826,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7329,7 +7844,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7368,7 +7883,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7390,9 +7905,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -7404,11 +7919,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7419,14 +7934,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7449,7 +7964,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e( +static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7475,14 +7990,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a5( +static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7505,10 +8020,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7524,10 +8039,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a9( +static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7535,14 +8050,14 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7553,10 +8068,10 @@ static tuple_9b generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -7605,10 +8120,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f2( +static void closure_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7620,7 +8135,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7638,7 +8153,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7647,18 +8162,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -7668,13 +8183,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -7714,18 +8229,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a(pk.t_as_ntt, + serialize_public_key_80(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -7743,7 +8258,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_97( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7772,7 +8287,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); + H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -7805,7 +8320,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7815,13 +8330,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e8(ind_cpa_keypair_randomness); + generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_97( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -7830,12 +8345,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); } /** @@ -7848,10 +8363,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7862,11 +8377,11 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -7891,9 +8406,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -7902,18 +8417,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -7922,14 +8437,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_57( +static KRML_MUSTINLINE void compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7951,11 +8466,11 @@ static KRML_MUSTINLINE void compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_d4(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_86(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7969,18 +8484,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c8( +compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -7993,7 +8508,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_25( +static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8011,7 +8526,7 @@ static void compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8037,14 +8552,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_65( +static void encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8052,7 +8567,7 @@ static void encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8060,31 +8575,31 @@ static void encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( + PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_25( + compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8110,11 +8625,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8126,7 +8641,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8140,7 +8655,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8149,7 +8664,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8168,7 +8683,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -8184,12 +8699,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8201,7 +8716,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8227,10 +8742,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_52( + deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8238,8 +8753,8 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8269,7 +8784,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8284,7 +8799,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -8312,15 +8827,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d2( + entropy_preprocess_af_6c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8328,8 +8843,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8337,7 +8852,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8347,18 +8862,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f50(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_69(shared_secret, shared_secret_array); + kdf_af_b6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8376,12 +8891,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_20( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8401,9 +8916,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_45(u_bytes); + deserialize_then_decompress_ring_element_u_89(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_d7(&u_as_ntt[i0]); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8417,17 +8932,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f6( +compute_message_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -8441,20 +8956,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_18( +static void decrypt_unpacked_e7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_20(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8468,8 +8983,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -8494,14 +9009,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8513,7 +9028,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8523,7 +9038,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -8532,9 +9047,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -8542,10 +9057,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8563,12 +9078,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b( +static KRML_MUSTINLINE void deserialize_secret_key_01( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8580,7 +9095,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8598,10 +9113,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_6b(secret_key, secret_as_ntt); + deserialize_secret_key_01(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8612,7 +9127,7 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8638,7 +9153,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8657,9 +9172,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -8668,7 +9183,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -8678,31 +9193,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_69( + kdf_af_b6( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_69(shared_secret0, shared_secret); + kdf_af_b6(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 77d1b9896..c5afc2a8b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -477,6 +419,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -492,6 +483,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ad380eb57..7c6b8dc3b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_H @@ -26,35 +26,35 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -113,7 +113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 97d59fe45..62ace3bfe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,85 +7,2530 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6066347d6..efdecdccd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_avx2_H @@ -20,46 +20,53 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - -libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index af76d13e5..834f6dd19 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -198,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -274,12 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -289,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -316,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -327,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -354,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -365,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -392,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -403,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -430,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -441,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -457,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -468,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -495,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -506,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -533,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -544,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -571,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -582,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -609,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -620,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -647,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -658,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -685,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -696,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -723,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -734,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -761,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -772,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -799,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -810,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -837,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -848,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -875,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -886,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -913,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -924,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -951,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -989,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1000,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1027,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1038,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1065,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1076,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1103,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1114,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1141,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1152,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1179,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1189,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1225,76 +1225,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1389,7 +1389,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1417,7 +1417,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1454,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1466,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1477,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1518,12 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1534,7 +1534,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1562,7 +1562,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1599,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1611,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1626,12 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -1641,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1655,12 +1655,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1689,10 +1689,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1715,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1743,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1768,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1815,11 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); } /** @@ -1827,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** @@ -1871,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1885,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1901,12 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1945,7 +1945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1966,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -2000,10 +2000,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2040,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2052,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2065,11 +2065,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2093,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2107,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2118,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2165,11 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); } /** @@ -2177,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -2221,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2235,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2251,12 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -2267,7 +2267,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2295,7 +2295,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2316,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2350,10 +2350,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2390,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2402,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2415,11 +2415,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2443,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2468,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2515,11 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } /** @@ -2531,12 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -2546,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2560,12 +2560,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2594,10 +2594,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2620,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2648,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2662,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2673,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2720,11 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } /** @@ -2735,7 +2735,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2766,10 +2766,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2838,11 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } /** @@ -2850,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** @@ -2894,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2908,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2924,12 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** @@ -2940,7 +2940,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2968,7 +2968,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2989,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3022,10 +3022,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3062,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3074,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3087,11 +3087,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3115,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3129,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3187,11 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 11362bb06..da0caa7ff 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,3560 +7,76 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); -} - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 8b66fd17c..1510c3862 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_neon_H @@ -20,19 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -40,19 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState_fc +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 78dff4819..b902bff7c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index b022c4fde..92f568d7c 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_core_H @@ -53,6 +53,8 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -76,6 +78,118 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_6f_tags; + +/** +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_1c(core_result_Result_6f self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_34(core_result_Result_7a self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_e8(core_result_Result_cd self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -107,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_2e( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -122,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_57(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -155,7 +269,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -171,7 +285,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_e0(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -200,7 +314,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_20(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -216,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -226,7 +340,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -239,18 +353,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_00_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -283,7 +392,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -305,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_28( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -316,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -334,7 +443,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -347,23 +456,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t - -*/ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; - /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -391,18 +490,13 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; - /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 6705551b9..865ca4449 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index dbf15e8ae..b184d8770 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,6 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -43,9 +45,5959 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( + void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( + core_core_arch_x86___m256i x, int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, + int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, + Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( + Eurydice_slice input, Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ntt_multiply_89_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_subtract_reduce_89_56( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_message_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_shift_right_ea_4e( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_4a( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( + Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + typedef libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_Simd256Hash; +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( + Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_slice input, uint8_t ret[128U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = + libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_71( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_be( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + Eurydice_slice randomness, uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + uu____0, uu____1); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_42( + self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_clone_d5_25( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t kdf_input[64U]; + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1088U, + libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + uint8_t, Eurydice_slice), + ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t ret1[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), + ret1); + memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + Eurydice_slice randomness, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + uu____0, uu____1); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 48da0d7e1..738eb3f73 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_mlkem768_portable_H @@ -21,7 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -48,7 +47,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; + libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -123,862 +122,260 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; @@ -1002,13 +399,14 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1035,8 +433,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } static KRML_MUSTINLINE void @@ -1056,43 +454,565 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** @@ -1100,192 +1020,124 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1294,216 +1146,53 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } return v; } @@ -1512,292 +1201,159 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); return v; } @@ -1806,268 +1362,44 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** @@ -2075,21 +1407,34 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** @@ -2097,23 +1442,33 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; } /** @@ -2121,22 +1476,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; } /** @@ -2144,57 +1532,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; } - return v; + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } + return result; } /** @@ -2202,98 +1600,144 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2302,128 +1746,171 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2432,143 +1919,191 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2577,286 +2112,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -2969,4521 +2226,199 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { - size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); -} - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, - uint8_t ret[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( - uint8_t input[3U][34U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uint8_t input[3U][34U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_43_af( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_40(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_48( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_86( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_96(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_61( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_86( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f4( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_61( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_860( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_960(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_610( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_860( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_11_59( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_610( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f4(serialized); -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_82( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_71( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_82(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_861( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_961(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_611( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_861( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_611( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_862( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_962(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_862( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_5_17( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_612( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_4f(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ntt_multiply_89_16( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_subtract_reduce_89_e1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_message_c9( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_e1(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_shift_right_cc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_shift_right_20_df( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_shift_right_cc(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_shift_right_20_df(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_23( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_da( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_7c(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ef( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - libcrux_ml_kem_matrix_compute_message_c9(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_23(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_92(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_48(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_da(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_f3( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = - libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_72(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_ca( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_a1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_720(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a0(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_a10( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_721(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_a11( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_0a2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_722(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_a12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_0a2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - libcrux_ml_kem_vector_neon_compress_20_a12( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_matrix_compute_ring_element_v_9b( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_0c( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_92(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_af( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_af(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_21(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_31( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_da( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_e6( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_43_87(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_af(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_dd(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_a7( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_14( - uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_standard_domain_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_fc( - self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_2e( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_61(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_20( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_clone_d5_cb( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c4(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_20(i, A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_polynomial_clone_d5_cb(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_11( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_6c_75( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_0c0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_92(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_75( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_75(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_01( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_9a(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_9a( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_75(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_73( - uu____0, uu____1); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return sampled; } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( - uint8_t *public_key); +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_52( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -7505,7 +2440,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_02(void) { +libcrux_ml_kem_polynomial_ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -7533,8 +2468,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_13(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7544,10 +2479,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -7569,12 +2504,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -7587,7 +2522,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -7615,8 +2550,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7626,7 +2561,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7651,9 +2586,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( v); } @@ -7664,10 +2599,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -7679,7 +2614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_51( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( coefficient); re.coefficients[i0] = uu____0; } @@ -7693,7 +2628,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7718,9 +2653,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( v); } @@ -7731,10 +2666,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_df( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -7746,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( coefficient); re.coefficients[i0] = uu____0; } @@ -7760,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_51(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -7777,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -7791,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -7810,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -7823,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -7840,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7860,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7883,7 +2818,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7914,7 +2849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -7932,21 +2867,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -7958,12 +2893,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -7984,10 +2919,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6a( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_1e(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8001,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8026,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( v); } @@ -8039,10 +2974,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_da( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -8053,7 +2988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_da( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( coefficient); re.coefficients[i0] = uu____0; } @@ -8067,7 +3002,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8092,9 +3027,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( v); } @@ -8105,10 +3040,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -8121,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ec( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -8135,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_da(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); } /** @@ -8151,11 +3086,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_f7( +libcrux_ml_kem_polynomial_ntt_multiply_89_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8188,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8214,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8241,7 +3176,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8264,7 +3199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8286,7 +3221,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -8294,7 +3229,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -8307,7 +3242,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -8322,7 +3257,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -8339,22 +3274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -8368,7 +3303,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_ed( +libcrux_ml_kem_polynomial_subtract_reduce_89_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -8394,21 +3329,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_56( +libcrux_ml_kem_matrix_compute_message_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_ed(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); return result; } @@ -8418,7 +3353,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8438,9 +3373,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_bf( +libcrux_ml_kem_vector_portable_shift_right_0d_4b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); } /** @@ -8450,10 +3385,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_af( +libcrux_ml_kem_vector_traits_to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); + libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -8467,13 +3402,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d1( +libcrux_ml_kem_serialize_compress_then_serialize_message_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -8502,21 +3437,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_56(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_4f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_56(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8530,11 +3465,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_c0(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ca(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8545,7 +3480,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_c0(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8559,7 +3494,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8569,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -8588,9 +3523,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); } /** @@ -8601,9 +3536,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8613,10 +3548,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -8642,12 +3577,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -8660,7 +3595,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -8677,8 +3612,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8688,10 +3623,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -8711,7 +3646,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -8743,11 +3678,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uu____0); } @@ -8758,7 +3693,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -8783,10 +3718,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( self, ret); } @@ -8798,7 +3733,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8841,7 +3776,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -8866,10 +3801,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, ret); } @@ -8881,7 +3816,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8928,9 +3863,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8952,8 +3887,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_48( +libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8965,7 +3900,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8973,25 +3908,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -8999,7 +3934,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); } memcpy( ret, ret0, @@ -9013,12 +3948,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -9036,7 +3971,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -9077,10 +4012,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b00_s { +typedef struct tuple_b0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b00; +} tuple_b0; /** A monomorphic instance of @@ -9093,8 +4028,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9103,7 +4038,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9126,9 +4061,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } /** @@ -9138,7 +4073,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9175,7 +4110,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9186,7 +4121,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9222,7 +4157,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9233,9 +4168,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( randomness); } @@ -9245,7 +4180,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -9269,20 +4204,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -9294,12 +4229,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9313,21 +4248,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9345,8 +4280,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9358,12 +4293,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9377,11 +4312,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -9390,7 +4325,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9403,7 +4338,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -9422,9 +4357,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); } /** @@ -9434,8 +4369,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9448,7 +4383,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -9472,14 +4407,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -9502,12 +4437,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9521,7 +4456,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_e9( +libcrux_ml_kem_vector_traits_decompress_1_89( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -9536,10 +4471,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9549,7 +4484,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -9566,7 +4501,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -9596,22 +4531,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_c8( +libcrux_ml_kem_matrix_compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( error_2, message, result); return result; } @@ -9622,7 +4557,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_94( +libcrux_ml_kem_vector_portable_compress_compress_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9645,9 +4580,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b( +libcrux_ml_kem_vector_portable_compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_94(v); + return libcrux_ml_kem_vector_portable_compress_compress_be(v); } /** @@ -9657,15 +4592,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_54( +libcrux_ml_kem_serialize_compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_31( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -9686,7 +4621,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_940( +libcrux_ml_kem_vector_portable_compress_compress_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9709,9 +4644,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b0( +libcrux_ml_kem_vector_portable_compress_0d_310( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_940(v); + return libcrux_ml_kem_vector_portable_compress_compress_be0(v); } /** @@ -9721,15 +4656,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_2d( +libcrux_ml_kem_serialize_compress_then_serialize_11_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_310( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -9752,10 +4687,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -9768,7 +4703,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9786,7 +4721,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -9801,7 +4736,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_941( +libcrux_ml_kem_vector_portable_compress_compress_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9824,9 +4759,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b1( +libcrux_ml_kem_vector_portable_compress_0d_311( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_941(v); + return libcrux_ml_kem_vector_portable_compress_compress_be1(v); } /** @@ -9836,15 +4771,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_09( +libcrux_ml_kem_serialize_compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_311( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -9863,7 +4798,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_942( +libcrux_ml_kem_vector_portable_compress_compress_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9886,9 +4821,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b2( +libcrux_ml_kem_vector_portable_compress_0d_312( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_942(v); + return libcrux_ml_kem_vector_portable_compress_compress_be2(v); } /** @@ -9898,15 +4833,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b9( +libcrux_ml_kem_serialize_compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_9b2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_312( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -9927,9 +4862,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } /** @@ -9950,15 +4885,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9966,7 +4901,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -9975,33 +4910,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c8( + libcrux_ml_kem_matrix_compute_ring_element_v_1f( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -10026,12 +4961,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -10039,8 +4974,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -10070,7 +5005,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -10086,7 +5021,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_25( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -10118,7 +5053,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_87( +static inline void libcrux_ml_kem_ind_cca_decapsulate_88( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -10137,10 +5072,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_c0(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -10149,7 +5084,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -10159,32 +5094,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_87( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_25( + libcrux_ml_kem_ind_cca_kdf_43_cc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_25(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -10216,16 +5151,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_87(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ff( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( private_key, ciphertext, ret); } @@ -10285,14 +5220,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e4( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10304,7 +5239,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10314,7 +5249,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -10323,9 +5258,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -10333,11 +5268,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_59( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -10371,16 +5306,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_59(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_38( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( private_key, ciphertext, ret); } @@ -10394,7 +5329,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -10412,7 +5347,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -10436,15 +5371,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d5( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -10452,9 +5387,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), + libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -10462,7 +5397,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10472,19 +5407,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_25(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -10513,13 +5448,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -10528,7 +5463,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, uu____1); } @@ -10551,11 +5486,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10567,7 +5502,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10581,7 +5516,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -10591,7 +5526,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -10619,14 +5554,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_8e(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -10636,7 +5571,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_f7( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( uu____0, uu____1); } @@ -10648,10 +5583,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b0_s { +typedef struct tuple_9b_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b0; +} tuple_9b; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -10660,8 +5595,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -10671,7 +5606,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_a1( +libcrux_ml_kem_vector_traits_to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -10688,7 +5623,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -10696,7 +5631,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_a1( + libcrux_ml_kem_vector_traits_to_standard_domain_3e( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -10712,14 +5647,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -10743,12 +5678,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -10765,10 +5700,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10776,15 +5711,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -10795,12 +5730,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -10833,7 +5768,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } /** @@ -10843,14 +5778,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -10872,7 +5807,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -10891,7 +5826,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -10908,7 +5843,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -10916,7 +5851,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -10942,19 +5877,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -10973,7 +5908,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -11002,7 +5937,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -11035,7 +5970,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -11045,13 +5980,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -11060,12 +5995,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } /** @@ -11081,18 +6016,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uu____0); } @@ -11111,8 +6046,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_23(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11129,10 +6064,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_28( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -11147,7 +6082,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_70( +libcrux_ml_kem_polynomial_clone_d5_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -11174,7 +6109,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -11183,7 +6118,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -11191,14 +6126,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_28(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_70(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -11210,13 +6145,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -11258,11 +6193,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_d4(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -11270,7 +6205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_9a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( uu____0); } @@ -11285,18 +6220,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_aa( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_2e(ciphertext), + libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -11304,7 +6239,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_aa( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -11332,7 +6267,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_870( +static inline void libcrux_ml_kem_ind_cca_decapsulate_880( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -11351,10 +6286,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_c0(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -11363,7 +6298,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -11373,32 +6308,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_870( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_28(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_aa( + libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_aa(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_28(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -11431,16 +6366,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_870(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_af( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( private_key, ciphertext, ret); } @@ -11454,9 +6389,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } /** @@ -11478,15 +6413,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f9( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -11494,9 +6429,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_1f(public_key), + libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -11504,7 +6439,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -11514,19 +6449,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_aa(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -11556,13 +6491,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -11571,7 +6506,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_bf( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( uu____0, uu____1); } @@ -11583,9 +6518,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11596,12 +6531,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -11614,7 +6549,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -11631,16 +6566,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -11658,16 +6593,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -11677,16 +6612,6 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index c3d1f7ee3..8fab63dea 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_avx2_H @@ -20,98 +20,2759 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +#include "libcrux_core.h" #include "libcrux_sha3_portable.h" +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, + uint64_t c) { + return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_generic_keccak_new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_71(s); + libcrux_sha3_generic_keccak_pi_01(s); + libcrux_sha3_generic_keccak_chi_9b(s); + libcrux_sha3_generic_keccak_iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(&s); + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = + libcrux_sha3_generic_keccak_new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + } + } +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_keccak_14(buf0, buf); } -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; +typedef libcrux_sha3_generic_keccak_KeccakState_29 + libcrux_sha3_avx2_x4_incremental_KeccakState; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return libcrux_sha3_generic_keccak_new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index d42aa9ea4..384edfddf 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b */ #ifndef __libcrux_sha3_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -80,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -199,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -234,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -263,12 +262,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -278,7 +277,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -289,9 +288,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -305,8 +304,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -316,7 +315,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -327,9 +326,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -343,8 +342,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -354,7 +353,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -365,9 +364,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -381,8 +380,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -392,7 +391,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -403,9 +402,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -419,8 +418,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -430,9 +429,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -446,8 +445,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -457,7 +456,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -468,9 +467,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -484,8 +483,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -495,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -506,9 +505,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -522,8 +521,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -533,7 +532,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -544,9 +543,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -560,8 +559,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -571,7 +570,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -582,9 +581,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -598,8 +597,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -609,7 +608,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -620,9 +619,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -636,8 +635,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -647,7 +646,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -658,9 +657,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -674,8 +673,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -685,7 +684,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -696,9 +695,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -712,8 +711,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -723,7 +722,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -734,9 +733,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -750,8 +749,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -761,7 +760,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -772,9 +771,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -788,8 +787,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -799,7 +798,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -810,9 +809,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -826,8 +825,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -837,7 +836,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -848,9 +847,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -864,8 +863,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -875,7 +874,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -886,9 +885,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -902,8 +901,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -913,7 +912,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -924,9 +923,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -940,8 +939,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -951,7 +950,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -962,9 +961,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -978,8 +977,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -989,7 +988,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1000,9 +999,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1016,8 +1015,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1027,7 +1026,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1038,9 +1037,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1054,8 +1053,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1065,7 +1064,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1076,9 +1075,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1092,8 +1091,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1103,7 +1102,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1114,9 +1113,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1130,8 +1129,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1141,7 +1140,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1152,9 +1151,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1168,8 +1167,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1178,7 +1177,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1214,76 +1213,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1293,7 +1292,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1328,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1350,7 +1349,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1362,14 +1361,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1380,13 +1379,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1394,11 +1393,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -1410,12 +1409,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -1426,7 +1425,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1446,8 +1445,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1455,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1476,12 +1475,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1496,9 +1495,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -1509,10 +1508,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1537,9 +1536,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1549,9 +1548,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1561,10 +1560,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1574,11 +1573,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1602,10 +1601,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1616,7 +1615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1627,12 +1626,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1640,7 +1639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1658,12 +1657,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -1674,18 +1673,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -1693,7 +1692,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1722,12 +1721,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -1737,13 +1736,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1751,11 +1750,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1767,12 +1766,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1783,7 +1782,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1803,8 +1802,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1812,7 +1811,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1833,12 +1832,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1854,9 +1853,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -1867,10 +1866,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1895,9 +1894,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1907,9 +1906,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1919,10 +1918,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1932,11 +1931,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1960,10 +1959,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1974,7 +1973,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1985,12 +1984,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1998,7 +1997,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2016,12 +2015,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2032,18 +2031,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -2054,7 +2053,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2074,8 +2073,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2086,10 +2085,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2100,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2111,12 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2124,7 +2123,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2142,12 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2158,3470 +2157,326 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_58( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_and_not_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_constant_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); -} +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); +static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_generic_keccak_new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - return lit; +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- BLOCKSIZE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_580( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- LEFT= 36 -- RIGHT= 28 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_580(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t with const generics -- LEFT= 36 -- RIGHT= 28 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_581( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_722(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- LEFT= 3 -- RIGHT= 61 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_581(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- LEFT= 3 -- RIGHT= 61 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_582( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_582(ab); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_583( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_583(ab); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); -} +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_58(ab); -} +typedef uint8_t libcrux_sha3_Algorithm; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_584( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_585( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_586( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_587( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_588( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_589( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5810( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c110( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5811( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c111( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5812( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c112( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5813( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c113( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5814( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c114( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5815( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c115( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5816( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c116( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5817( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c117( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5818( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c118( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5819( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c119( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5820( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c120( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5821( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c121( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5822( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c122( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_a0(s); - libcrux_sha3_generic_keccak_chi_b0(s); - libcrux_sha3_generic_keccak_iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_59(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_590(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_591(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_neon_keccakx2_6e1(buf0, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, - Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_252(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); -} - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; core_result_Result_56 dst; @@ -5646,14 +2501,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -5661,27 +2516,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -5691,14 +2546,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -5706,10 +2561,10 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -5723,24 +2578,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, @@ -5757,14 +2612,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -5777,12 +2632,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -5790,13 +2645,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -5819,11 +2674,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -5831,288 +2686,24 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -6120,13 +2711,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -6147,27 +2738,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -6175,20 +2766,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6201,17 +2792,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -6219,183 +2810,123 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c2(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6405,121 +2936,81 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; + size_t uu____2 = (size_t)104U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f2(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6535,57 +3026,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f2(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6602,51 +3093,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6658,305 +3149,171 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_592(uu____0, out); +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t with const generics -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6971,58 +3328,19 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( } } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -7039,51 +3357,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -7095,43 +3413,78 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 104 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_593(uu____0, out); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); +} + +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -7142,7 +3495,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -7150,62 +3503,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_251(s, buf); + libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** @@ -7282,12 +3635,6 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } -typedef core_core_arch_arm_shared_neon_uint64x2_t - libcrux_sha3_simd_arm64_uint64x2_t; - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState2Internal; - typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From 42136230546dad2421762c4c7ba8ae37795e50f0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 11 Aug 2024 18:30:23 -0400 Subject: [PATCH 082/348] a more complete spec --- libcrux-ml-kem/proofs/fstar/spec/Makefile | 2 +- .../fstar/spec/Spec.MLKEM.Instances.fst | 62 +++ .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 168 ++++++++ .../proofs/fstar/spec/Spec.MLKEM.fst | 364 +++++------------- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- 5 files changed, 337 insertions(+), 261 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst create mode 100644 libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index 7caf6ddd7..b67b71b55 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -53,7 +53,7 @@ else FSTAR_HINTS ?= --use_hints --use_hint_hashes endif -VERIFIED = +VERIFIED = Spec.Utils.fst Spec.MLKEM.Math.fst Spec.MLKEM.fst Spec.MLKEM.Instances.fst UNVERIFIED = diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst new file mode 100644 index 000000000..bf9261111 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst @@ -0,0 +1,62 @@ +module Spec.MLKEM.Instances +#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" +open FStar.Mul +open Core +open Spec.Utils +open Spec.MLKEM.Math +open Spec.MLKEM + + +(** MLKEM-768 Instantiation *) + +let mlkem768_rank : rank = sz 3 + +#push-options "--z3rlimit 300" +let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) & bool = + ind_cca_generate_keypair mlkem768_rank randomness + +let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) & bool = + ind_cca_encapsulate mlkem768_rank public_key randomness + +let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): + t_Array u8 (sz 32) & bool = + ind_cca_decapsulate mlkem768_rank secret_key ciphertext + +(** MLKEM-1024 Instantiation *) + +let mlkem1024_rank = sz 4 + +let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) & bool = + ind_cca_generate_keypair mlkem1024_rank randomness + +let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) & bool = + ind_cca_encapsulate mlkem1024_rank public_key randomness + + +let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): + t_Array u8 (sz 32) & bool = + ind_cca_decapsulate mlkem1024_rank secret_key ciphertext + +(** MLKEM-512 Instantiation *) + +let mlkem512_rank : rank = sz 2 + +let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): + (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) & bool = + ind_cca_generate_keypair mlkem512_rank randomness + +let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): + (t_Array u8 (sz 768) & t_Array u8 (sz 32)) & bool = + ind_cca_encapsulate mlkem512_rank public_key randomness + + +let mlkem512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): + t_Array u8 (sz 32) & bool = + ind_cca_decapsulate mlkem512_rank secret_key ciphertext + + + diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst new file mode 100644 index 000000000..18fb880df --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -0,0 +1,168 @@ +module Spec.MLKEM.Math +#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" + +open FStar.Mul +open Core +open Spec.Utils + +let v_FIELD_MODULUS: i32 = 3329l +let is_rank (r:usize) = v r == 2 \/ v r == 3 \/ v r == 4 + +type rank = r:usize{is_rank r} + + +(** MLKEM Math and Sampling *) + +type field_element = n:nat{n < v v_FIELD_MODULUS} +type polynomial (ntt:bool) = t_Array field_element (sz 256) +type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r +type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r + +val field_add: field_element -> field_element -> field_element +let field_add a b = (a + b) % v v_FIELD_MODULUS + +val field_sub: field_element -> field_element -> field_element +let field_sub a b = (a - b) % v v_FIELD_MODULUS + +val field_neg: field_element -> field_element +let field_neg a = (0 - a) % v v_FIELD_MODULUS + +val field_mul: field_element -> field_element -> field_element +let field_mul a b = (a * b) % v v_FIELD_MODULUS + +val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +let poly_add a b = map2 field_add a b + +val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +let poly_sub a b = map2 field_sub a b + + +(* +bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] +zetas = [pow(17,x) % 3329 for x in bitrev7] +zetas_mont = [pow(2,16) * x % 3329 for x in zetas] +zetas_mont_r = [(x - 3329 if x > 1664 else x) for x in zetas_mont] + +bitrev7 is +[0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120, 4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124, 2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122, 6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126, 1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121, 5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125, 3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123, 7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127] + +zetas = 17^bitrev7 is +[1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154] + +zetas_mont = zetas * 2^16 is +[2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628] + +zetas_mont_r = zetas_mont - 3329 if zetas_mont > 1664 else zetas_mont is +[-1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628] +*) + +let zetas_list : list field_element = [1; 1729; 2580; 3289; 2642; 630; 1897; 848; 1062; 1919; 193; 797; 2786; 3260; 569; 1746; 296; 2447; 1339; 1476; 3046; 56; 2240; 1333; 1426; 2094; 535; 2882; 2393; 2879; 1974; 821; 289; 331; 3253; 1756; 1197; 2304; 2277; 2055; 650; 1977; 2513; 632; 2865; 33; 1320; 1915; 2319; 1435; 807; 452; 1438; 2868; 1534; 2402; 2647; 2617; 1481; 648; 2474; 3110; 1227; 910; 17; 2761; 583; 2649; 1637; 723; 2288; 1100; 1409; 2662; 3281; 233; 756; 2156; 3015; 3050; 1703; 1651; 2789; 1789; 1847; 952; 1461; 2687; 939; 2308; 2437; 2388; 733; 2337; 268; 641; 1584; 2298; 2037; 3220; 375; 2549; 2090; 1645; 1063; 319; 2773; 757; 2099; 561; 2466; 2594; 2804; 1092; 403; 1026; 1143; 2150; 2775; 886; 1722; 1212; 1874; 1029; 2110; 2935; 885; 2154] + +let zetas : t_Array field_element (sz 128) = + assert_norm(List.Tot.length zetas_list == 128); + Rust_primitives.Arrays.of_list zetas_list + +let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let t = field_mul b zetas.[sz i] in + let b = field_sub a t in + let a = field_add a t in + (a,b) + +let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (128 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in + if idx < len then a_ntt else b_ntt) + +val poly_ntt: polynomial false -> polynomial true +let poly_ntt p = + let p = poly_ntt_layer p 7 in + let p = poly_ntt_layer p 6 in + let p = poly_ntt_layer p 5 in + let p = poly_ntt_layer p 4 in + let p = poly_ntt_layer p 3 in + let p = poly_ntt_layer p 2 in + let p = poly_ntt_layer p 1 in + p + +let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = + let b_minus_a = field_sub b a in + let a = field_add a b in + let b = field_mul b_minus_a zetas.[sz i] in + (a,b) + +let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = + let len = pow2 l in + let k = (256 / len) - 1 in + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let round = v i / (2 * len) in + let idx = v i % (2 * len) in + let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in + let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in + if idx < len then a_ntt else b_ntt) + +val poly_inv_ntt: polynomial true -> polynomial false +let poly_inv_ntt p = + let p = poly_inv_ntt_layer p 1 in + let p = poly_inv_ntt_layer p 2 in + let p = poly_inv_ntt_layer p 3 in + let p = poly_inv_ntt_layer p 4 in + let p = poly_inv_ntt_layer p 5 in + let p = poly_inv_ntt_layer p 6 in + let p = poly_inv_ntt_layer p 7 in + p + +let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = + let c0 = field_add (field_mul a0 b0) (field_mul (field_mul a1 b1) zeta) in + let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in + (c0,c1) + +val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true +let poly_mul_ntt a b = + Rust_primitives.Arrays.createi (sz 256) (fun i -> + let a0 = a.[sz (2 * (v i / 2))] in + let a1 = a.[sz (2 * (v i / 2) + 1)] in + let b0 = b.[sz (2 * (v i / 2))] in + let b1 = b.[sz (2 * (v i / 2) + 1)] in + let zeta_4 = zetas.[sz (64 + (v i/4))] in + let zeta = if v i % 4 < 2 then zeta_4 else field_neg zeta_4 in + let (c0,c1) = poly_base_case_multiply a0 a1 b0 b1 zeta in + if v i % 2 = 0 then c0 else c1) + + +val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt +let vector_add #p a b = map2 poly_add a b + +val vector_ntt: #r:rank -> vector r false -> vector r true +let vector_ntt #p v = map_array poly_ntt v + +val vector_inv_ntt: #r:rank -> vector r true -> vector r false +let vector_inv_ntt #p v = map_array poly_inv_ntt v + +val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true +let vector_mul_ntt #p a b = map2 poly_mul_ntt a b + +val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt +let vector_sum #r a = repeati (r -! sz 1) + (fun i x -> assert (v i < v r - 1); poly_add x (a.[i +! sz 1])) a.[sz 0] + +val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true +let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) + +val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt +let matrix_transpose #r m = + createi r (fun i -> + createi r (fun j -> + m.[j].[i])) + +val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true +let matrix_vector_mul_ntt #r m v = + createi r (fun i -> vector_dot_product_ntt m.[i] v) + +val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true +let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e + diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index ee5558e74..5e081b5b7 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -1,8 +1,9 @@ module Spec.MLKEM -#set-options "--fuel 0 --ifuel 1 --z3rlimit 200" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" open FStar.Mul open Core open Spec.Utils +open Spec.MLKEM.Math (** ML-KEM Constants *) let v_BITS_PER_COEFFICIENT: usize = sz 12 @@ -15,8 +16,6 @@ let v_BYTES_PER_RING_ELEMENT: usize = sz 384 // v_BITS_PER_RING_ELEMENT /! sz 8 let v_CPA_KEY_GENERATION_SEED_SIZE: usize = sz 32 -let v_FIELD_MODULUS: i32 = 3329l - let v_H_DIGEST_SIZE: usize = sz 32 // same as Libcrux.Digest.digest_size (Libcrux.Digest.Algorithm_Sha3_256_ <: Libcrux.Digest.t_Algorithm) @@ -24,11 +23,7 @@ let v_REJECTION_SAMPLING_SEED_SIZE: usize = sz 840 // sz 168 *! sz 5 let v_SHARED_SECRET_SIZE: usize = v_H_DIGEST_SIZE -let is_rank (r:usize) = - r == sz 2 \/ r == sz 3 \/ r == sz 4 - -type rank = r:usize{is_rank r} - +val v_ETA1 (r:rank) : u:usize{u == sz 3 \/ u == sz 2} let v_ETA1 (r:rank) : usize = if r = sz 2 then sz 3 else if r = sz 3 then sz 2 else @@ -36,17 +31,18 @@ let v_ETA1 (r:rank) : usize = let v_ETA2 (r:rank) : usize = sz 2 +val v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : u:usize{u == sz 10 \/ u == sz 11} let v_VECTOR_U_COMPRESSION_FACTOR (r:rank) : usize = if r = sz 2 then sz 10 else if r = sz 3 then sz 10 else if r = sz 4 then sz 11 +val v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : u:usize{u == sz 4 \/ u == sz 5} let v_VECTOR_V_COMPRESSION_FACTOR (r:rank) : usize = if r = sz 2 then sz 4 else if r = sz 3 then sz 4 else if r = sz 4 then sz 5 - val v_ETA1_RANDOMNESS_SIZE (r:rank) : u:usize{u == sz 128 \/ u == sz 192} let v_ETA1_RANDOMNESS_SIZE (r:rank) = v_ETA1 r *! sz 64 @@ -93,6 +89,7 @@ let v_KEY_GENERATION_SEED_SIZE: usize = v_CPA_KEY_GENERATION_SEED_SIZE +! v_SHARED_SECRET_SIZE + (** ML-KEM Types *) type t_MLKEMPublicKey (r:rank) = t_Array u8 (v_CPA_PUBLIC_KEY_SIZE r) @@ -105,160 +102,6 @@ type t_MLKEMCPAKeyPair (r:rank) = t_MLKEMCPAPrivateKey r & t_MLKEMPublicKey r type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_CIPHERTEXT_SIZE r) type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) -(** MLKEM Math and Sampling *) - -type field_element = n:nat{n < v v_FIELD_MODULUS} -type polynomial (ntt:bool) = t_Array field_element (sz 256) -type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r -type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r - -val field_add: field_element -> field_element -> field_element -let field_add a b = (a + b) % v v_FIELD_MODULUS - -val field_sub: field_element -> field_element -> field_element -let field_sub a b = (a - b) % v v_FIELD_MODULUS - -val field_neg: field_element -> field_element -let field_neg a = (0 - a) % v v_FIELD_MODULUS - -val field_mul: field_element -> field_element -> field_element -let field_mul a b = (a * b) % v v_FIELD_MODULUS - -val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt -let poly_add a b = map2 field_add a b - -val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt -let poly_sub a b = map2 field_sub a b - - -(* -bitrev7 = [int('{:07b}'.format(x)[::-1], 2) for x in range(0,128)] -zetas = [pow(17,x) % 3329 for x in bitrev7] -zetas_mont = [pow(2,16) * x % 3329 for x in zetas] -zetas_mont_r = [(x - 3329 if x > 1664 else x) for x in zetas_mont] - -bitrev7 is -[0, 64, 32, 96, 16, 80, 48, 112, 8, 72, 40, 104, 24, 88, 56, 120, 4, 68, 36, 100, 20, 84, 52, 116, 12, 76, 44, 108, 28, 92, 60, 124, 2, 66, 34, 98, 18, 82, 50, 114, 10, 74, 42, 106, 26, 90, 58, 122, 6, 70, 38, 102, 22, 86, 54, 118, 14, 78, 46, 110, 30, 94, 62, 126, 1, 65, 33, 97, 17, 81, 49, 113, 9, 73, 41, 105, 25, 89, 57, 121, 5, 69, 37, 101, 21, 85, 53, 117, 13, 77, 45, 109, 29, 93, 61, 125, 3, 67, 35, 99, 19, 83, 51, 115, 11, 75, 43, 107, 27, 91, 59, 123, 7, 71, 39, 103, 23, 87, 55, 119, 15, 79, 47, 111, 31, 95, 63, 127] - -zetas = 17^bitrev7 is -[1, 1729, 2580, 3289, 2642, 630, 1897, 848, 1062, 1919, 193, 797, 2786, 3260, 569, 1746, 296, 2447, 1339, 1476, 3046, 56, 2240, 1333, 1426, 2094, 535, 2882, 2393, 2879, 1974, 821, 289, 331, 3253, 1756, 1197, 2304, 2277, 2055, 650, 1977, 2513, 632, 2865, 33, 1320, 1915, 2319, 1435, 807, 452, 1438, 2868, 1534, 2402, 2647, 2617, 1481, 648, 2474, 3110, 1227, 910, 17, 2761, 583, 2649, 1637, 723, 2288, 1100, 1409, 2662, 3281, 233, 756, 2156, 3015, 3050, 1703, 1651, 2789, 1789, 1847, 952, 1461, 2687, 939, 2308, 2437, 2388, 733, 2337, 268, 641, 1584, 2298, 2037, 3220, 375, 2549, 2090, 1645, 1063, 319, 2773, 757, 2099, 561, 2466, 2594, 2804, 1092, 403, 1026, 1143, 2150, 2775, 886, 1722, 1212, 1874, 1029, 2110, 2935, 885, 2154] - -zetas_mont = zetas * 2^16 is -[2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962, 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017, 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047, 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830, 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226, 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574, 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349, 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193, 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459, 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628] - -zetas_mont_r = zetas_mont - 3329 if zetas_mont > 1664 else zetas_mont is -[-1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, -853, -90, -271, 830, 107, -1421, -247, -951, -398, 961, -1508, -725, 448, -1065, 677, -1275, -1103, 430, 555, 843, -1251, 871, 1550, 105, 422, 587, 177, -235, -291, -460, 1574, 1653, -246, 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628] -*) - -let zetas_list : list field_element = [1; 1729; 2580; 3289; 2642; 630; 1897; 848; 1062; 1919; 193; 797; 2786; 3260; 569; 1746; 296; 2447; 1339; 1476; 3046; 56; 2240; 1333; 1426; 2094; 535; 2882; 2393; 2879; 1974; 821; 289; 331; 3253; 1756; 1197; 2304; 2277; 2055; 650; 1977; 2513; 632; 2865; 33; 1320; 1915; 2319; 1435; 807; 452; 1438; 2868; 1534; 2402; 2647; 2617; 1481; 648; 2474; 3110; 1227; 910; 17; 2761; 583; 2649; 1637; 723; 2288; 1100; 1409; 2662; 3281; 233; 756; 2156; 3015; 3050; 1703; 1651; 2789; 1789; 1847; 952; 1461; 2687; 939; 2308; 2437; 2388; 733; 2337; 268; 641; 1584; 2298; 2037; 3220; 375; 2549; 2090; 1645; 1063; 319; 2773; 757; 2099; 561; 2466; 2594; 2804; 1092; 403; 1026; 1143; 2150; 2775; 886; 1722; 1212; 1874; 1029; 2110; 2935; 885; 2154] - -let zetas : t_Array field_element (sz 128) = - assert_norm(List.Tot.length zetas_list == 128); - Rust_primitives.Arrays.of_list zetas_list - -let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = - let t = field_mul b zetas.[sz i] in - let b = field_sub a t in - let a = field_add a t in - (a,b) - -let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = - let len = pow2 l in - let k = (128 / len) - 1 in - Rust_primitives.Arrays.createi (sz 256) (fun i -> - let round = v i / (2 * len) in - let idx = v i % (2 * len) in - let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in - let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in - if idx < len then a_ntt else b_ntt) - -val poly_ntt: polynomial false -> polynomial true -let poly_ntt p = - let p = poly_ntt_layer p 7 in - let p = poly_ntt_layer p 6 in - let p = poly_ntt_layer p 5 in - let p = poly_ntt_layer p 4 in - let p = poly_ntt_layer p 3 in - let p = poly_ntt_layer p 2 in - let p = poly_ntt_layer p 1 in - p - -let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = - let b_minus_a = field_sub b a in - let a = field_add a b in - let b = field_mul b_minus_a zetas.[sz i] in - (a,b) - -let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = - let len = pow2 l in - let k = (256 / len) - 1 in - Rust_primitives.Arrays.createi (sz 256) (fun i -> - let round = v i / (2 * len) in - let idx = v i % (2 * len) in - let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in - let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in - if idx < len then a_ntt else b_ntt) - -val poly_inv_ntt: polynomial true -> polynomial false -let poly_inv_ntt p = - let p = poly_inv_ntt_layer p 1 in - let p = poly_inv_ntt_layer p 2 in - let p = poly_inv_ntt_layer p 3 in - let p = poly_inv_ntt_layer p 4 in - let p = poly_inv_ntt_layer p 5 in - let p = poly_inv_ntt_layer p 6 in - let p = poly_inv_ntt_layer p 7 in - p - -let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = - let c0 = field_add (field_mul a0 b0) (field_mul (field_mul a1 b1) zeta) in - let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in - (c0,c1) - -val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true -let poly_mul_ntt a b = - Rust_primitives.Arrays.createi (sz 256) (fun i -> - let a0 = a.[sz (2 * (v i / 2))] in - let a1 = a.[sz (2 * (v i / 2) + 1)] in - let b0 = b.[sz (2 * (v i / 2))] in - let b1 = b.[sz (2 * (v i / 2) + 1)] in - let zeta_4 = zetas.[sz (64 + (v i/4))] in - let zeta = if v i % 4 < 2 then zeta_4 else field_neg zeta_4 in - let (c0,c1) = poly_base_case_multiply a0 a1 b0 b1 zeta in - if v i % 2 = 0 then c0 else c1) - - -val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt -let vector_add #p a b = map2 poly_add a b - -val vector_ntt: #r:rank -> vector r false -> vector r true -let vector_ntt #p v = map_array poly_ntt v - -val vector_inv_ntt: #r:rank -> vector r true -> vector r false -let vector_inv_ntt #p v = map_array poly_inv_ntt v - -val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true -let vector_mul_ntt #p a b = map2 poly_mul_ntt a b - -val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt -let vector_sum #r a = repeati (v r - 1) - (fun i x -> poly_add x (Lib.Sequence.index #_ #(v r) a (i+1))) (Lib.Sequence.index #_ #(v r) a 0) - -val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true -let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) - -val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt -let matrix_transpose #r m = - createi r (fun i -> - createi r (fun j -> - m.[j].[i])) - -val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true -let matrix_vector_mul_ntt #r m v = - createi r (fun i -> vector_dot_product_ntt m.[i] v) - -val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true -let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) : Pure (t_Array u8 bytes) @@ -274,25 +117,75 @@ let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x - -// note we take seed of size 32 not 34 as in hacspec -assume val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> matrix r true -// note we take seed of size 32 not 33 as in hacspec -assume val sample_vector_cbd: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize -> vector r false -// note we take seed of size 32 not 33 as in hacspec - -assume val sample_poly_binomial: v_ETA:usize{v v_ETA <= 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false +assume val sample_max: n:usize{v n < pow2 32 /\ v n >= 128 * 3 /\ v n % 3 = 0} + +val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial true & bool) +let sample_polynomial_ntt seed = + let randomness = v_XOF sample_max seed in + let bv = bytes_to_bits randomness in + assert (v sample_max * 8 == (((v sample_max / 3) * 2) * 12)); + let bv: bit_vec ((v (sz ((v sample_max / 3) * 2))) * 12) = retype_bit_vector bv in + let i16s = bit_vec_to_nat_array #(sz ((v sample_max / 3) * 2)) 12 bv in + assert ((v sample_max / 3) * 2 >= 256); + let poly0: polynomial true = Seq.create 256 0 in + let (sampled, poly1) = + repeati #((n:nat{n <= 256}) & polynomial true) (sz ((v sample_max / 3) * 2)) + (fun i (sampled,acc) -> + if sampled < 256 then + let sample = Seq.index i16s (v i) in + if sample < 3329 then + (sampled+1, Rust_primitives.Hax.update_at acc (sz sampled) sample) + else (sampled, acc) + else (sampled, acc)) + (0,poly0) in + if sampled < 256 then poly0, false else poly1, true + +let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial true & bool = + let seed34 = Seq.append seed (Seq.create 2 0uy) in + let seed34 = Rust_primitives.Hax.update_at seed34 (sz 32) (mk_int #u8_inttype (v i)) in + let seed34 = Rust_primitives.Hax.update_at seed34 (sz 33) (mk_int #u8_inttype (v j)) in + sample_polynomial_ntt seed34 + +val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r true & bool) +let sample_matrix_A_ntt #r seed = + let m = + createi r (fun i -> + createi r (fun j -> + let (p,b) = sample_polynomial_ntt_at_index seed i j in + p)) + in + let sufficient_randomness = + repeati r (fun i b -> + repeati r (fun j b -> + let (p,v) = sample_polynomial_ntt_at_index seed i j in + b && v) b) true in + (m, sufficient_randomness) + +assume val sample_poly_cbd: v_ETA:usize{v v_ETA == 2 \/ v v_ETA == 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false open Rust_primitives.Integers -val sample_poly_cbd: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false -let sample_poly_cbd #r seed domain_sep = +val sample_poly_cbd2: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +let sample_poly_cbd2 #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE r) prf_input in - sample_poly_binomial (v_ETA2 r) prf_output + sample_poly_cbd (v_ETA2 r) prf_output + +val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +let sample_poly_cbd1 #r seed domain_sep = + let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in + let prf_output = v_PRF (v_ETA1_RANDOMNESS_SIZE r) prf_input in + sample_poly_cbd (v_ETA1 r) prf_output + +let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = + createi r (fun i -> sample_poly_cbd1 #r seed (domain_sep +! i)) + +let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = + createi r (fun i -> sample_poly_cbd2 #r seed (domain_sep +! i)) + +let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = + vector_ntt (sample_vector_cbd1 #r seed domain_sep) -let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize) : vector r true = - vector_ntt (sample_vector_cbd #r seed domain_sep) type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS @@ -303,14 +196,18 @@ type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in - assume (r * v v_FIELD_MODULUS < pow2 d * x + 1664); - assume (pow2 d * x + 1664 < pow2 d * v v_FIELD_MODULUS + 1664); - assume (r < pow2 d); - r + assert (r * v v_FIELD_MODULUS <= pow2 d * x + 1664); + assert (r * v v_FIELD_MODULUS <= pow2 d * (v v_FIELD_MODULUS - 1) + 1664); + Math.Lemmas.lemma_div_le (r * v v_FIELD_MODULUS) (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) (v v_FIELD_MODULUS); + Math.Lemmas.cancel_mul_div r (v v_FIELD_MODULUS); + assert (r <= (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) / v v_FIELD_MODULUS); + Math.Lemmas.lemma_div_mod_plus (1664 - pow2 d) (pow2 d) (v v_FIELD_MODULUS); + assert (r <= pow2 d + (1664 - pow2 d) / v v_FIELD_MODULUS); + assert (r <= pow2 d); + if r = pow2 d then 0 else r let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in - assume (r < v v_FIELD_MODULUS); r @@ -322,13 +219,13 @@ let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d = let bv = bytes_to_bits coefficients in let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in - let p = map_array (fun (x: nat) -> x % v v_FIELD_MODULUS) arr in - introduce forall i. (d < 12 ==> Seq.index p i < pow2 d) - with assert (Seq.index p i == Seq.index p (v (sz i))); - introduce forall i. (d == 12 ==> Seq.index p i < v v_FIELD_MODULUS) - with assert (Seq.index p i == Seq.index p (v (sz i))); - assert (forall i. (d < 12 ==> Seq.index p i < pow2 d) /\ (d == 12 ==> Seq.index p i < v v_FIELD_MODULUS)); - admit(); + let p: polynomial_d d = + createi (sz 256) (fun i -> + let x_f : field_element = arr.[i] % v v_FIELD_MODULUS in + assert (d < 12 ==> arr.[i] < pow2 d); + let x_m : field_element_d d = x_f in + x_m) + in p let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p @@ -389,17 +286,17 @@ let decode_then_decompress_v (#r:rank) (#ntt:bool): t_Array u8 (v_C2_SIZE r) -> /// through the `key_generation_seed` parameter. val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATION_SEED_SIZE) : - t_MLKEMCPAKeyPair r + (t_MLKEMCPAKeyPair r & bool) let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in - let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let (matrix_A_as_ntt, sufficient_randomness) = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in let public_key_serialized = Seq.append (vector_encode_12 #r t_as_ntt) seed_for_A in let secret_key_serialized = vector_encode_12 #r secret_as_ntt in - (secret_key_serialized,public_key_serialized) + ((secret_key_serialized,public_key_serialized), sufficient_randomness) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE encryption algorithm. @@ -407,21 +304,21 @@ let ind_cpa_generate_keypair r randomness = val ind_cpa_encrypt (r:rank) (public_key: t_MLKEMPublicKey r) (message: t_Array u8 v_SHARED_SECRET_SIZE) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : - t_MLKEMCiphertext r - + (t_MLKEMCiphertext r & bool) + let ind_cpa_encrypt r public_key message randomness = let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE r) in let t_as_ntt = vector_decode_12 #r t_as_ntt_bytes in - let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let matrix_A_as_ntt, sufficient_randomness = sample_matrix_A_ntt #r seed_for_A in let r_as_ntt = sample_vector_cbd_then_ntt #r randomness (sz 0) in - let error_1 = sample_vector_cbd #r randomness r in - let error_2 = sample_poly_cbd #r randomness (r +! r) in + let error_1 = sample_vector_cbd2 #r randomness r in + let error_2 = sample_poly_cbd2 #r randomness (r +! r) in let u = vector_add (vector_inv_ntt (matrix_vector_mul_ntt (matrix_transpose matrix_A_as_ntt) r_as_ntt)) error_1 in let mu = decode_then_decompress_message message in let v = poly_add (poly_add (vector_dot_product_ntt t_as_ntt r_as_ntt) error_2) mu in let c1 = compress_then_encode_u #r u in let c2 = compress_then_encode_v #r v in - concat c1 c2 + (concat c1 c2, sufficient_randomness) /// This function implements Algorithm 14 of the /// NIST FIPS 203 specification; this is the MLKEM CPA-PKE decryption algorithm. @@ -435,7 +332,7 @@ let ind_cpa_decrypt r secret_key ciphertext = let u = decode_then_decompress_u #r c1 in let v = decode_then_decompress_v #r c2 in let secret_as_ntt = vector_decode_12 #r secret_key in - let w = poly_sub v (poly_inv_ntt #r (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in + let w = poly_sub v (poly_inv_ntt (vector_dot_product_ntt secret_as_ntt (vector_ntt u))) in compress_then_encode_message w (** IND-CCA Functions *) @@ -451,16 +348,16 @@ let ind_cpa_decrypt r secret_key ciphertext = /// TODO: input validation val ind_cca_generate_keypair (r:rank) (randomness:t_Array u8 v_KEY_GENERATION_SEED_SIZE) : - t_MLKEMKeyPair r + t_MLKEMKeyPair r & bool let ind_cca_generate_keypair p randomness = let (ind_cpa_keypair_randomness, implicit_rejection_value) = split randomness v_CPA_KEY_GENERATION_SEED_SIZE in - let (ind_cpa_secret_key,ind_cpa_public_key) = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in + let (ind_cpa_secret_key,ind_cpa_public_key), sufficient_randomness = ind_cpa_generate_keypair p ind_cpa_keypair_randomness in let ind_cca_secret_key = Seq.append ind_cpa_secret_key ( Seq.append ind_cpa_public_key ( Seq.append (v_H ind_cpa_public_key) implicit_rejection_value)) in - (ind_cca_secret_key, ind_cpa_public_key) + (ind_cca_secret_key, ind_cpa_public_key), sufficient_randomness /// This function implements most of Algorithm 16 of the /// NIST FIPS 203 specification; this is the MLKEM CCA-KEM encapsulation algorithm. @@ -473,13 +370,13 @@ let ind_cca_generate_keypair p randomness = val ind_cca_encapsulate (r:rank) (public_key: t_MLKEMPublicKey r) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : - (t_MLKEMCiphertext r & t_MLKEMSharedSecret) + (t_MLKEMCiphertext r & t_MLKEMSharedSecret) & bool let ind_cca_encapsulate p public_key randomness = let to_hash = concat randomness (v_H public_key) in let hashed = v_G to_hash in let (shared_secret, pseudorandomness) = split hashed v_SHARED_SECRET_SIZE in - let ciphertext = ind_cpa_encrypt p public_key randomness pseudorandomness in - (ciphertext,shared_secret) + let ciphertext, sufficient_randomness = ind_cpa_encrypt p public_key randomness pseudorandomness in + (ciphertext,shared_secret), sufficient_randomness /// This function implements Algorithm 17 of the @@ -487,7 +384,7 @@ let ind_cca_encapsulate p public_key randomness = val ind_cca_decapsulate (r:rank) (secret_key: t_MLKEMPrivateKey r) (ciphertext: t_MLKEMCiphertext r): - t_MLKEMSharedSecret + t_MLKEMSharedSecret & bool let ind_cca_decapsulate p secret_key ciphertext = let (ind_cpa_secret_key,rest) = split secret_key (v_CPA_PRIVATE_KEY_SIZE p) in let (ind_cpa_public_key,rest) = split rest (v_CPA_PUBLIC_KEY_SIZE p) in @@ -502,59 +399,8 @@ let ind_cca_decapsulate p secret_key ciphertext = let to_hash = concat implicit_rejection_value ciphertext in let rejection_shared_secret = v_J to_hash in - let reencrypted = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in + let reencrypted, sufficient_randomness = ind_cpa_encrypt p ind_cpa_public_key decrypted pseudorandomness in if reencrypted = ciphertext - then success_shared_secret - else rejection_shared_secret + then success_shared_secret, sufficient_randomness + else rejection_shared_secret, sufficient_randomness - -(** MLKEM-768 Instantiation *) - -let mlkem768_rank = sz 3 - -let mlkem768_generate_keypair (randomness:t_Array u8 (sz 64)): - (t_Array u8 (sz 2400) & t_Array u8 (sz 1184)) = - ind_cca_generate_keypair mlkem768_rank randomness - -let mlkem768_encapsulate (public_key: t_Array u8 (sz 1184)) (randomness: t_Array u8 (sz 32)): - (t_Array u8 (sz 1088) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem768_rank public_key randomness - - -let mlkem768_decapsulate (secret_key: t_Array u8 (sz 2400)) (ciphertext: t_Array u8 (sz 1088)): - t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem768_rank secret_key ciphertext - -(** MLKEM-1024 Instantiation *) - -let mlkem1024_rank = sz 4 - -let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): - (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) = - ind_cca_generate_keypair mlkem1024_rank randomness - -let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): - (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem1024_rank public_key randomness - - -let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): - t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem1024_rank secret_key ciphertext - -(** MLKEM-512 Instantiation *) - -let mlkem512_rank : rank = sz 2 - -let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): - (t_Array u8 (sz 1632) & t_Array u8 (sz 800)) = - ind_cca_generate_keypair mlkem512_rank randomness - -let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): - (t_Array u8 (sz 768) & t_Array u8 (sz 32)) = - ind_cca_encapsulate mlkem512_rank public_key randomness - - -let mlkem512_decapsulate (secret_key: t_Array u8 (sz 1632)) (ciphertext: t_Array u8 (sz 768)): - t_Array u8 (sz 32) = - ind_cca_decapsulate mlkem512_rank secret_key ciphertext diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 6747f8487..0b63ffa03 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -20,7 +20,7 @@ let map2 #a #b #c (#len:usize{v len < pow2 32}) (x: t_Array a len) (y: t_Array b len): t_Array c len = Lib.Sequence.map2 #a #b #c #(v len) f x y -let repeati = Lib.LoopCombinators.repeati +let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 #push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let flatten #t #n From a4042e7decc0ac4240006042100fd475de1f5b8f Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 12 Aug 2024 16:13:12 -0400 Subject: [PATCH 083/348] spec --- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 69 +++++++++++++++++++ .../proofs/fstar/spec/Spec.MLKEM.fst | 67 ------------------ 2 files changed, 69 insertions(+), 67 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index 18fb880df..2bfc58384 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -166,3 +166,72 @@ let matrix_vector_mul_ntt #r m v = val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e + + +type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} +let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS +type field_element_d (d:dT) = n:nat{n < max_d d} +type polynomial_d (d:dT) = t_Array (field_element_d d) (sz 256) +type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r + +let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) + : Pure (t_Array u8 bytes) + (requires True) + (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) + = bit_vec_to_int_t_array 8 bv + +let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) + : Pure (i: bit_vec (v bytes * 8)) + (requires True) + (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) + = bit_vec_of_int_t_array r 8 + +unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x + + +let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d + = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in + assert (r * v v_FIELD_MODULUS <= pow2 d * x + 1664); + assert (r * v v_FIELD_MODULUS <= pow2 d * (v v_FIELD_MODULUS - 1) + 1664); + Math.Lemmas.lemma_div_le (r * v v_FIELD_MODULUS) (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) (v v_FIELD_MODULUS); + Math.Lemmas.cancel_mul_div r (v v_FIELD_MODULUS); + assert (r <= (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) / v v_FIELD_MODULUS); + Math.Lemmas.lemma_div_mod_plus (1664 - pow2 d) (pow2 d) (v v_FIELD_MODULUS); + assert (r <= pow2 d + (1664 - pow2 d) / v v_FIELD_MODULUS); + assert (r <= pow2 d); + if r = pow2 d then 0 else r + +let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element + = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in + r + + +let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) + = let coefficients' : t_Array nat (sz 256) = map_array #(field_element_d d) (fun x -> x <: nat) coefficients in + bits_to_bytes #(sz (32 * d)) + (retype_bit_vector (bit_vec_of_nat_array coefficients' d)) + +let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d + = let bv = bytes_to_bits coefficients in + let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in + let p: polynomial_d d = + createi (sz 256) (fun i -> + let x_f : field_element = arr.[i] % v v_FIELD_MODULUS in + assert (d < 12 ==> arr.[i] < pow2 d); + let x_m : field_element_d d = x_f in + x_m) + in + p + +let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p +let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v + +let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) + = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients + in + byte_encode d coefs + +let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt + = map_array (decompress_d d) (byte_decode d b) + + diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 5e081b5b7..30536bd68 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -103,20 +103,6 @@ type t_MLKEMCiphertext (r:rank) = t_Array u8 (v_CPA_CIPHERTEXT_SIZE r) type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) -let bits_to_bytes (#bytes: usize) (bv: bit_vec (v bytes * 8)) - : Pure (t_Array u8 bytes) - (requires True) - (ensures fun r -> (forall i. bit_vec_of_int_t_array r 8 i == bv i)) - = bit_vec_to_int_t_array 8 bv - -let bytes_to_bits (#bytes: usize) (r: t_Array u8 bytes) - : Pure (i: bit_vec (v bytes * 8)) - (requires True) - (ensures fun f -> (forall i. bit_vec_of_int_t_array r 8 i == f i)) - = bit_vec_of_int_t_array r 8 - -unfold let retype_bit_vector #a #b (#_:unit{a == b}) (x: a): b = x - assume val sample_max: n:usize{v n < pow2 32 /\ v n >= 128 * 3 /\ v n % 3 = 0} val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial true & bool) @@ -186,51 +172,6 @@ let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v d let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = vector_ntt (sample_vector_cbd1 #r seed domain_sep) - -type dT = d: nat {d = 1 \/ d = 4 \/ d = 5 \/ d = 10 \/ d = 11 \/ d = 12} -let max_d (d:dT) = if d < 12 then pow2 d else v v_FIELD_MODULUS -type field_element_d (d:dT) = n:nat{n < max_d d} -type polynomial_d (d:dT) = t_Array (field_element_d d) (sz 256) -type vector_d (r:rank) (d:dT) = t_Array (polynomial_d d) r - - -let compress_d (d: dT {d <> 12}) (x: field_element): field_element_d d - = let r = (pow2 d * x + 1664) / v v_FIELD_MODULUS in - assert (r * v v_FIELD_MODULUS <= pow2 d * x + 1664); - assert (r * v v_FIELD_MODULUS <= pow2 d * (v v_FIELD_MODULUS - 1) + 1664); - Math.Lemmas.lemma_div_le (r * v v_FIELD_MODULUS) (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) (v v_FIELD_MODULUS); - Math.Lemmas.cancel_mul_div r (v v_FIELD_MODULUS); - assert (r <= (pow2 d * (v v_FIELD_MODULUS - 1) + 1664) / v v_FIELD_MODULUS); - Math.Lemmas.lemma_div_mod_plus (1664 - pow2 d) (pow2 d) (v v_FIELD_MODULUS); - assert (r <= pow2 d + (1664 - pow2 d) / v v_FIELD_MODULUS); - assert (r <= pow2 d); - if r = pow2 d then 0 else r - -let decompress_d (d: dT {d <> 12}) (x: field_element_d d): field_element - = let r = (x * v v_FIELD_MODULUS + 1664) / pow2 d in - r - - -let byte_encode (d: dT) (coefficients: polynomial_d d): t_Array u8 (sz (32 * d)) - = let coefficients' : t_Array nat (sz 256) = map_array #(field_element_d d) (fun x -> x <: nat) coefficients in - bits_to_bytes #(sz (32 * d)) - (retype_bit_vector (bit_vec_of_nat_array coefficients' d)) - -let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d - = let bv = bytes_to_bits coefficients in - let arr: t_Array nat (sz 256) = bit_vec_to_nat_array d (retype_bit_vector bv) in - let p: polynomial_d d = - createi (sz 256) (fun i -> - let x_f : field_element = arr.[i] % v v_FIELD_MODULUS in - assert (d < 12 ==> arr.[i] < pow2 d); - let x_m : field_element_d d = x_f in - x_m) - in - p - -let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p -let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v - let vector_encode_12 (#r:rank) (#ntt:bool) (v: vector r ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) = let s: t_Array (t_Array _ (sz 384)) r = map_array (byte_encode 12) (coerce_vector_12 v) in flatten s @@ -243,14 +184,6 @@ let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_ byte_decode 12 slice ) -let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) - = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients - in - byte_encode d coefs - -let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt - = map_array (decompress_d d) (byte_decode d b) - let compress_then_encode_message #ntt (p:polynomial ntt) : t_Array u8 v_SHARED_SECRET_SIZE = compress_then_byte_encode 1 p From 244679b7e341eba77fd6330be9095897a687f742 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 09:40:28 +0200 Subject: [PATCH 084/348] Leftover Makefile improvements --- .gitignore | 12 ++-- fstar-helpers/Makefile.base | 5 ++ .../{Makefile.template => Makefile.generic} | 56 ++++++++++++------- fstar-helpers/README.md | 5 ++ .../proofs/fstar/extraction/Makefile | 1 - .../proofs/fstar/extraction/Makefile | 3 +- libcrux-ml-kem/proofs/fstar/spec/Makefile | 2 +- 7 files changed, 55 insertions(+), 29 deletions(-) create mode 100644 fstar-helpers/Makefile.base rename fstar-helpers/{Makefile.template => Makefile.generic} (79%) create mode 100644 fstar-helpers/README.md delete mode 100644 fstar-helpers/proofs/fstar/extraction/Makefile diff --git a/.gitignore b/.gitignore index 982c75cf3..203671906 100644 --- a/.gitignore +++ b/.gitignore @@ -2,16 +2,18 @@ .vscode .DS_Store benches/boringssl/build -proofs/fstar/extraction/.depend -proofs/fstar/extraction/#*# -proofs/fstar/extraction/.#* -hax.fst.config.json fuzz/corpus fuzz/artifacts -proofs/fstar/extraction/.cache __pycache__ kyber-crate/ *.llbc # When using sed *.bak + +# F* +.fstar-cache +**/proofs/fstar/*/.depend +**/proofs/fstar/*/#*# +**/proofs/fstar/*/.#* +hax.fst.config.json diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base new file mode 100644 index 000000000..adf2b5895 --- /dev/null +++ b/fstar-helpers/Makefile.base @@ -0,0 +1,5 @@ +# Base Makefile for F* in libcrux. +# This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. + +FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.generic similarity index 79% rename from fstar-helpers/Makefile.template rename to fstar-helpers/Makefile.generic index 217e6140c..ce340b346 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.generic @@ -31,6 +31,9 @@ # (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) # +PATH_TO_CHILD_MAKEFILE := "$(abspath $(firstword $(MAKEFILE_LIST)))" +PATH_TO_TEMPLATE_MAKEFILE := "$(abspath $(lastword $(MAKEFILE_LIST)))" + HACL_HOME ?= $(HOME)/.hax/hacl_home # Expand variable FSTAR_BIN_DETECT now, so that we don't run this over and over @@ -61,7 +64,6 @@ export ANSI_COLOR_BLUE= export ANSI_COLOR_RED= export ANSI_COLOR_BBLUE= export ANSI_COLOR_GRAY= -export ANSI_COLOR_BOLD_BLUE= export ANSI_COLOR_TONE= export ANSI_COLOR_RESET= endif @@ -100,8 +102,9 @@ define FINDLIBS endef export FINDLIBS +FSTAR_INCLUDE_DIRS_EXTRA ?= FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) # Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and # an error message otherwise @@ -122,11 +125,11 @@ endif all: $(Q)rm -f .depend - $(Q)$(MAKE) .depend vscode verify + $(Q)$(MAKE) .depend hax.fst.config.json verify all-keep-going: $(Q)rm -f .depend - $(Q)$(MAKE) --keep-going .depend vscode verify + $(Q)$(MAKE) --keep-going .depend hax.fst.config.json verify # If $HACL_HOME doesn't exist, clone it ${HACL_HOME}: @@ -144,6 +147,8 @@ endif ROOTS ?= $(wildcard *.fst *fsti) ADMIT_MODULES ?= +ADMIT_MODULE_FLAGS ?= --admit_smt_queries true + # Can be useful for debugging purposes FINDLIBS.sh: $(Q)echo '${FINDLIBS}' > FINDLIBS.sh @@ -177,7 +182,7 @@ function target() { target "all" "Verify every F* files (stops whenever an F* fails first)" target "all-keep-going" "Verify every F* files (tries as many F* module as possible)" target "" "" -target "run:${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' +target "run/${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' target "" "" target "vscode" 'Generates a `hax.fst.config.json` file' target "${ANSI_COLOR_TONE}${ANSI_COLOR_BLUE}-in " 'Useful for Emacs, outputs the F* prefix command to be used' @@ -185,37 +190,47 @@ target "" "" target "clean" 'Cleanup the target' target "include-dirs" 'List the F* include directories' target "" "" -target "roots" 'List the F* root modules.' +target "describe" 'List the F* root modules, and describe the environment.' echo "" -echo "Environment variables:" +echo "Variables:" target "NO_COLOR" "Set to anything to disable colors" +target "ADMIT_MODULES" "List of modules where F* will assume every SMT query" +target "FSTAR_INCLUDE_DIRS_EXTRA" "List of extra include F* dirs" endef export HELPMESSAGE -roots: +describe: + @printf '${ANSI_COLOR_BBLUE}F* roots:${ANSI_COLOR_RESET}\n' @for root in ${ROOTS}; do \ filename=$$(basename -- "$$root") ;\ ext="$${filename##*.}" ;\ noext="$${filename%.*}" ;\ - printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}\n" "$$noext" "$$ext"; \ + printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}%b\n" "$$noext" "$$ext" $$([[ "${ADMIT_MODULES}" =~ (^| )$$root($$| ) ]] && echo '${ANSI_COLOR_RED}\t[ADMITTED]${ANSI_COLOR_RESET}'); \ done + @printf '\n${ANSI_COLOR_BBLUE}Environment:${ANSI_COLOR_RESET}\n' + @printf ' - ${ANSI_COLOR_BLUE}HACL_HOME${ANSI_COLOR_RESET} = %s\n' '${HACL_HOME}' + @printf ' - ${ANSI_COLOR_BLUE}FSTAR_BIN${ANSI_COLOR_RESET} = %s\n' '${FSTAR_BIN}' + @printf ' - ${ANSI_COLOR_BLUE}GIT_ROOT_DIR${ANSI_COLOR_RESET} = %s\n' '${GIT_ROOT_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}CACHE_DIR${ANSI_COLOR_RESET} = %s\n' '${CACHE_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}HINT_DIR${ANSI_COLOR_RESET} = %s\n' '${HINT_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}ADMIT_MODULE_FLAGS${ANSI_COLOR_RESET} = %s\n' '${ADMIT_MODULE_FLAGS}' + @printf ' - ${ANSI_COLOR_BLUE}FSTAR_INCLUDE_DIRS_EXTRA${ANSI_COLOR_RESET} = %s\n' '${FSTAR_INCLUDE_DIRS_EXTRA}' help: ;@bash -c "$$HELPMESSAGE" h: ;@bash -c "$$HELPMESSAGE" HEADER = $(Q)printf '${ANSI_COLOR_BBLUE}[CHECK] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" -run:%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) +run/%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) ${HEADER} - $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run:%=%) - + $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run/%=%) VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) -ADMIT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,${ADMIT_MODULES})) +ADMIT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ADMIT_MODULES))) $(ADMIT_CHECKED): $(Q)printf '${ANSI_COLOR_BBLUE}[${ANSI_COLOR_TONE}ADMIT${ANSI_COLOR_BBLUE}] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" - $(Q)$(FSTAR) $(OTHERFLAGS) --admit_smt_queries true $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + $(Q)$(FSTAR) $(OTHERFLAGS) $(ADMIT_MODULE_FLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ echo "" ; \ exit 1 ; \ } @@ -232,8 +247,7 @@ $(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) verify: $(VERIFIED_CHECKED) $(ADMIT_CHECKED) -# Targets for interactive mode - +# Targets for Emacs %.fst-in: $(info $(FSTAR_FLAGS) \ $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) @@ -242,13 +256,15 @@ verify: $(VERIFIED_CHECKED) $(ADMIT_CHECKED) $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) # Targets for VSCode -hax.fst.config.json: - $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar, includes: .}' > $@ -vscode: hax.fst.config.json +hax.fst.config.json: .depend + $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar | gsub("^\\s+|\\s+$$";""), include_dirs: .}' > $@ +vscode: + $(Q)rm -f .depend + $(Q)$(MAKE) hax.fst.config.json SHELL=bash # Clean target clean: rm -rf $(CACHE_DIR)/* - rm *.fst \ No newline at end of file + rm *.fst diff --git a/fstar-helpers/README.md b/fstar-helpers/README.md new file mode 100644 index 000000000..a9a2450ff --- /dev/null +++ b/fstar-helpers/README.md @@ -0,0 +1,5 @@ +This folder provides F* helpers, notably it provides a `Makefile.base` +that should serve as base for any F*-related makefile in libcrux. + + - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3 + - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F* diff --git a/fstar-helpers/proofs/fstar/extraction/Makefile b/fstar-helpers/proofs/fstar/extraction/Makefile deleted file mode 100644 index ec420d509..000000000 --- a/fstar-helpers/proofs/fstar/extraction/Makefile +++ /dev/null @@ -1 +0,0 @@ -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index adcc6529f..b4e574fce 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -30,5 +30,4 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Traits.fst -FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index ec420d509..b4ce70a38 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -1 +1 @@ -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From 4e17c4d3ad6155ac76beee87604da9417d29d2aa Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:00:51 +0200 Subject: [PATCH 085/348] chore: update hax-lib in lockfile --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1ff148870..871b50375 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", @@ -724,7 +724,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", From 1e50e63a0cbf3ff853f1ff7409d05ceb4566101b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:01:36 +0200 Subject: [PATCH 086/348] ignore any `.depend` file --- .gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 203671906..259daf560 100644 --- a/.gitignore +++ b/.gitignore @@ -13,7 +13,7 @@ kyber-crate/ # F* .fstar-cache -**/proofs/fstar/*/.depend +.depend **/proofs/fstar/*/#*# **/proofs/fstar/*/.#* hax.fst.config.json From cdcde149393d6d8e97c97d7624791a4608dc6ea4 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:03:23 +0200 Subject: [PATCH 087/348] add `fstar-bitvec` --- fstar-helpers/Makefile.base | 2 +- fstar-helpers/README.md | 8 +- fstar-helpers/fstar-bitvec/BitVecEq.fst | 12 + fstar-helpers/fstar-bitvec/BitVecEq.fsti | 294 +++++++++++++++++++++++ fstar-helpers/fstar-bitvec/MkSeq.fst | 59 +++++ 5 files changed, 370 insertions(+), 5 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/BitVecEq.fst create mode 100644 fstar-helpers/fstar-bitvec/BitVecEq.fsti create mode 100644 fstar-helpers/fstar-bitvec/MkSeq.fst diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base index adf2b5895..e7c57847f 100644 --- a/fstar-helpers/Makefile.base +++ b/fstar-helpers/Makefile.base @@ -1,5 +1,5 @@ # Base Makefile for F* in libcrux. # This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. -FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec +FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/README.md b/fstar-helpers/README.md index a9a2450ff..122ed5b03 100644 --- a/fstar-helpers/README.md +++ b/fstar-helpers/README.md @@ -1,5 +1,5 @@ -This folder provides F* helpers, notably it provides a `Makefile.base` -that should serve as base for any F*-related makefile in libcrux. +This folder provides F* helpers: - - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3 - - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F* + - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3. `Makefile.generic` is not supposed to be edited. + - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F*. + - `fstar-bitvec` F* modules related to bitvectors. diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fst b/fstar-helpers/fstar-bitvec/BitVecEq.fst new file mode 100644 index 000000000..c89f2fe35 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVecEq.fst @@ -0,0 +1,12 @@ +module BitVecEq + +open Core +open FStar.Mul +open FStar.FunctionalExtensionality + +let bit_vec_equal #n bv1 bv2 = forall i. bv1 i == bv2 i + +let bit_vec_equal_intro bv1 bv2 = () +let bit_vec_equal_elim bv1 bv2 = assert (feq bv1 bv2) + + diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fsti b/fstar-helpers/fstar-bitvec/BitVecEq.fsti new file mode 100644 index 000000000..13c9a2272 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVecEq.fsti @@ -0,0 +1,294 @@ +module BitVecEq +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul +open MkSeq +open FStar.FunctionalExtensionality + +val bit_vec_equal (#n: nat) (bv1 bv2: bit_vec n): Type0 +val bit_vec_equal_intro (#n: nat) (bv1 bv2: bit_vec n) + : Lemma (requires forall i. bv1 i == bv2 i) + (ensures bit_vec_equal bv1 bv2) +val bit_vec_equal_elim (#n: nat) (bv1 bv2: bit_vec n) + : Lemma (requires bit_vec_equal #n bv1 bv2) + (ensures bv1 == bv2) + [SMTPat (bit_vec_equal #n bv1 bv2)] + +let bit_vec_equal_intro_principle () + : Lemma (forall n (bv1 bv2: bit_vec n). (forall i. bv1 i == bv2 i) ==> bit_vec_equal #n bv1 bv2) + = introduce forall n (bv1 bv2: bit_vec n). _ + with introduce (forall i. bv1 i == bv2 i) ==> bit_vec_equal #n bv1 bv2 + with _. bit_vec_equal_intro #n bv1 bv2 + +let bit_vec_equal_elim_principle () + : Lemma (forall n (bv1 bv2: bit_vec n). bit_vec_equal #n bv1 bv2 ==> (forall i. bv1 i == bv2 i)) + = introduce forall n (bv1 bv2: bit_vec n). _ + with introduce bit_vec_equal #n bv1 bv2 ==> (forall i. bv1 i == bv2 i) + with _. bit_vec_equal_elim #n bv1 bv2 + +let bit_vec_equal_trivial (bv1 bv2: bit_vec 0): Lemma (bv1 == bv2) + [SMTPat (eq2 #(bit_vec 0) bv1 bv2)] + = bit_vec_equal_intro bv1 bv2 + +let bit_vec_sub #n (bv: bit_vec n) (start: nat) (len: nat {start + len <= n}) + : bit_vec len + = on (i: nat {i < len}) + (fun i -> bv (start + i)) + +let bit_vec_equal_trivial_sub_smtpat (bv1: bit_vec 'n) + : Lemma (forall (bv2: bit_vec 0). bit_vec_sub bv1 0 0 == bv2) + [SMTPat (bit_vec_sub bv1 0 0)] + = introduce forall (bv2: bit_vec 0). bit_vec_sub bv1 0 0 == bv2 + with bit_vec_equal_trivial (bit_vec_sub bv1 0 0) bv2 + +unfold let retype #a #b (#_:unit{a == b}) + (x: a): b + = x + +let bit_vec_sub_all_lemma #n (bv: bit_vec n) + : Lemma (bit_vec_sub bv 0 n == bv) + [SMTPat (bit_vec_sub bv 0 n)] + = bit_vec_equal_intro (bit_vec_sub bv 0 n) bv + +let int_t_array_bitwise_eq' + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) (d1: num_bits t1) + (arr2: t_Array (int_t t2) n2) (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = bit_vec_equal (bit_vec_of_int_t_array arr1 d1) + (retype (bit_vec_of_int_t_array arr2 d2)) + +let int_t_array_bitwise_eq + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) (d1: num_bits t1) + (arr2: t_Array (int_t t2) n2) (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = bit_vec_of_int_t_array arr1 d1 + == bit_vec_of_int_t_array arr2 d2 + +// let get_bit_intro () +// : Lemma (forall (#n: inttype) (x: int_t n) (nth: usize {v nth < bits n}). +// get_bit #n x nth == ( if v x >= 0 then get_bit_nat (v x) (v nth) +// else get_bit_nat (pow2 (bits n) + v x) (v nth))) +// = introduce forall (n: inttype) (x: int_t n) (nth: usize {v nth < bits n}). +// get_bit #n x nth == ( if v x >= 0 then get_bit_nat (v x) (v nth) +// else get_bit_nat (pow2 (bits n) + v x) (v nth)) +// with get_bit_intro #n x nth + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 80" +/// Rewrite a `bit_vec_of_int_t_array (Seq.slice arr ...)` into a `bit_vec_sub ...` +let int_t_seq_slice_to_bv_sub_lemma #t #n + (arr: t_Array (int_t t) n) + (start: nat) (len: usize {start + v len <= v n}) + (d: num_bits t) + : Lemma ( bit_vec_of_int_t_array (Seq.slice arr start (start + v len) <: t_Array _ len) d + `bit_vec_equal` bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d)) + [SMTPat (bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d))] + = let bv1 = bit_vec_of_int_t_array #_ #len (Seq.slice arr start (start + v len)) d in + let bv2 = bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d) in + introduce forall i. bv1 i == bv2 i + with ( Seq.lemma_index_slice arr start (start + v len) (i / d); + Math.Lemmas.lemma_div_plus i start d; + Math.Lemmas.lemma_mod_plus i start d); + bit_vec_equal_intro bv1 bv2 + +#push-options "--split_queries always" +let int_t_eq_seq_slice_bv_sub_lemma #t #n1 #n2 + (arr1: t_Array (int_t t) n1) (arr2: t_Array (int_t t) n2) (d: num_bits t) + (start1 start2: nat) (len: nat {start1 + len <= v n1 /\ start2 + len <= v n2}) + : Lemma (requires Seq.slice arr1 start1 (start1 + len) == Seq.slice arr2 start2 (start2 + len)) + (ensures bit_vec_equal + (bit_vec_sub (bit_vec_of_int_t_array arr1 d) (start1 * d) (len * d)) + (bit_vec_sub (bit_vec_of_int_t_array arr2 d) (start2 * d) (len * d))) + [SMTPat ((bit_vec_sub (bit_vec_of_int_t_array arr1 d) (start1 * d) (len * d)) == + (bit_vec_sub (bit_vec_of_int_t_array arr2 d) (start2 * d) (len * d)))] + = let len = sz len in + int_t_seq_slice_to_bv_sub_lemma arr1 start1 len d; + int_t_seq_slice_to_bv_sub_lemma arr2 start2 len d; + // bit_vec_equal_elim_principle (); + bit_vec_equal_intro_principle () +#pop-options + +let bit_vec_equal_extend #n1 #n2 + (bv1: bit_vec n1) (bv2: bit_vec n2) (start1 start2: nat) + (len1: nat) + (len2: nat { start1 + len1 + len2 <= n1 /\ start2 + len1 + len2 <= n2}) + : Lemma + (requires + bit_vec_sub bv1 start1 len1 == bit_vec_sub bv2 start2 len1 + /\ bit_vec_sub bv1 (start1 + len1) len2 == bit_vec_sub bv2 (start2 + len1) len2) + (ensures bit_vec_sub bv1 start1 (len1+len2) == bit_vec_sub bv2 start2 (len1+len2)) + // [SMTPat (bit_vec_sub bv1 start1 len1 == bit_vec_sub bv2 start2 len1); + // SMTPat () + // ] + // SMTPat (bit_vec_sub bv1 (start1 + len1) len2 == bit_vec_sub bv2 (start2 + len1) len2)] + = let left1 = bit_vec_sub bv1 start1 len1 in + let left2 = bit_vec_sub bv2 start2 len1 in + let right1 = bit_vec_sub bv1 (start1 + len1) len2 in + let right2 = bit_vec_sub bv2 (start2 + len1) len2 in + // () + // bit_vec_equal_elim left1 left2 ; + // bit_vec_equal_elim right1 right2; + let entire1 = bit_vec_sub bv1 start1 (len1 + len2) in + let entire2 = bit_vec_sub bv2 start2 (len1 + len2) in + assert (forall (i:nat). i < len1 ==> left1 i == left2 i); + assert (forall (i:nat). i < len2 ==> right1 i == right2 i); + introduce forall (i:nat). i < len1 + len2 ==> entire1 i == entire2 i + with introduce i < len1 + len2 ==> entire1 i == entire2 i + with _. if i < len1 then assert (left1 i == left2 i) + else assert (entire1 i == right1 (i - len1)); + bit_vec_equal_intro entire1 entire2 +#pop-options + +// let bit_vec_equal_trans (#n: nat) (bv1 bv2 bv3: bit_vec n) +// : Lemma (requires bv1 `bit_vec_equal` bv2 /\ bv2 `bit_vec_equal` bv3) +// (ensures bv1 `bit_vec_equal` bv3) +// = bit_vec_equal_elim_principle (); +// bit_vec_equal_intro_principle () + +(* +let int_arr_bitwise_eq_range + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (offset1 offset2: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + }) + = bit_vec_equal #bits (fun i -> bit_vec_of_int_t_array arr1 d1 (i + offset1)) + = forall (k: nat). k < bits ==> + bit_vec_of_int_t_array arr1 d1 (offset1 + k) + == bit_vec_of_int_t_array arr2 d2 (offset2 + k) + +let int_arr_bitwise_eq_range_comm + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (offset1 offset2: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + }) + : Lemma (requires int_arr_bitwise_eq_range arr1 d1 arr2 d2 offset1 offset2 bits) + (ensures int_arr_bitwise_eq_range arr2 d2 arr1 d1 offset2 offset1 bits) + = () + +// kill that function in favor of range +let int_arr_bitwise_eq_up_to + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + (max: nat {max <= v n1 * d1}) + + = forall i. i < max + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i + +let int_arr_bitwise_eq_ + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = int_arr_bitwise_eq_up_to arr1 d1 arr2 d2 (v n1 * d1) + +// move to fsti +let bit_vec_equal #n (bv1 bv2: bit_vec n) + = forall i. i < n ==> bv1 i == bv2 i + +let int_arr_bitwise_eq + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = forall i. i < v n1 * d1 + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i + +let int_arr_bitwise_eq_range_transitivity + #t1 #t2 #t3 #n1 #n2 #n3 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement3: int_t t3 -> Type0) + (arr3: t_Array (x: int_t t3 {refinement3 x}) n3) + (d3: num_bits t3) + (offset1 offset2 offset3: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + /\ offset3 + bits <= v n3 * d3 + }) + : Lemma + (requires int_arr_bitwise_eq_range #t1 #t2 #n1 #n2 arr1 d1 arr2 d2 offset1 offset2 bits + /\ int_arr_bitwise_eq_range #t2 #t3 #n2 #n3 arr2 d2 arr3 d3 offset2 offset3 bits) + (ensures int_arr_bitwise_eq_range #t1 #t3 #n1 #n3 arr1 d1 arr3 d3 offset1 offset3 bits) + = () + + +let int_arr_bitwise_eq_range_intro + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + : Lemma + (requires int_arr_bitwise_eq arr1 d1 arr2 d2) + (ensures int_arr_bitwise_eq_range arr1 d1 arr2 d2 0 0 (v n1 * d1)) + = admit () + +let int_arr_bitwise_eq_range_intro_eq_slice + #t #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t -> Type0) + (arr1: t_Array (x: int_t t {refinement x}) n1) + (arr2: t_Array (x: int_t t {refinement x}) n2) + (d: num_bits t) + (offset1 offset2: nat) + (n: nat {offset1 + n < v n1 /\ offset2 + n < v n2}) + (bits: nat { + offset1 + bits <= v n1 * d + /\ offset2 + bits <= v n2 * d + /\ bits <= n * d + }) + : Lemma (requires Seq.slice arr1 offset1 (offset1 + n) == Seq.slice arr2 offset2 (offset2 + n)) + (ensures int_arr_bitwise_eq_range arr1 d arr2 d offset1 offset2 bits) + = admit () + +let int_arr_bitwise_eq_range_intro_eq + #t #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t -> Type0) + (arr1: t_Array (x: int_t t {refinement1 x}) n1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t -> Type0) + (arr2: t_Array (x: int_t t {refinement2 x}) n2) + (d: num_bits t) + (n_offset1 n_offset2: nat) + (n: nat {n_offset1 + n <= v n1 /\ n_offset2 + n <= v n2}) + // (offset1 offset2: nat) + (bits: nat { + n_offset1 * d + bits <= v n1 * d + /\ n_offset2 * d + bits <= v n2 * d + /\ bits <= n * d + }) + : Lemma (requires forall (i: nat). i < n ==> Seq.index arr1 (i + n_offset1) == Seq.index arr2 (i + n_offset2)) + (ensures int_arr_bitwise_eq_range arr1 d arr2 d (n_offset1 * d) (n_offset2 * d) bits) + = admit () +*) diff --git a/fstar-helpers/fstar-bitvec/MkSeq.fst b/fstar-helpers/fstar-bitvec/MkSeq.fst new file mode 100644 index 000000000..89c8e0216 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/MkSeq.fst @@ -0,0 +1,59 @@ +module MkSeq +open Core + +open FStar.Tactics.V2 + +private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a) + = let rec h (i: nat {i <= len}): Tac (list 'a) + = if i = len then [] else f i :: h (i + 1) + in h 0 + +private let tuple_proj (n: nat) (i: nat): Tac term + = if n = 1 then `(id) else + let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in + Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) + +private let tuple_type (n: nat): Tac term + = if n = 1 then `(id) else + let name = "tuple" ^ string_of_int n in + Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) + +open Rust_primitives.Integers + +private let create_gen_tac (n: nat): Tac sigelt + = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in + let typ = binder_to_term typ_bd in + let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in + let input_bd = fresh_binder_named "tup" input_typ in + let output_type = `t_Array (`#typ) (sz (`@n)) in + let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in + let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in + let post = + let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in + let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in + let bd = fresh_binder_named "s" output_type in + mk_abs [bd] (invs bd) + in + let comp = C_Eff [] ["Prims"; "Pure"] + (`t_Array (`#typ) (sz (`@n))) + [ (`(requires True), Q_Explicit); (post, Q_Explicit)] [] + in + let args = [typ_bd; input_bd] in + let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in + let indexes = + let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in + Tactics.fold_left mk_and (`True) (init n f) + in + let lb_def = mk_abs args (`( + let l = `#l in + let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in + FStar.Classical.forall_intro (Seq.lemma_index_is_nth s); + assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]); + s + )) in + let lb_typ = mk_arr args (pack_comp comp) in + let open FStar.List.Tot in + let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in + Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] } + +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) From 967e3c74bd09504c77626fb742c11fe954d426de Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:05:48 +0200 Subject: [PATCH 088/348] mlkem/proofs: serialize: add lax and one proof --- .../src/vector/portable/serialize.rs | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index e0818dc28..d33d48838 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,6 +15,7 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { let mut result = [0u8; 2]; @@ -27,6 +28,7 @@ pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { let mut result = zero(); @@ -39,6 +41,7 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); @@ -48,6 +51,7 @@ pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { (result0, result1, result2, result3) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { let result0_3 = serialize_4_int(&v.elements[0..8]); @@ -64,6 +68,7 @@ pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x0F) as i16; @@ -77,6 +82,7 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_4_int(&bytes[0..4]); @@ -101,6 +107,7 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { v } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] | v[1] << 5) as u8; @@ -111,6 +118,7 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { let r0_4 = serialize_5_int(&v.elements[0..8]); @@ -129,6 +137,7 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x1F) as i16; @@ -142,6 +151,7 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_5_int(&bytes[0..5]); @@ -167,15 +177,23 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 480 --split_queries always")] +#[hax_lib::requires(v.len() == 4)] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array i16 (sz 4)) 10 + (MkSeq.create5 $tuple) 8 +"#))] pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; let r1 = ((v[1] & 0x3F) as u8) << 2 | ((v[0] >> 8) & 0x03) as u8; let r2 = ((v[2] & 0x0F) as u8) << 4 | ((v[1] >> 6) & 0x0F) as u8; let r3 = ((v[3] & 0x03) as u8) << 6 | ((v[2] >> 4) & 0x3F) as u8; let r4 = ((v[3] >> 2) & 0xFF) as u8; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r0_4 = serialize_10_int(&v.elements[0..4]); @@ -212,6 +230,7 @@ pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; @@ -225,6 +244,7 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_10_int(&bytes[0..10]); @@ -250,6 +270,7 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) { let r0 = v[0] as u8; let r1 = ((v[1] & 0x1F) as u8) << 3 | ((v[0] >> 8) as u8); @@ -265,6 +286,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { let r0_10 = serialize_11_int(&v.elements[0..8]); @@ -295,6 +317,7 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; @@ -310,6 +333,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_11_int(&bytes[0..11]); @@ -334,6 +358,7 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { v } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; @@ -342,6 +367,7 @@ pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { (r0, r1, r2) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { let r0_2 = serialize_12_int(&v.elements[0..2]); @@ -380,6 +406,7 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { result } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { let byte0 = bytes[0] as i16; @@ -390,6 +417,7 @@ pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { (r0, r1) } +#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v0_1 = deserialize_12_int(&bytes[0..3]); From 46db2fd74911ef08447db6df3ee966dca18dc938 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 10:22:56 +0200 Subject: [PATCH 089/348] refresh F* extraction --- .../Libcrux_ml_kem.Constant_time_ops.fst | 34 +-- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 64 ++--- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 62 ++--- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 205 +++++--------- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 81 +++--- .../extraction/Libcrux_ml_kem.Matrix.fst | 213 +++++---------- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 95 +++---- .../extraction/Libcrux_ml_kem.Polynomial.fst | 120 ++++---- .../extraction/Libcrux_ml_kem.Sampling.fst | 132 ++++----- .../extraction/Libcrux_ml_kem.Serialize.fst | 256 +++++++----------- .../extraction/Libcrux_ml_kem.Types.fsti | 6 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 5 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 24 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 32 +-- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 136 ++++------ ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 51 ++-- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 17 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 217 ++++++++------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 7 +- 20 files changed, 705 insertions(+), 1060 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..018593ecd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -16,17 +16,12 @@ let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len #u8 lhs <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #u8 lhs <: usize) + (fun r temp_1_ -> + let r:u8 = r in + let _:usize = temp_1_ in + true) r (fun r i -> let r:u8 = r in @@ -42,17 +37,12 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (fun out temp_1_ -> + let out:t_Array u8 (sz 32) = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 (sz 32) = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 94b75e85b..f81e0bc75 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -26,7 +26,7 @@ let encapsulate_unpacked (randomness: t_Array u8 (sz 32)) = let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -39,7 +39,7 @@ let encapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize public_key.f_public_key_hash <: t_Slice u8) + (public_key.f_public_key_hash <: t_Slice u8) <: t_Slice u8) in @@ -47,11 +47,11 @@ let encapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = @@ -96,7 +96,7 @@ let decapsulate_unpacked ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -109,7 +109,7 @@ let decapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) <: t_Slice u8) in @@ -117,17 +117,17 @@ let decapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - (Rust_primitives.unsize key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -154,7 +154,7 @@ let decapsulate_unpacked #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE @@ -170,10 +170,10 @@ let decapsulate_unpacked ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) in Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) selector let generate_keypair_unpacked @@ -229,14 +229,15 @@ let generate_keypair_unpacked t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A i -> let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -244,14 +245,15 @@ let generate_keypair_unpacked v_A in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A j -> let v_A:t_Array @@ -295,15 +297,13 @@ let generate_keypair_unpacked v_PUBLIC_KEY_SIZE #v_Vector ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A - <: - t_Slice u8) + (ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let public_key_hash:t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize pk_serialized <: t_Slice u8) + (pk_serialized <: t_Slice u8) in let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Core.Result.impl__unwrap #(t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a86c331ae..9ab226abf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -86,12 +86,10 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - public_key - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + public_key <: t_Slice u8) <: @@ -209,7 +207,7 @@ let decapsulate = let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = @@ -229,7 +227,7 @@ let decapsulate ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -250,11 +248,11 @@ let decapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 @@ -287,7 +285,7 @@ let decapsulate #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE @@ -301,7 +299,7 @@ let decapsulate v_K v_CIPHERTEXT_SIZE #v_Hasher - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) ciphertext in let shared_secret:t_Array u8 (sz 32) = @@ -321,9 +319,9 @@ let decapsulate ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) in let result:t_Array u8 (sz 32) = shared_secret in let _:Prims.unit = admit () (* Panic freedom *) in @@ -352,10 +350,10 @@ let encapsulate #FStar.Tactics.Typeclasses.solve v_K #v_Hasher - (Rust_primitives.unsize randomness <: t_Slice u8) + (randomness <: t_Slice u8) in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -368,17 +366,10 @@ let encapsulate Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE - public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) <: t_Slice u8) <: @@ -388,22 +379,19 @@ let encapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) randomness pseudorandomness + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness in let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -473,8 +461,8 @@ let generate_keypair serialize_kem_secret_key v_K v_PRIVATE_KEY_SIZE #v_Hasher - (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) - (Rust_primitives.unsize public_key <: t_Slice u8) + (ind_cpa_private_key <: t_Slice u8) + (public_key <: t_Slice u8) implicit_rejection_value in let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2dc3193fa..459755197 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -33,14 +33,12 @@ let sample_ring_element_cbd in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -68,14 +66,14 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun error_1_ temp_1_ -> + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + error_1_ + in + let _:usize = temp_1_ in + true) error_1_ (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -86,9 +84,7 @@ let sample_ring_element_cbd i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -121,14 +117,12 @@ let sample_vector_cbd_then_ntt in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -156,14 +150,14 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun re_as_ntt temp_1_ -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt + in + let _:usize = temp_1_ in + true) re_as_ntt (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -175,9 +169,7 @@ let sample_vector_cbd_then_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -205,28 +197,11 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - input - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - )) + Rust_primitives.Hax.Folds.fold_enumerated_slice input + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Slice u8 = out in @@ -251,13 +226,10 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u - v_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - re - <: - t_Array u8 v_BLOCK_LEN) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + re <: t_Slice u8) <: @@ -286,26 +258,20 @@ let deserialize_then_decompress_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - (Rust_primitives.unsize ciphertext <: t_Slice u8) - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! - v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + usize) + (ciphertext <: t_Slice u8) + (fun u_as_ntt temp_1_ -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let _:usize = temp_1_ in + true) u_as_ntt (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -352,20 +318,15 @@ let deserialize_secret_key Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - secret_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + secret_key + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + secret_as_ntt + in + let _:usize = temp_1_ in + true) secret_as_ntt (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K @@ -394,24 +355,11 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - key - <: - Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice key + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in @@ -444,11 +392,7 @@ let serialize_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element - #v_Vector - re - <: - t_Array u8 (sz 384)) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re <: t_Slice u8) <: @@ -484,12 +428,7 @@ let serialize_public_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (serialize_secret_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - #v_Vector - tt_as_ntt - <: - t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) + (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt <: t_Slice u8) <: @@ -611,12 +550,12 @@ let encrypt_unpacked #v_K #FStar.Tactics.Typeclasses.solve v_ETA2_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) + (prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize prf_output <: t_Slice u8) + (prf_output <: t_Slice u8) in let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Matrix.compute_vector_u v_K @@ -748,7 +687,7 @@ let generate_keypair_unpacked key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -835,7 +774,7 @@ let generate_keypair v_PUBLIC_KEY_SIZE #v_Vector pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + (pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_secret_key v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fe53b5ec3..c8c456676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -39,14 +39,14 @@ let invert_ntt_at_layer_1_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -100,14 +100,14 @@ let invert_ntt_at_layer_2_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -153,14 +153,14 @@ let invert_ntt_at_layer_3_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -202,14 +202,14 @@ let invert_ntt_at_layer_4_plus = let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -223,17 +223,12 @@ let invert_ntt_at_layer_4_plus in let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c6c53893c..8c4fed099 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -31,30 +31,15 @@ let compute_As_plus_e Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize matrix_A - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -65,29 +50,16 @@ let compute_As_plus_e temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -144,14 +116,12 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -194,30 +164,15 @@ let compute_vector_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize a_as_ntt - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (a_as_ntt <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -228,29 +183,16 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -317,14 +259,12 @@ let compute_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -377,14 +317,15 @@ let sample_matrix_A in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose i -> let v_A_transpose:t_Array @@ -394,14 +335,12 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun seeds temp_1_ -> + let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let _:usize = temp_1_ in + true) seeds (fun seeds j -> let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in @@ -433,28 +372,14 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - sampled - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice sampled + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 3eae8cab8..46dfb217a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -36,14 +36,14 @@ let ntt_at_layer_1_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -97,14 +97,14 @@ let ntt_at_layer_2_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -150,14 +150,14 @@ let ntt_at_layer_3_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -205,14 +205,14 @@ let ntt_at_layer_4_plus in let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -224,17 +224,12 @@ let ntt_at_layer_4_plus let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -289,14 +284,12 @@ let ntt_at_layer_7_ = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + step + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index f56e0f64e..3cb84c2ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -37,14 +37,12 @@ let impl__add_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -89,14 +87,12 @@ let impl__add_message_error_reduce (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -147,14 +143,12 @@ let impl__add_standard_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -198,22 +192,12 @@ let impl__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #v_Vector - (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -248,14 +232,12 @@ let impl__from_i16_array = let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -295,14 +277,12 @@ let impl__ntt_multiply = let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun out temp_1_ -> + let out:t_PolynomialRingElement v_Vector = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_PolynomialRingElement v_Vector = out in @@ -351,14 +331,12 @@ let impl__poly_barrett_reduce (self: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -391,14 +369,12 @@ let impl__subtract_reduce (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun b temp_1_ -> + let b:t_PolynomialRingElement v_Vector = b in + let _:usize = temp_1_ in + true) b (fun b i -> let b:t_PolynomialRingElement v_Vector = b in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 20253a46c..a52b29042 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -21,28 +21,29 @@ let sample_from_uniform_distribution_next (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (v_N /! sz 24 <: usize) + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & @@ -114,14 +115,12 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (done, sampled_coefficients <: (bool & t_Array usize v_K)) (fun temp_0_ i -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -154,18 +153,12 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -183,22 +176,13 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range u32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS - } - <: - Core.Ops.Range.t_Range u32) - (sz 4) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Core.Num.impl__u32__BITS + (sz 4) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:u32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -219,8 +203,7 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -231,18 +214,12 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -258,19 +235,13 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range i32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } - <: - Core.Ops.Range.t_Range i32) - (sz 6) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0l + 24l + (sz 6) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:i32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -291,8 +262,7 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index aed7b3675..4f1553136 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -19,17 +19,12 @@ let compress_then_serialize_10_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -65,7 +60,7 @@ let compress_then_serialize_10_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -83,17 +78,12 @@ let compress_then_serialize_11_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -129,7 +119,7 @@ let compress_then_serialize_11_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -146,17 +136,12 @@ let compress_then_serialize_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -192,7 +177,7 @@ let compress_then_serialize_4_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -210,17 +195,12 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -256,7 +236,7 @@ let compress_then_serialize_5_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -274,14 +254,12 @@ let compress_then_serialize_message = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in @@ -317,7 +295,7 @@ let compress_then_serialize_message Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -377,18 +355,12 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -431,18 +403,12 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -485,18 +451,12 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -539,18 +499,12 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -605,14 +559,12 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -693,18 +645,12 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -753,20 +699,15 @@ let deserialize_ring_elements_reduced Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - public_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + public_key + (fun deserialized_pk temp_1_ -> + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + deserialized_pk + in + let _:usize = temp_1_ in + true) deserialized_pk (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -795,18 +736,12 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -840,17 +775,12 @@ let serialize_uncompressed_ring_element = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in @@ -881,7 +811,7 @@ let serialize_uncompressed_ring_element Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 8c8b5545e..4216d3c89 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -23,7 +23,7 @@ let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Sl { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -72,7 +72,7 @@ let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -121,7 +121,7 @@ let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 89351a259..33c894793 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -22,9 +22,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let lower_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients @@ -46,9 +44,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let upper_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 3faac2293..a7fa366a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -492,8 +492,7 @@ let deserialize_11_ (bytes: t_Slice u8) = #FStar.Tactics.Typeclasses.solve output in - Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (Rust_primitives.unsize array <: t_Slice i16 - ) + Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (array <: t_Slice i16) let serialize_11_ (vector: u8) = let array:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in @@ -503,7 +502,7 @@ let serialize_11_ (vector: u8) = let input:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize array <: t_Slice i16) + (array <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index cf6dd3074..dc8d03610 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -12,9 +12,7 @@ let inv_ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -84,9 +82,7 @@ let inv_ntt_layer_2_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -184,9 +180,7 @@ let ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -252,9 +246,7 @@ let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -363,9 +355,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a0:u8 = Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high @@ -476,9 +466,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let low2:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u8_s16 low1 <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 437f01c03..aa783010c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -18,9 +18,7 @@ let deserialize_1_ (a: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 low shift in let high:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 high shift in { @@ -42,17 +40,13 @@ let deserialize_12_ (v: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let (shifts: t_Array i16 (sz 8)):t_Array i16 (sz 8) = let list = [0s; (-4s); 0s; (-4s); 0s; (-4s); 0s; (-4s)] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifts <: t_Slice i16) - in + let shift_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifts <: t_Slice i16) in let mask12:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u16 4095us in let input0:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input0:t_Array u8 (sz 16) = @@ -74,9 +68,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input0 <: t_Slice u8) - in + let input_vec0:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input0 <: t_Slice u8) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range input1 @@ -97,9 +89,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input1 <: t_Slice u8) - in + let input_vec1:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input1 <: t_Slice u8) in let moved0:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 input_vec0 @@ -143,9 +133,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low shift @@ -516,9 +504,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let lowt:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_u16 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low @@ -728,7 +714,7 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve @@ -739,7 +725,7 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index c7e8f4fdb..3eb5abd35 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -35,17 +35,12 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -71,17 +66,12 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -111,17 +101,12 @@ let bitwise_and_with_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -144,17 +129,12 @@ let bitwise_and_with_constant let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -199,17 +179,12 @@ let montgomery_multiply_by_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -238,17 +213,12 @@ let montgomery_multiply_by_constant let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -271,17 +241,12 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -306,17 +271,12 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index fc5eed14e..4a470d7d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -27,17 +27,12 @@ let compress (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -65,17 +60,12 @@ let compress let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -110,17 +100,12 @@ let decompress_ciphertext_coefficient (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index 400e0026d..aec49a64f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,17 +6,12 @@ open FStar.Mul let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + (fun temp_0_ temp_1_ -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let _:usize = temp_1_ in + true) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1c580dafd..be88dd52e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 4l <: i16) &. 15s <: i16) in r0, r1 <: (i16 & i16) +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in @@ -98,6 +112,10 @@ let deserialize_4_int (bytes: t_Slice u8) = let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in let v1:i16 = @@ -137,6 +155,10 @@ let deserialize_5_int (bytes: t_Slice u8) = let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +#pop-options + +#push-options "--z3rlimit 480 --split_queries always" + let serialize_10_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in let r1:u8 = @@ -152,8 +174,13 @@ let serialize_10_int (v: t_Slice i16) = (cast (((v.[ sz 2 ] <: i16) >>! 4l <: i16) &. 63s <: i16) <: u8) in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in let r1:u8 = @@ -191,6 +218,10 @@ let serialize_11_int (v: t_Slice i16) = <: (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in let r1:u8 = @@ -203,6 +234,10 @@ let serialize_12_int (v: t_Slice i16) = let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in r0, r1, r2 <: (u8 & u8 & u8) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_4_int (v: t_Slice i16) = let result0:u8 = ((cast (v.[ sz 1 ] <: i16) <: u8) < + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -272,14 +313,12 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector t_Array u8 (sz 2)) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + (sz 16) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -298,6 +337,10 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_10_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -339,68 +382,19 @@ let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto <: t_Slice i16) in - let result:t_Array u8 (sz 20) = Rust_primitives.Hax.repeat 0uy (sz 20) in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_4_._1 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_4_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_4_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_4_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_4_._5 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r5_9_._1 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r5_9_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r5_9_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r5_9_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r5_9_._5 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r10_14_._1 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r10_14_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r10_14_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r10_14_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r10_14_._5 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r15_19_._1 + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5; r10_14_._1; r10_14_._2; r10_14_._3; r10_14_._4; r10_14_._5; r15_19_._1; r15_19_._2; + r15_19_._3; r15_19_._4; r15_19_._5 + ] in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r15_19_._2 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r15_19_._3 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r15_19_._4 - in - let result:t_Array u8 (sz 20) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r15_19_._5 - in - result + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 20); + Rust_primitives.Hax.array_of_list 20 list + +#pop-options + +#push-options "--admit_smt_queries true" let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = @@ -492,6 +486,10 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -648,6 +646,10 @@ let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0_3_:(u8 & u8 & u8 & u8) = serialize_4_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -696,6 +698,10 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in result +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_4_:(u8 & u8 & u8 & u8 & u8) = serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -750,19 +756,21 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in result +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_1_ (v: t_Slice u8) = let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -782,17 +790,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -813,6 +816,10 @@ let deserialize_1_ (v: t_Slice u8) = in result +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } @@ -1041,6 +1048,10 @@ let deserialize_10_ (bytes: t_Slice u8) = in v +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_11_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } @@ -1269,6 +1280,10 @@ let deserialize_11_ (bytes: t_Slice u8) = in v +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -1539,6 +1554,10 @@ let deserialize_12_ (bytes: t_Slice u8) = in re +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } @@ -1767,6 +1786,10 @@ let deserialize_4_ (bytes: t_Slice u8) = in v +#pop-options + +#push-options "--admit_smt_queries true" + let deserialize_5_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } @@ -1994,3 +2017,5 @@ let deserialize_5_ (bytes: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in v + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 978699fa8..5b1a3297f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -27,7 +27,12 @@ val deserialize_5_int (bytes: t_Slice u8) (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) From cae2b3c0c0907bd23362f3e57cde5db6170e4c07 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 11:47:07 +0200 Subject: [PATCH 090/348] mlkem/proofs: serialize: panic free --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 97 ++++++------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 78 +++++++++-- .../proofs/fstar/extraction/Makefile | 1 - .../src/vector/portable/serialize.rs | 132 +++++++++++++----- 4 files changed, 206 insertions(+), 102 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index be88dd52e..092aa2781 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -3,8 +3,6 @@ module Libcrux_ml_kem.Vector.Portable.Serialize open Core open FStar.Mul -#push-options "--admit_smt_queries true" - let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 6l <: i16) in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = @@ -83,11 +82,12 @@ let deserialize_11_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_12_int (bytes: t_Slice u8) = let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in @@ -95,11 +95,10 @@ let deserialize_12_int (bytes: t_Slice u8) = let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in - r0, r1 <: (i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16) = r0, r1 <: (i16 & i16) in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in @@ -110,11 +109,12 @@ let deserialize_4_int (bytes: t_Slice u8) = let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in @@ -153,9 +153,11 @@ let deserialize_5_int (bytes: t_Slice u8) = i16 in let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -#pop-options + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #push-options "--z3rlimit 480 --split_queries always" @@ -175,12 +177,12 @@ let serialize_10_int (v: t_Slice i16) = in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) + let result:(u8 & u8 & u8 & u8 & u8) = r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options -#push-options "--admit_smt_queries true" - let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in let r1:u8 = @@ -214,13 +216,14 @@ let serialize_11_int (v: t_Slice i16) = (cast ((v.[ sz 6 ] <: i16) >>! 6l <: i16) <: u8) in let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -232,11 +235,10 @@ let serialize_12_int (v: t_Slice i16) = u8 in let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in - r0, r1, r2 <: (u8 & u8 & u8) - -#pop-options - -#push-options "--admit_smt_queries true" + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8) = r0, r1, r2 <: (u8 & u8 & u8) in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_4_int (v: t_Slice i16) = let result0:u8 = @@ -251,11 +253,10 @@ let serialize_4_int (v: t_Slice i16) = let result3:u8 = ((cast (v.[ sz 7 ] <: i16) <: u8) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 10) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 10)) 8 (MkSeq.create8 tuple) 10 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 10)) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 11) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 11)) 8 (MkSeq.create8 tuple) 11 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 11)) val deserialize_12_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (i16 & i16) + (requires Core.Slice.impl__len #u8 bytes =. sz 3) + (ensures + fun tuple -> + let tuple:(i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 3)) 8 (MkSeq.create2 tuple) 12 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 tuple) i) 12)) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 4) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 4)) 8 (MkSeq.create8 tuple) 4 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 5) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 5)) 8 (MkSeq.create8 tuple) 5 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) val serialize_10_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) @@ -32,21 +54,47 @@ val serialize_10_int (v: t_Slice i16) (ensures fun tuple -> let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 4)) 10 (MkSeq.create5 tuple) 8) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ + (forall i. Rust_primitives.bounded (Seq.index v i) 11)) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 11 (MkSeq.create11 tuple) 8) val serialize_12_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 2 /\ + (forall i. Rust_primitives.bounded (Seq.index v i) 12)) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 2)) 12 (MkSeq.create3 tuple) 8) val serialize_4_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) + ) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 4 (MkSeq.create4 tuple) 8) val serialize_5_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) + ) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 5 (MkSeq.create5 tuple) 8) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index b4e574fce..9cbf41f87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -26,7 +26,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Traits.fst diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index d33d48838..fb608ca89 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -41,13 +41,22 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 8} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 + (MkSeq.create4 $tuple) 8 +"#))] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); let result1 = ((v[3] as u8) << 4) | (v[2] as u8); let result2 = ((v[5] as u8) << 4) | (v[4] as u8); let result3 = ((v[7] as u8) << 4) | (v[6] as u8); + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (result0, result1, result2, result3) } @@ -68,8 +77,16 @@ pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 4} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 4)) 8 + (MkSeq.create8 $tuple) 4 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) +"#))] pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x0F) as i16; let v1 = ((bytes[0] >> 4) & 0x0F) as i16; @@ -79,6 +96,7 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let v5 = ((bytes[2] >> 4) & 0x0F) as i16; let v6 = (bytes[3] & 0x0F) as i16; let v7 = ((bytes[3] >> 4) & 0x0F) as i16; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (v0, v1, v2, v3, v4, v5, v6, v7) } @@ -107,8 +125,16 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { v } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 8} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 5 + (MkSeq.create5 $tuple) 8 +"#))] pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] | v[1] << 5) as u8; let r1 = (v[1] >> 3 | v[2] << 2 | v[3] << 7) as u8; @@ -137,8 +163,16 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 5} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 5)) 8 + (MkSeq.create4 $tuple) 5 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) +"#))] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x1F) as i16; let v1 = ((bytes[1] & 0x3) << 3 | (bytes[0] >> 5)) as i16; @@ -177,10 +211,11 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::fstar::options("--z3rlimit 480 --split_queries always")] #[hax_lib::requires(v.len() == 4)] #[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array i16 (sz 4)) 10 + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 4)) 10 (MkSeq.create5 $tuple) 8 "#))] pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { @@ -200,38 +235,22 @@ pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r5_9 = serialize_10_int(&v.elements[4..8]); let r10_14 = serialize_10_int(&v.elements[8..12]); let r15_19 = serialize_10_int(&v.elements[12..16]); - // Here we could also do, the following, but it slows F* down: - // [r0_4.0, r0_4.1, r0_4.2, r0_4.3, r0_4.4, - // r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, - // r10_14.0, r10_14.1, r10_14.2, r10_14.3, r10_14.4, - // r15_19.0, r15_19.1, r15_19.2, r15_19.3, r15_19.4 ] - // If we can fix the F* for this, the code would be more compact. - let mut result = [0u8; 20]; - result[0] = r0_4.0; - result[1] = r0_4.1; - result[2] = r0_4.2; - result[3] = r0_4.3; - result[4] = r0_4.4; - result[5] = r5_9.0; - result[6] = r5_9.1; - result[7] = r5_9.2; - result[8] = r5_9.3; - result[9] = r5_9.4; - result[10] = r10_14.0; - result[11] = r10_14.1; - result[12] = r10_14.2; - result[13] = r10_14.3; - result[14] = r10_14.4; - result[15] = r15_19.0; - result[16] = r15_19.1; - result[17] = r15_19.2; - result[18] = r15_19.3; - result[19] = r15_19.4; - result + [ + r0_4.0, r0_4.1, r0_4.2, r0_4.3, r0_4.4, r5_9.0, r5_9.1, r5_9.2, r5_9.3, r5_9.4, r10_14.0, + r10_14.1, r10_14.2, r10_14.3, r10_14.4, r15_19.0, r15_19.1, r15_19.2, r15_19.3, r15_19.4, + ] } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 10} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 10)) 8 + (MkSeq.create8 $tuple) 10 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 10) +"#))] pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; let r1 = ((bytes[2] as i16 & 0x0F) << 6 | (bytes[1] as i16 >> 2)) as i16; @@ -241,6 +260,7 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let r5 = ((bytes[7] as i16 & 0x0F) << 6 | (bytes[6] as i16 >> 2)) as i16; let r6 = ((bytes[8] as i16 & 0x3F) << 4 | (bytes[7] as i16 >> 4)) as i16; let r7 = (((bytes[9] as i16) << 2) | (bytes[8] as i16 >> 6)) as i16; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } @@ -270,7 +290,15 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 8} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 11 + (MkSeq.create11 $tuple) 8 +"#))] pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) { let r0 = v[0] as u8; let r1 = ((v[1] & 0x1F) as u8) << 3 | ((v[0] >> 8) as u8); @@ -283,6 +311,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 let r8 = ((v[6] & 0x3F) as u8) << 2 | (v[5] >> 9) as u8; let r9 = ((v[7] & 0x7) as u8) << 5 | (v[6] >> 6) as u8; let r10 = (v[7] >> 3) as u8; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10) } @@ -317,8 +346,16 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 11} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 11)) 8 + (MkSeq.create8 $tuple) 11 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 11) +"#))] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; let r1 = ((bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3)) as i16; @@ -330,6 +367,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, ((bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7)) as i16; let r6 = ((bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2)) as i16; let r7 = (((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5)) as i16; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } @@ -358,12 +396,21 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { v } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 2} + /\ (forall i. Rust_primitives.bounded (Seq.index v i) 12) +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 2)) 12 + (MkSeq.create3 $tuple) 8 +"#))] pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; let r1 = ((v[0] >> 8) | ((v[1] & 0x0F) << 4)) as u8; let r2 = ((v[1] >> 4) & 0xFF) as u8; + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2) } @@ -406,14 +453,23 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { result } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 3} +"#))] +#[hax_lib::ensures(|tuple| fstar!(r#" + BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 3)) 8 + (MkSeq.create2 $tuple) 12 + /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 $tuple) i) 12) +"#))] pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { let byte0 = bytes[0] as i16; let byte1 = bytes[1] as i16; let byte2 = bytes[2] as i16; let r0 = (byte1 & 0x0F) << 8 | (byte0 & 0xFF); let r1 = (byte2 << 4) | ((byte1 >> 4) & 0x0F); + hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1) } From ded700173680505f54522313b4ce1bad67e68d17 Mon Sep 17 00:00:00 2001 From: mamonet Date: Fri, 23 Aug 2024 13:31:34 +0000 Subject: [PATCH 091/348] Update libcrux-ml-kem source files --- libcrux-ml-kem/src/ind_cpa.rs | 42 +++++++++++--- libcrux-ml-kem/src/matrix.rs | 6 +- libcrux-ml-kem/src/serialize.rs | 100 +++++++++++++++++++++++++------- 3 files changed, 115 insertions(+), 33 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index e15cb3b8f..d87e01f87 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -68,7 +68,7 @@ pub(crate) fn serialize_public_key< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| @@ -109,10 +109,12 @@ fn sample_ring_element_cbd< ) -> ([PolynomialRingElement; K], u8) { let mut error_1 = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); let mut prf_inputs = [prf_input; K]; + let _domain_separator_init = domain_separator; for i in 0..K { - prf_inputs[i][32] = domain_separator + (i as u8); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i") }); + prf_inputs[i][32] = domain_separator; + domain_separator += 1; } - domain_separator += K as u8; let prf_outputs: [[u8; ETA2_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs); for i in 0..K { error_1[i] = sample_from_binomial_distribution::(&prf_outputs[i]); @@ -146,10 +148,12 @@ fn sample_vector_cbd_then_ntt< ) -> ([PolynomialRingElement; K], u8) { let mut re_as_ntt = core::array::from_fn(|_i| PolynomialRingElement::::ZERO()); let mut prf_inputs = [prf_input; K]; + let _domain_separator_init = domain_separator; for i in 0..K { - prf_inputs[i][32] = domain_separator + (i as u8); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $domain_separator == v $_domain_separator_init + v $i") }); + prf_inputs[i][32] = domain_separator; + domain_separator += 1; } - domain_separator += K as u8; let prf_outputs: [[u8; ETA_RANDOMNESS_SIZE]; K] = Hasher::PRFxN(&prf_inputs); for i in 0..K { re_as_ntt[i] = sample_from_binomial_distribution::(&prf_outputs[i]); @@ -197,7 +201,10 @@ fn sample_vector_cbd_then_ntt< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\ + $ETA1 == Spec.MLKEM.v_ETA1 $K"))] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, @@ -283,11 +290,12 @@ pub(crate) fn generate_keypair< } /// Call [`compress_then_serialize_ring_element_u`] on each ring element. -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ - $BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE $K"))] + $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + ${out.len()} == $OUT_LEN"))] #[hax_lib::ensures(|_| fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)") @@ -306,6 +314,7 @@ fn compress_then_serialize_u< // for the following bug https://github.com/hacspec/hax/issues/720 cloop! { for (i, re) in input.into_iter().enumerate() { + hax_lib::loop_invariant!(|i: usize| out.len() == OUT_LEN); out[i * (OUT_LEN / K)..(i + 1) * (OUT_LEN / K)].copy_from_slice( &compress_then_serialize_ring_element_u::(&re), ); @@ -355,6 +364,16 @@ fn compress_then_serialize_u< /// . #[allow(non_snake_case)] #[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\\ + v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\\ + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\\ + v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\\ + v (${randomness.len()}) <= 33"))] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -541,7 +560,8 @@ fn deserialize_then_decompress_u< #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ - length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] + length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + v (${secret_key.len()}) / v $BYTES_PER_RING_ELEMENT <= v $K"))] #[hax_lib::ensures(|res| fstar!("Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $res == Spec.MLKEM.vector_decode_12 #$K $secret_key") @@ -582,6 +602,10 @@ fn deserialize_secret_key( /// . #[allow(non_snake_case)] #[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + v $VECTOR_U_ENCODED_SIZE <= v $CIPHERTEXT_SIZE"))] pub(crate) fn decrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index fa35dcf4d..36290a113 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -5,7 +5,7 @@ use crate::{ #[inline(always)] #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let (matrix_A, valid) = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice $seed 0 32) in @@ -111,7 +111,7 @@ pub(crate) fn compute_ring_element_v( /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let open Libcrux_ml_kem.Polynomial in @@ -148,7 +148,7 @@ pub(crate) fn compute_vector_u( /// Compute  ◦ ŝ + ê #[inline(always)] #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let open Libcrux_ml_kem.Polynomial in diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 65648ce22..d41afe276 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -1,6 +1,5 @@ use crate::{ - constants::{BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE}, - hax_utils::hax_debug_assert, + constants::{COEFFICIENTS_IN_RING_ELEMENT, BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE}, helper::cloop, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT}, vector::{decompress_1, to_unsigned_representative, Operations}, @@ -48,11 +47,13 @@ pub(super) fn serialize_uncompressed_ring_element( } #[inline(always)] +#[hax_lib::requires( + serialized.len() == BYTES_PER_RING_ELEMENT +)] pub(super) fn deserialize_to_uncompressed_ring_element( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == BYTES_PER_RING_ELEMENT); - + hax_lib::fstar!("assert (v $BYTES_PER_RING_ELEMENT / 24 == 16)"); let mut re = PolynomialRingElement::::ZERO(); cloop! { @@ -68,11 +69,13 @@ pub(super) fn deserialize_to_uncompressed_ring_element( /// /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`. #[inline(always)] +#[hax_lib::requires( + serialized.len() == BYTES_PER_RING_ELEMENT +)] fn deserialize_to_reduced_ring_element( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == BYTES_PER_RING_ELEMENT); - + hax_lib::fstar!("assert (v $BYTES_PER_RING_ELEMENT / 24 == 16)"); let mut re = PolynomialRingElement::::ZERO(); cloop! { @@ -89,6 +92,10 @@ fn deserialize_to_reduced_ring_element( /// /// This function MUST NOT be used on secret inputs. #[inline(always)] +#[hax_lib::requires( + public_key.len() == PUBLIC_KEY_SIZE && + PUBLIC_KEY_SIZE / BYTES_PER_RING_ELEMENT <= K +)] pub(super) fn deserialize_ring_elements_reduced< const PUBLIC_KEY_SIZE: usize, const K: usize, @@ -109,6 +116,9 @@ pub(super) fn deserialize_ring_elements_reduced< } #[inline(always)] +#[hax_lib::requires( + 20 * (VECTORS_IN_RING_ELEMENT - 1) + 20 <= OUT_LEN +)] fn compress_then_serialize_10( re: &PolynomialRingElement, ) -> [u8; OUT_LEN] { @@ -124,6 +134,9 @@ fn compress_then_serialize_10( } #[inline(always)] +#[hax_lib::requires( + 22 * (VECTORS_IN_RING_ELEMENT - 1) + 22 <= OUT_LEN +)] fn compress_then_serialize_11( re: &PolynomialRingElement, ) -> [u8; OUT_LEN] { @@ -139,6 +152,10 @@ fn compress_then_serialize_11( } #[inline(always)] +#[hax_lib::requires( + (COMPRESSION_FACTOR == 10 || COMPRESSION_FACTOR == 11) && + (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN +)] pub(super) fn compress_then_serialize_ring_element_u< const COMPRESSION_FACTOR: usize, const OUT_LEN: usize, @@ -146,8 +163,9 @@ pub(super) fn compress_then_serialize_ring_element_u< >( re: &PolynomialRingElement, ) -> [u8; OUT_LEN] { - hax_debug_assert!((COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN); - + hax_lib::fstar!("assert ( + (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/ + (v (cast $COMPRESSION_FACTOR <: u32) == 11))"); match COMPRESSION_FACTOR as u32 { 10 => compress_then_serialize_10(re), 11 => compress_then_serialize_11(re), @@ -156,13 +174,18 @@ pub(super) fn compress_then_serialize_ring_element_u< } #[inline(always)] +#[hax_lib::requires( + 8 * (VECTORS_IN_RING_ELEMENT - 1) + 8 <= serialized.len() +)] fn compress_then_serialize_4( re: PolynomialRingElement, serialized: &mut [u8], ) { + let _serialized_len = serialized.len(); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { + hax_lib::loop_invariant!(|i: usize| serialized.len() == _serialized_len); let coefficient = Vector::compress::<4>(to_unsigned_representative::(re.coefficients[i])); @@ -173,13 +196,18 @@ fn compress_then_serialize_4( } #[inline(always)] +#[hax_lib::requires( + 10 * (VECTORS_IN_RING_ELEMENT - 1) + 10 <= serialized.len() +)] fn compress_then_serialize_5( re: PolynomialRingElement, serialized: &mut [u8], ) { + let _serialized_len = serialized.len(); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { + hax_lib::loop_invariant!(|i: usize| serialized.len() == _serialized_len); let coefficients = Vector::compress::<5>(to_unsigned_representative::(re.coefficients[i])); @@ -190,6 +218,14 @@ fn compress_then_serialize_5( } #[inline(always)] +#[hax_lib::requires( + (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) && + (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN && + out.len() == OUT_LEN +)] +#[hax_lib::ensures(|_| + fstar!("${out_future.len()} == ${out.len()}") +)] pub(super) fn compress_then_serialize_ring_element_v< const COMPRESSION_FACTOR: usize, const OUT_LEN: usize, @@ -198,8 +234,9 @@ pub(super) fn compress_then_serialize_ring_element_v< re: PolynomialRingElement, out: &mut [u8], ) { - hax_debug_assert!((COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN); - + hax_lib::fstar!("assert ( + (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/ + (v (cast $COMPRESSION_FACTOR <: u32) == 5))"); match COMPRESSION_FACTOR as u32 { 4 => compress_then_serialize_4(re, out), 5 => compress_then_serialize_5(re, out), @@ -208,13 +245,16 @@ pub(super) fn compress_then_serialize_ring_element_v< } #[inline(always)] +#[hax_lib::requires( + serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 10) / 8 +)] fn deserialize_then_decompress_10( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 10) / 8); - + hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320)"); let mut re = PolynomialRingElement::::ZERO(); + let _coefficients_length = re.coefficients.len(); cloop! { for (i, bytes) in serialized.chunks_exact(20).enumerate() { let coefficient = Vector::deserialize_10(bytes); @@ -225,11 +265,13 @@ fn deserialize_then_decompress_10( } #[inline(always)] +#[hax_lib::requires( + serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 11) / 8 +)] fn deserialize_then_decompress_11( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 11) / 8); - + hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352)"); let mut re = PolynomialRingElement::::ZERO(); cloop! { @@ -243,14 +285,19 @@ fn deserialize_then_decompress_11( } #[inline(always)] +#[hax_lib::requires( + (COMPRESSION_FACTOR == 10 || COMPRESSION_FACTOR == 11) && + serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 +)] pub(super) fn deserialize_then_decompress_ring_element_u< const COMPRESSION_FACTOR: usize, Vector: Operations, >( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8); - + hax_lib::fstar!("assert ( + (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/ + (v (cast $COMPRESSION_FACTOR <: u32) == 11))"); match COMPRESSION_FACTOR as u32 { 10 => deserialize_then_decompress_10(serialized), 11 => deserialize_then_decompress_11(serialized), @@ -259,11 +306,15 @@ pub(super) fn deserialize_then_decompress_ring_element_u< } #[inline(always)] +#[hax_lib::requires( + serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 4) / 8 +)] fn deserialize_then_decompress_4( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 4) / 8); + hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128)"); let mut re = PolynomialRingElement::::ZERO(); + cloop! { for (i, bytes) in serialized.chunks_exact(8).enumerate() { let coefficient = Vector::deserialize_4(bytes); @@ -274,11 +325,13 @@ fn deserialize_then_decompress_4( } #[inline(always)] +#[hax_lib::requires( + serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 5) / 8 +)] fn deserialize_then_decompress_5( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 5) / 8); - + hax_lib::fstar!("assert (v (($COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160)"); let mut re = PolynomialRingElement::::ZERO(); cloop! { @@ -291,14 +344,19 @@ fn deserialize_then_decompress_5( } #[inline(always)] +#[hax_lib::requires( + (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) && + serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 +)] pub(super) fn deserialize_then_decompress_ring_element_v< const COMPRESSION_FACTOR: usize, Vector: Operations, >( serialized: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8); - + hax_lib::fstar!("assert ( + (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/ + (v (cast $COMPRESSION_FACTOR <: u32) == 5))"); match COMPRESSION_FACTOR as u32 { 4 => deserialize_then_decompress_4(serialized), 5 => deserialize_then_decompress_5(serialized), From a20f576080e108d6d405a8f841f0c79d54a7d0c9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 23 Aug 2024 18:23:05 +0200 Subject: [PATCH 092/348] wip --- Cargo.toml | 1 + fstar-helpers/fstar-bitvec/Makefile | 32 + fstar-helpers/fstar-bitvec/RwLemmas.fst | 485 ++++ fstar-helpers/fstar-bitvec/RwLemmas.js | 43 + .../proofs/fstar/extraction/Hello.fst | 390 +++ ...l_kem.Vector.Portable.Serialize.Edited.fst | 2334 +++++++++++++++++ ..._kem.Vector.Portable.Serialize.Edited.fsti | 100 + .../fstar/extraction/Tactic.RwLemmas.fst | 0 .../proofs/fstar/extraction/TacticTest.fst | 15 + .../src/vector/portable/serialize.rs | 20 +- libcrux-sha3/proofs/fstar/extraction/Makefile | 1 + 11 files changed, 3410 insertions(+), 11 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/Makefile create mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.fst create mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.js create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Hello.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst create mode 100644 libcrux-sha3/proofs/fstar/extraction/Makefile diff --git a/Cargo.toml b/Cargo.toml index 5ecbea800..26e8c50da 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,6 +77,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] +# hax-lib = { path = "/home/lucas/repos/hax/lib-proofs-bitvectors-additions/hax-lib" } hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] diff --git a/fstar-helpers/fstar-bitvec/Makefile b/fstar-helpers/fstar-bitvec/Makefile new file mode 100644 index 000000000..9cbf41f87 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Makefile @@ -0,0 +1,32 @@ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Ind_cca.fst \ + Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Ind_cpa.fsti \ + Libcrux_ml_kem.Invert_ntt.fst \ + Libcrux_ml_kem.Matrix.fst \ + Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Polynomial.fst \ + Libcrux_ml_kem.Sampling.fst \ + Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ + Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ + Libcrux_ml_kem.Vector.Avx2.Portable.fst \ + Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.Ntt.fst \ + Libcrux_ml_kem.Vector.Neon.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Portable.Compress.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.Sampling.fst \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Traits.fst + +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst new file mode 100644 index 000000000..21d64c63d --- /dev/null +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -0,0 +1,485 @@ +module RwLemmas + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul + +let rw_seq_index_list #t (l: list t) i + : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) + = () + +// START TEMPLATE +let rw_u8_mk_int x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = mk_int_equiv_lemma #u8_inttype x +let rw_u8_v_int_to x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () +let rw_u8_int_to_v x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () +let rw_u8_v x: Lemma (v #u8_inttype x == UInt8.v x) = () +// END TEMPLATE + +// START GENERATED +let rw_i8_mk_int x: Lemma (mk_int #i8_inttype x == Int8.int_to_t x) = mk_int_equiv_lemma #i8_inttype x +let rw_i8_v_int_to x: Lemma (Int8.v (Int8.int_to_t x) == x) = () +let rw_i8_int_to_v x: Lemma (Int8.int_to_t (Int8.v x) == x) = () +let rw_i8_v x: Lemma (v #i8_inttype x == Int8.v x) = () +let rw_u16_mk_int x: Lemma (mk_int #u16_inttype x == UInt16.uint_to_t x) = mk_int_equiv_lemma #u16_inttype x +let rw_u16_v_int_to x: Lemma (UInt16.v (UInt16.uint_to_t x) == x) = () +let rw_u16_int_to_v x: Lemma (UInt16.uint_to_t (UInt16.v x) == x) = () +let rw_u16_v x: Lemma (v #u16_inttype x == UInt16.v x) = () +let rw_i16_mk_int x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = mk_int_equiv_lemma #i16_inttype x +let rw_i16_v_int_to x: Lemma (Int16.v (Int16.int_to_t x) == x) = () +let rw_i16_int_to_v x: Lemma (Int16.int_to_t (Int16.v x) == x) = () +let rw_i16_v x: Lemma (v #i16_inttype x == Int16.v x) = () +let rw_u32_mk_int x: Lemma (mk_int #u32_inttype x == UInt32.uint_to_t x) = mk_int_equiv_lemma #u32_inttype x +let rw_u32_v_int_to x: Lemma (UInt32.v (UInt32.uint_to_t x) == x) = () +let rw_u32_int_to_v x: Lemma (UInt32.uint_to_t (UInt32.v x) == x) = () +let rw_u32_v x: Lemma (v #u32_inttype x == UInt32.v x) = () +let rw_i32_mk_int x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = mk_int_equiv_lemma #i32_inttype x +let rw_i32_v_int_to x: Lemma (Int32.v (Int32.int_to_t x) == x) = () +let rw_i32_int_to_v x: Lemma (Int32.int_to_t (Int32.v x) == x) = () +let rw_i32_v x: Lemma (v #i32_inttype x == Int32.v x) = () +let rw_u64_mk_int x: Lemma (mk_int #u64_inttype x == UInt64.uint_to_t x) = mk_int_equiv_lemma #u64_inttype x +let rw_u64_v_int_to x: Lemma (UInt64.v (UInt64.uint_to_t x) == x) = () +let rw_u64_int_to_v x: Lemma (UInt64.uint_to_t (UInt64.v x) == x) = () +let rw_u64_v x: Lemma (v #u64_inttype x == UInt64.v x) = () +let rw_i64_mk_int x: Lemma (mk_int #i64_inttype x == Int64.int_to_t x) = mk_int_equiv_lemma #i64_inttype x +let rw_i64_v_int_to x: Lemma (Int64.v (Int64.int_to_t x) == x) = () +let rw_i64_int_to_v x: Lemma (Int64.int_to_t (Int64.v x) == x) = () +let rw_i64_v x: Lemma (v #i64_inttype x == Int64.v x) = () +let rw_integers_list0 = [ + `rw_u8_mk_int;`rw_u8_v_int_to;`rw_u8_int_to_v;`rw_u8_v + // ;`rw_i8_mk_int;`rw_i8_v_int_to;`rw_i8_int_to_v;`rw_i8_v;`rw_u16_mk_int;`rw_u16_v_int_to;`rw_u16_int_to_v;`rw_u16_v + ;`rw_i16_mk_int;`rw_i16_v_int_to;`rw_i16_int_to_v;`rw_i16_v + // ;`rw_u32_mk_int;`rw_u32_v_int_to;`rw_u32_int_to_v;`rw_u32_v;`rw_i32_mk_int;`rw_i32_v_int_to;`rw_i32_int_to_v;`rw_i32_v;`rw_u64_mk_int;`rw_u64_v_int_to;`rw_u64_int_to_v;`rw_u64_v;`rw_i64_mk_int;`rw_i64_v_int_to;`rw_i64_int_to_v;`rw_i64_v + ] +// END GENERATED + +let rw_generic_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) + : Lemma (v (mk_int #t x) == x) + = () +let rw_usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () +let rw_v_mk_int_usize x: Lemma (mk_int #usize_inttype (v #usize_inttype x) == x) = () + +let rw_integers_list = L.append rw_integers_list0 [ + `rw_generic_v_mk_int; + `rw_usize_v_mk_int; + `rw_v_mk_int_usize; +] + +let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) + = match x with + | Some x -> f x + | None -> None + +let expect_int_literal (t: term): Tac (option int) = + match inspect_unascribe t with + | Tv_Const (C_Int n) -> Some n + | _ -> None +let expect_fvar (t: term): Tac (option string) = + match t with + | Tv_UInst fv _ + | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) + | _ -> None +let expect_free_var (t: term) (fv: string): Tac (option unit) = + let?# fv' = expect_fvar t in + if fv = fv' then Some () else None +let expect_cur_formula_comp () = + match FStar.Tactics.V2.Logic.cur_formula () with + | Comp _ lhs _ -> Some lhs + | _ -> None +let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = + let (head, args) = collect_app t in + if L.length args = n + then Some (head, args) + else None + +exception DoRefl +let fast_l_to_r_integers (): Tac unit = + pointwise (fun () -> + try + match let?# t = expect_cur_formula_comp () in + let (f, args) = collect_app t in + let?# _ = if Cons? args then Some () else None in + let?# fv = expect_fvar f in + let fv = explode_qn fv in + if Cons? fv then + (match L.last fv with + | "v" | "mk_int" | "int_to_t" | "uint_to_t" + -> fold_left (fun k l () -> (fun () -> apply_lemma_rw l) `or_else` k) + trefl rw_integers_list () + | _ -> raise DoRefl + ) else raise DoRefl; + Some () + with None -> raise DoRefl | _ -> () + with | DoRefl -> trefl () + | e -> raise e + ) + +#push-options "--compat_pre_core 0" + +let expect_pow2_literal t: Tac (option int) + = let?# (f, [x, _]) = expect_app_n t 1 in + let?# () = expect_free_var f (`%pow2) in + expect_int_literal x + +/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal +let norm_pow2 (): Tac unit = + pointwise (fun () -> + let _ = let?# t = expect_cur_formula_comp () in + let?# n = expect_pow2_literal t in + debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); + Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in + trefl ()) + +let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) + = if n = 0 then None + else if n = 1 then Some 0 + else if n % 2 <> 0 then None + else match log2 (n / 2) with + | Some n -> Some (1 + n) + | None -> None + +let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () + +let rewrite_pow2_minus_one () = + pointwise (fun () -> + match let?# t = expect_cur_formula_comp () in + let?# n = expect_int_literal t in + if n >= 0 then + match log2 (n + 1) with + | Some e -> + let rw_lemma (): Lemma (n == pow2 e - 1) = () in + apply_lemma_rw (quote rw_lemma); + Some () + | _ -> None + else None + with None -> trefl () | _ -> () + ) + +let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) + by (norm_pow2 (); trefl ()) + +private +let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) + : Lemma ( FStar.List.Tot.index #a l i + == Pervasives.norm [iota; primops] (let hd::tl = l in + if i = 0 then hd else List.Tot.index tl (i - 1))) + = () + + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f + +exception StopNormIndex +let norm_index (): Tac unit = + let _ = repeat (fun _ -> + lset "found" false; + pointwise (fun _ -> + (fun () -> + match let?# t = expect_cur_formula_comp () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`unfold_index_lemma); + lset "found" true; + Some () + with | Some () -> () | _ -> raise DoRefl + ) `or_else` trefl); + if lget "found" then () else raise StopNormIndex) in () + +let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_index(); trefl ()) + +#push-options "--z3rlimit 40" +let deserialize_10_int (bytes: t_Array u8 (sz 10)) = + let r0:i16 = + (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + in + let r2:i16 = + (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + in + let r3:i16 = + ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) + in + let r4:i16 = + (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) + in + let r6:i16 = + (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) + in + let r7:i16 = + ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) + in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + result +let split_forall_nat + (#upper_bound: pos) + (p: (i:nat{i <= upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) + /\ p upper_bound + ) + (ensures forall (i:nat{i <= upper_bound}). p i) + = () +#pop-options + +// #push-options "--z3rlimit 60" +let rw_bit_or (b1 b2: bit) result: + Lemma + (requires ( + (b1 = 0 ==> b2 = 0 ==> result = 0) + /\ (b1 = 0 ==> b2 = 1 ==> result = 1) + /\ (b1 = 1 ==> b2 = 0 ==> result = 1) + /\ (b1 = 1 ==> b2 = 1 ==> result = 0) + )) + (ensures (bit_or b1 b2 == result)) + = () + +let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) + = MkSeq.create8 (deserialize_10_int bytes) + +exception StopCompute +let compute'' (): Tac unit + = lset "goal" (cur_goal ()); + let _ = repeat (fun () -> + dump "A"; + norm [ iota; zeta; reify_ + ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] + // ; delta_only [ + // `%( +! ); `%( -! ); `%( *! ); `%( /! ); + // `%add; `%mul; `%div; `%sub + // ] + ; primops; unmeta]; + dump "B"; + norm_pow2 (); + dump "C"; + l_to_r [`rw_seq_index_list]; + fast_l_to_r_integers (); + dump "D"; + norm_index (); + dump "E"; + + let goal0 = lget "goal" in + let goal1 = cur_goal () in + if term_eq goal0 goal1 then raise StopCompute; + lset "goal" goal1 + ) in () + +// (((cast (bytes.[ sz 2 ] <: u8) <: i16) &. 15s <: i16) <>! 2l <: i16) + +// let _ = assert ((4s +! 5s) <= 0 /\ b < bits t}) = +// let x:range_t t = (v a * pow2 b) @%. t in +// mk_int #t x + +// let rw_shift_left_to_nat +// #t #u (x: int_t t) (y: int_t u {v y >= 0 /\ v y < bits t}) +// : Lemma ((x <>! 4l +// ) (sz 3) == 0 + +// let _ = +// get_bit ( ((cast bytes.[ sz 1 ] &. 3s ) <= relevant_bits + shift || i < shift then get_bit lhs (sz i) else full) + ) + = if i >= relevant_bits + shift then ( + let i' = i - shift in + let mask: int_t t = mk_int (pow2 relevant_bits - 1) in + let a = rhs &. mask in + if i' < bits t then ( + get_bit_pow2_minus_one #t relevant_bits (sz i'); + get_bit_and rhs (mk_int (pow2 relevant_bits - 1)) (sz i') + ) else get_bit_cast_extend #t #u a (sz i'); + let a: int_t u = cast a in + get_bit_shl #u #shift_t a (mk_int shift) (sz i') + ) else if i < shift then () else () +#pop-options + +#push-options "--z3rlimit 80" +let rw_rhs_bit_or_no_mask #t #u #shift_t + (lhs: int_t u) (rhs: int_t t) + (i: nat {i < bits u}) + (shift: nat {shift < bits u /\ Rust_primitives.Integers.range shift shift_t}) + : Lemma ( + let full = get_bit ( + lhs |. ((cast rhs <: int_t u) <= shift then ( + let i' = i - shift in + let a = rhs in + let a: int_t u = cast a in + get_bit_shl #u #shift_t a (mk_int shift) (sz i') + ) else () +#pop-options + +#push-options "--z3rlimit 150" +let add_shift_zero #t #shift_t (x: int_t t) + : Lemma (x < Lemma (a x == b x))) (x: t): Lemma (b x == a x) + = f x + +let r_to_l (lems:list term) : Tac unit = + let first_or_trefl () : Tac unit = + fold_left (fun k l () -> + (fun () -> apply_lemma_rw (`(invert (`#l)))) + `or_else` k) + trefl lems () in + pointwise first_or_trefl + +let make_integers_generic () = + pointwise (fun _ -> + dump "X"; + match let?# t = expect_cur_formula_comp () in + let?# n = expect_int_literal t in + // let is_int = + // try let x = tc (top_env ()) (`(3 + (`#t))) in + // print ("tc -> -> " ^ term_to_string x); + // true + // with | _ -> false + // in + let ty = tc (cur_env ()) t in + let ty = norm_term [iota; zeta; reify_; delta; primops; unmeta] ty in + let ty = inspect_unascribe ty in + let is_int = term_eq ty (`int) || term_eq ty (`nat) in + fail ("unify=" ^ string_of_bool is_int); + None + // fail ("ty=" ^ term_to_string ty); + // if unify ty `int + // then + // unify + // match?# expect_fvar ty with + // | "Prims.int" -> None + // | _ -> Some n + with + | Some n -> + let n = n + 1 in + trefl () + // fail (string_of_int n) + | _ -> trefl () + ) + + +// let _ = FStar.Int16.__int_to_t +let _ = fun x -> assert (2s == x) + by ( + norm [iota; primops]; make_integers_generic (); fail "x") + +#push-options "--compat_pre_core 0" +let asdsd (bytes: t_Array u8 (sz 10)) + = let cast: u8 -> i16 = cast in + assert ( + get_bit ((cast bytes.[ sz 3 ] &. 63s <: i16) <>! 4l) (sz 3) == 0 + ) by ( + r_to_l rw_integers_list; + fail "x"; + // l_to_r [`resugar_integer]; + // apply_lemma_rw (`rw_rhs_bit_or_no_mask); + // compute (); + // apply_lemma_rw (`rw_rhs_bit_or_no_mask); + pointwise' (fun _ -> + // let _ = let?# t = expect_cur_formula_comp () in + // let?# (f, _) = expect_app_n t 3 in + // let?# () = expect_free_var f (`%get_bit) in + // apply_lemma_rw (`rw_rhs_bit_or_no_mask); + // invert (); + // Some (dump "heey") + // in + trefl () + // let _ = repeat clear_top in + // dump "X"; + // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; + // let _ = repeat clear_top in + // dump "Y" + ); + fail "x" + ) + +let fff bytes x: unit = + assert ( + get_bit (Seq.index (deserialize_10_int' bytes) 2) (sz 3) == 0 + ) by ( + compute'' (); + // l_to_r [`rewrite_to_zero]; + // compute'' (); + // apply_lemma_rw + // l_to_r [`rw_rhs_bit_or_no_mask]; + fail "DONE"; + focus (tadmit) + ); + () + diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.js b/fstar-helpers/fstar-bitvec/RwLemmas.js new file mode 100644 index 000000000..787c179ed --- /dev/null +++ b/fstar-helpers/fstar-bitvec/RwLemmas.js @@ -0,0 +1,43 @@ +const fs = require('fs'); + +let lemmas = fs.readFileSync('RwLemmas.fst').toString(); +let template_lines = + lemmas + .split('// START TEMPLATE')[1] + .split('// END TEMPLATE')[0] + .split('\n').map(x => x.trim()); + +let template = template_lines.join('\n'); + +let sizes = ['8', '16', '32', '64']; + +let replace = (str, from_size, to_sign, to_size) => + str + .replaceAll(`u${from_size}`, `${to_sign ? 'u' : 'i'}${to_size}`) + .replaceAll(`UInt${from_size}`, `${to_sign ? 'U' : ''}Int${to_size}`) + .replaceAll(`uint_to`, `${to_sign ? 'u' : ''}int_to`); + +let all = ""; +for(let n1 of sizes) { + for(let s1 of [true, false]) { + let s = template; + console.log({n1, s1}); + s = replace(s, 8, s1, n1); + all += s; + } +} + +let generated_lines = [...new Set(all.split('\n'))]; +let names = generated_lines.map(x => x.split(' ')[1]).filter(x => x); +let generated = generated_lines.filter(x => !template_lines.includes(x)).join('\n'); + +generated += '\nlet rw_integers_list0 = [' + names.map(n => '`' + n).join(';') + ']'; + +let before = lemmas + .split('// START GENERATED')[0]; + +let after = lemmas + .split('// END GENERATED')[1]; + +fs.writeFileSync('RwLemmas.fst', before + '// START GENERATED\n' + generated + '\n// END GENERATED' + after); + diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst b/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst new file mode 100644 index 000000000..5178c4c54 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst @@ -0,0 +1,390 @@ +module Hello + +open Core +open FStar.Mul +open FStar.Tactics.V2 + +// module _ = BitVecEq +// module _ = Rust_primitives.BitVectors + +// // val ( >>! ) #t #t': int_t -> int + +// #push-options "--admit_smt_queries true" +// val serialize_10_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8) +// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) +// (ensures fun _ -> True) +// let serialize_10_int (v: t_Slice i16) = +// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in +// let r1:u8 = +// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) +// in +// let r2:u8 = +// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) +// in +// let r3:u8 = +// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) +// in +// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in +// //let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in +// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +// #pop-options + +// let wrapped (v: t_Array i16 (sz 4)): t_Array u8 (sz 5) = +// MkSeq.create5 (serialize_10_int v) + +// let norm_seq #t (l: list t) i +// : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) +// = () + +// let split_forall_nat +// (#upper_bound: pos) +// (p: (i:nat{i <= upper_bound}) -> Type0) +// : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) +// /\ p upper_bound +// ) +// (ensures forall (i:nat{i <= upper_bound}). p i) +// = () + +// let rw_simplify_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) +// : Lemma (v (mk_int #t x) == x) +// = () + + +// let rw_simplify_v_mk_intu8 +// (x: int {Rust_primitives.Integers.range x u8_inttype}) +// (t: _ {t == u8_inttype}) +// : Lemma (UInt8.v (mk_int #t x) == x) +// = assert (UInt8.v (mk_int #t x) == v (mk_int #u8_inttype x)) + + +// let conv_mk_int_u8 x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = admit () +// let rw_v_uint_to_t_u8 x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () +// let rw_v_uint_to_t_u8' x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () +// let rw_v_u8 x: Lemma (v #u8_inttype x == UInt8.v x) = () + +// let conv_mk_int_i16 x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = admit () +// let rw_v_uint_to_t_i16 x: Lemma (Int16.v (Int16.int_to_t x) == x) = () +// let rw_v_uint_to_t_i16' x: Lemma (Int16.int_to_t (Int16.v x) == x) = () +// let rw_v_i16 x: Lemma (v #i16_inttype x == Int16.v x) = () + +// let conv_mk_int_i32 x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = admit () +// let rw_v_uint_to_t_i32 x: Lemma (Int32.v (Int32.int_to_t x) == x) = () +// let rw_v_uint_to_t_i32' x: Lemma (Int32.int_to_t (Int32.v x) == x) = () +// let rw_v_i32 x: Lemma (v #i32_inttype x == Int32.v x) = () + +// let usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () + +// let rw_ints = [ +// `conv_mk_int_u8; +// `rw_v_uint_to_t_u8; +// `rw_v_uint_to_t_u8'; +// `rw_v_u8; +// `conv_mk_int_i16; +// `rw_v_uint_to_t_i16; +// `rw_v_uint_to_t_i16'; +// `rw_v_i16; +// `conv_mk_int_i32; +// `rw_v_uint_to_t_i32; +// `rw_v_uint_to_t_i32'; +// `rw_v_i32; +// `usize_v_mk_int; +// ] + +// let rw_v_mk_int t x: Lemma (v (mk_int #t x) == x) = () + +// // let lemma_gt_0 x: Lemma ( +// // (Int16.v (logand #Lib.IntTypes.S16 x 255s) @%. Lib.IntTypes.U8 >= 0) +// // == (Int16.v x >= 0) +// // ) = () + +// let rw = [ +// `norm_seq +// ; `rw_simplify_v_mk_int +// ; `conv_mk_int_u8; `rw_v_uint_to_t_u8; `rw_v_uint_to_t_u8' +// ; `conv_mk_int_i16; `rw_v_uint_to_t_i16; `rw_v_uint_to_t_i16' +// ; `rw_v_mk_int +// // ; `lemma_gt_0 +// ] + +// #push-options "--z3rlimit 60" +// let rw_bit_or (b1 b2: bit) result: +// Lemma +// (requires ( +// (b1 = 0 ==> b2 = 0 ==> result = 0) +// /\ (b1 = 0 ==> b2 = 1 ==> result = 1) +// /\ (b1 = 1 ==> b2 = 0 ==> result = 1) +// /\ (b1 = 1 ==> b2 = 1 ==> result = 0) +// )) +// (ensures (bit_or b1 b2 == result)) +// = () + +// type nn = { +// x_bits: nat; +// y_bits: int; +// x_shift: nat; +// } + +// #push-options "--z3rlimit 260" +// let numbers +// t (u: inttype {bits t > bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (arr2_term_idx: nat) = +// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = +// let first_bit = arr2_term_idx * d2 in +// let arr1_idx = first_bit / d1 in +// let x_shift = first_bit % d1 in +// // How many bits are left from `x` in the result? +// let x_bits: nat = d1 - x_shift in +// // How many bits are left from `y` in the result? +// let y_bits: int = d2 - x_bits in +// // let x_mask = pow2 x_bits - 1 in +// // let y_mask = pow2 y_bits - 1 in +// {x_bits; y_bits; x_shift; } +// #pop-options + +// let config = numbers i16_inttype u8_inttype 10 8 2 + +// #push-options "--z3rlimit 260" +// // #push-options "--z3rlimit 260 --admit_smt_queries true" +// let compute_term +// t (u: inttype {bits t > bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) +// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) +// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) +// (arr2_term_idx: nat {arr2_term_idx < n2}): int_t u = +// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = +// let first_bit = arr2_term_idx * d2 in +// let arr1_idx = first_bit / d1 in +// let x = Seq.index arr1 arr1_idx in +// let x_shift = first_bit % d1 in +// // How many bits are left from `x` in the result? +// let x_bits = d1 - x_shift in +// // How many bits are left from `y` in the result? +// let y_bits = d2 - x_bits in +// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) x_bits; +// let x_mask = pow2 x_bits - 1 in +// let x': int_t u = cast ((x >>! mk_int #i32_inttype x_shift) &. mk_int #t x_mask) in +// if arr1_idx + 1 < n1 && y_bits > 0 +// then ( +// Math.Lemmas.pow2_le_compat (bits u - (if unsigned u then 0 else 1)) y_bits; +// let y_mask = pow2 y_bits - 1 in +// let y = Seq.index arr1 (arr1_idx + 1) in +// let y': int_t u = cast (y &. mk_int #t y_mask) in +// let y_shift = x_bits in +// let y': int_t u = y' < bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) +// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) +// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) +// (arr2_term_idx: nat {arr2_term_idx < n2}) +// (i: nat { i < d2 }) +// : Lemma ( +// let first_bit = arr2_term_idx * d2 in +// let x_bits = d1 - first_bit % d1 in +// let arr1_idx = first_bit / d1 in +// get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) (sz i) +// == ( if i < x_bits +// // ICI C'EST PAS OKAY +// then get_bit (Seq.index arr1 arr1_idx ) (sz i) +// else get_bit (Seq.index arr1 (arr1_idx + 1)) (sz (i - x_bits)) +// ) +// // let j = i - +// // bv1 i == get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) j +// ) = admit () +// #pop-options + +// let norm_pow2 (): Tac unit = +// pointwise (fun () -> +// begin match FStar.Tactics.V2.Logic.cur_formula () with +// | Comp _eq lhs _rhs -> +// let (head, args) = collect_app lhs in +// ( match (inspect head, args) with +// | (Tv_FVar fv, [_]) -> +// if implode_qn (inspect_fv fv) = `%pow2 +// then norm [iota; zeta_full; reify_; delta; primops; unmeta] +// else () +// | _ -> ()) +// | _ -> () +// end; +// trefl ()) + +// let unfold_index (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) +// : Lemma ( FStar.List.Tot.index #a l i +// == (let hd::tl = l in +// if i = 0 then hd else List.Tot.index tl (i - 1))) +// = () + +// exception StopNormIndex + +// let norm_index (): Tac unit = +// let _ = repeat (fun _ -> +// lset "found" false; +// pointwise (fun _ -> +// (fun () -> +// apply_lemma_rw (`unfold_index); +// lset "found" true +// ) `or_else` trefl); +// if lget "found" then () else raise StopNormIndex) in () + +// // #push-options "--fuel 0 --ifuel 0 --z3rlimit 60" +// // let xx (x0 x1: i16) = +// // get_bit_pow2_minus_one_i16 63 (sz 3); +// // assert (get_bit (mk_int #i16_inttype 63) (sz 3) == 1) + +// // // get_bit_pow2_minus_one_i16 63 (sz 3); +// // assert ( +// // get_bit x1 (mk_int #usize_inttype 3) +// // == +// // // get_bit ((cast (x1 &. mk_int #i16_inttype 63) <: u8) <>! mk_int #i16_inttype 8 &. mk_int #i16_inttype 3) <: u8) (mk_int 5)) +// // ) + +// // let shift_right_simplify_0 t (x: int_t t): Lemma (shift_right x 0l == x) +// // = () + +// #push-options "--compat_pre_core 0" +// #push-options "--z3rlimit 60" +// let lemma (arr1: t_Array i16 (sz 4)) = +// let arr2 = wrapped arr1 in +// let d1 = 10 in +// let d2 = 8 in +// let bv1 = bit_vec_of_int_t_array arr1 d1 in +// let bv2 = bit_vec_of_int_t_array arr2 d2 in +// let mk = compute_term +// i16_inttype u8_inttype +// 10 8 +// 4 5 +// arr1 arr2 +// in +// let mk_lemma = lemma_compute_term +// i16_inttype u8_inttype +// 10 8 +// 4 5 +// arr1 arr2 +// in +// let i = 13 in +// assert (forall (i: nat {i <= 19}). bv1 i == bv2 i) by ( +// let rec round (i: nat): Tac _ = +// apply_lemma (`split_forall_nat); +// norm [iota; reify_; primops; unmeta; delta_only [`%op_Subtraction]]; +// let deep_norm () = +// norm [iota; zeta; reify_; delta; primops; unmeta]; +// norm_index (); +// l_to_r (rw_ints `List.Tot.append` [`norm_index; `norm_seq]) +// in +// split (); +// flip (); +// focus (fun () -> +// dump "x"; +// let t = quote (get_bit (mk (i / d2)) (sz (i % d2))) in +// // let bv2_eq_t = tcut (`((`@bv2) (`@i) == (`#t))) in +// grewrite (quote (bv2 i)) t; +// dump "after grewrite 1"; +// flip (); +// focus (fun _ -> +// let _ = repeatn 3 deep_norm in +// trefl `or_else` (fun () -> +// dump "Not refl after norm, SMT?"; +// smt_sync (); +// dump "SMT ok" +// ) +// ); +// // let bv1_eq_t = tcut (`((`@bv1) (`@i) == (`#t))) in +// grewrite (quote (bv1 i)) t; +// dump "after grewrite 2"; +// flip (); +// focus (fun () -> +// dump "dunm"; +// l_to_r [quote mk_lemma]; +// compute (); +// trefl `or_else` (fun () -> +// dump "Not refl, SMT?"; +// smt_sync (); +// dump "SMT ok" +// ) +// ); +// dump "Just before the end of the round"; +// deep_norm (); +// dump "Just before the end of the round (+norm)"; +// trefl () +// ); +// dump ("finished round" ^ string_of_int i); +// if i = 0 +// then () +// else round (i - 1) +// in +// let _ = round 19 in +// () +// ); +// // assert (bv2 i == get_bit (mk (i / d2)) (sz (i % d2))) by ( +// // ); +// // assert ( +// // bv2 8 == get_bit t (sz 0) +// // ) by ( +// // compute (); +// // l_to_r [`norm_seq]; +// // ); +// admit(); +// () + +// let _ = +// assume (Int16.v (Seq.Base.index arr1 (i / d1)) >= 0); +// assume (Int16.v (Seq.Base.index arr1 (i / d2)) >= 0); +// // assert (bv2 13 == ); +// assert ( +// bv2 13 +// == bv1 13 +// // == get_bit (Seq.index bv1 0) (sz 0) +// // == get_bit (Seq.index arr2 0) (sz 0) +// //get_bit (Seq.index arr2 0) (sz 0) +// ) by ( + +// compute (); +// l_to_r rw; +// compute (); +// l_to_r rw; +// norm [iota; simplify; zeta_full; reify_; delta; primops; unmeta]; +// l_to_r rw; +// l_to_r [`Math.Lemmas.modulo_distributivity]; +// l_to_r [`get_bit_or; `get_bit_and]; +// // l_to_r [`rw_bit_or]; +// apply_lemma (`rw_bit_or); +// l_to_r rw; +// fail "x"; +// let _ = repeat split in +// iterAll (fun _ -> +// l_to_r rw; +// norm [iota; simplify; zeta_full; reify_; delta; primops; simplify; unmeta]; +// () +// ); +// fail "x"; +// iterAll ( +// fun _ -> +// dump "SMT for:"; +// smt_sync () +// ) +// // let _ = iterAll (fun _ -> let _ = l_intros () in ()) in +// // fail "x" +// // tadmit () +// ) + + + diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst new file mode 100644 index 000000000..785f57dd7 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst @@ -0,0 +1,2334 @@ +module Libcrux_ml_kem.Vector.Portable.Serialize.Edited +// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +// open Core +// open FStar.Mul + +// #push-options "--admit_smt_queries true" + +// let deserialize_10_int (bytes: t_Slice u8) = +// let r0:i16 = +// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) +// in +// let r2:i16 = +// (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) +// in +// let r3:i16 = +// ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) +// in +// let r4:i16 = +// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) +// in +// let r6:i16 = +// (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) +// in +// let r7:i16 = +// ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) +// in +// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_11_int (bytes: t_Slice u8) = +// let r0:i16 = +// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) +// in +// let r2:i16 = +// ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) +// in +// let r3:i16 = +// (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) +// in +// let r4:i16 = +// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) +// in +// let r5:i16 = +// ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) +// in +// let r6:i16 = +// (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) +// in +// let r7:i16 = +// ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) +// in +// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_12_int (bytes: t_Slice u8) = +// let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in +// let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in +// let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in +// let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in +// r0, r1 <: (i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_4_int (bytes: t_Slice u8) = +// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in +// let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// let v2:i16 = cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16 in +// let v3:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// let v4:i16 = cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16 in +// let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in +// let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in +// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_5_int (bytes: t_Slice u8) = +// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in +// let v1:i16 = +// cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v2:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16 in +// let v3:i16 = +// cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v4:i16 = +// cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v5:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16 in +// let v6:i16 = +// cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) +// <: +// u8) +// <: +// i16 +// in +// let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in +// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +// #pop-options + +// #push-options "--z3rlimit 480 --split_queries always" + +// let serialize_10_int (v: t_Slice i16) = +// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in +// let r1:u8 = +// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) +// in +// let r2:u8 = +// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) +// in +// let r3:u8 = +// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) +// in +// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in +// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in +// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) + +// #pop-options + +// // #push-options "--ifuel 1 --z3rlimit 1600 " + +// unfold let (.[]) (x: t_Slice i16) (i: usize {v i < Seq.length x}): i16 = Seq.index x (v i) + +// // val serialize_11_int' (v: t_Slice i16) +// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// // (requires Seq.length v == 8 +// // /\ Rust_primitives.bounded (v.[sz 0] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 1] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 2] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 3] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 4] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 5] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 6] <: i16) 11 +// // /\ Rust_primitives.bounded (v.[sz 7] <: i16) 11 +// // ) +// // (ensures +// // fun tuple -> +// // let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in +// // BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) + +// #push-options "--ifuel 1 --z3rlimit 600 --split_queries always" + +// val compress_coefficients_11_ +// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +// int_t_d i16_inttype 11) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// (requires True) +// (ensures fun tuple -> +// True +// // BitVecEq.int_t_array_bitwise_eq' +// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +// // (MkSeq.create11 tuple) 8 +// ) + +// #pop-options + +// // #push-options "--z3rlimit 90" +// // let rightmost_bits #t u +// // (coef: int_t t) (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) +// // (shift: nat {shift > 0 /\ shift < bits u}) +// // : result: int_t u {forall i. get_bit result i == } +// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; +// // (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) +// // <= bits u}) +// // (coef: int_t t) +// // (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) +// // (shift: nat {shift > 0 /\ shift < (bits u - n_bits)}) +// // // : result: int_t u +// // // {forall (i: nat). i < n_bits ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) } +// // // : result: int_t u {forall i. (i >= shift /\ i < shift + n_bits) +// // // ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) +// // // } +// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; +// // let x = (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) in +// // let y: int_t u = mk_int shift in +// // let result = x < 0 +// // // // ==> +// // // // (get_bit result (sz 0) == get_bit x (sz shift)) +// // // // ); +// // // // admit (); +// // result + +// // let leftmost_bits #t u (coef: int_t t) (shift: nat {shift > 0 /\ shift < bits t}) +// // = (cast (coef >>! (mk_int shift <: int_t t)) <: int_t u) + +// let is_num_bits t (d:nat) = d > 0 /\ d <= bits t /\ (signed t ==> d < bits t) + +// #push-options "--fuel 0 --ifuel 0 --z3rlimit 900" +// [@@"opaque_to_smt"] +// let mix_two_ints t (u:inttype {bits t > bits u}) +// (d1: num_bits t) (d2: num_bits u) +// (x1: int_t t) (x2: int_t t) +// (offset1: pos { offset1 < d1 /\ offset1 > d1 - d2}) +// : r: int_t u { +// forall i. i < d2 +// ==> get_bit r (sz i) +// = ( if i >= d1 - offset1 (* offset2 *) +// then +// // get_bit r (sz i) +// get_bit x2 (sz (i - (d1 - offset1))) +// else +// // get_bit r (sz i) +// get_bit x1 (sz (offset1 + i)) +// ) +// } +// = +// let offset2 = d1 - offset1 in +// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) (d2 - offset2); +// let power = d2 - offset2 in +// FStar.Classical.forall_intro (get_bit_pow2_minus_one #t power); +// let mask: int_t t = mk_int (pow2 power - 1) in +// admit (); +// ((cast (x2 &. mask <: int_t t) <: int_t u) <>! mk_int #t offset1 <: int_t t) <: int_t u) +// // let a = cast (x1 >>! mk_int #t offset1 <: int_t t) <: int_t u in +// // let b' = cast (x2 &. mask <: int_t t) <: int_t u in +// // let b = b' <= offset2 /\ i < d2}). get_bit b (sz i) == get_bit x2 (sz (i - offset2)) +// // with ( +// // get_bit_pow2_minus_one #t power (sz (i - offset2)); +// // get_bit_and x2 mask (sz i) +// // ); +// // let proof (i: nat {i >= offset2 /\ i < d2}) = +// // // assert (get_bit b (sz i) == get_bit b' (sz (i - offset2))); +// // get_bit_pow2_minus_one #t power (sz (i - offset2)); +// // // assert (get_bit mask (sz (i - offset2)) == 1); +// // get_bit_and x2 mask (sz i); +// // // assert (get_bit b' (sz (i - offset2)) == get_bit x2 (sz (i - offset2))); +// // assert (get_bit b (sz i) == get_bit x2 (sz (i - offset2))); +// // () +// // in +// // // assert (forall (i: nat {i < offset2}). get_bit b (sz i) == 0); +// // // let proof (i: nat {i < offset2}) = + +// // // calc (==) { +// // // get_bit r (sz i); +// // // == { +// // // assert (get_bit b (sz i) == 0); +// // // get_bit_or a b (sz i) +// // // } get_bit a (sz i); +// // // // == { +// // // // get_bit_shr x1 (mk_int #t offset1) (sz i) +// // // // } get_bit x1 (sz (offset1 + i)); +// // // }; +// // // // assert (get_bit b (sz i) == 0); +// // // // assert (get_bit (b |. a) (sz i) == get_bit a (sz i)); +// // // // assert (get_bit a (sz i) == get_bit x1 (sz (offset1 + i))); +// // // // assert (get_bit (b |. a) (sz i) == get_bit x1 (sz (offset1 + i))); +// // // () +// // // // assert (get_bit r (a |. b) == get_bit a (sz i)); +// // // in +// // r +// #pop-options + +// let mask_inv_opt_in_range #t (mask: int_t t {Some? (mask_inv_opt (v mask))}) +// : Lemma (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t) +// [SMTPat (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t)] +// = let n = (Some?.v (mask_inv_opt (v mask))) in +// assert (pow2 n - 1 == v mask) + +// #push-options "--z3rlimit 90 --split_queries always" +// let rw_mix_two_ints +// t u +// (x1: int_t t) (x2: int_t t) +// (mask: int_t t {Some? (mask_inv_opt (v mask))}) +// (shl: int_t t {v shl > 0 /\ v shl < bits u}) +// (shr: int_t t {v shr > 0 /\ v shr < bits t}) +// : Lemma +// (requires ( +// let d1 = v shl + v shr in +// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in +// let offset1 = v shr in +// bits t > bits u +// /\ is_num_bits t d1 +// /\ is_num_bits u d2 +// /\ offset1 < d1 +// /\ offset1 > d1 - d2 +// )) +// (ensures +// ( ((cast (x2 &. mask <: int_t t) <: int_t u) <>! shr <: int_t t) <: int_t u) +// ) +// == ( +// let d1 = v shl + v shr in +// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in +// let offset1 = v shr in +// mix_two_ints t u d1 d2 x1 x2 offset1 +// ) +// ) +// = let d1 = v shl + v shr in +// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in +// let offset1 = v shr in +// reveal_opaque (`%mix_two_ints) (mix_two_ints t u d1 d2 x1 x2 offset1); +// admit () +// #pop-options + +// open FStar.Tactics.V2 + +// let tau () +// = let first_or_trefl () : Tac unit = +// if try apply_lemma_rw (`rw_mix_two_ints); true +// with | _ -> false +// then begin +// FStar.Tactics.V1.dump "Before norm"; +// norm [iota; zeta_full; reify_; delta; primops; simplify; unmeta]; +// FStar.Tactics.V1.dump "After norm"; +// trivial () +// end else trefl () +// in +// pointwise first_or_trefl; +// FStar.Tactics.V1.dump "xx"; +// trefl () + +// #push-options "--compat_pre_core 2" + +// #push-options "--z3rlimit 90" +// // [@@"opaque_to_smt"] +// [@@postprocess_with tau] +// let compress_coefficients_11_ +// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = +// let coef1:u8 = cast (coefficient1 <: i16) <: u8 in +// // assert (get_bit ) +// // coefficient1 +// let coef2:u8 = +// ((cast (coefficient2 &. 31s <: i16) <: u8) <>! 8s <: i16) <: u8) +// in +// let coef3:u8 = +// ((cast (coefficient3 &. 3s <: i16) <: u8) <>! 5s <: i16) <: u8) +// in +// let coef4:u8 = cast ((coefficient3 >>! 2s <: i16) &. 255s <: i16) <: u8 in +// let coef5:u8 = +// ((cast (coefficient4 &. 127s <: i16) <: u8) <>! 10s <: i16) <: u8) +// in +// let coef6:u8 = +// ((cast (coefficient5 &. 15s <: i16) <: u8) <>! 7s <: i16) <: u8) +// in +// let coef7:u8 = +// ((cast (coefficient6 &. 1s <: i16) <: u8) <>! 4s <: i16) <: u8) +// in +// let coef8:u8 = cast ((coefficient6 >>! 1s <: i16) &. 255s <: i16) <: u8 in +// let coef9:u8 = +// ((cast (coefficient7 &. 63s <: i16) <: u8) <>! 9s <: i16) <: u8) +// in +// let coef10:u8 = +// ((cast (coefficient8 &. 7s <: i16) <: u8) <>! 6s <: i16) <: u8) +// in +// let coef11:u8 = cast (coefficient8 >>! 3s <: i16) <: u8 in +// // admit (); +// // BitVecEq.bit_vec_equal_intro_principle (); +// coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 +// <: +// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// #pop-options + +// #push-options "--fuel 5 --ifuel 0 --z3rlimit 800 --split_queries always" +// let compress_coefficients_11_lemma +// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +// int_t_d i16_inttype 11) +// = BitVecEq.bit_vec_equal_intro_principle (); +// // let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in +// // let arr2 = (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) in +// // let bv1 = bit_vec_of_int_t_array arr1 11 in +// // let bv2 = bit_vec_of_int_t_array arr2 8 in +// // let d1 = 11 in +// // let d2 = 8 in +// // let i = 27 in +// // let coef_number_input = i / d1 in +// // let mixed = mix_two_ints i16_inttype u8_inttype +// // 11 8 +// // (Seq.index arr1 coef_number_input ) +// // (Seq.index arr1 (coef_number_input + 1)) +// // (i % d2) in +// assert ( +// // bv1 i == get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) +// // bv2 i == get_bit mixed (sz (i % d2)) +// // get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) +// // bv1 27 == bv2 27 +// BitVecEq.int_t_array_bitwise_eq' +// (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +// (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) 8 +// ) +// #pop-options + +// // bv2 i == bit_vec (Seq.index arr1 ()) + +// let eee +// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: +// int_t_d i32_inttype 11) +// = let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in +// let tuple = compress_coefficients_11_ +// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 in +// let arr2 = MkSeq.create11 tuple in +// let bv1 = bit_vec_of_int_t_array arr1 11 in +// let bv2 = bit_vec_of_int_t_array (MkSeq.create11 tuple) 8 in +// let i = 0 in +// let d = 11 in +// assert ( +// // bv2 i == get_bit (Seq.index arr2 (i / 11)) (sz (i % 11)) +// bv2 i == (cast (coefficient1 <: i32) <: u8) +// ) by (FStar.Tactics.compute (); FStar.Tactics.trefl (); FStar.Tactics.fail "x"); +// // assert ( +// // bv1 i == get_bit (Seq.index arr1 (i / 11)) (sz (i % 11)) +// // ) by (FStar.Tactics.compute (); FStar.Tactics.fail "x"); +// admit () +// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// // (requires True) +// // (ensures fun tuple -> +// // BitVecEq.int_t_array_bitwise_eq' +// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 +// // (MkSeq.create11 tuple) 8 +// // ) + +// #push-options "--ifuel 1 --z3rlimit 200" + +// #push-options "--z3rlimit 1600 --split_queries always" + +// let serialize_11_int' (v: t_Slice i16) = +// let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in +// let r1:u8 = +// ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) +// in +// let r2:u8 = +// ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) +// in +// let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in +// let r4:u8 = +// ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) +// in +// let r5:u8 = +// ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) +// in +// let r6:u8 = +// ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) +// in +// let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in +// let r8:u8 = +// ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) +// in +// let r9:u8 = +// ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) +// in +// let r10: u8 = (cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) in +// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in +// r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 +// <: +// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let serialize_12_int (v: t_Slice i16) = +// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in +// let r1:u8 = +// cast (((v.[ sz 0 ] <: i16) >>! 8l <: i16) |. (((v.[ sz 1 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s <: i16) <: u8 in +// r0, r1, r2 <: (u8 & u8 & u8) + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let serialize_4_int (v: t_Slice i16) = +// let result0:u8 = +// ((cast (v.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) |. ((v.[ sz 2 ] <: i16) <>! 1l <: i16) |. ((v.[ sz 4 ] <: i16) <>! 4l <: i16) |. ((v.[ sz 5 ] <: i16) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < +// let result:t_Array u8 (sz 2) = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:t_Array u8 (sz 2) = result in +// let i:usize = i in +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// (sz 0) +// ((result.[ sz 0 ] <: u8) |. +// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < +// let result:t_Array u8 (sz 2) = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:t_Array u8 (sz 2) = result in +// let i:usize = i in +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// (sz 1) +// ((result.[ sz 1 ] <: u8) |. +// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let i:usize = i in +// { +// result with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// i +// (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) +// <: +// t_Array i16 (sz 16) +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// in +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Rust_primitives.Hax.Folds.fold_range (sz 8) +// Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR +// (fun result temp_1_ -> +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let _:usize = temp_1_ in +// true) +// result +// (fun result i -> +// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in +// let i:usize = i in +// { +// result with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// i +// (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) +// <: +// t_Array i16 (sz 16) +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// in +// result + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_10_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_11_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_12_ (bytes: t_Slice u8) = +// let v0_1_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v2_3_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v4_5_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v6_7_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_9_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v10_11_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v12_13_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v14_15_:(i16 & i16) = +// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_1_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_1_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v2_3_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v2_3_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v4_5_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v4_5_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v6_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v6_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_9_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_9_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v10_11_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v10_11_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v12_13_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v12_13_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v14_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// re with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v14_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// re + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_4_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 8 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options + +// #push-options "--admit_smt_queries true" + +// let deserialize_5_ (bytes: t_Slice u8) = +// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = +// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } +// <: +// Core.Ops.Range.t_Range usize ] +// <: +// t_Slice u8) +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 0) +// v0_7_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 1) +// v0_7_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 2) +// v0_7_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 3) +// v0_7_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 4) +// v0_7_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 5) +// v0_7_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 6) +// v0_7_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 7) +// v0_7_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 8) +// v8_15_._1 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 9) +// v8_15_._2 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 10) +// v8_15_._3 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 11) +// v8_15_._4 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 12) +// v8_15_._5 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 13) +// v8_15_._6 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 14) +// v8_15_._7 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +// { +// v with +// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// = +// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v +// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements +// (sz 15) +// v8_15_._8 +// } +// <: +// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// in +// v + +// #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti new file mode 100644 index 000000000..4ed69770d --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fsti @@ -0,0 +1,100 @@ +module Libcrux_ml_kem.Vector.Portable.Serialize.Edited +// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +// open Core +// open FStar.Mul + +// val deserialize_10_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_11_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_12_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + +// val deserialize_4_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_5_int (bytes: t_Slice u8) +// : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val serialize_10_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8) +// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) +// (ensures +// fun tuple -> +// let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in +// BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 4)) 10 (MkSeq.create5 tuple) 8) + +// val serialize_11_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) +// (requires Seq.length v == 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11)) +// (ensures +// fun tuple -> +// let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in +// BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) + +// val serialize_12_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_4_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_5_int (v: t_Slice i16) +// : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +// val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +// val deserialize_1_ (v: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_10_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_11_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_12_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_4_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) + +// val deserialize_5_ (bytes: t_Slice u8) +// : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +// Prims.l_True +// (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst b/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst new file mode 100644 index 000000000..e69de29bb diff --git a/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst b/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst new file mode 100644 index 000000000..e2e480052 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst @@ -0,0 +1,15 @@ +module TacticTest + +open Core +open FStar.Mul +open FStar.Tactics.V2 + +module _ = BitVecEq +module _ = Rust_primitives.BitVectors + + +/// Rewrite lemmas + + + + diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index fb608ca89..c18e35239 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -170,7 +170,7 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { "#))] #[hax_lib::ensures(|tuple| fstar!(r#" BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 5)) 8 - (MkSeq.create4 $tuple) 5 + (MkSeq.create8 $tuple) 5 /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) "#))] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { @@ -357,16 +357,14 @@ pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 11) "#))] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { - let r0 = ((bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16) as i16; - let r1 = ((bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3)) as i16; - let r2 = ((bytes[4] as i16 & 0x1) << 10 | ((bytes[3] as i16) << 2) | ((bytes[2] as i16) >> 6)) - as i16; - let r3 = ((bytes[5] as i16 & 0xF) << 7 | (bytes[4] as i16 >> 1)) as i16; - let r4 = ((bytes[6] as i16 & 0x7F) << 4 | (bytes[5] as i16 >> 4)) as i16; - let r5 = - ((bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7)) as i16; - let r6 = ((bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2)) as i16; - let r7 = (((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5)) as i16; + let r0 = (bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16; + let r1 = (bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3); + let r2 = (bytes[4] as i16 & 0x1) << 10 | ((bytes[3] as i16) << 2) | ((bytes[2] as i16) >> 6); + let r3 = (bytes[5] as i16 & 0xF) << 7 | (bytes[4] as i16 >> 1); + let r4 = (bytes[6] as i16 & 0x7F) << 4 | (bytes[5] as i16 >> 4); + let r5 = (bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7); + let r6 = (bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2); + let r7 = ((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5); hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } diff --git a/libcrux-sha3/proofs/fstar/extraction/Makefile b/libcrux-sha3/proofs/fstar/extraction/Makefile new file mode 100644 index 000000000..ec420d509 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Makefile @@ -0,0 +1 @@ +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From 81fd6a16b9d944c5eff2d7640138d4f605bbe709 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 10 Aug 2024 13:49:10 +0000 Subject: [PATCH 093/348] Set post-condition for MlKemKeyPair::from in types.rs --- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 332 ++++++++++++++++++ .../extraction/Libcrux_ml_kem.Ind_cca.fst | 66 ++-- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 42 +-- .../extraction/Libcrux_ml_kem.Matrix.fst | 8 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 5 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 6 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 12 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 30 +- .../extraction/Libcrux_ml_kem.Types.fsti | 67 ++-- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 5 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 24 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 32 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 7 +- .../proofs/fstar/spec/Spec.MLKEM.fst | 4 +- libcrux-ml-kem/src/types.rs | 2 + 16 files changed, 461 insertions(+), 189 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst new file mode 100644 index 000000000..f1cbcbd50 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -0,0 +1,332 @@ +module Libcrux_ml_kem.Ind_cca.Unpacked +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Polynomial in + let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Vector.Traits in + () + +let encapsulate_unpacked + (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + (randomness: t_Array u8 (sz 32)) + = + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN + v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + public_key.f_ind_cpa_public_key randomness pseudorandomness + in + let shared_secret_array:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let shared_secret_array:t_Array u8 (sz 32) = + Core.Slice.impl__copy_from_slice #u8 shared_secret_array shared_secret + in + Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Array u8 v_CIPHERTEXT_SIZE) + #FStar.Tactics.Typeclasses.solve + ciphertext, + shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + +let decapsulate_unpacked + (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_pair: t_MlKemKeyPairUnpacked v_K v_Vector) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let decrypted:t_Array u8 (sz 32) = + Libcrux_ml_kem.Ind_cpa.decrypt_unpacked v_K + v_CIPHERTEXT_SIZE + v_C1_SIZE + v_VECTOR_U_COMPRESSION_FACTOR + v_VECTOR_V_COMPRESSION_FACTOR + #v_Vector + key_pair.f_private_key.f_ind_cpa_private_key + ciphertext.Libcrux_ml_kem.Types.f_value + in + let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) + in + let to_hash:t_Array u8 (sz 64) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + <: + t_Slice u8) + in + let hashed:t_Array u8 (sz 64) = + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (to_hash <: t_Slice u8) + in + let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = + Core.Slice.impl__split_at #u8 + (hashed <: t_Slice u8) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + in + let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 + v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + in + let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash + ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize) + (Core.Slice.impl__copy_from_slice #u8 + (to_hash.[ { Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + <: + t_Slice u8) + in + let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (sz 32) + (to_hash <: t_Slice u8) + in + let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = + Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE + v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 + v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher + key_pair.f_public_key.f_ind_cpa_public_key decrypted pseudorandomness + in + let selector:u8 = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_in_constant_time (Core.Convert.f_as_ref #(Libcrux_ml_kem.Types.t_MlKemCiphertext + v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + in + Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret + (implicit_rejection_shared_secret <: t_Slice u8) + selector + +let generate_keypair_unpacked + (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: + usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Array u8 (sz 64)) + = + let ind_cpa_keypair_randomness:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + in + let implicit_rejection_value:t_Slice u8 = + randomness.[ { + Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + in + let ind_cpa_private_key, ind_cpa_public_key:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked + v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + ind_cpa_keypair_randomness + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + (fun v__i -> + let v__i:usize = v__i in + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__j -> + let v__j:usize = v__j in + Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + in + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + #FStar.Tactics.Typeclasses.solve + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v_A + (fun v_A i -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let i:usize = i in + Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range + usize) + #FStar.Tactics.Typeclasses.solve + ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } + <: + Core.Ops.Range.t_Range usize) + <: + Core.Ops.Range.t_Range usize) + v_A + (fun v_A j -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let j:usize = j in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v_A + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (v_A.[ i ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + j + (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement + v_Vector) + #FStar.Tactics.Typeclasses.solve + ((ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K).[ i ] + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K) + <: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) + in + let ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + in + let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + in + let public_key_hash:t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (pk_serialized <: t_Slice u8) + in + let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + implicit_rejection_value + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + in + { + f_private_key + = + { + f_ind_cpa_private_key = ind_cpa_private_key; + f_implicit_rejection_value = implicit_rejection_value + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key + = + { f_ind_cpa_public_key = ind_cpa_public_key; f_public_key_hash = public_key_hash } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 2f2333830..4172843c7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -44,7 +44,6 @@ let serialize_kem_secret_key <: t_Slice u8) in - assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 private_key <: usize) in let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out @@ -69,10 +68,8 @@ let serialize_kem_secret_key <: t_Slice u8) in - assert (Seq.slice out 0 (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) == private_key); - assert (Seq.slice out (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) (v (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + v (Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)) == public_key); let pointer:usize = pointer +! (Core.Slice.impl__len #u8 public_key <: usize) in - let out1:t_Array u8 v_SERIALIZED_KEY_LEN = + let out:t_Array u8 v_SERIALIZED_KEY_LEN = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ Core.Ops.Range.f_start = pointer; @@ -89,12 +86,10 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - public_key - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + public_key <: t_Slice u8) <: @@ -126,8 +121,6 @@ let serialize_kem_secret_key <: t_Slice u8) in - admit(); - Seq.lemma_eq_intro out (Seq.append (Seq.append (Seq.append private_key public_key) (Spec.Utils.v_H public_key)) implicit_rejection_value); out let validate_public_key @@ -178,7 +171,7 @@ let decapsulate = let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = @@ -198,7 +191,7 @@ let decapsulate ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -219,11 +212,11 @@ let decapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 @@ -256,7 +249,7 @@ let decapsulate #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE @@ -270,7 +263,7 @@ let decapsulate v_K v_CIPHERTEXT_SIZE #v_Hasher - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) ciphertext in let shared_secret:t_Array u8 (sz 32) = @@ -312,10 +305,10 @@ let encapsulate #FStar.Tactics.Typeclasses.solve v_K #v_Hasher - (Rust_primitives.unsize randomness <: t_Slice u8) + (randomness <: t_Slice u8) in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -328,17 +321,10 @@ let encapsulate Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE - public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) <: t_Slice u8) <: @@ -348,22 +334,19 @@ let encapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_18__as_slice v_PUBLIC_KEY_SIZE public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) randomness pseudorandomness + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness in let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -384,7 +367,6 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) -#push-options "--z3rlimit 500" let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) @@ -428,8 +410,8 @@ let generate_keypair serialize_kem_secret_key v_K v_PRIVATE_KEY_SIZE #v_Hasher - (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) - (Rust_primitives.unsize public_key <: t_Slice u8) + (ind_cpa_private_key <: t_Slice u8) + (public_key <: t_Slice u8) implicit_rejection_value in let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey @@ -439,7 +421,7 @@ let generate_keypair #FStar.Tactics.Typeclasses.solve secret_key_serialized in - Libcrux_ml_kem.Types.impl__from v_PRIVATE_KEY_SIZE + Libcrux_ml_kem.Types.impl_18__from v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE private_key (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2dc3193fa..0a72cdac9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -86,9 +86,7 @@ let sample_ring_element_cbd i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -175,9 +173,7 @@ let sample_vector_cbd_then_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -251,13 +247,10 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u - v_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - re - <: - t_Array u8 v_BLOCK_LEN) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + re <: t_Slice u8) <: @@ -292,7 +285,7 @@ let deserialize_then_decompress_u (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__chunks_exact #u8 - (Rust_primitives.unsize ciphertext <: t_Slice u8) + (ciphertext <: t_Slice u8) ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: @@ -444,11 +437,7 @@ let serialize_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element - #v_Vector - re - <: - t_Array u8 (sz 384)) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re <: t_Slice u8) <: @@ -484,12 +473,7 @@ let serialize_public_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (serialize_secret_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - #v_Vector - tt_as_ntt - <: - t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) + (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt <: t_Slice u8) <: @@ -611,12 +595,12 @@ let encrypt_unpacked #v_K #FStar.Tactics.Typeclasses.solve v_ETA2_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) + (prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize prf_output <: t_Slice u8) + (prf_output <: t_Slice u8) in let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Matrix.compute_vector_u v_K @@ -748,7 +732,7 @@ let generate_keypair_unpacked key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -835,7 +819,7 @@ let generate_keypair v_PUBLIC_KEY_SIZE #v_Vector pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + (pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_secret_key v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index c6c53893c..0dc329562 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -40,7 +40,7 @@ let compute_As_plus_e #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize matrix_A + (matrix_A <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -74,7 +74,7 @@ let compute_As_plus_e #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (Rust_primitives.unsize row + (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: @@ -203,7 +203,7 @@ let compute_vector_u #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize a_as_ntt + (a_as_ntt <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) @@ -237,7 +237,7 @@ let compute_vector_u #FStar.Tactics.Typeclasses.solve (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (Rust_primitives.unsize row + (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index f56e0f64e..9c6f28d5d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -205,10 +205,7 @@ let impl__add_to_ring_element Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = - Core.Slice.impl__len #v_Vector - (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) - <: - usize + Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize } <: Core.Ops.Range.t_Range usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 20253a46c..90288b226 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -219,8 +219,7 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -291,8 +290,7 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index aed7b3675..a3991d73c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -65,7 +65,7 @@ let compress_then_serialize_10_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -129,7 +129,7 @@ let compress_then_serialize_11_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -192,7 +192,7 @@ let compress_then_serialize_4_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -256,7 +256,7 @@ let compress_then_serialize_5_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -317,7 +317,7 @@ let compress_then_serialize_message Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -881,7 +881,7 @@ let serialize_uncompressed_ring_element Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index e5a39ea4d..186d2dccc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -3,25 +3,25 @@ module Libcrux_ml_kem.Types open Core open FStar.Mul -let impl_6__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_5__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_12__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_11__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_18__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_17__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value +let impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value +let impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value +let impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value -let impl__from +let impl_18__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE -let impl__into_parts +let impl_18__into_parts (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = @@ -29,7 +29,7 @@ let impl__into_parts <: (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) -let impl__new +let impl_18__new (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -51,22 +51,22 @@ let impl__new <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE -let impl__pk +let impl_18__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_18__as_slice v_PUBLIC_KEY_SIZE self.f_pk + = impl_17__as_slice v_PUBLIC_KEY_SIZE self.f_pk -let impl__private_key +let impl_18__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = self.f_sk -let impl__public_key +let impl_18__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = self.f_pk -let impl__sk +let impl_18__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_12__as_slice v_PRIVATE_KEY_SIZE self.f_sk + = impl_11__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 40b435b81..1c27faa94 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -4,30 +4,30 @@ open Core open FStar.Mul /// The number of bytes -val impl_6__len: v_SIZE: usize -> Prims.unit +val impl_5__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_12__len: v_SIZE: usize -> Prims.unit +val impl_11__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_18__len: v_SIZE: usize -> Prims.unit +val impl_17__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -35,7 +35,7 @@ let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -48,7 +48,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = +let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = { f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true); f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -56,22 +56,22 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip } /// A reference to the raw byte slice. -val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) +val impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_7 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_7 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -79,7 +79,7 @@ let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -92,7 +92,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = +let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -100,22 +100,22 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPr } /// A reference to the raw byte slice. -val impl_12__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) +val impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_13 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_13 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -123,7 +123,7 @@ let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -136,7 +136,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = +let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -144,11 +144,11 @@ let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu } /// A reference to the raw byte slice. -val impl_18__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) +val impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_4 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -179,7 +179,7 @@ let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -210,7 +210,7 @@ let impl_11 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_17 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_16 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -247,16 +247,19 @@ type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { } /// Create a new [`MlKemKeyPair`] from the secret and public key. -val impl__from +val impl_18__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = result in + result.f_sk == sk /\ result.f_pk == pk) /// Separate this key into the public and private key. -val impl__into_parts +val impl_18__into_parts (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) @@ -264,7 +267,7 @@ val impl__into_parts (fun _ -> Prims.l_True) /// Creates a new [`MlKemKeyPair`]. -val impl__new +val impl_18__new (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -273,25 +276,25 @@ val impl__new (fun _ -> Prims.l_True) /// Get a reference to the raw public key bytes. -val impl__pk +val impl_18__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the [`MlKemPrivateKey`]. -val impl__private_key +val impl_18__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the [`MlKemPublicKey`]. -val impl__public_key +val impl_18__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPublicKey v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the raw private key bytes. -val impl__sk +val impl_18__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 89351a259..33c894793 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -22,9 +22,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let lower_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients @@ -46,9 +44,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let upper_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 3faac2293..a7fa366a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -492,8 +492,7 @@ let deserialize_11_ (bytes: t_Slice u8) = #FStar.Tactics.Typeclasses.solve output in - Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (Rust_primitives.unsize array <: t_Slice i16 - ) + Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (array <: t_Slice i16) let serialize_11_ (vector: u8) = let array:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in @@ -503,7 +502,7 @@ let serialize_11_ (vector: u8) = let input:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize array <: t_Slice i16) + (array <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index cf6dd3074..dc8d03610 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -12,9 +12,7 @@ let inv_ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -84,9 +82,7 @@ let inv_ntt_layer_2_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -184,9 +180,7 @@ let ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -252,9 +246,7 @@ let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -363,9 +355,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a0:u8 = Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high @@ -476,9 +466,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let low2:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u8_s16 low1 <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 437f01c03..aa783010c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -18,9 +18,7 @@ let deserialize_1_ (a: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 low shift in let high:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 high shift in { @@ -42,17 +40,13 @@ let deserialize_12_ (v: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let (shifts: t_Array i16 (sz 8)):t_Array i16 (sz 8) = let list = [0s; (-4s); 0s; (-4s); 0s; (-4s); 0s; (-4s)] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifts <: t_Slice i16) - in + let shift_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifts <: t_Slice i16) in let mask12:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u16 4095us in let input0:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input0:t_Array u8 (sz 16) = @@ -74,9 +68,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input0 <: t_Slice u8) - in + let input_vec0:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input0 <: t_Slice u8) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range input1 @@ -97,9 +89,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input1 <: t_Slice u8) - in + let input_vec1:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input1 <: t_Slice u8) in let moved0:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 input_vec0 @@ -143,9 +133,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low shift @@ -516,9 +504,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let lowt:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_u16 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low @@ -728,7 +714,7 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve @@ -739,7 +725,7 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index bf70faa49..56952c6e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -19,7 +19,12 @@ class t_Operations (v_Self: Type0) = { f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); f_ZERO_pre:Prims.unit -> Type0; - f_ZERO_post:result: v_Self -> pred: Type0{pred ==> f_to_i16_array result == Seq.create 16 0uy}; + f_ZERO_post:x: Prims.unit -> result: v_Self + -> pred: + Type0 + { pred ==> + (let _:Prims.unit = x in + f_to_i16_array result == Seq.create 16 0uy) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_add_post:v_Self -> v_Self -> v_Self -> Type0; diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 30536bd68..f311f1155 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -222,8 +222,8 @@ val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATIO (t_MLKEMCPAKeyPair r & bool) let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in - let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in - let (matrix_A_as_ntt, sufficient_randomness) = sample_matrix_A_ntt #r seed_for_A in + let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in + let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index b2ab0cc30..6481737ae 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -140,6 +140,7 @@ pub struct MlKemKeyPair, } +#[hax_lib::attributes] impl MlKemKeyPair { @@ -152,6 +153,7 @@ impl } /// Create a new [`MlKemKeyPair`] from the secret and public key. + #[ensures(|result| fstar!("${result}.f_sk == $sk /\\ ${result}.f_pk == $pk"))] pub fn from( sk: MlKemPrivateKey, pk: MlKemPublicKey, From 00559aa5d2c6b52c0d375784a2033e250315b852 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 10 Aug 2024 22:04:56 +0000 Subject: [PATCH 094/348] Proof for serialize_kem_secret_key --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 34 +++++++++++++++++++ .../proofs/fstar/spec/Spec.Utils.fst | 19 +++++++++-- libcrux-ml-kem/src/ind_cca.rs | 19 +++++++++++ 3 files changed, 70 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 4172843c7..2f4044e1b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -121,6 +121,40 @@ let serialize_kem_secret_key <: t_Slice u8) in + let _:Prims.unit = + let open Spec.Utils in + assert ((Seq.slice out 0 (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K))) + `Seq.equal` + private_key); + assert ((Seq.slice out + (v #usize_inttype (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K)) + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K))) + `Seq.equal` + public_key); + assert ((Seq.slice out + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K)) + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE))) + `Seq.equal` + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key)); + assert (Seq.slice out + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE)) + (v #usize_inttype + (Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K +! Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K +! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE +! + Spec.MLKEM.v_SHARED_SECRET_SIZE)) == + implicit_rejection_value); + lemma_slice_append_4 out + private_key + public_key + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key) + implicit_rejection_value + in out let validate_public_key diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 0b63ffa03..671f5d46e 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -53,5 +53,20 @@ val v_XOF (v_LEN: usize{v v_LEN < pow2 32}) (input: t_Slice u8) : t_Array u8 v_L let v_XOF v_LEN input = map_slice Lib.RawIntTypes.u8_to_UInt8 ( shake128 (Seq.length input) (map_slice Lib.IntTypes.secret input) (v v_LEN)) - - +let update_at_range_lemma #n + (s: t_Slice 't) + (i: Core.Ops.Range.t_Range (int_t n) {(Core.Ops.Range.impl_index_range_slice 't n).f_index_pre s i}) + (x: t_Slice 't) + : Lemma + (requires (Seq.length x == v i.f_end - v i.f_start)) + (ensures ( + let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in + let len = v i.f_start in + forall (i: nat). i < len ==> Seq.index s i == Seq.index s' i + )) + [SMTPat (Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x)] + = let s' = Rust_primitives.Hax.Monomorphized_update_at.update_at_range s i x in + let len = v i.f_start in + introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i + with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i + /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ec21bf23c..e5f29a92b 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -63,6 +63,25 @@ fn serialize_kem_secret_key Date: Mon, 12 Aug 2024 06:45:23 +0000 Subject: [PATCH 095/348] Post-condition for ind_cca::encapsulate --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 8 ++++ .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 19 +++++++--- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 9 ++++- .../extraction/Libcrux_ml_kem.Types.fsti | 21 ++++++++-- .../extraction/Libcrux_ml_kem.Utils.fsti | 5 ++- libcrux-ml-kem/src/ind_cca.rs | 38 +++++++++++-------- libcrux-ml-kem/src/ind_cpa.rs | 6 +++ libcrux-ml-kem/src/types.rs | 2 + libcrux-ml-kem/src/utils.rs | 3 ++ 9 files changed, 85 insertions(+), 26 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 2f4044e1b..8203fe68e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -364,6 +364,14 @@ let encapsulate <: t_Slice u8) in + let _:Prims.unit = + assert (Seq.slice to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == randomness); + lemma_slice_append to_hash + randomness + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value); + assert (to_hash == + concat randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value)) + in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 228954840..98c724eec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -76,10 +76,10 @@ class t_Variant (v_Self: Type0) = { v_CIPHERTEXT_SIZE: usize -> #v_Hasher: Type0 -> {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - t_Array u8 (sz 32) - -> Type0; + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == shared_secret}; f_kdf: v_K: usize -> v_CIPHERTEXT_SIZE: usize -> @@ -142,7 +142,7 @@ let impl: t_Variant t_MlKem = (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) (out1: t_Array u8 (sz 32)) -> - true); + out1 == shared_secret); f_kdf = (fun @@ -243,7 +243,14 @@ val encapsulate v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + = + result + in + (result._1.f_value, result._2) == + Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness) /// Packed API /// Generate a key pair. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 51ca994db..d6d1d387e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -173,7 +173,14 @@ val encrypt (public_key: t_Slice u8) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) + (requires + Spec.MLKEM.is_rank v_K /\ length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE) + (ensures + fun result -> + let result:t_Array u8 v_CIPHERTEXT_SIZE = result in + result == Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness) /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 1c27faa94..4216d3c89 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -57,7 +57,12 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip /// A reference to the raw byte slice. val impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) - : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SIZE) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_SIZE = result in + result == self.f_value) ///An ML-KEM Private key type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -101,7 +106,12 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPri /// A reference to the raw byte slice. val impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) - : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SIZE) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_SIZE = result in + result == self.f_value) ///An ML-KEM Public key type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } @@ -145,7 +155,12 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu /// A reference to the raw byte slice. val impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) - : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_SIZE) + Prims.l_True + (ensures + fun result -> + let result:t_Array u8 v_SIZE = result in + result == self.f_value) [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_4 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index df9ce411d..85ac8d1c5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -7,4 +7,7 @@ open FStar.Mul val into_padded_array (v_LEN: usize) (slice: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) (requires (Core.Slice.impl__len #u8 slice <: usize) <=. v_LEN) - (fun _ -> Prims.l_True) + (ensures + fun res -> + let res:t_Array u8 v_LEN = res in + Seq.slice res 0 (Seq.length slice) == slice) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index e5f29a92b..6ffdad401 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -44,7 +44,7 @@ pub(crate) mod instantiations; ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ ${public_key.len()} == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ ${implicit_rejection_value.len()} == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] -#[hax_lib::ensures(|result| fstar!("result == Seq.append $private_key ( +#[hax_lib::ensures(|result| fstar!("$result == Seq.append $private_key ( Seq.append $public_key ( Seq.append (Spec.Utils.v_H $public_key) $implicit_rejection_value))"))] @@ -64,24 +64,24 @@ fn serialize_kem_secret_key(&randomness); let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice())); + hax_lib::fstar!("assert (Seq.slice $to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == $randomness); + lemma_slice_append $to_hash $randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #$K ${public_key}.f_value); + assert ($to_hash == concat $randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #$K ${public_key}.f_value))"); let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); @@ -532,6 +537,7 @@ pub mod unpacked { #[hax_lib::attributes] pub(crate) trait Variant { #[requires(shared_secret.len() == 32)] + #[ensures(|res| fstar!("$res == $shared_secret"))] fn kdf>( shared_secret: &[u8], ciphertext: &MlKemCiphertext, @@ -580,6 +586,8 @@ pub(crate) struct MlKem {} impl Variant for MlKem { #[inline(always)] #[requires(shared_secret.len() == 32)] + // Output name has be `out1` https://github.com/hacspec/hax/issues/832 + #[ensures(|out1| fstar!("$out1 == $shared_secret"))] fn kdf>( shared_secret: &[u8], _: &MlKemCiphertext, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index b046d879c..9ded927ab 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -382,6 +382,12 @@ pub(crate) fn encrypt_unpacked< } #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ + length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] +#[hax_lib::ensures(|result| + fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") +)] pub(crate) fn encrypt< const K: usize, const CIPHERTEXT_SIZE: usize, diff --git a/libcrux-ml-kem/src/types.rs b/libcrux-ml-kem/src/types.rs index 6481737ae..851eb95a0 100644 --- a/libcrux-ml-kem/src/types.rs +++ b/libcrux-ml-kem/src/types.rs @@ -42,8 +42,10 @@ macro_rules! impl_generic_struct { } } + #[hax_lib::attributes] impl $name { /// A reference to the raw byte slice. + #[ensures(|result| fstar!("$result == self.f_value"))] pub fn as_slice(&self) -> &[u8; SIZE] { &self.value } diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index 3c3be2bcc..707ee55d5 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -8,6 +8,9 @@ #[cfg_attr(hax, hax_lib::requires( slice.len() <= LEN ))] +#[cfg_attr(hax, hax_lib::ensures(|res| + fstar!("Seq.slice $res 0 (Seq.length $slice) == $slice") +))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); From ba46e5746d924ff730a7966a5beadc34da2225d4 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 12 Aug 2024 14:42:39 +0000 Subject: [PATCH 096/348] Replace v_Hasher with $:Hasher --- .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 1 + libcrux-ml-kem/src/ind_cca.rs | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 8203fe68e..6348eeb0d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -405,6 +405,7 @@ let encapsulate shared_secret ciphertext in + let _:Prims.unit = admit () in ciphertext, shared_secret_array <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 6ffdad401..99d8b063a 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -72,7 +72,7 @@ fn serialize_kem_secret_key(shared_secret, &ciphertext); + // For some reason F* manages to assert the post-condition but fails to verify it + // as a part of function signature + hax_lib::fstar!("admit()"); (ciphertext, shared_secret_array) } From 0b5406bf98bb5f40cdaf22cce6041f82b9324a7b Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 12 Aug 2024 20:10:26 +0000 Subject: [PATCH 097/348] Set full pre-conditions for ind_cpa::encrypt --- libcrux-ml-kem/src/ind_cpa.rs | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 9ded927ab..253884393 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -383,8 +383,19 @@ pub(crate) fn encrypt_unpacked< #[allow(non_snake_case)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $ETA1 = Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 = Spec.MLKEM.v_ETA2 $K /\\ + $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $ETA2_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ length $public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] + length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE $K /\\ + $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))] #[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") )] From d635b1b2d923dc37c1c1486c59fe362381155413 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 12 Aug 2024 20:32:38 -0400 Subject: [PATCH 098/348] ind-cca panic free --- Cargo.lock | 70 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 24 ++++--- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 9 ++- .../proofs/fstar/extraction/Makefile | 2 +- libcrux-ml-kem/src/ind_cca.rs | 21 +++--- 5 files changed, 71 insertions(+), 55 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 281693ce8..2956ec494 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.72", + "syn 2.0.74", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.8" +version = "1.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" +checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" +checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" dependencies = [ "anstream", "anstyle", @@ -318,7 +318,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -362,9 +362,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" dependencies = [ "libc", ] @@ -482,7 +482,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "num-bigint", @@ -721,33 +721,33 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "proc-macro2", "quote", @@ -1228,7 +1228,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -1395,7 +1395,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -1646,29 +1646,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.205" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" +checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.205" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" +checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] name = "serde_json" -version = "1.0.122" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" +checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" dependencies = [ "itoa", "memchr", @@ -1760,9 +1760,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.74" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" dependencies = [ "proc-macro2", "quote", @@ -1880,7 +1880,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", "wasm-bindgen-shared", ] @@ -1914,7 +1914,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1947,7 +1947,7 @@ checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -2105,7 +2105,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] [[package]] @@ -2125,5 +2125,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.74", ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 6348eeb0d..534fb0391 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -309,16 +309,20 @@ let decapsulate shared_secret ciphertext in - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + let shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (Rust_primitives.unsize shared_secret <: t_Slice u8) + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + in + let _:Prims.unit = admit () in + shared_secret let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 98c724eec..da968f80b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -196,6 +196,8 @@ let impl: t_Variant t_MlKem = out } +#push-options "--z3rlimit 1234" + val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -220,7 +222,12 @@ val decapsulate v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ v_IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value) + +#pop-options val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 41ea6d360..446128dd0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -143,7 +143,7 @@ FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/ ../../../../libcrux-intrinsics/proofs/fstar/extraction/ \ ../../../../libcrux-sha3/proofs/fstar/extraction/ -FSTAR_FLAGS = --cmi \ +FSTAR_FLAGS = --cmi --query_stats \ --warn_error -331-321-274 \ --cache_checked_modules --cache_dir $(CACHE_DIR) \ --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 99d8b063a..9a7b82a8b 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -162,6 +162,7 @@ fn generate_keypair< MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } + #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -227,13 +228,13 @@ fn encapsulate< let ciphertext = MlKemCiphertext::from(ciphertext); let shared_secret_array = Scheme::kdf::(shared_secret, &ciphertext); - // For some reason F* manages to assert the post-condition but fails to verify it // as a part of function signature - hax_lib::fstar!("admit()"); + hax_lib::fstar!("admit() (* Panic Free *)"); (ciphertext, shared_secret_array) } +#[hax_lib::fstar::options("--z3rlimit 150")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -250,6 +251,8 @@ fn encapsulate< $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] +#[hax_lib::ensures(|result| fstar!("${result} == + Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value"))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, @@ -319,12 +322,14 @@ pub(crate) fn decapsulate< Scheme::kdf::(&implicit_rejection_shared_secret, ciphertext); let shared_secret = Scheme::kdf::(shared_secret, ciphertext); - compare_ciphertexts_select_shared_secret_in_constant_time( - ciphertext.as_ref(), - &expected_ciphertext, - &shared_secret, - &implicit_rejection_shared_secret, - ) + let shared_secret = compare_ciphertexts_select_shared_secret_in_constant_time( + ciphertext.as_ref(), + &expected_ciphertext, + &shared_secret, + &implicit_rejection_shared_secret, + ); + hax_lib::fstar!("admit() (* Panic Free *)"); + shared_secret } // Unpacked API From 435b6a39b931ac8ca0b179b8aaaa53a15e9152d2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 18:47:30 -0400 Subject: [PATCH 099/348] utils --- .../proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti | 6 +++--- libcrux-ml-kem/src/utils.rs | 5 ++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index 85ac8d1c5..d21c8e3b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -8,6 +8,6 @@ val into_padded_array (v_LEN: usize) (slice: t_Slice u8) : Prims.Pure (t_Array u8 v_LEN) (requires (Core.Slice.impl__len #u8 slice <: usize) <=. v_LEN) (ensures - fun res -> - let res:t_Array u8 v_LEN = res in - Seq.slice res 0 (Seq.length slice) == slice) + fun result -> + let result:t_Array u8 v_LEN = result in + result == Seq.append slice (Seq.create (v v_LEN - v Core.Slice.impl__len #u8 slice) 0uy)) diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index 707ee55d5..bfdc019db 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -8,9 +8,8 @@ #[cfg_attr(hax, hax_lib::requires( slice.len() <= LEN ))] -#[cfg_attr(hax, hax_lib::ensures(|res| - fstar!("Seq.slice $res 0 (Seq.length $slice) == $slice") -))] +#[cfg_attr(hax, hax_lib::ensures(|result| + fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v ${slice.len()}) 0uy)")))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); From e2d32eb5c8b5610b611d4595f1752a7732c86c3a Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 21:15:53 -0400 Subject: [PATCH 100/348] utils verified --- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 17 +++++++++++++++++ .../fstar/extraction/Libcrux_ml_kem.Utils.fsti | 3 ++- libcrux-ml-kem/src/utils.rs | 7 ++++++- 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 7af62082c..6ee03cd7f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -26,4 +26,21 @@ let into_padded_array (v_LEN: usize) (slice: t_Slice u8) = <: t_Slice u8) in + let _:Prims.unit = assert (Seq.slice out 0 (Seq.length slice) == slice) in + let _:Prims.unit = + assert (Seq.slice out (Seq.length slice) (v v_LEN) == + Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN)) + in + let _:Prims.unit = + assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i) + in + let _:Prims.unit = + assert (forall i. + (i >= Seq.length slice && i < v v_LEN) ==> + Seq.index out i == + Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice)) + in + let _:Prims.unit = + Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy)) + in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index d21c8e3b5..2184222c0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -10,4 +10,5 @@ val into_padded_array (v_LEN: usize) (slice: t_Slice u8) (ensures fun result -> let result:t_Array u8 v_LEN = result in - result == Seq.append slice (Seq.create (v v_LEN - v Core.Slice.impl__len #u8 slice) 0uy)) + result == Seq.append slice (Seq.create (v v_LEN - v (Core.Slice.impl__len #u8 slice)) 0uy) + ) diff --git a/libcrux-ml-kem/src/utils.rs b/libcrux-ml-kem/src/utils.rs index bfdc019db..62590aa13 100644 --- a/libcrux-ml-kem/src/utils.rs +++ b/libcrux-ml-kem/src/utils.rs @@ -9,10 +9,15 @@ slice.len() <= LEN ))] #[cfg_attr(hax, hax_lib::ensures(|result| - fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v ${slice.len()}) 0uy)")))] + fstar!("$result == Seq.append $slice (Seq.create (v $LEN - v (${slice.len()})) 0uy)")))] pub(crate) fn into_padded_array(slice: &[u8]) -> [u8; LEN] { let mut out = [0u8; LEN]; out[0..slice.len()].copy_from_slice(slice); + hax_lib::fstar!("assert (Seq.slice out 0 (Seq.length slice) == slice)"); + hax_lib::fstar!("assert (Seq.slice out (Seq.length slice) (v v_LEN) == Seq.slice (Seq.create (v v_LEN) 0uy) (Seq.length slice) (v v_LEN))"); + hax_lib::fstar!("assert (forall i. i < Seq.length slice ==> Seq.index out i == Seq.index slice i)"); + hax_lib::fstar!("assert (forall i. (i >= Seq.length slice && i < v v_LEN) ==> Seq.index out i == Seq.index (Seq.slice out (Seq.length slice) (v v_LEN)) (i - Seq.length slice))"); + hax_lib::fstar!("Seq.lemma_eq_intro out (Seq.append slice (Seq.create (v v_LEN - Seq.length slice) 0uy))"); out } From 53384fe6cdbedf16fb8cade5c188b5ccba4c8821 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 7 Aug 2024 21:16:21 -0400 Subject: [PATCH 101/348] utils verified --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 446128dd0..848cb65e6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -54,13 +54,12 @@ VERIFIED = Libcrux_ml_kem.Types.fst \ Libcrux_ml_kem.Hash_functions.Avx2.fsti \ Libcrux_ml_kem.Hash_functions.fsti \ Libcrux_ml_kem.Hash_functions.Neon.fsti \ - Libcrux_ml_kem.Hash_functions.Portable.fsti + Libcrux_ml_kem.Hash_functions.Portable.fsti \ + Libcrux_ml_kem.Utils.fst \ + Libcrux_ml_kem.Utils.fsti PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ Libcrux_ml_kem.Constant_time_ops.fsti \ - Libcrux_ml_kem.Utils.fst \ - Libcrux_ml_kem.Utils.fsti \ - Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cca.fsti \ Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ Libcrux_ml_kem.Ind_cpa.fsti \ From 8406681f526c8af9ae02e1ba5b1f85ea67da667f Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 8 Aug 2024 07:32:06 -0400 Subject: [PATCH 102/348] git hax-lib --- Cargo.lock | 44 +++++++++++++++++++-------------------- libcrux-ml-kem/Cargo.toml | 4 +++- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2956ec494..58eb680c2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.10" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" +checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.15" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" +checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" dependencies = [ "anstream", "anstyle", @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,9 +711,9 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", "num-traits", ] @@ -721,7 +721,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", @@ -734,9 +734,9 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", "proc-macro-error", "proc-macro2", @@ -747,7 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" dependencies = [ "proc-macro2", "quote", @@ -1039,7 +1039,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1086,7 +1086,7 @@ version = "0.0.2-alpha.3" dependencies = [ "cavp", "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax)", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1646,18 +1646,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.207" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" +checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.207" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" +checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" dependencies = [ "proc-macro2", "quote", @@ -1666,9 +1666,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.124" +version = "1.0.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" +checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" dependencies = [ "itoa", "memchr", diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 9774fe22a..99424ea5b 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -23,7 +23,9 @@ rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } -hax-lib = { git = "https://github.com/hacspec/hax" } + +# This is only required for verification, but we are setting it as default until some hax attributes are fixed +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [features] # By default all variants and std are enabled. From 30c9c48b9fdee53315ee0da22c7cbd59745b8584 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 04:31:48 +0000 Subject: [PATCH 103/348] refreshed c code --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 110 ++++---- .../c/internal/libcrux_mlkem_avx2.h | 62 +++-- .../c/internal/libcrux_mlkem_portable.h | 62 +++-- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 110 ++++---- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 42 +-- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 30 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 42 +-- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 34 +-- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 42 +-- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 30 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 256 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 184 +++++++------ libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 44 +-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 217 ++++++++------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 129 ++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 749 insertions(+), 699 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index b902bff7c..d20926d66 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b +Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 540d71b3b..fac5a90e9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_core_H @@ -68,75 +68,75 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( uint8_t value[1568U]); /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( uint8_t value[1568U]); /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -149,75 +149,75 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( uint8_t value[1184U]); /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( uint8_t value[1088U]); /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -230,63 +230,63 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( uint8_t value[800U]); /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( uint8_t value[768U]); /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -330,14 +330,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 9b26cfb7f..e44ef6e5a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -35,8 +35,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -47,7 +48,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -57,7 +59,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -65,7 +67,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -82,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -99,7 +101,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -110,7 +112,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -130,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -171,8 +173,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 @@ -183,7 +186,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -193,7 +197,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -201,7 +205,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -218,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -235,7 +239,7 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -246,7 +250,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -266,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -307,8 +311,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 @@ -319,7 +324,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -329,7 +335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -337,7 +343,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -354,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -371,7 +377,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -382,7 +388,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -402,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 13eee5030..9f54b0800 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -40,8 +40,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 @@ -53,7 +54,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -64,7 +66,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -72,7 +74,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -90,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -107,7 +109,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -118,7 +120,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -139,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -180,8 +182,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 @@ -193,7 +196,8 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -204,7 +208,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -212,7 +216,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -230,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -247,7 +251,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -258,7 +262,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -279,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -320,8 +324,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -333,7 +338,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -344,7 +350,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -352,7 +358,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -370,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -387,7 +393,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -398,7 +404,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -419,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 2c845fe8e..6f37ca94f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d47ba4344..16040085f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 01f6cf1f1..2528afe9b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_core.h" @@ -80,14 +80,14 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); @@ -98,15 +98,15 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -115,14 +115,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( uint8_t value[3168U]) { uint8_t uu____0[3168U]; memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); @@ -133,14 +133,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); @@ -150,28 +150,28 @@ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); @@ -197,14 +197,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); @@ -215,15 +215,15 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -232,14 +232,14 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); @@ -250,14 +250,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); @@ -267,28 +267,28 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -314,14 +314,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( uint8_t value[800U]) { uint8_t uu____0[800U]; memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); @@ -332,15 +332,15 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -348,14 +348,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( uint8_t value[1632U]) { uint8_t uu____0[1632U]; memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); @@ -366,14 +366,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( uint8_t value[768U]) { uint8_t uu____0[768U]; memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); @@ -383,14 +383,14 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -453,14 +453,14 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 2493baec1..ea2178ff4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 6581a305a..8693d2383 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 03fdbde61..a230fa8ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d8( +static void decapsulate_69( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -46,7 +46,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d8(private_key, ciphertext, ret); + decapsulate_69(private_key, ciphertext, ret); } /** @@ -70,18 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ca( +static void decapsulate_unpacked_18( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ca(private_key, ciphertext, ret); + decapsulate_unpacked_18(private_key, ciphertext, ret); } /** @@ -95,13 +96,13 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_b2( +static tuple_21 encapsulate_c4( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -116,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b2(uu____0, uu____1); + return encapsulate_c4(uu____0, uu____1); } /** @@ -137,14 +138,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_16( +static tuple_21 encapsulate_unpacked_f1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0(uu____0, + uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( @@ -154,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_16(uu____0, uu____1); + return encapsulate_unpacked_f1(uu____0, uu____1); } /** @@ -164,11 +166,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b7( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -179,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f6(uu____0); + return generate_keypair_b7(uu____0); } /** @@ -195,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_d9(uint8_t randomness[64U]) { +generate_keypair_unpacked_24(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 @@ -206,7 +208,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(uu____0); + return generate_keypair_unpacked_24(uu____0); } /** @@ -217,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_570(uint8_t *public_key) { +static bool validate_public_key_e00(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_570(public_key.value)) { + if (validate_public_key_e00(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index a8ef77d6f..46115ce9d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 311d81992..7f94659d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem1024_portable.h" @@ -35,7 +35,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -46,7 +46,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_0b(private_key, ciphertext, ret); } /** @@ -70,18 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_ef( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_ef(private_key, ciphertext, ret); } /** @@ -95,7 +96,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -137,14 +138,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81(uu____0, + uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( @@ -154,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, uu____1); + return encapsulate_unpacked_9d(uu____0, uu____1); } /** @@ -165,7 +167,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -196,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_b3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -207,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); + return generate_keypair_unpacked_b3(uu____0); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index ca0a26b44..96c3b9743 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 015904411..16abd9845 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 76b1c8601..c9b430e4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem512_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_42(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); @@ -44,7 +44,7 @@ static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1d(private_key, ciphertext, ret); + decapsulate_42(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_50( +static void decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_50(private_key, ciphertext, ret); + decapsulate_unpacked_4b(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_00( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, uu____1); + return encapsulate_00(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_14( +static tuple_ec encapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c(uu____0, + uu____1); } tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, uu____1); + return encapsulate_unpacked_62(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_27(uu____0); + return generate_keypair_9a(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_2c(uint8_t randomness[64U]) { +generate_keypair_unpacked_df(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2c(uu____0); + return generate_keypair_unpacked_df(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_57(uint8_t *public_key) { +static bool validate_public_key_e0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_57(public_key.value)) { + if (validate_public_key_e0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index b5b99a9b1..9623db789 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index eda334653..87719217f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { +static void decapsulate_64(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_64(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_40( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_40(private_key, ciphertext, ret); } /** @@ -91,7 +92,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_da( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80(uu____0, + uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, uu____1); + return encapsulate_unpacked_da(uu____0, uu____1); } /** @@ -161,7 +163,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -192,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_a8(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -203,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(uu____0); + return generate_keypair_unpacked_a8(uu____0); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 90fc6cf2d..507bc843c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e7767f6d7..e84654b77 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 515ad73b4..659c863ae 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem768_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_15( +static void decapsulate_1e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); @@ -44,7 +44,7 @@ static void decapsulate_15( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_1e(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_e1( +static void decapsulate_unpacked_d5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_e1(private_key, ciphertext, ret); + decapsulate_unpacked_d5(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_54( +static tuple_3c encapsulate_d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_54(uu____0, uu____1); + return encapsulate_d0(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_94( +static tuple_3c encapsulate_unpacked_1f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1(uu____0, + uu____1); } tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_94(uu____0, uu____1); + return encapsulate_unpacked_1f(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e4(uu____0); + return generate_keypair_4e(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_35(uint8_t randomness[64U]) { +generate_keypair_unpacked_94(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_35(uu____0); + return generate_keypair_unpacked_94(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_571(uint8_t *public_key) { +static bool validate_public_key_e01(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_571(public_key.value)) { + if (validate_public_key_e01(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 60ac8f723..3feac85db 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 71d2574ee..9396f2fb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem768_portable.h" @@ -35,7 +35,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_78( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); @@ -44,7 +44,7 @@ static void decapsulate_be( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_78(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_bc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_bc(private_key, ciphertext, ret); } /** @@ -91,7 +92,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_c5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8(uu____0, + uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, uu____1); + return encapsulate_unpacked_c5(uu____0, uu____1); } /** @@ -161,7 +163,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -192,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_d3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -203,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(uu____0); + return generate_keypair_unpacked_d3(uu____0); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 374afe9fa..717f49e01 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 947545b34..d6ac877ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1383,7 +1383,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_98(core_core_arch_x86___m256i vector) { +shift_right_aa(core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); } @@ -1397,9 +1397,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_92( +static core_core_arch_x86___m256i shift_right_ea_e8( core_core_arch_x86___m256i vector) { - return shift_right_98(vector); + return shift_right_aa(vector); } /** @@ -1410,7 +1410,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static core_core_arch_x86___m256i to_unsigned_representative_a4( core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_92(a); + core_core_arch_x86___m256i t = shift_right_ea_e8(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2508,7 +2508,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -2519,7 +2519,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e31( +static void closure_ee1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -2535,7 +2535,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -2560,8 +2560,9 @@ static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -2572,7 +2573,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -2587,12 +2589,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_ee1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_6a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2732,7 +2734,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -2762,12 +2764,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); } /** @@ -3137,7 +3139,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e7(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3202,9 +3204,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_80( +static core_core_arch_x86___m256i compress_ea_a1( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a(vector); + return compress_ciphertext_coefficient_e7(vector); } /** @@ -3220,7 +3222,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_a1(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3241,7 +3243,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e70(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3306,9 +3308,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_800( +static core_core_arch_x86___m256i compress_ea_a10( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); + return compress_ciphertext_coefficient_e70(vector); } /** @@ -3367,7 +3369,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e71(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3432,9 +3434,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_801( +static core_core_arch_x86___m256i compress_ea_a11( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); + return compress_ciphertext_coefficient_e71(vector); } /** @@ -3450,7 +3452,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_a11(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3469,7 +3471,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_e72(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3534,9 +3536,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_802( +static core_core_arch_x86___m256i compress_ea_a12( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); + return compress_ciphertext_coefficient_e72(vector); } /** @@ -3552,7 +3554,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_a12(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3648,7 +3650,7 @@ static void encrypt_unpacked_881( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -3665,7 +3667,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3704,7 +3706,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -3860,7 +3862,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -3883,7 +3885,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( size_t, Eurydice_slice); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -3901,7 +3903,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -3910,7 +3912,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t shared_secret_array[32U]; kdf_af_501(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -3929,7 +3931,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e4(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3992,9 +3994,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d6( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_55(vector); + return decompress_ciphertext_coefficient_e4(vector); } /** @@ -4016,7 +4018,7 @@ deserialize_then_decompress_10_a7(Eurydice_slice serialized) { Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); } return re; } @@ -4028,7 +4030,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e40(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4091,9 +4093,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d60( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_550(vector); + return decompress_ciphertext_coefficient_e40(vector); } /** @@ -4115,7 +4117,7 @@ deserialize_then_decompress_11_8d(Eurydice_slice serialized) { Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); } return re; } @@ -4199,7 +4201,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e41(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4262,9 +4264,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d61( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_551(vector); + return decompress_ciphertext_coefficient_e41(vector); } /** @@ -4285,7 +4287,7 @@ deserialize_then_decompress_4_9a(Eurydice_slice serialized) { Eurydice_slice); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); } return re; } @@ -4297,7 +4299,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_e42(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4360,9 +4362,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d62( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_552(vector); + return decompress_ciphertext_coefficient_e42(vector); } /** @@ -4384,7 +4386,7 @@ deserialize_then_decompress_5_75(Eurydice_slice serialized) { Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); } return re; } @@ -4529,7 +4531,7 @@ static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4549,7 +4551,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -4587,7 +4589,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4600,7 +4602,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4760,7 +4762,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4775,19 +4777,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_501(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5517,7 +5519,7 @@ static tuple_54 generate_keypair_unpacked_6c0( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -5528,7 +5530,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e30( +static void closure_ee0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -5548,8 +5550,9 @@ static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 @@ -5560,7 +5563,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5575,12 +5579,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_ee0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_6a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5720,7 +5724,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -5750,12 +5754,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); } /** @@ -5916,7 +5920,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_a10(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6064,7 +6068,7 @@ static void encrypt_unpacked_880( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -6081,7 +6085,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6120,7 +6124,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -6276,7 +6280,7 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -6299,7 +6303,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( size_t, Eurydice_slice); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6317,7 +6321,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -6326,7 +6330,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t shared_secret_array[32U]; kdf_af_500(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -6484,7 +6488,7 @@ static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 @@ -6504,7 +6508,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6543,7 +6547,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -6556,7 +6560,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6695,7 +6699,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -6710,19 +6714,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_500(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -7444,7 +7448,7 @@ static tuple_4c generate_keypair_unpacked_6c( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -7455,7 +7459,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_e3( +static void closure_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -7475,8 +7479,9 @@ static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 @@ -7487,7 +7492,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7502,12 +7508,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_ee(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_6a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7647,7 +7653,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -7677,12 +7683,12 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -7983,7 +7989,7 @@ static void encrypt_unpacked_88( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -8000,7 +8006,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8039,7 +8045,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -8195,7 +8201,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -8218,7 +8224,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( size_t, Eurydice_slice); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8236,7 +8242,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -8245,7 +8251,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; kdf_af_50(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -8362,7 +8368,7 @@ static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 @@ -8382,7 +8388,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -8420,7 +8426,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8433,7 +8439,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8571,7 +8577,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8586,17 +8592,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_50(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 08d38f679..c28196f56 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 5f3affba0..9f33e8f2f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 0d1f0e4b8..dbe30739d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 787004952..d251d45b0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_mlkem_portable.h" @@ -3455,7 +3455,7 @@ static tuple_540 generate_keypair_unpacked_f41( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -3467,7 +3467,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -3483,7 +3483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3510,8 +3510,9 @@ static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 @@ -3523,7 +3524,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3538,12 +3540,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_931(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_97(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3685,7 +3687,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -3715,12 +3717,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); } /** @@ -4437,7 +4439,7 @@ static void encrypt_unpacked_6c1( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -4455,7 +4457,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4494,7 +4496,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4651,7 +4653,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -4674,7 +4676,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4692,7 +4694,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -4701,7 +4703,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t shared_secret_array[32U]; kdf_af_c2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; @@ -5181,7 +5183,7 @@ static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics @@ -5202,7 +5204,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5241,7 +5243,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5254,7 +5256,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5417,7 +5419,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5432,19 +5434,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_c2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6159,7 +6161,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -6171,7 +6173,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -6191,8 +6193,9 @@ static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 @@ -6204,7 +6207,8 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6219,12 +6223,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_930(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_97(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6366,7 +6370,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -6396,12 +6400,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -6744,7 +6748,7 @@ static void encrypt_unpacked_6c0( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -6762,7 +6766,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6801,7 +6805,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6958,7 +6962,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -6981,7 +6985,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6999,7 +7003,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -7008,7 +7012,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; kdf_af_e8(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; @@ -7166,7 +7170,7 @@ static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -7187,7 +7191,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -7225,7 +7229,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -7238,7 +7242,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7376,7 +7380,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -7391,19 +7395,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e8(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -8108,7 +8112,7 @@ static tuple_9b generate_keypair_unpacked_f4( /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -8120,7 +8124,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -8140,8 +8144,9 @@ static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -8153,7 +8158,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8168,12 +8174,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_93(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_97(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8315,7 +8321,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -8345,12 +8351,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); } /** @@ -8607,7 +8613,7 @@ static void encrypt_unpacked_6c( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -8625,7 +8631,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8664,7 +8670,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8821,7 +8827,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -8844,7 +8850,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8862,7 +8868,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -8871,7 +8877,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t shared_secret_array[32U]; kdf_af_b6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; @@ -8988,7 +8994,7 @@ static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -9009,7 +9015,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -9047,7 +9053,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -9060,7 +9066,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9198,7 +9204,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -9213,17 +9219,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_b6(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c5afc2a8b..6d716c024 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7c6b8dc3b..55c1eb7c3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 62ace3bfe..03bc68b29 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index efdecdccd..4c7cd868d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 834f6dd19..3158b0431 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index da0caa7ff..e7228e4e2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 1510c3862..161fce491 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index b902bff7c..d20926d66 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b +Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 92f568d7c..61930afda 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_core_H @@ -214,29 +214,29 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#5} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 +A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_8a( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +libcrux_ml_kem::types::MlKemPublicKey)#13} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -260,16 +260,16 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair} +{libcrux_ml_kem::types::MlKemKeyPair#18} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_17 +A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -277,15 +277,15 @@ libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +libcrux_ml_kem::types::MlKemPrivateKey)#7} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -306,15 +306,15 @@ typedef struct tuple_3c_s { /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_01 +A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -323,14 +323,14 @@ libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { } /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_cb +A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -407,14 +407,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemCiphertext)} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_00 +A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_47( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 865ca4449..8d20f24d7 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index b184d8770..720830b0b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1519,7 +1519,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1585,9 +1585,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( vector); } @@ -1614,7 +1614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( coefficient); } return re; @@ -1628,7 +1628,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1694,9 +1694,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( vector); } @@ -1723,7 +1723,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( coefficient); } return re; @@ -1976,7 +1976,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2042,9 +2042,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( vector); } @@ -2070,7 +2070,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( coefficient); } return re; @@ -2084,7 +2084,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2150,9 +2150,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( vector); } @@ -2178,7 +2178,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( re.coefficients[i0]); } return re; @@ -2471,7 +2471,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2488,9 +2488,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_4e( +libcrux_ml_kem_vector_avx2_shift_right_ea_f9( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb(vector); } /** @@ -2504,7 +2504,7 @@ static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + libcrux_ml_kem_vector_avx2_shift_right_ea_f9(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3710,7 +3710,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3778,8 +3778,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_ea_07(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( vector); } @@ -3798,7 +3798,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_avx2_compress_ea_07( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3822,7 +3822,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3890,8 +3890,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_ea_070(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( vector); } @@ -3910,7 +3910,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_avx2_compress_ea_070( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3987,7 +3987,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4055,8 +4055,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_ea_071(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( vector); } @@ -4075,7 +4075,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b7( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_avx2_compress_ea_071( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[8U]; @@ -4097,7 +4097,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4165,8 +4165,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_ea_072(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( vector); } @@ -4185,7 +4185,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_35( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_avx2_compress_ea_072( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4447,7 +4447,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4463,19 +4463,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -4499,7 +4499,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); @@ -4509,7 +4509,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58(private_key, ciphertext, ret); } @@ -4548,7 +4548,7 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4569,7 +4569,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -4607,7 +4607,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4621,7 +4621,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4656,17 +4656,18 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d(key_pair, ciphertext, + ret); } KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( private_key, ciphertext, ret); } @@ -4718,7 +4719,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -4743,7 +4744,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4761,7 +4762,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -4771,7 +4772,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, shared_secret_array); @@ -4795,7 +4796,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -4803,7 +4804,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -4819,12 +4820,12 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c(uu____0, uu____1); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4842,7 +4843,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4882,7 +4883,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -4911,14 +4912,15 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a(uu____0, + uu____1); } KRML_ATTRIBUTE_TARGET("avx2") @@ -4929,7 +4931,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( uu____0, uu____1); } @@ -5327,7 +5329,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -5358,12 +5360,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -5373,13 +5375,13 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -5391,14 +5393,14 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( uu____0); } /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -5410,13 +5412,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_f7( + size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -5428,7 +5431,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); @@ -5447,7 +5451,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_25( +libcrux_ml_kem_polynomial_clone_d5_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5459,8 +5463,9 @@ libcrux_ml_kem_polynomial_clone_d5_25( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -5472,7 +5477,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5489,14 +5495,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac(i, + A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_b8(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5557,11 +5564,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13(uu____0); } KRML_ATTRIBUTE_TARGET("avx2") @@ -5570,7 +5577,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( uu____0); } @@ -5597,7 +5604,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -5680,7 +5687,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -5696,19 +5703,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5733,7 +5740,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); @@ -5743,7 +5750,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( private_key, ciphertext, ret); } @@ -5776,7 +5783,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -5801,7 +5808,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5819,7 +5826,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -5829,7 +5836,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, shared_secret_array); @@ -5861,7 +5868,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -5877,7 +5884,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( uu____0, uu____1); } @@ -5968,7 +5975,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } @@ -5978,7 +5985,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 738eb3f73..c805c83b2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_mlkem768_portable_H @@ -5099,7 +5099,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -5115,19 +5115,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5151,7 +5151,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); @@ -5160,7 +5160,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( private_key, ciphertext, ret); } @@ -5199,7 +5199,7 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5220,7 +5220,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -5258,7 +5258,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -5272,7 +5272,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5306,16 +5306,17 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92(key_pair, ciphertext, + ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( private_key, ciphertext, ret); } @@ -5365,7 +5366,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -5389,7 +5390,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5407,7 +5408,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -5417,7 +5418,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, shared_secret_array); @@ -5441,7 +5442,7 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -5468,7 +5469,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5486,7 +5487,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5526,7 +5527,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -5554,14 +5555,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54(uu____0, + uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( @@ -5571,7 +5573,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( uu____0, uu____1); } @@ -5965,7 +5967,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -5995,12 +5997,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -6011,7 +6013,7 @@ generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -6033,8 +6035,8 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -6046,13 +6048,14 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e0( + size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -6064,7 +6067,8 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); @@ -6082,7 +6086,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_5e( +libcrux_ml_kem_polynomial_clone_d5_75( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6096,8 +6100,9 @@ libcrux_ml_kem_polynomial_clone_d5_5e( } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 @@ -6109,7 +6114,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( + uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6126,14 +6132,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0(i, + A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_75(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6193,11 +6200,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -6205,7 +6212,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( uu____0); } @@ -6231,7 +6238,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -6313,7 +6320,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -6329,19 +6336,19 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_47(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6366,7 +6373,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); @@ -6375,7 +6382,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( private_key, ciphertext, ret); } @@ -6407,7 +6414,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -6431,7 +6438,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6449,7 +6456,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); @@ -6459,7 +6466,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, shared_secret_array); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 8fab63dea..92b3e6d06 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 384edfddf..108f13034 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: aa91a6764bde8c1f15107a03746f506e99a9159b + * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 */ #ifndef __libcrux_sha3_portable_H From 34d940a98c1afb7cf5051766d6d6f285c93e1e5c Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 13 Aug 2024 08:08:29 +0000 Subject: [PATCH 104/348] Set pre/post-conditions for ind_cpa::decrypt --- libcrux-ml-kem/src/ind_cca.rs | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 9a7b82a8b..f47f54452 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -251,7 +251,7 @@ fn encapsulate< $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("${result} == +#[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value"))] pub(crate) fn decapsulate< const K: usize, diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 253884393..555d323fc 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -398,7 +398,7 @@ pub(crate) fn encrypt_unpacked< $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))] #[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") -)] +)] pub(crate) fn encrypt< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -544,6 +544,15 @@ pub(crate) fn decrypt_unpacked< } #[allow(non_snake_case)] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + length $secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K"))] +#[hax_lib::ensures(|result| + fstar!("$result == Spec.MLKEM.ind_cpa_decrypt $K $secret_key $ciphertext") +)] pub(crate) fn decrypt< const K: usize, const CIPHERTEXT_SIZE: usize, From 964fb54208714c31ddadb195eb2aaed759464a35 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 13:02:03 +0000 Subject: [PATCH 105/348] verified --- .../proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 8 -------- libcrux-ml-kem/src/ind_cca.rs | 4 ---- 2 files changed, 12 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 534fb0391..64c36fad1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -368,14 +368,6 @@ let encapsulate <: t_Slice u8) in - let _:Prims.unit = - assert (Seq.slice to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == randomness); - lemma_slice_append to_hash - randomness - (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value); - assert (to_hash == - concat randomness (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K public_key.f_value)) - in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index f47f54452..2d6e04e9a 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -202,10 +202,6 @@ fn encapsulate< let randomness = Scheme::entropy_preprocess::(&randomness); let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice())); - hax_lib::fstar!("assert (Seq.slice $to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == $randomness); - lemma_slice_append $to_hash $randomness (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K ${public_key}.f_value); - assert ($to_hash == concat $randomness (Libcrux_ml_kem.Hash_functions.f_H #$:Hasher #$K ${public_key}.f_value))"); - let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); From 0446b2ee2b1ee577301fb37e2ad97a6239b22890 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 13:17:52 +0000 Subject: [PATCH 106/348] verified again --- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 25 ++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index d6d1d387e..cb4e44a7c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -116,7 +116,17 @@ val decrypt {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: t_Slice u8) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + result == Spec.MLKEM.ind_cpa_decrypt v_K secret_key ciphertext) /// This function implements Algorithm 13 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. @@ -175,8 +185,17 @@ val encrypt (randomness: t_Slice u8) : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) (requires - Spec.MLKEM.is_rank v_K /\ length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ - length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE) + Spec.MLKEM.is_rank v_K /\ v_ETA1 = Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 = Spec.MLKEM.v_ETA2 v_K /\ v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ + v_ETA2_RANDOMNESS_SIZE = Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + length public_key == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ + length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_T_AS_NTT_ENCODED_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K /\ + v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_LEN == Spec.MLKEM.v_C2_SIZE v_K) (ensures fun result -> let result:t_Array u8 v_CIPHERTEXT_SIZE = result in From f7e419f6e954f5a886f5422a4d929f4a4d4a62b0 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 14:53:35 +0000 Subject: [PATCH 107/348] cargo lock --- Cargo.lock | 88 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 50 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 58eb680c2..0f6d51371 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.8" +version = "1.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" +checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" +checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" dependencies = [ "anstream", "anstyle", @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -721,7 +721,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", @@ -734,7 +734,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", @@ -747,7 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#e94de4c52facd94f4a9377c6b02a073ab5eddac7" +source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" dependencies = [ "proc-macro2", "quote", @@ -883,9 +883,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a" dependencies = [ "wasm-bindgen", ] @@ -1143,6 +1143,16 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +[[package]] +name = "minicov" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c71e683cd655513b99affab7d317deb690528255a0d5f717f1024093c12b169" +dependencies = [ + "cc", + "walkdir", +] + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -1646,18 +1656,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.205" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" +checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.205" +version = "1.0.207" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" +checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" dependencies = [ "proc-macro2", "quote", @@ -1666,9 +1676,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.122" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" +checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" dependencies = [ "itoa", "memchr", @@ -1861,19 +1871,20 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" dependencies = [ "cfg-if", + "once_cell", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" dependencies = [ "bumpalo", "log", @@ -1886,9 +1897,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.42" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" +checksum = "61e9300f63a621e96ed275155c108eb6f843b6a26d053f122ab69724559dc8ed" dependencies = [ "cfg-if", "js-sys", @@ -1898,9 +1909,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1908,9 +1919,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", @@ -1921,18 +1932,19 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" +checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" [[package]] name = "wasm-bindgen-test" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" +checksum = "68497a05fb21143a08a7d24fc81763384a3072ee43c44e86aad1744d6adef9d9" dependencies = [ "console_error_panic_hook", "js-sys", + "minicov", "scoped-tls", "wasm-bindgen", "wasm-bindgen-futures", @@ -1941,9 +1953,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" +checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", @@ -1952,9 +1964,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" +checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0" dependencies = [ "js-sys", "wasm-bindgen", From d9135cee9b59eee68b74937e0faf11ee4aab4dac Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 13 Aug 2024 17:09:54 +0000 Subject: [PATCH 108/348] restored panic freedom for top-level apis --- Cargo.lock | 12 ++++++------ .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fst | 8 ++++++++ .../fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti | 4 ---- libcrux-ml-kem/src/mlkem1024.rs | 2 +- libcrux-ml-kem/src/mlkem512.rs | 2 +- libcrux-ml-kem/src/mlkem768.rs | 2 +- 6 files changed, 17 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0f6d51371..8bbf720f9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", @@ -721,7 +721,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", @@ -734,7 +734,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "paste", @@ -747,7 +747,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "proc-macro2", "quote", @@ -759,7 +759,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#35faf496ad9ce8ff016c6c630cf5e0e845182a49" +source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" dependencies = [ "proc-macro2", "quote", diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 64c36fad1..7647682a5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -189,6 +189,8 @@ let validate_public_key in public_key =. public_key_serialized +#push-options "--z3rlimit 150" + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -324,6 +326,10 @@ let decapsulate let _:Prims.unit = admit () in shared_secret +#pop-options + +#push-options "--z3rlimit 150" + let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) @@ -406,6 +412,8 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) +#pop-options + let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index da968f80b..76092b776 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -196,8 +196,6 @@ let impl: t_Variant t_MlKem = out } -#push-options "--z3rlimit 1234" - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -227,8 +225,6 @@ val decapsulate let result:t_Array u8 (sz 32) = result in result == Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value) -#pop-options - val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 78d21d7b9..cf5158a68 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -233,7 +233,7 @@ macro_rules! instantiate { /// https://github.com/hacspec/hax/issues/770 #[cfg_attr( hax, - hax_lib::fstar::before( + hax_lib::fstar::before(interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 8f7d72172..1ef9bd691 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -226,7 +226,7 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. #[cfg_attr( hax, - hax_lib::fstar::before( + hax_lib::fstar::before(interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 82666e8bc..8595f7272 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -229,7 +229,7 @@ macro_rules! instantiate { /// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. #[cfg_attr( hax, - hax_lib::fstar::before( + hax_lib::fstar::before(interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) From 3ed3d7692bef54ede65fb5271f9202958f3cce42 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 13 Aug 2024 22:33:13 -0400 Subject: [PATCH 109/348] wip --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 13 ++++++----- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 6 +++-- .../proofs/fstar/spec/Spec.MLKEM.fst | 5 +++-- libcrux-ml-kem/src/ind_cca.rs | 22 ++++++++----------- libcrux-ml-kem/src/ind_cpa.rs | 6 +++-- 6 files changed, 29 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 7647682a5..564cdde18 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -189,7 +189,7 @@ let validate_public_key in public_key =. public_key_serialized -#push-options "--z3rlimit 150" +#push-options "--z3rlimit 500" let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 76092b776..b2a826d0a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -223,7 +223,10 @@ val decapsulate (ensures fun result -> let result:t_Array u8 (sz 32) = result in - result == Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value) + let expected, valid = + Spec.MLKEM.ind_cca_decapsulate v_K private_key.f_value ciphertext.f_value + in + valid ==> result == expected) val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: @@ -252,8 +255,8 @@ val encapsulate = result in - (result._1.f_value, result._2) == - Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness) + let expected, valid = Spec.MLKEM.ind_cca_encapsulate v_K public_key.f_value randomness in + valid ==> (result._1.f_value, result._2) == expected) /// Packed API /// Generate a key pair. @@ -279,5 +282,5 @@ val generate_keypair let result:Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE = result in - (result.f_sk.f_value, result.f_pk.f_value) == - Spec.MLKEM.ind_cca_generate_keypair v_K randomness) + let expected, valid = Spec.MLKEM.ind_cca_generate_keypair v_K randomness in + valid ==> (result.f_sk.f_value, result.f_pk.f_value) == expected) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index cb4e44a7c..7d65134d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -199,7 +199,8 @@ val encrypt (ensures fun result -> let result:t_Array u8 v_CIPHERTEXT_SIZE = result in - result == Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness) + let expected, valid = Spec.MLKEM.ind_cpa_encrypt v_K public_key message randomness in + valid ==> result == expected) /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. @@ -263,4 +264,5 @@ val generate_keypair (ensures fun result -> let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = result in - result == Spec.MLKEM.ind_cpa_generate_keypair v_K key_generation_seed) + let expected, valid = Spec.MLKEM.ind_cpa_generate_keypair v_K key_generation_seed in + valid ==> result == expected) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index f311f1155..0470452ba 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -2,8 +2,9 @@ module Spec.MLKEM #set-options "--fuel 0 --ifuel 1 --z3rlimit 30" open FStar.Mul open Core -open Spec.Utils -open Spec.MLKEM.Math + +include Spec.Utils +include Spec.MLKEM.Math (** ML-KEM Constants *) let v_BITS_PER_COEFFICIENT: usize = sz 12 diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 2d6e04e9a..e46ce6fb5 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -122,8 +122,8 @@ fn validate_public_key< $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("(${result}.f_sk.f_value, ${result}.f_pk.f_value) == - Spec.MLKEM.ind_cca_generate_keypair $K $randomness"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_generate_keypair $K $randomness in + valid ==> (${result}.f_sk.f_value, ${result}.f_pk.f_value) == expected"))] fn generate_keypair< const K: usize, const CPA_PRIVATE_KEY_SIZE: usize, @@ -176,8 +176,8 @@ fn generate_keypair< $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("(${result}._1.f_value, ${result}._2) == - Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_encapsulate $K ${public_key}.f_value $randomness in + valid ==> (${result}._1.f_value, ${result}._2) == expected"))] fn encapsulate< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -230,7 +230,7 @@ fn encapsulate< (ciphertext, shared_secret_array) } -#[hax_lib::fstar::options("--z3rlimit 150")] +#[hax_lib::fstar::options("--z3rlimit 500")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -247,8 +247,8 @@ fn encapsulate< $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ $IMPLICIT_REJECTION_HASH_INPUT_SIZE == Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("$result == - Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cca_decapsulate $K ${private_key}.f_value ${ciphertext}.f_value in + valid ==> $result == expected"))] pub(crate) fn decapsulate< const K: usize, const SECRET_KEY_SIZE: usize, @@ -596,16 +596,12 @@ impl Variant for MlKem { shared_secret: &[u8], _: &MlKemCiphertext, ) -> [u8; 32] { - let mut out = [0u8; 32]; - out.copy_from_slice(shared_secret); - out + shared_secret.try_into().unwrap() } #[inline(always)] #[requires(randomness.len() == 32)] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { - let mut out = [0u8; 32]; - out.copy_from_slice(randomness); - out + randomness.try_into().unwrap() } } diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 555d323fc..663da1dfb 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -215,7 +215,8 @@ pub(crate) fn generate_keypair_unpacked< $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K"))] -#[hax_lib::ensures(|result| fstar!("$result == Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed"))] +#[hax_lib::ensures(|result| fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_generate_keypair $K $key_generation_seed in + valid ==> $result == expected"))] pub(crate) fn generate_keypair< const K: usize, const PRIVATE_KEY_SIZE: usize, @@ -397,7 +398,8 @@ pub(crate) fn encrypt_unpacked< $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $C2_LEN == Spec.MLKEM.v_C2_SIZE $K"))] #[hax_lib::ensures(|result| - fstar!("$result == Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness") + fstar!("let (expected, valid) = Spec.MLKEM.ind_cpa_encrypt $K $public_key $message $randomness in + valid ==> $result == expected") )] pub(crate) fn encrypt< const K: usize, From 3d090aabe0d586616a39b897ad81006760baf66c Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 15 Aug 2024 17:21:52 -0700 Subject: [PATCH 110/348] admit to pass decap --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 25 ++++++++--------- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 28 +++++++++++++------ libcrux-ml-kem/src/ind_cca.rs | 6 ++-- 3 files changed, 33 insertions(+), 26 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 564cdde18..9194bb8ac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -205,6 +205,7 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = + let _:Prims.unit = admit () in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -311,20 +312,16 @@ let decapsulate shared_secret ciphertext in - let shared_secret:t_Array u8 (sz 32) = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) - in - let _:Prims.unit = admit () in - shared_secret + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (Rust_primitives.unsize shared_secret <: t_Slice u8) + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index b2a826d0a..1ff7c7914 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -140,9 +140,9 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (out1: t_Array u8 (sz 32)) + (out: t_Array u8 (sz 32)) -> - out1 == shared_secret); + out == shared_secret); f_kdf = (fun @@ -155,9 +155,14 @@ let impl: t_Variant t_MlKem = (shared_secret: t_Slice u8) (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in - out); + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + shared_secret + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)); f_entropy_preprocess_pre = (fun @@ -178,7 +183,7 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) - (out1: t_Array u8 (sz 32)) + (out: t_Array u8 (sz 32)) -> true); f_entropy_preprocess @@ -191,9 +196,14 @@ let impl: t_Variant t_MlKem = Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) -> - let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in - out + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + randomness + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) } val decapsulate diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index e46ce6fb5..ab8bfdc0e 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -273,6 +273,7 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { + hax_lib::fstar!("admit() (* takes too long on CI *)"); let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); @@ -324,7 +325,6 @@ pub(crate) fn decapsulate< &shared_secret, &implicit_rejection_shared_secret, ); - hax_lib::fstar!("admit() (* Panic Free *)"); shared_secret } @@ -590,8 +590,8 @@ pub(crate) struct MlKem {} impl Variant for MlKem { #[inline(always)] #[requires(shared_secret.len() == 32)] - // Output name has be `out1` https://github.com/hacspec/hax/issues/832 - #[ensures(|out1| fstar!("$out1 == $shared_secret"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("$out == $shared_secret"))] fn kdf>( shared_secret: &[u8], _: &MlKemCiphertext, From e49dff972d6e32fe68b3bcaa97eccaa065552c1e Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 16 Aug 2024 16:48:44 -0700 Subject: [PATCH 111/348] fixed unsize --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 37 +++++++++++-------- libcrux-ml-kem/src/ind_cca.rs | 10 ++--- 2 files changed, 27 insertions(+), 20 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9194bb8ac..7ed7958f3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -205,7 +205,6 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - let _:Prims.unit = admit () in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -312,16 +311,21 @@ let decapsulate shared_secret ciphertext in - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + let shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (Rust_primitives.unsize shared_secret <: t_Slice u8) + (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + in + let result:t_Array u8 (sz 32) = shared_secret in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options @@ -404,10 +408,13 @@ let encapsulate shared_secret ciphertext in - let _:Prims.unit = admit () in - ciphertext, shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) = + ciphertext, shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index ab8bfdc0e..e617ee712 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -162,7 +162,10 @@ fn generate_keypair< MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } - +// For some reason F* manages to assert the post-condition but fails to verify it +// as a part of function signature +#[hax_lib::fstar::options("--z3rlimit 150")] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -224,13 +227,11 @@ fn encapsulate< let ciphertext = MlKemCiphertext::from(ciphertext); let shared_secret_array = Scheme::kdf::(shared_secret, &ciphertext); - // For some reason F* manages to assert the post-condition but fails to verify it - // as a part of function signature - hax_lib::fstar!("admit() (* Panic Free *)"); (ciphertext, shared_secret_array) } #[hax_lib::fstar::options("--z3rlimit 500")] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -273,7 +274,6 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { - hax_lib::fstar!("admit() (* takes too long on CI *)"); let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); From d7ac9cd538332d43ec593f7717e3b54ffcdb99ee Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 13 Aug 2024 11:18:20 +0200 Subject: [PATCH 112/348] Factorize makefiles --- .gitignore | 1 + fstar-helpers/Makefile.template | 254 ++++++++++++++++++ .../proofs/fstar/extraction/Makefile | 1 + .../proofs/fstar/extraction/Makefile | 190 +------------ libcrux-ml-kem/proofs/fstar/spec/Makefile | 123 +-------- proofs/fstar/extraction-edited/Makefile | 151 +---------- .../extraction-secret-independent/Makefile | 135 +--------- proofs/fstar/extraction/Makefile | 128 +-------- 8 files changed, 261 insertions(+), 722 deletions(-) create mode 100644 fstar-helpers/Makefile.template create mode 100644 fstar-helpers/proofs/fstar/extraction/Makefile diff --git a/.gitignore b/.gitignore index 16802d82b..982c75cf3 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ benches/boringssl/build proofs/fstar/extraction/.depend proofs/fstar/extraction/#*# proofs/fstar/extraction/.#* +hax.fst.config.json fuzz/corpus fuzz/artifacts proofs/fstar/extraction/.cache diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template new file mode 100644 index 000000000..aebdbe33f --- /dev/null +++ b/fstar-helpers/Makefile.template @@ -0,0 +1,254 @@ +# This is a generically useful Makefile for F* that is self-contained +# +# We expect: +# 1. `fstar.exe` to be in PATH (alternatively, you can also set +# $FSTAR_HOME to be set to your F* repo/install directory) +# +# 2. `cargo`, `rustup`, `hax` and `jq` to be installed and in PATH. +# +# 3. the extracted Cargo crate to have "hax-lib" as a dependency: +# `hax-lib = { version = "0.1.0-pre.1", git = "https://github.com/hacspec/hax"}` +# +# Optionally, you can set `HACL_HOME`. +# +# ROOTS contains all the top-level F* files you wish to verify +# The default target `verify` verified ROOTS and its dependencies +# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line +# +# To make F* emacs mode use the settings in this file, you need to +# add the following lines to your .emacs +# +# (setq-default fstar-executable "/bin/fstar.exe") +# (setq-default fstar-smt-executable "/bin/z3") +# +# (defun my-fstar-compute-prover-args-using-make () +# "Construct arguments to pass to F* by calling make." +# (with-demoted-errors "Error when constructing arg string: %S" +# (let* ((fname (file-name-nondirectory buffer-file-name)) +# (target (concat fname "-in")) +# (argstr (car (process-lines "make" "--quiet" target)))) +# (split-string argstr)))) +# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) +# + +HACL_HOME ?= $(HOME)/.hax/hacl_home +# Expand variable FSTAR_BIN_DETECT now, so that we don't run this over and over + +FSTAR_BIN_DETECT := $(if $(shell command -v fstar.exe), fstar.exe, $(FSTAR_HOME)/bin/fstar.exe) +FSTAR_BIN ?= $(FSTAR_BIN_DETECT) + +GIT_ROOT_DIR := $(shell git rev-parse --show-toplevel)/ +CACHE_DIR ?= ${GIT_ROOT_DIR}.fstar-cache/checked +HINT_DIR ?= ${GIT_ROOT_DIR}.fstar-cache/hints + +# Makes command quiet by default +Q ?= @ + +# Verify the required executable are in PATH +EXECUTABLES = cargo cargo-hax jq +K := $(foreach exec,$(EXECUTABLES),\ + $(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) + +export ANSI_COLOR_BLUE=\033[34m +export ANSI_COLOR_RED=\033[31m +export ANSI_COLOR_BBLUE=\033[1;34m +export ANSI_COLOR_GRAY=\033[90m +export ANSI_COLOR_TONE=\033[35m +export ANSI_COLOR_RESET=\033[0m + +ifdef NO_COLOR +export ANSI_COLOR_BLUE= +export ANSI_COLOR_RED= +export ANSI_COLOR_BBLUE= +export ANSI_COLOR_GRAY= +export ANSI_COLOR_BOLD_BLUE= +export ANSI_COLOR_TONE= +export ANSI_COLOR_RESET= +endif + +# The following is a bash script that discovers F* libraries. +# Due to incompatibilities with make 4.3, I had to make a "oneliner" bash script... +define FINDLIBS + : "Prints a path if and only if it exists. Takes one argument: the path."; \ + function print_if_exists() { \ + if [ -d "$$1" ]; then \ + echo "$$1"; \ + fi; \ + } ; \ + : "Asks Cargo all the dependencies for the current crate or workspace,"; \ + : "and extract all "root" directories for each. Takes zero argument."; \ + function dependencies() { \ + cargo metadata --format-version 1 | \ + jq -r ".packages | .[] | .manifest_path | split(\"/\") | .[:-1] | join(\"/\")"; \ + } ; \ + : "Find hax libraries *around* a given path. Takes one argument: the"; \ + : "path."; \ + function find_hax_libraries_at_path() { \ + path="$$1" ; \ + : "if there is a [proofs/fstar/extraction] subfolder, then that s a F* library" ; \ + print_if_exists "$$path/proofs/fstar/extraction" ; \ + : "Maybe the [proof-libs] folder of hax is around?" ; \ + MAYBE_PROOF_LIBS=$$(realpath -q "$$path/../proof-libs/fstar") ; \ + if [ $$? -eq 0 ]; then \ + print_if_exists "$$MAYBE_PROOF_LIBS/core" ; \ + print_if_exists "$$MAYBE_PROOF_LIBS/rust_primitives" ; \ + fi ; \ + } ; \ + { while IFS= read path; do \ + find_hax_libraries_at_path "$$path"; \ + done < <(dependencies) ; } | sort -u +endef +export FINDLIBS + +FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FINDLIBS_OUTPUT) + +# Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and +# an error message otherwise +ifneq (,$(findstring proof-libs/fstar,$(FSTAR_INCLUDE_DIRS))) +else + K += $(info ) + ERROR := $(shell printf '${ANSI_COLOR_RED}Error: could not detect `proof-libs`!${ANSI_COLOR_RESET}') + K += $(info ${ERROR}) + ERROR := $(shell printf ' > Do you have `${ANSI_COLOR_BLUE}hax-lib${ANSI_COLOR_RESET}` in your `${ANSI_COLOR_BLUE}Cargo.toml${ANSI_COLOR_RESET}` as a ${ANSI_COLOR_BLUE}git${ANSI_COLOR_RESET} or ${ANSI_COLOR_BLUE}path${ANSI_COLOR_RESET} dependency?') + K += $(info ${ERROR}) + ERROR := $(shell printf ' ${ANSI_COLOR_BLUE}> Tip: you may want to run `cargo add --git https://github.com/hacspec/hax hax-lib`${ANSI_COLOR_RESET}') + K += $(info ${ERROR}) + K += $(info ) + K += $(error Fatal error: `proof-libs` is required.) +endif + +.PHONY: all verify clean + +all: + $(Q)rm -f .depend + $(Q)$(MAKE) .depend vscode verify + +all-keep-going: + $(Q)rm -f .depend + $(Q)$(MAKE) --keep-going .depend vscode verify + +# If $HACL_HOME doesn't exist, clone it +${HACL_HOME}: + $(Q)mkdir -p "${HACL_HOME}" + $(info Clonning Hacl* in ${HACL_HOME}...) + git clone --depth 1 https://github.com/hacl-star/hacl-star.git "${HACL_HOME}" + $(info Clonning Hacl* in ${HACL_HOME}... done!) + +# If no any F* file is detected, we run hax +ifeq "$(wildcard *.fst *fsti)" "" +$(shell cargo hax into fstar) +endif + +# By default, we process all the files in the current directory +ROOTS ?= $(wildcard *.fst *fsti) +ADMIT_MODULES ?= + +ADMIT_MODULE_FLAGS ?= "--admit_smt_queries true" + +# Can be useful for debugging purposes +FINDLIBS.sh: + $(Q)echo '${FINDLIBS}' > FINDLIBS.sh +include-dirs: + $(Q)bash -c '${FINDLIBS}' + +FSTAR_FLAGS = \ + --warn_error -321-331-241-274-239-271 \ + --cache_checked_modules --cache_dir $(CACHE_DIR) \ + --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ + $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) + +FSTAR := $(FSTAR_BIN) $(FSTAR_FLAGS) + +.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) $(HACL_HOME) + @$(FSTAR) --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ + +include .depend + +$(HINT_DIR) $(CACHE_DIR): + $(Q)mkdir -p $@ + +define HELPMESSAGE +echo "hax' default Makefile for F*" +echo "" +echo "The available targets are:" +echo "" +function target() { + printf ' ${ANSI_COLOR_BLUE}%-20b${ANSI_COLOR_RESET} %s\n' "$$1" "$$2" +} +target "all" "Verify every F* files (stops whenever an F* fails first)" +target "all-keep-going" "Verify every F* files (tries as many F* module as possible)" +target "" "" +target "run:${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' +target "" "" +target "vscode" 'Generates a `hax.fst.config.json` file' +target "${ANSI_COLOR_TONE}${ANSI_COLOR_BLUE}-in " 'Useful for Emacs, outputs the F* prefix command to be used' +target "" "" +target "clean" 'Cleanup the target' +target "include-dirs" 'List the F* include directories' +target "" "" +target "roots" 'List the F* root modules.' +echo "" +echo "Environment variables:" +target "NO_COLOR" "Set to anything to disable colors" +endef +export HELPMESSAGE + +roots: + @for root in ${ROOTS}; do \ + filename=$$(basename -- "$$root") ;\ + ext="$${filename##*.}" ;\ + noext="$${filename%.*}" ;\ + printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}\n" "$$noext" "$$ext"; \ + done + +help: ;@bash -c "$$HELPMESSAGE" +h: ;@bash -c "$$HELPMESSAGE" + +HEADER = $(Q)printf '${ANSI_COLOR_BBLUE}[CHECK] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" + +run:%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) + ${HEADER} + $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run:%=%) + + +ADMIT_MODULE_FLAGS = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/, ${ADMIT_MODULES})) +$(ADMIT_MODULE_FLAGS): + $(Q)printf '${ANSI_COLOR_BBLUE}[${ANSI_COLOR_TONE}ADMIT${ANSI_COLOR_BBLUE}] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" + $(Q)$(FSTAR) $(OTHERFLAGS) $(LAX_MODULE_FLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + echo "" ; \ + exit 1 ; \ + } + $(Q)printf "\n\n" + +$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) + ${HEADER} + $(Q)$(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + echo "" ; \ + exit 1 ; \ + } + touch $@ + $(Q)printf "\n\n" + +verify: $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) $(HACL_HOME) + +# Targets for interactive mode + +%.fst-in: + $(info $(FSTAR_FLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) +%.fsti-in: + $(info $(FSTAR_FLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) + +# Targets for VSCode +hax.fst.config.json: + $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar, includes: .}' > $@ +vscode: hax.fst.config.json + +SHELL=bash + +# Clean target +clean: + rm -rf $(CACHE_DIR)/* + rm *.fst \ No newline at end of file diff --git a/fstar-helpers/proofs/fstar/extraction/Makefile b/fstar-helpers/proofs/fstar/extraction/Makefile new file mode 100644 index 000000000..ec420d509 --- /dev/null +++ b/fstar-helpers/proofs/fstar/extraction/Makefile @@ -0,0 +1 @@ +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 848cb65e6..ec420d509 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,189 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - -VERIFIED = Libcrux_ml_kem.Types.fst \ - Libcrux_ml_kem.Types.fsti \ - Libcrux_ml_kem.Types.Unpacked.fsti \ - Libcrux_ml_kem.Constants.fsti \ - Libcrux_ml_kem.Hash_functions.Avx2.fsti \ - Libcrux_ml_kem.Hash_functions.fsti \ - Libcrux_ml_kem.Hash_functions.Neon.fsti \ - Libcrux_ml_kem.Hash_functions.Portable.fsti \ - Libcrux_ml_kem.Utils.fst \ - Libcrux_ml_kem.Utils.fsti - -PANIC_FREE = Libcrux_ml_kem.Constant_time_ops.fst \ - Libcrux_ml_kem.Constant_time_ops.fsti \ - Libcrux_ml_kem.Ind_cca.fsti \ - Libcrux_ml_kem.Ind_cca.Unpacked.fsti \ - Libcrux_ml_kem.Ind_cpa.fsti \ - Libcrux_ml_kem.Ind_cpa.Unpacked.fsti \ - Libcrux_ml_kem.Sampling.fsti \ - Libcrux_ml_kem.Serialize.fsti \ - Libcrux_ml_kem.Matrix.fsti \ - Libcrux_ml_kem.Polynomial.fsti \ - Libcrux_ml_kem.Ntt.fsti \ - Libcrux_ml_kem.Invert_ntt.fsti \ - Libcrux_ml_kem.Vector.Traits.fsti \ - Libcrux_ml_kem.Vector.Portable.fsti \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Portable.Compress.fsti \ - Libcrux_ml_kem.Vector.Portable.Ntt.fsti \ - Libcrux_ml_kem.Vector.Portable.Sampling.fsti \ - Libcrux_ml_kem.Vector.Portable.Serialize.fsti \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fsti \ - Libcrux_ml_kem.Vector.Avx2.fsti \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Avx2.Compress.fsti \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fsti \ - Libcrux_ml_kem.Vector.Avx2.Portable.fsti \ - Libcrux_ml_kem.Vector.Avx2.Sampling.fsti \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fsti \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst \ - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst \ - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti \ - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst \ - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti \ - Libcrux_ml_kem.Ind_cca.Multiplexing.fst \ - Libcrux_ml_kem.Ind_cca.Multiplexing.fsti \ - Libcrux_ml_kem.Mlkem512.Avx2.fst \ - Libcrux_ml_kem.Mlkem512.Avx2.fsti \ - Libcrux_ml_kem.Mlkem512.fst \ - Libcrux_ml_kem.Mlkem512.fsti \ - Libcrux_ml_kem.Mlkem512.Neon.fst \ - Libcrux_ml_kem.Mlkem512.Neon.fsti \ - Libcrux_ml_kem.Mlkem512.Portable.fst \ - Libcrux_ml_kem.Mlkem512.Portable.fsti \ - Libcrux_ml_kem.Mlkem768.Avx2.fst \ - Libcrux_ml_kem.Mlkem768.Avx2.fsti \ - Libcrux_ml_kem.Mlkem768.fst \ - Libcrux_ml_kem.Mlkem768.fsti \ - Libcrux_ml_kem.Mlkem768.Neon.fst \ - Libcrux_ml_kem.Mlkem768.Neon.fsti \ - Libcrux_ml_kem.Mlkem768.Portable.fst \ - Libcrux_ml_kem.Mlkem768.Portable.fsti \ - Libcrux_ml_kem.Mlkem1024.Avx2.fst \ - Libcrux_ml_kem.Mlkem1024.Avx2.fsti \ - Libcrux_ml_kem.Mlkem1024.fst \ - Libcrux_ml_kem.Mlkem1024.fsti \ - Libcrux_ml_kem.Mlkem1024.Neon.fst \ - Libcrux_ml_kem.Mlkem1024.Neon.fsti \ - Libcrux_ml_kem.Mlkem1024.Portable.fst \ - Libcrux_ml_kem.Mlkem1024.Portable.fsti \ - Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti \ - Libcrux_ml_kem.Vector.Neon.Compress.fsti \ - Libcrux_ml_kem.Vector.Neon.fsti \ - Libcrux_ml_kem.Vector.Neon.Ntt.fsti \ - Libcrux_ml_kem.Vector.Neon.Serialize.fsti \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fsti - -UNVERIFIED = $(filter-out $(PANIC_FREE),$(wildcard *.fst)) - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -PANIC_FREE_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(PANIC_FREE))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(PANIC_FREE) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives \ - $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) \ - ../spec/ \ - ../../../../sys/platform/proofs/fstar/extraction/ \ - ../../../../libcrux-intrinsics/proofs/fstar/extraction/ \ - ../../../../libcrux-sha3/proofs/fstar/extraction/ - -FSTAR_FLAGS = --cmi --query_stats \ - --warn_error -331-321-274 \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(PANIC_FREE_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* - rm *.fst +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index b67b71b55..ec420d509 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -1,122 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel) - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - -ifeq ($(OTHERFLAGS),$(subst --admit_smt_queries true,,$(OTHERFLAGS))) -FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints -else -FSTAR_HINTS ?= --use_hints --use_hint_hashes -endif - -VERIFIED = Spec.Utils.fst Spec.MLKEM.Math.fst Spec.MLKEM.fst Spec.MLKEM.Instances.fst - -UNVERIFIED = - - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) - -FSTAR_FLAGS = $(FSTAR_HINTS) \ - --cmi \ - --warn_error -331 \ - --warn_error -321 \ - --warn_error -274 \ - --query_stats \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -# --log_queries \ -# --z3version 4.12.3 \ -# --smtencoding.l_arith_repr native \ -# --smtencoding.nl_arith_repr native \ - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/proofs/fstar/extraction-edited/Makefile b/proofs/fstar/extraction-edited/Makefile index 6b294a42d..ec420d509 100644 --- a/proofs/fstar/extraction-edited/Makefile +++ b/proofs/fstar/extraction-edited/Makefile @@ -1,150 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - -ifeq ($(OTHERFLAGS),$(subst --admit_smt_queries true,,$(OTHERFLAGS))) -FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints -else -FSTAR_HINTS ?= --use_hints --use_hint_hashes -endif - -VERIFIED = \ - Libcrux.Digest.fsti \ - Libcrux.Kem.Kyber.Constants.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fst \ - Libcrux.Kem.Kyber.Types.fst \ - Libcrux.Kem.Kyber.Kyber768.fsti \ - Libcrux.Kem.Kyber.Kyber768.fst \ - Libcrux.Kem.Kyber.Kyber1024.fsti \ - Libcrux.Kem.Kyber.Kyber1024.fst \ - Libcrux.Kem.Kyber.Kyber512.fsti \ - Libcrux.Kem.Kyber.Kyber512.fst \ - Libcrux.Kem.Kyber.Ind_cpa.fsti \ - Libcrux.Kem.Kyber.Ind_cpa.fst \ - Libcrux.Kem.Kyber.fsti \ - Libcrux.Kem.Kyber.fst \ - Libcrux.Kem.Kyber.Arithmetic.fsti \ - Libcrux.Kem.Kyber.Arithmetic.fst \ - Libcrux.Kem.Kyber.Compress.fsti \ - Libcrux.Kem.Kyber.Compress.fst \ - Libcrux.Kem.Kyber.Constant_time_ops.fsti \ - Libcrux.Kem.Kyber.Constant_time_ops.fst \ - Libcrux.Kem.Kyber.Matrix.fsti \ - Libcrux.Kem.Kyber.Matrix.fst \ - Libcrux.Kem.Kyber.Ntt.fsti \ - Libcrux.Kem.Kyber.Ntt.fst \ - Libcrux.Kem.Kyber.Sampling.fst \ - Libcrux.Kem.Kyber.Serialize.fsti \ - Libcrux.Kem.Kyber.Serialize.fst - -UNVERIFIED = - - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) - -FSTAR_FLAGS = $(FSTAR_HINTS) \ - --cmi \ - --warn_error -331 \ - --warn_error -321 \ - --warn_error -274 \ - --query_stats \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -# --log_queries \ -# --z3version 4.12.3 \ -# --smtencoding.l_arith_repr native \ -# --smtencoding.nl_arith_repr native \ - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/proofs/fstar/extraction-secret-independent/Makefile b/proofs/fstar/extraction-secret-independent/Makefile index 3c4a3f008..ec420d509 100644 --- a/proofs/fstar/extraction-secret-independent/Makefile +++ b/proofs/fstar/extraction-secret-independent/Makefile @@ -1,134 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar-secret-integers -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - - -SECRET_INDEPENDENT = \ - Libcrux.Kem.Kyber.Constants.fsti \ - Libcrux.Digest.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fst \ - Libcrux.Kem.Kyber.Kyber768.fsti \ - Libcrux.Kem.Kyber.Kyber768.fst \ - Libcrux.Kem.Kyber.Kyber1024.fsti \ - Libcrux.Kem.Kyber.Kyber1024.fst \ - Libcrux.Kem.Kyber.Kyber512.fsti \ - Libcrux.Kem.Kyber.Kyber512.fst \ - Libcrux.Kem.Kyber.Types.fst \ - Libcrux.Kem.Kyber.fsti \ - Libcrux.Kem.Kyber.fst \ - Libcrux.Kem.Kyber.Ind_cpa.fsti \ - Libcrux.Kem.Kyber.Ind_cpa.fst \ - Libcrux.Kem.Kyber.Arithmetic.fsti \ - Libcrux.Kem.Kyber.Arithmetic.fst \ - Libcrux.Kem.Kyber.Compress.fsti \ - Libcrux.Kem.Kyber.Compress.fst \ - Libcrux.Kem.Kyber.Constant_time_ops.fsti \ - Libcrux.Kem.Kyber.Constant_time_ops.fst \ - Libcrux.Kem.Kyber.Matrix.fsti \ - Libcrux.Kem.Kyber.Matrix.fst \ - Libcrux.Kem.Kyber.Ntt.fsti \ - Libcrux.Kem.Kyber.Ntt.fst \ - Libcrux.Kem.Kyber.Sampling.fst \ - Libcrux.Kem.Kyber.Serialize.fsti \ - Libcrux.Kem.Kyber.Serialize.fst - -SECRET_INDEPENDENT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(SECRET_INDEPENDENT))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(SECRET_INDEPENDENT) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) - -FSTAR_FLAGS = --cmi \ - --warn_error -331-321-274 \ - --admit_smt_queries true \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(SECRET_INDEPENDENT_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(SECRET_INDEPENDENT_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* - rm *.fst +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/proofs/fstar/extraction/Makefile b/proofs/fstar/extraction/Makefile index 763274af1..ec420d509 100644 --- a/proofs/fstar/extraction/Makefile +++ b/proofs/fstar/extraction/Makefile @@ -1,127 +1 @@ -# This is a generically useful Makefile for F* that is self-contained -# -# It is tempting to factor this out into multiple Makefiles but that -# makes it less portable, so resist temptation, or move to a more -# sophisticated build system. -# -# We expect FSTAR_HOME to be set to your FSTAR repo/install directory -# We expect HACL_HOME to be set to your HACL* repo location -# We expect HAX_LIBS_HOME to be set to the folder containing core, rust_primitives etc. -# -# ROOTS contains all the top-level F* files you wish to verify -# The default target `verify` verified ROOTS and its dependencies -# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line -# -# -# To make F* emacs mode use the settings in this file, you need to -# add the following lines to your .emacs -# -# (setq-default fstar-executable "/bin/fstar.exe") -# (setq-default fstar-smt-executable "/bin/z3") -# -# (defun my-fstar-compute-prover-args-using-make () -# "Construct arguments to pass to F* by calling make." -# (with-demoted-errors "Error when constructing arg string: %S" -# (let* ((fname (file-name-nondirectory buffer-file-name)) -# (target (concat fname "-in")) -# (argstr (car (process-lines "make" "--quiet" target)))) -# (split-string argstr)))) -# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) -# - -WORKSPACE_ROOT ?= $(shell git rev-parse --show-toplevel)/.. - -HAX_HOME ?= $(WORKSPACE_ROOT)/hax -HAX_PROOF_LIBS_HOME ?= $(HAX_HOME)/proof-libs/fstar -HAX_LIBS_HOME ?= $(HAX_HOME)/hax-lib/proofs/fstar/extraction -FSTAR_HOME ?= $(WORKSPACE_ROOT)/FStar -HACL_HOME ?= $(WORKSPACE_ROOT)/hacl-star -FSTAR_BIN ?= $(shell command -v fstar.exe 1>&2 2> /dev/null && echo "fstar.exe" || echo "$(FSTAR_HOME)/bin/fstar.exe") - -CACHE_DIR ?= .cache -HINT_DIR ?= .hints - -.PHONY: all verify verify-lax clean - -all: - rm -f .depend && $(MAKE) .depend - $(MAKE) verify - - -VERIFIED = \ - Libcrux.Kem.Kyber.Constants.fsti \ - Libcrux.Kem.Kyber.Kyber768.fst \ - Libcrux.Kem.Kyber.Kyber1024.fst \ - Libcrux.Kem.Kyber.Kyber512.fst - - -UNVERIFIED = \ - Libcrux.Kem.Kyber.Types.fst \ - Libcrux.Kem.Kyber.fst \ - Libcrux.Kem.Kyber.Ind_cpa.fst \ - Libcrux.Kem.Kyber.Arithmetic.fst \ - Libcrux.Kem.Kyber.Arithmetic.fsti \ - Libcrux.Kem.Kyber.Compress.fst \ - Libcrux.Kem.Kyber.Constant_time_ops.fst \ - Libcrux.Digest.fsti \ - Libcrux.Digest.Incremental_x4.fsti \ - Libcrux.Kem.Kyber.Hash_functions.fst \ - Libcrux.Kem.Kyber.Matrix.fst \ - Libcrux.Kem.Kyber.Ntt.fst \ - Libcrux.Kem.Kyber.Sampling.fst \ - Libcrux.Kem.Kyber.Serialize.fst - -VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(VERIFIED))) -UNVERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(UNVERIFIED))) - -# By default, we process all the files in the current directory. Here, we -# *extend* the set of relevant files with the tests. -ROOTS = $(UNVERIFIED) $(VERIFIED) - -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HAX_PROOF_LIBS_HOME)/rust_primitives $(HAX_PROOF_LIBS_HOME)/core $(HAX_LIBS_HOME) ../../../sys/platform/proofs/fstar/extraction/ - -FSTAR_FLAGS = --cmi \ - --warn_error -331-321-274 \ - --cache_checked_modules --cache_dir $(CACHE_DIR) \ - --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ - $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) - -FSTAR = $(FSTAR_BIN) $(FSTAR_FLAGS) - - -.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) - $(info $(ROOTS)) - $(FSTAR) --cmi --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ - -include .depend - -$(HINT_DIR): - mkdir -p $@ - -$(CACHE_DIR): - mkdir -p $@ - -$(UNVERIFIED_CHECKED): OTHERFLAGS=--admit_smt_queries true -$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) - $(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints - -verify: $(UNVERIFIED_CHECKED) $(VERIFIED_CHECKED) - -# Targets for interactive mode - -%.fst-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) - -%.fsti-in: - $(info $(FSTAR_FLAGS) \ - $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) - - -# Clean targets - -SHELL=/usr/bin/env bash - -clean: - rm -rf $(CACHE_DIR)/* - rm *.fst +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From 27906a4cee0986538d60c81620fe71474ae3d83a Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 13 Aug 2024 11:20:26 +0200 Subject: [PATCH 113/348] Use a workspace-wide dependency `hax-lib` --- Cargo.lock | 159 +++++++++++++------------------------- Cargo.toml | 6 +- libcrux-ml-kem/Cargo.toml | 3 +- libcrux-sha3/Cargo.toml | 2 +- 4 files changed, 61 insertions(+), 109 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 8bbf720f9..3c0e1010a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.74", + "syn 2.0.72", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.10" +version = "1.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" +checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" dependencies = [ "jobserver", "libc", @@ -289,9 +289,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.15" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" +checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +299,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" dependencies = [ "anstream", "anstyle", @@ -318,7 +318,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] @@ -362,9 +362,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" dependencies = [ "libc", ] @@ -482,7 +482,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] @@ -701,19 +701,9 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" -dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" +source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros", "num-bigint", "num-traits", ] @@ -721,45 +711,20 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" -dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.74", -] - -[[package]] -name = "hax-lib-macros" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" +source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#bea90741c55006f2649f2b4119bf7e3ce87a66e9" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - -[[package]] -name = "hax-lib-macros-types" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#bea90741c55006f2649f2b4119bf7e3ce87a66e9" +source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" dependencies = [ "proc-macro2", "quote", @@ -883,9 +848,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.70" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a" +checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" dependencies = [ "wasm-bindgen", ] @@ -933,8 +898,6 @@ version = "0.0.2-alpha.3" dependencies = [ "clap", "getrandom", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", "libcrux", "libcrux-ecdh", @@ -1039,7 +1002,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hax-lib", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1086,7 +1049,7 @@ version = "0.0.2-alpha.3" dependencies = [ "cavp", "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1143,16 +1106,6 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" -[[package]] -name = "minicov" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c71e683cd655513b99affab7d317deb690528255a0d5f717f1024093c12b169" -dependencies = [ - "cc", - "walkdir", -] - [[package]] name = "minimal-lexical" version = "0.2.1" @@ -1238,7 +1191,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] @@ -1405,7 +1358,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] @@ -1656,29 +1609,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.207" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" +checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.207" +version = "1.0.205" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" +checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] name = "serde_json" -version = "1.0.124" +version = "1.0.122" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" +checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" dependencies = [ "itoa", "memchr", @@ -1770,9 +1723,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.74" +version = "2.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" +checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" dependencies = [ "proc-macro2", "quote", @@ -1871,35 +1824,34 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.93" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" +checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" dependencies = [ "cfg-if", - "once_cell", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.93" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" +checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.43" +version = "0.4.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61e9300f63a621e96ed275155c108eb6f843b6a26d053f122ab69724559dc8ed" +checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" dependencies = [ "cfg-if", "js-sys", @@ -1909,9 +1861,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.93" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" +checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1919,32 +1871,31 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.93" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" +checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.93" +version = "0.2.92" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" +checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "wasm-bindgen-test" -version = "0.3.43" +version = "0.3.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68497a05fb21143a08a7d24fc81763384a3072ee43c44e86aad1744d6adef9d9" +checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" dependencies = [ "console_error_panic_hook", "js-sys", - "minicov", "scoped-tls", "wasm-bindgen", "wasm-bindgen-futures", @@ -1953,20 +1904,20 @@ dependencies = [ [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.43" +version = "0.3.42" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" +checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] name = "web-sys" -version = "0.3.70" +version = "0.3.69" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0" +checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" dependencies = [ "js-sys", "wasm-bindgen", @@ -2117,7 +2068,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] [[package]] @@ -2137,5 +2088,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.72", ] diff --git a/Cargo.toml b/Cargo.toml index b2e2765e3..5ecbea800 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -75,9 +75,9 @@ wasm-bindgen = { version = "0.2.87", optional = true } # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. -[target.'cfg(hax)'.dependencies] -hax-lib-macros = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax", branch = "main" } -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/", branch = "main" } +# [target.'cfg(hax)'.workspace.dependencies] +[workspace.dependencies] +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 99424ea5b..1e5bf3333 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -25,7 +25,8 @@ libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } # This is only required for verification, but we are setting it as default until some hax attributes are fixed -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +# [target.'cfg(hax)'.dependencies] +hax-lib.workspace = true [features] # By default all variants and std are enabled. diff --git a/libcrux-sha3/Cargo.toml b/libcrux-sha3/Cargo.toml index c93712c4b..dfed28011 100644 --- a/libcrux-sha3/Cargo.toml +++ b/libcrux-sha3/Cargo.toml @@ -17,7 +17,7 @@ libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" # This is only required for verification. # The hax config is set by the hax toolchain. [target.'cfg(hax)'.dependencies] -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/" } +hax-lib.workspace = true [features] simd128 = [] From 7018889e3f218fb0d1b522ff2b4a2589ccf0016c Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 14 Aug 2024 14:20:29 +0200 Subject: [PATCH 114/348] Makefile: add `FSTAR_INCLUDE_DIRS_EXTRA` --- fstar-helpers/Makefile.template | 2 +- .../proofs/fstar/extraction/Makefile | 30 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template index aebdbe33f..b1971d30e 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.template @@ -101,7 +101,7 @@ endef export FINDLIBS FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FINDLIBS_OUTPUT) +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) # Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and # an error message otherwise diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index ec420d509..25b8ff81b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1 +1,31 @@ +LAX_MODULES = Libcrux_ml_kem.Ind_cca.fst \ + Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Invert_ntt.fst \ + Libcrux_ml_kem.Matrix.fst \ + Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Polynomial.fst \ + Libcrux_ml_kem.Sampling.fst \ + Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ + Libcrux_ml_kem.Vector.Avx2.Portable.fst \ + Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.Ntt.fst \ + Libcrux_ml_kem.Vector.Neon.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Portable.Compress.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.Sampling.fst \ + Libcrux_ml_kem.Vector.Portable.Serialize.fst \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Traits.fst + +FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From d023efbb6d7d21140d878799450e5461fdde0118 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 16 Aug 2024 18:39:29 -0700 Subject: [PATCH 115/348] fixed include --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 25b8ff81b..adcc6529f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,11 +1,14 @@ -LAX_MODULES = Libcrux_ml_kem.Ind_cca.fst \ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Ind_cpa.fsti \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Matrix.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ Libcrux_ml_kem.Vector.Avx2.Compress.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ From 534ae0e076f812aaf28a8e79bfda4e7883fa80e0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 16 Aug 2024 23:15:09 -0700 Subject: [PATCH 116/348] spec --- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst index bf9261111..f598ee0ff 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Instances.fst @@ -32,11 +32,12 @@ let mlkem1024_generate_keypair (randomness:t_Array u8 (sz 64)): (t_Array u8 (sz 3168) & t_Array u8 (sz 1568)) & bool = ind_cca_generate_keypair mlkem1024_rank randomness +#set-options "--z3rlimit 100" let mlkem1024_encapsulate (public_key: t_Array u8 (sz 1568)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 1568) & t_Array u8 (sz 32)) & bool = + assert (v_CPA_CIPHERTEXT_SIZE mlkem1024_rank == sz 1568); ind_cca_encapsulate mlkem1024_rank public_key randomness - let mlkem1024_decapsulate (secret_key: t_Array u8 (sz 3168)) (ciphertext: t_Array u8 (sz 1568)): t_Array u8 (sz 32) & bool = ind_cca_decapsulate mlkem1024_rank secret_key ciphertext @@ -51,6 +52,7 @@ let mlkem512_generate_keypair (randomness:t_Array u8 (sz 64)): let mlkem512_encapsulate (public_key: t_Array u8 (sz 800)) (randomness: t_Array u8 (sz 32)): (t_Array u8 (sz 768) & t_Array u8 (sz 32)) & bool = + assert (v_CPA_CIPHERTEXT_SIZE mlkem512_rank == sz 768); ind_cca_encapsulate mlkem512_rank public_key randomness From 160d7102fbf80cd037b9cccdb36ae64093f0c572 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 17 Aug 2024 07:27:56 -0700 Subject: [PATCH 117/348] bump rlimit --- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 0470452ba..a68820221 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -1,5 +1,5 @@ module Spec.MLKEM -#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open FStar.Mul open Core From 8e0f2a6e4f8685bb8bc3408f9dea35884b5f2bac Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 17 Aug 2024 07:49:25 -0700 Subject: [PATCH 118/348] spec fixes --- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 46 +++++++++---------- .../proofs/fstar/spec/Spec.MLKEM.fst | 41 +++++++++-------- 2 files changed, 44 insertions(+), 43 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index 2bfc58384..31fb4837b 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -14,9 +14,9 @@ type rank = r:usize{is_rank r} (** MLKEM Math and Sampling *) type field_element = n:nat{n < v v_FIELD_MODULUS} -type polynomial (ntt:bool) = t_Array field_element (sz 256) -type vector (r:rank) (ntt:bool) = t_Array (polynomial ntt) r -type matrix (r:rank) (ntt:bool) = t_Array (vector r ntt) r +type polynomial = t_Array field_element (sz 256) +type vector (r:rank) = t_Array polynomial r +type matrix (r:rank) = t_Array (vector r) r val field_add: field_element -> field_element -> field_element let field_add a b = (a + b) % v v_FIELD_MODULUS @@ -30,10 +30,10 @@ let field_neg a = (0 - a) % v v_FIELD_MODULUS val field_mul: field_element -> field_element -> field_element let field_mul a b = (a * b) % v v_FIELD_MODULUS -val poly_add: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +val poly_add: polynomial -> polynomial -> polynomial let poly_add a b = map2 field_add a b -val poly_sub: #ntt:bool -> polynomial ntt -> polynomial ntt -> polynomial ntt +val poly_sub: polynomial -> polynomial -> polynomial let poly_sub a b = map2 field_sub a b @@ -68,7 +68,7 @@ let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let a = field_add a t in (a,b) -let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = +let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (128 / len) - 1 in Rust_primitives.Arrays.createi (sz 256) (fun i -> @@ -78,7 +78,7 @@ let poly_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in if idx < len then a_ntt else b_ntt) -val poly_ntt: polynomial false -> polynomial true +val poly_ntt: polynomial -> polynomial let poly_ntt p = let p = poly_ntt_layer p 7 in let p = poly_ntt_layer p 6 in @@ -95,7 +95,7 @@ let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let b = field_mul b_minus_a zetas.[sz i] in (a,b) -let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial b = +let poly_inv_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (256 / len) - 1 in Rust_primitives.Arrays.createi (sz 256) (fun i -> @@ -105,7 +105,7 @@ let poly_inv_ntt_layer #b (p:polynomial b) (l:nat{l > 0 /\ l < 8}) : polynomial let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in if idx < len then a_ntt else b_ntt) -val poly_inv_ntt: polynomial true -> polynomial false +val poly_inv_ntt: polynomial -> polynomial let poly_inv_ntt p = let p = poly_inv_ntt_layer p 1 in let p = poly_inv_ntt_layer p 2 in @@ -121,7 +121,7 @@ let poly_base_case_multiply (a0 a1 b0 b1 zeta:field_element) = let c1 = field_add (field_mul a0 b1) (field_mul a1 b0) in (c0,c1) -val poly_mul_ntt: polynomial true -> polynomial true -> polynomial true +val poly_mul_ntt: polynomial -> polynomial -> polynomial let poly_mul_ntt a b = Rust_primitives.Arrays.createi (sz 256) (fun i -> let a0 = a.[sz (2 * (v i / 2))] in @@ -134,36 +134,36 @@ let poly_mul_ntt a b = if v i % 2 = 0 then c0 else c1) -val vector_add: #r:rank -> #ntt:bool -> vector r ntt -> vector r ntt -> vector r ntt +val vector_add: #r:rank -> vector r -> vector r -> vector r let vector_add #p a b = map2 poly_add a b -val vector_ntt: #r:rank -> vector r false -> vector r true +val vector_ntt: #r:rank -> vector r -> vector r let vector_ntt #p v = map_array poly_ntt v -val vector_inv_ntt: #r:rank -> vector r true -> vector r false +val vector_inv_ntt: #r:rank -> vector r -> vector r let vector_inv_ntt #p v = map_array poly_inv_ntt v -val vector_mul_ntt: #r:rank -> vector r true -> vector r true -> vector r true +val vector_mul_ntt: #r:rank -> vector r -> vector r -> vector r let vector_mul_ntt #p a b = map2 poly_mul_ntt a b -val vector_sum: #r:rank -> #ntt:bool -> vector r ntt -> polynomial ntt +val vector_sum: #r:rank -> vector r -> polynomial let vector_sum #r a = repeati (r -! sz 1) (fun i x -> assert (v i < v r - 1); poly_add x (a.[i +! sz 1])) a.[sz 0] -val vector_dot_product_ntt: #r:rank -> vector r true -> vector r true -> polynomial true +val vector_dot_product_ntt: #r:rank -> vector r -> vector r -> polynomial let vector_dot_product_ntt a b = vector_sum (vector_mul_ntt a b) -val matrix_transpose: #r:rank -> #ntt:bool -> matrix r ntt -> matrix r ntt +val matrix_transpose: #r:rank -> matrix r -> matrix r let matrix_transpose #r m = createi r (fun i -> createi r (fun j -> m.[j].[i])) -val matrix_vector_mul_ntt: #r:rank -> matrix r true -> vector r true -> vector r true +val matrix_vector_mul_ntt: #r:rank -> matrix r -> vector r -> vector r let matrix_vector_mul_ntt #r m v = createi r (fun i -> vector_dot_product_ntt m.[i] v) -val compute_As_plus_e_ntt: #r:rank -> a:matrix r true -> s:vector r true -> e:vector r true -> vector r true +val compute_As_plus_e_ntt: #r:rank -> a:matrix r -> s:vector r -> e:vector r -> vector r let compute_As_plus_e_ntt #p a s e = vector_add (matrix_vector_mul_ntt a s) e @@ -223,15 +223,15 @@ let byte_decode (d: dT) (coefficients: t_Array u8 (sz (32 * d))): polynomial_d d in p -let coerce_polynomial_12 #ntt (p:polynomial ntt): polynomial_d 12 = p -let coerce_vector_12 #ntt (#r:rank) (v:vector r ntt): vector_d r 12 = v +let coerce_polynomial_12 (p:polynomial): polynomial_d 12 = p +let coerce_vector_12 (#r:rank) (v:vector r): vector_d r 12 = v -let compress_then_byte_encode #ntt (d: dT {d <> 12}) (coefficients: polynomial ntt): t_Array u8 (sz (32 * d)) +let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Array u8 (sz (32 * d)) = let coefs: t_Array (field_element_d d) (sz 256) = map_array (compress_d d) coefficients in byte_encode d coefs -let byte_decode_then_decompress #ntt (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial ntt +let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial = map_array (decompress_d d) (byte_decode d b) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index a68820221..8ba36443d 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -106,7 +106,7 @@ type t_MLKEMSharedSecret = t_Array u8 (v_SHARED_SECRET_SIZE) assume val sample_max: n:usize{v n < pow2 32 /\ v n >= 128 * 3 /\ v n % 3 = 0} -val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial true & bool) +val sample_polynomial_ntt: seed:t_Array u8 (sz 34) -> (polynomial & bool) let sample_polynomial_ntt seed = let randomness = v_XOF sample_max seed in let bv = bytes_to_bits randomness in @@ -114,10 +114,11 @@ let sample_polynomial_ntt seed = let bv: bit_vec ((v (sz ((v sample_max / 3) * 2))) * 12) = retype_bit_vector bv in let i16s = bit_vec_to_nat_array #(sz ((v sample_max / 3) * 2)) 12 bv in assert ((v sample_max / 3) * 2 >= 256); - let poly0: polynomial true = Seq.create 256 0 in + let poly0: polynomial = Seq.create 256 0 in + let index_t = n:nat{n <= 256} in let (sampled, poly1) = - repeati #((n:nat{n <= 256}) & polynomial true) (sz ((v sample_max / 3) * 2)) - (fun i (sampled,acc) -> + repeati #(index_t & polynomial) (sz ((v sample_max / 3) * 2)) + (fun i (sampled,acc) -> if sampled < 256 then let sample = Seq.index i16s (v i) in if sample < 3329 then @@ -127,13 +128,13 @@ let sample_polynomial_ntt seed = (0,poly0) in if sampled < 256 then poly0, false else poly1, true -let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial true & bool = +let sample_polynomial_ntt_at_index (seed:t_Array u8 (sz 32)) (i j: (x:usize{v x <= 4})) : polynomial & bool = let seed34 = Seq.append seed (Seq.create 2 0uy) in let seed34 = Rust_primitives.Hax.update_at seed34 (sz 32) (mk_int #u8_inttype (v i)) in let seed34 = Rust_primitives.Hax.update_at seed34 (sz 33) (mk_int #u8_inttype (v j)) in sample_polynomial_ntt seed34 -val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r true & bool) +val sample_matrix_A_ntt: #r:rank -> seed:t_Array u8 (sz 32) -> (matrix r & bool) let sample_matrix_A_ntt #r seed = let m = createi r (fun i -> @@ -148,36 +149,36 @@ let sample_matrix_A_ntt #r seed = b && v) b) true in (m, sufficient_randomness) -assume val sample_poly_cbd: v_ETA:usize{v v_ETA == 2 \/ v v_ETA == 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial false +assume val sample_poly_cbd: v_ETA:usize{v v_ETA == 2 \/ v v_ETA == 3} -> t_Array u8 (v_ETA *! sz 64) -> polynomial open Rust_primitives.Integers -val sample_poly_cbd2: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +val sample_poly_cbd2: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial let sample_poly_cbd2 #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in let prf_output = v_PRF (v_ETA2_RANDOMNESS_SIZE r) prf_input in sample_poly_cbd (v_ETA2 r) prf_output -val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial false +val sample_poly_cbd1: #r:rank -> seed:t_Array u8 (sz 32) -> domain_sep:usize{v domain_sep < 256} -> polynomial let sample_poly_cbd1 #r seed domain_sep = let prf_input = Seq.append seed (Seq.create 1 (mk_int #u8_inttype (v domain_sep))) in let prf_output = v_PRF (v_ETA1_RANDOMNESS_SIZE r) prf_input in sample_poly_cbd (v_ETA1 r) prf_output -let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = +let sample_vector_cbd1 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r = createi r (fun i -> sample_poly_cbd1 #r seed (domain_sep +! i)) -let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = +let sample_vector_cbd2 (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r = createi r (fun i -> sample_poly_cbd2 #r seed (domain_sep +! i)) -let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r true = +let sample_vector_cbd_then_ntt (#r:rank) (seed:t_Array u8 (sz 32)) (domain_sep:usize{v domain_sep < 2 * v r}) : vector r = vector_ntt (sample_vector_cbd1 #r seed domain_sep) -let vector_encode_12 (#r:rank) (#ntt:bool) (v: vector r ntt): t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) +let vector_encode_12 (#r:rank) (v: vector r) : t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r) = let s: t_Array (t_Array _ (sz 384)) r = map_array (byte_encode 12) (coerce_vector_12 v) in flatten s -let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r)): vector r ntt +let vector_decode_12 (#r:rank) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_SIZE r)): vector r = createi r (fun block -> let block_size = (sz (32 * 12)) in let slice = Seq.slice arr (v block * v block_size) @@ -185,17 +186,17 @@ let vector_decode_12 (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_T_AS_NTT_ENCODED_ byte_decode 12 slice ) -let compress_then_encode_message #ntt (p:polynomial ntt) : t_Array u8 v_SHARED_SECRET_SIZE +let compress_then_encode_message (p:polynomial) : t_Array u8 v_SHARED_SECRET_SIZE = compress_then_byte_encode 1 p -let decode_then_decompress_message #ntt (b:t_Array u8 v_SHARED_SECRET_SIZE): polynomial ntt +let decode_then_decompress_message (b:t_Array u8 v_SHARED_SECRET_SIZE): polynomial = byte_decode_then_decompress 1 b -let compress_then_encode_u (#r:rank) (#ntt:bool) (vec: vector r ntt): t_Array u8 (v_C1_SIZE r) +let compress_then_encode_u (#r:rank) (vec: vector r): t_Array u8 (v_C1_SIZE r) = let d = v (v_VECTOR_U_COMPRESSION_FACTOR r) in flatten (map_array (compress_then_byte_encode d) vec) -let decode_then_decompress_u (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE r)): vector r ntt +let decode_then_decompress_u (#r:rank) (arr: t_Array u8 (v_C1_SIZE r)): vector r = let d = v_VECTOR_U_COMPRESSION_FACTOR r in createi r (fun block -> let block_size = v_C1_BLOCK_SIZE r in @@ -204,10 +205,10 @@ let decode_then_decompress_u (#r:rank) (#ntt:bool) (arr: t_Array u8 (v_C1_SIZE r byte_decode_then_decompress (v d) slice ) -let compress_then_encode_v (#r:rank) (#ntt:bool): polynomial ntt -> t_Array u8 (v_C2_SIZE r) +let compress_then_encode_v (#r:rank): polynomial -> t_Array u8 (v_C2_SIZE r) = compress_then_byte_encode (v (v_VECTOR_V_COMPRESSION_FACTOR r)) -let decode_then_decompress_v (#r:rank) (#ntt:bool): t_Array u8 (v_C2_SIZE r) -> polynomial ntt +let decode_then_decompress_v (#r:rank): t_Array u8 (v_C2_SIZE r) -> polynomial = byte_decode_then_decompress (v (v_VECTOR_V_COMPRESSION_FACTOR r)) (** IND-CPA Functions *) From bf7d16cc4f1bfb7700feba90eeb1f1e51b56a5aa Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 18 Aug 2024 19:02:39 -0700 Subject: [PATCH 119/348] refreshed c code --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 229 +- .../c/internal/libcrux_mlkem_neon.h | 70 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- .../c/internal/libcrux_sha3_internal.h | 42 +- libcrux-ml-kem/c/libcrux_core.c | 306 +- libcrux-ml-kem/c/libcrux_core.h | 120 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8582 +------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 530 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8712 ++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 575 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3315 +++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 184 +- libcrux-ml-kem/c/libcrux_sha3.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2539 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 740 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3568 +++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 27 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 166 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5967 +--------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 9924 +++++++++++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2741 +---- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5487 +++++++-- 41 files changed, 27429 insertions(+), 26818 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index d20926d66..d54ca40b1 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 +F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 +Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fac5a90e9..253615d5f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_core_H @@ -23,8 +23,6 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -73,10 +71,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( + uint8_t value[800U]); /** This function found in impl @@ -85,12 +83,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -99,10 +97,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -111,10 +109,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -122,10 +120,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -134,18 +132,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]); /** This function found in impl {(core::convert::From<@Array> for @@ -154,10 +152,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( + uint8_t value[1568U]); /** This function found in impl @@ -166,12 +164,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -180,10 +178,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -192,10 +190,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( - uint8_t value[1088U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -203,10 +201,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -215,18 +213,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -235,10 +233,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( + uint8_t value[1184U]); /** This function found in impl @@ -247,12 +245,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -261,10 +259,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -273,10 +271,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( - uint8_t value[768U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -284,17 +282,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -325,7 +323,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -335,95 +333,36 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; /** A monomorphic instance of core.result.Result @@ -448,10 +387,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 3d5888d57..8aaaa97ef 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -34,8 +34,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 - CPA_PRIVATE_KEY_SIZE= 768 @@ -46,7 +47,8 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -56,7 +58,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ @@ -64,7 +66,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 @@ -81,7 +83,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); @@ -98,7 +100,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 @@ -109,7 +111,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 @@ -129,7 +131,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -155,7 +157,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_821( +void libcrux_ml_kem_ind_cca_decapsulate_5b1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -170,8 +172,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 - CPA_PRIVATE_KEY_SIZE= 1152 @@ -182,7 +185,8 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -192,7 +196,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -200,7 +204,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 @@ -217,7 +221,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); @@ -234,7 +238,7 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -245,7 +249,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 @@ -265,7 +269,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -291,7 +295,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_820( +void libcrux_ml_kem_ind_cca_decapsulate_5b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -306,8 +310,9 @@ with const generics bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 - CPA_PRIVATE_KEY_SIZE= 1536 @@ -318,7 +323,8 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( + uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair @@ -328,7 +334,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ @@ -336,7 +342,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 @@ -353,7 +359,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); @@ -370,7 +376,7 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 @@ -381,7 +387,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( uint8_t randomness[32U]); /** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 @@ -401,7 +407,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -427,7 +433,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_82( +void libcrux_ml_kem_ind_cca_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 9f54b0800..c480f371d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_a01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_a00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 16040085f..983924def 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __internal_libcrux_sha3_internal_H @@ -26,14 +26,14 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_25(s, buf); } /** @@ -44,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); } #define libcrux_sha3_Sha224 0 @@ -134,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 2528afe9b..a24172405 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "internal/libcrux_core.h" @@ -85,14 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -103,14 +103,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -120,14 +119,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -138,14 +137,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -155,10 +154,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -169,22 +168,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -192,7 +191,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -202,14 +201,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -220,14 +219,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -237,14 +236,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -255,14 +254,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -272,10 +271,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -286,22 +285,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -309,7 +308,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -319,14 +318,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -337,13 +336,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -353,14 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -371,14 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -388,10 +388,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -400,7 +400,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +458,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,7 +481,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -489,7 +489,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,66 +502,6 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ea2178ff4..36f322946 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_core_H @@ -49,6 +49,64 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -145,64 +203,6 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8693d2383..a19337f1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 178092bfb..f6efd0915 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem1024_neon.h" @@ -35,18 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_f8( +static void decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_b0(private_key, ciphertext, ret); } /** @@ -70,18 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_c2( +static void decapsulate_unpacked_54( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_c2(private_key, ciphertext, ret); + decapsulate_unpacked_54(private_key, ciphertext, ret); } /** @@ -95,13 +96,13 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_6b( +static tuple_21 encapsulate_24( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -116,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, uu____1); + return encapsulate_24(uu____0, uu____1); } /** @@ -137,14 +138,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_1c( +static tuple_21 encapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad(uu____0, + uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( @@ -154,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, uu____1); + return encapsulate_unpacked_ed(uu____0, uu____1); } /** @@ -164,11 +166,11 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_62( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -179,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(uu____0); + return generate_keypair_62(uu____0); } /** @@ -195,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -generate_keypair_unpacked_87(uint8_t randomness[64U]) { +generate_keypair_unpacked_bc(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c @@ -206,7 +208,7 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(uu____0); + return generate_keypair_unpacked_bc(uu____0); } /** @@ -217,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_a3(uint8_t *public_key) { +static bool validate_public_key_ef(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_a3(public_key.value)) { + if (validate_public_key_ef(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 7e0bbc8a3..038fa0d89 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 7f94659d5..201cf1e6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_0b( +static void decapsulate_03( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a01(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0b(private_key, ciphertext, ret); + decapsulate_03(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ef( +static void decapsulate_unpacked_fe( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ef(private_key, ciphertext, ret); + decapsulate_unpacked_fe(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_52( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + return encapsulate_52(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9d( +static tuple_21 encapsulate_unpacked_70( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9d(uu____0, uu____1); + return encapsulate_unpacked_70(uu____0, uu____1); } /** @@ -171,18 +171,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + return generate_keypair_6e(uu____0); } /** @@ -198,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b3(uint8_t randomness[64U]) { +generate_keypair_unpacked_c3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -209,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b3(uu____0); + return generate_keypair_unpacked_c3(uu____0); } /** @@ -220,14 +220,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_2a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_2a1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 96c3b9743..deb259ece 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 16abd9845..a766a23ce 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 83108e30f..d55b146b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem512_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_29(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b1(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_55(private_key, ciphertext, ret); + decapsulate_29(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_53( +static void decapsulate_unpacked_50( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_53(private_key, ciphertext, ret); + decapsulate_unpacked_50(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f8( +static tuple_ec encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, uu____1); + return encapsulate_7d(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ce( +static tuple_ec encapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1(uu____0, + uu____1); } tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, uu____1); + return encapsulate_unpacked_f2(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 +- RANKED_BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_da( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); + return generate_keypair_da(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -generate_keypair_unpacked_38(uint8_t randomness[64U]) { +generate_keypair_unpacked_c3(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(uu____0); + return generate_keypair_unpacked_c3(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_a31(uint8_t *public_key) { +static bool validate_public_key_ef1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_a31(public_key.value)) { + if (validate_public_key_ef1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index cd6856831..2aaedd672 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 87719217f..96f88f71f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_64(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a00(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_64(private_key, ciphertext, ret); + decapsulate_80(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_40( +static void decapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_40(private_key, ciphertext, ret); + decapsulate_unpacked_ff(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_69( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, uu____1); + return encapsulate_69(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_da( +static tuple_ec encapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_da(uu____0, uu____1); + return encapsulate_unpacked_ed(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + return generate_keypair_f9(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_a8(uint8_t randomness[64U]) { +generate_keypair_unpacked_aa(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_a8(uu____0); + return generate_keypair_unpacked_aa(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_2a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_2a0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 507bc843c..825e036d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e84654b77..2ac469e6e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 6d20b2d78..1881c272a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem768_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_67( +static void decapsulate_e4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_67(private_key, ciphertext, ret); + decapsulate_e4(private_key, ciphertext, ret); } /** @@ -68,16 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_70( +static void decapsulate_unpacked_27( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30(key_pair, ciphertext, + ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_70(private_key, ciphertext, ret); + decapsulate_unpacked_27(private_key, ciphertext, ret); } /** @@ -91,13 +92,13 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ea( +static tuple_3c encapsulate_f5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -112,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, uu____1); + return encapsulate_f5(uu____0, uu____1); } /** @@ -133,14 +134,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_29( +static tuple_3c encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0(uu____0, + uu____1); } tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( @@ -150,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, uu____1); + return encapsulate_unpacked_1b(uu____0, uu____1); } /** @@ -160,11 +162,11 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c4( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -175,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(uu____0); + return generate_keypair_c4(uu____0); } /** @@ -191,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -generate_keypair_unpacked_42(uint8_t randomness[64U]) { +generate_keypair_unpacked_1e(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd @@ -202,7 +204,7 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(uu____0); + return generate_keypair_unpacked_1e(uu____0); } /** @@ -213,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_a30(uint8_t *public_key) { +static bool validate_public_key_ef0(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_a30(public_key.value)) { + if (validate_public_key_ef0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 8182ff91a..1eb060b82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23480eeb26f8e66cfa9bd0eb76c65d87fbb91806 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 9396f2fb5..3cb9bd2bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_78( +static void decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_78(private_key, ciphertext, ret); + decapsulate_d6(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_bc( +static void decapsulate_unpacked_64( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_bc(private_key, ciphertext, ret); + decapsulate_unpacked_64(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_ba( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, uu____1); + return encapsulate_ba(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_c5( +static tuple_3c encapsulate_unpacked_99( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c5(uu____0, uu____1); + return encapsulate_unpacked_99(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + return generate_keypair_64(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_d3(uint8_t randomness[64U]) { +generate_keypair_unpacked_69(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d3(uu____0); + return generate_keypair_unpacked_69(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_2a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_2a(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 717f49e01..da2b0fc35 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d6ac877ef..b7cac78d0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,15 +7,11 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_mlkem_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -34,8575 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_aa(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -static core_core_arch_x86___m256i shift_right_ea_e8( - core_core_arch_x86___m256i vector) { - return shift_right_aa(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static core_core_arch_x86___m256i to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_e8(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_d01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_6b1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_1b1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_b01( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a21( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_971( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i to_standard_domain_42( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_6c1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_ee1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_ee1(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6a(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_d01( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_001( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i decompress_1_91( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e7(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i compress_ea_a1( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e7(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_a1(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e70(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i compress_ea_a10( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e70(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_841( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e71(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i compress_ea_a11( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e71(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_a11(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_e72(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i compress_ea_a12( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_e72(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_ea_a12(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_881( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e4(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d6( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e4(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d6(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e40(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d60( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e40(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d60(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e41(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d61( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e41(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d61(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e42(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d62( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e42(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d62(re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_201( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c41( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_501(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_d00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_6b0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_1b0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_b00( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a20( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_6c0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_ee0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_ee0(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6a(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_d00( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_000( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_a10(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_880( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_100(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_8c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_200( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_500(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_6b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_1b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_b0( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - uint8_t out3[192U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_ee( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_ee(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6a(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_20( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_50(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index c28196f56..36b278db1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,9 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -30,530 +28,6 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 9f33e8f2f..e3c234634 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,11 +7,14 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ -#include "libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +33,8706 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right_2c(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_72( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right_2c(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_72(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_701( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_5d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + deserialize_ring_elements_reduced_a64( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_701( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] + +*/ +typedef struct tuple_4c0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; +} tuple_4c0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static void closure_de1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; +} Simd128Hash; + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( + Simd128Hash *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( + Simd128Hash *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_b71(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( + Simd128Hash *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( + Simd128Hash *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_7d1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_c01( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e63( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_48_ad1(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e64( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_d51(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_481( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_de1(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; + sample_from_xof_c01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_891(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_27(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_48_a91(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_951( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c0 generate_keypair_unpacked_ff1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_771(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_481(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_661( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_ec( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_661(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_ec(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_701( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( + Eurydice_slice key_generation_seed) { + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_701(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d81( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_851(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_161(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_d81( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_e7_e01(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c1( + uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_892(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c3(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_48_a92(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_621( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + invert_ntt_montgomery_621(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_message_23(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_69(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_69(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_69(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_69(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_69(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_22( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_ca0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_22(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_690(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_690(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_690(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_690(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_690(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_220( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_ca0(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_691(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d1(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_691(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_691(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_691(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_691(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_221( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_221(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_692(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_5d2(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_692(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_692(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_692(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_692(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_222( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_5d2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress_20_222(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_4_21(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_541( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; + compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d71( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_15_201(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_ef1(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + deserialize_ring_elements_reduced_a63( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_481(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_021(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_ef1( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_851(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_15_201(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_021(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b7(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b7(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b7(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b7(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b7(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_60( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_10_13(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_60(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b70(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b70(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b70(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b70(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b70(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_600( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_11_cd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_600(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_da0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_13(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7e1( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_da0(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_700(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b71(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b71(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b71(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b71(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b71(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_601( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_4_bf(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_601(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_b72(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_3e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_b72(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_b72(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_b72(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_b72(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_602( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_3e2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_5_46(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient_20_602(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_7b0(Eurydice_slice serialized) { + return deserialize_then_decompress_4_bf(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +subtract_reduce_89_b3(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_441( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = subtract_reduce_89_b3(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_571( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + deserialize_then_decompress_u_7e1(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_7b0( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_441(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_a0(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_571(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_uncompressed_ring_element_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b71( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_e9(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_9b1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + deserialize_secret_key_b71(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_571(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_5b1( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_9b1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_021( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_021(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_5d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + deserialize_ring_elements_reduced_a62( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static void closure_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( + Simd128Hash *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( + Simd128Hash *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_b70(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( + Simd128Hash *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( + Simd128Hash *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_7d0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_c00( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e61( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_48_ad0(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e62( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_d50(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_480( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_de0(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + sample_from_xof_c00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_890(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_950( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_ff0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_770(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_480(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_660( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_660(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_ec(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_700( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d80( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_850(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_160(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_d80( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_620( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + invert_ntt_montgomery_620(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_540( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d70( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_ef0(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + deserialize_ring_elements_reduced_a61( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_480(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_020(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_ef0( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_850(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_020(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7e0( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_da0(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_700(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_440( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = subtract_reduce_89_b3(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_570( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + deserialize_then_decompress_u_7e0(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_7b0( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_440(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_a0(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_570(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b70( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_e9(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_9b0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + deserialize_secret_key_b70(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_570(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_5b0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_9b0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_020( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_020(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static void closure_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( + Simd128Hash *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( + Simd128Hash *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_b7(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( + Simd128Hash *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( + Simd128Hash *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_7d(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_c0( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_48_ad(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_d5(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_de(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; + sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_89(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_66( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_66(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_ec(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_85(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_e7_e00(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c0( + uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + invert_ntt_montgomery_62(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_220(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_55(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_84(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_5_2b(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; + compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d7( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_200(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_ef(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_02(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_ef( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_85(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_200(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_02(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_da(Eurydice_slice serialized) { + return deserialize_then_decompress_11_cd(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7e( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_da(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_70(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_7b(Eurydice_slice serialized) { + return deserialize_then_decompress_5_46(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_44( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = subtract_reduce_89_b3(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_57( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + deserialize_then_decompress_u_7e(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_7b( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_44(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_a0(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_57(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b7( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_e9(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_9b(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + deserialize_secret_key_b7(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_57(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_5b( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_9b(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_02( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_02(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index dbe30739d..39cdcd9d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem_neon_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -28,6 +29,576 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d251d45b0..66a522c1e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,6 +68,123 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -93,192 +210,227 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_11_0d( +void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - (int16_t)7) + (int16_t)3) << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - (int16_t)63) - << 5U | + (int16_t)15) + << 6U | (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) & (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) & - (int16_t)127) + (int16_t)63) << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t) >> 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) >> - 5U; + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -290,35 +442,13 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, Eurydice_slice)); int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); @@ -346,548 +476,252 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1450,338 +1284,36 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + KRML_MAYBE_FOR8( + i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; } /** @@ -1789,8 +1321,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } KRML_MUSTINLINE uint8_t_x5 @@ -1879,112 +1470,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); -} - KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -2233,7 +1718,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2261,8 +1746,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2287,12 +1772,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2304,7 +1789,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2318,7 +1803,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2337,8 +1822,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_83(v); } /** @@ -2348,10 +1833,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2364,14 +1849,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_af(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2392,7 +1877,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2411,7 +1896,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2428,7 +1913,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2436,7 +1921,7 @@ static KRML_MUSTINLINE void serialize_public_key_801( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_e81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2457,15 +1942,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_524( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2496,7 +1981,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2507,10 +1992,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -2529,7 +2014,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_411(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2559,10 +2044,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(uu____0); + return shake128_init_absorb_final_411(uu____0); } /** @@ -2571,7 +2056,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2593,9 +2078,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_101(self, ret); + shake128_squeeze_first_three_blocks_541(self, ret); } /** @@ -2605,7 +2090,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2644,7 +2129,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_881( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2665,9 +2150,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ed1(self, ret); + shake128_squeeze_next_block_881(self, ret); } /** @@ -2677,7 +2162,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2721,8 +2206,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_48(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2743,9 +2228,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2756,29 +2241,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_f61( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( + bool done = sample_from_uniform_distribution_next_023( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_c11(&xof_state, randomness); + shake128_squeeze_next_block_f1_681(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( + done = sample_from_uniform_distribution_next_024( uu____2, sampled_coefficients, out); } } @@ -2786,7 +2271,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_131(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2799,12 +2284,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2817,7 +2302,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_f61(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2856,7 +2341,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2878,9 +2363,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_632(input, ret); } /** @@ -2890,7 +2375,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2926,7 +2411,7 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2937,7 +2422,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2972,7 +2457,7 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2983,8 +2468,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_e3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c8(randomness); } /** @@ -2993,7 +2478,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3022,7 +2507,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3036,12 +2521,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3055,7 +2540,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3068,7 +2553,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3085,7 +2570,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3103,7 +2588,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3123,7 +2608,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3151,7 +2636,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3169,17 +2654,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -3191,11 +2676,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3206,14 +2691,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3237,9 +2722,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3272,7 +2757,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3299,7 +2784,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3315,14 +2800,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3337,14 +2822,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3367,10 +2852,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3386,10 +2871,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_111(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3397,14 +2882,14 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_551(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3415,10 +2900,10 @@ static tuple_540 generate_keypair_unpacked_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3467,10 +2952,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_931( +static void closure_011( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -3483,7 +2968,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_97( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3505,7 +2990,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3524,7 +3009,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3534,18 +3019,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_931(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_011(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_97(&ind_cpa_public_key.A[j][i1]); + clone_d5_22(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3555,13 +3040,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_251( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3601,18 +3086,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, + serialize_public_key_9a1(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3630,7 +3115,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_6b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3659,7 +3144,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_af1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3692,7 +3177,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3702,13 +3187,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_e81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( + serialize_kem_secret_key_6b( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3717,12 +3202,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_from_e7_e00(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); + return libcrux_ml_kem_types_from_64_2c0( + uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); } /** @@ -3735,10 +3220,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3749,11 +3234,11 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3773,7 +3258,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3791,9 +3276,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -3802,7 +3287,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3826,7 +3311,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3846,7 +3331,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3866,7 +3351,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3874,7 +3359,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3886,7 +3371,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3901,7 +3386,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3918,18 +3403,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -3942,7 +3427,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3966,14 +3451,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3995,11 +3480,11 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d41(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4013,7 +3498,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4027,8 +3512,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4038,7 +3523,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4054,7 +3539,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4084,18 +3569,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -4105,7 +3590,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4126,9 +3611,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_94(v); } /** @@ -4137,7 +3622,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4159,8 +3644,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_940(v); } /** @@ -4169,14 +3654,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4197,10 +3682,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_2d0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4213,7 +3698,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_251( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4231,7 +3716,7 @@ static void compress_then_serialize_u_241( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_d80(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4245,7 +3730,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4267,8 +3752,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_941(v); } /** @@ -4277,14 +3762,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4302,7 +3787,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4324,8 +3809,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_942(v); } /** @@ -4334,14 +3819,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4360,9 +3845,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_b9(re, out); } /** @@ -4383,14 +3868,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_651( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4398,7 +3883,7 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4406,32 +3891,32 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( + PRF_f1_6f4( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( + compress_then_serialize_u_251( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( + compress_then_serialize_ring_element_v_d60( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4457,11 +3942,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4473,7 +3958,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4487,7 +3972,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -4496,7 +3981,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d81( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_200(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4515,13 +4000,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_46(Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -4531,12 +4015,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4548,7 +4032,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4574,10 +4058,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( + deserialize_ring_elements_reduced_523( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4585,8 +4069,8 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_551(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4616,7 +4100,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4631,13 +4115,12 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -4659,15 +4142,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( + entropy_preprocess_af_46( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4675,8 +4158,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), + H_f1_af1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4684,7 +4167,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4694,25 +4177,25 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_200(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_ab(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -4722,7 +4205,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4747,9 +4230,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_41(v); } /** @@ -4759,8 +4242,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_26(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4772,7 +4255,7 @@ deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_cc(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4785,7 +4268,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4810,9 +4293,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_410(v); } /** @@ -4822,8 +4305,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_29(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4835,7 +4318,7 @@ deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_cc0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4848,8 +4331,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_380(Eurydice_slice serialized) { + return deserialize_then_decompress_11_29(serialized); } /** @@ -4858,17 +4341,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -4879,12 +4362,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ec1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4904,9 +4387,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_890(u_bytes); + deserialize_then_decompress_ring_element_u_380(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_ed0(&u_as_ntt[i0]); + ntt_vector_u_820(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4920,7 +4403,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4945,9 +4428,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_411(v); } /** @@ -4957,8 +4440,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_51(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4969,7 +4452,7 @@ deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_cc1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4982,7 +4465,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5007,9 +4490,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_412(v); } /** @@ -5019,8 +4502,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_bc(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -5033,7 +4516,7 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5046,8 +4529,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_0b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_bc(serialized); } /** @@ -5061,7 +4544,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_52(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5086,17 +4569,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = subtract_reduce_89_52(v, result); return result; } @@ -5106,13 +4589,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_72( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_af(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5138,20 +4621,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_e51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_ec1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_0b0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ac1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_72(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5160,7 +4643,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5178,8 +4661,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -5204,15 +4687,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e51(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5224,7 +4707,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5234,7 +4717,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_973( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5243,9 +4726,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5253,10 +4736,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d1( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5275,8 +4758,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5298,12 +4781,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_491( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5315,7 +4798,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5333,10 +4816,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5d1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_491(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -5347,7 +4830,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e51(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5373,7 +4856,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_a01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5393,9 +4876,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5d1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5404,7 +4887,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5414,31 +4897,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( + kdf_af_ab( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_c2(shared_secret0, shared_secret1); + kdf_af_ab(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -5446,7 +4929,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5456,12 +4941,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5473,7 +4958,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5488,7 +4973,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5507,7 +4992,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5524,14 +5009,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_e80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5552,15 +5037,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_522( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5577,10 +5062,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c0_s { +typedef struct tuple_4c_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; +} tuple_4c; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5591,7 +5076,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5602,10 +5087,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -5624,7 +5109,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_410(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5654,10 +5139,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(uu____0); + return shake128_init_absorb_final_410(uu____0); } /** @@ -5666,7 +5151,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5688,9 +5173,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_100(self, ret); + shake128_squeeze_first_three_blocks_540(self, ret); } /** @@ -5700,7 +5185,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5739,7 +5224,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_880( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5760,9 +5245,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ed0(self, ret); + shake128_squeeze_next_block_880(self, ret); } /** @@ -5772,7 +5257,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5812,9 +5297,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5825,29 +5310,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_f60( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( + bool done = sample_from_uniform_distribution_next_021( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_c10(&xof_state, randomness); + shake128_squeeze_next_block_f1_680(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( + done = sample_from_uniform_distribution_next_022( uu____2, sampled_coefficients, out); } } @@ -5855,7 +5340,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_130(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5868,12 +5353,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5886,7 +5371,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_f60(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5914,10 +5399,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { +typedef struct tuple_74_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_740; +} tuple_74; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5925,7 +5410,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5947,9 +5432,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_630(input, ret); } /** @@ -5959,8 +5444,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_e30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b8(randomness); } /** @@ -5972,11 +5457,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5987,19 +5472,19 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_770(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( + sample_from_binomial_distribution_e30(Eurydice_array_to_slice( (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6017,7 +5502,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6043,14 +5528,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6073,10 +5558,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6092,10 +5577,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_110(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6103,14 +5588,14 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_550(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6121,10 +5606,10 @@ static tuple_4c0 generate_keypair_unpacked_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6156,7 +5641,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } /** @@ -6173,10 +5658,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_930( +static void closure_010( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6188,7 +5673,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6207,7 +5692,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6217,18 +5702,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_930(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_010(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_97(&ind_cpa_public_key.A[j][i1]); + clone_d5_22(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6238,13 +5723,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_250( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6284,18 +5769,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, + serialize_public_key_9a0(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -6313,7 +5798,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_b4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6342,7 +5827,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_af0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6375,7 +5860,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6385,13 +5870,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_e80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( + serialize_kem_secret_key_b4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6400,12 +5885,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_e01(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + return libcrux_ml_kem_types_from_64_2c1( + uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); } /** @@ -6414,7 +5899,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6436,9 +5921,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_631(input, ret); } /** @@ -6450,11 +5935,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6465,18 +5950,18 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_771(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6494,9 +5979,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -6505,18 +5990,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -6525,14 +6010,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6554,11 +6039,11 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d40(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6572,18 +6057,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -6593,14 +6078,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6621,10 +6106,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6637,7 +6122,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6655,7 +6140,7 @@ static void compress_then_serialize_u_240( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6670,9 +6155,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_09(re, out); } /** @@ -6693,14 +6178,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_650( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6708,7 +6193,7 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6716,31 +6201,31 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( + PRF_f1_6f2( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_250( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6766,11 +6251,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6782,7 +6267,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6796,7 +6281,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6805,7 +6290,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d80( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_201(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6824,13 +6309,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -6840,12 +6324,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6857,7 +6341,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6883,10 +6367,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( + deserialize_ring_elements_reduced_521( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6894,8 +6378,8 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_550(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6925,7 +6409,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6940,13 +6424,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_d3(Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -6968,15 +6451,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( + entropy_preprocess_af_4f( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6984,8 +6467,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), + H_f1_af0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6993,7 +6476,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7003,25 +6486,25 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_201(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_d3(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -7031,8 +6514,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_38(Eurydice_slice serialized) { + return deserialize_then_decompress_10_26(serialized); } /** @@ -7041,17 +6524,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -7062,12 +6545,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ec0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7087,9 +6570,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); + deserialize_then_decompress_ring_element_u_38(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_ed(&u_as_ntt[i0]); + ntt_vector_u_82(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7103,8 +6586,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_0b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_51(serialized); } /** @@ -7114,17 +6597,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = subtract_reduce_89_52(v, result); return result; } @@ -7138,20 +6621,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_e50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_ec0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_0b( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ac0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_72(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7165,8 +6648,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -7191,14 +6674,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e50(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7210,7 +6693,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7220,7 +6703,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_974( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7229,9 +6712,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7239,10 +6722,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d0( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7260,12 +6743,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_490( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7277,7 +6760,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7295,10 +6778,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5d0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_490(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -7309,7 +6792,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e50(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7335,7 +6818,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_a00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -7354,9 +6837,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5d0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7365,7 +6848,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -7375,31 +6858,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( + kdf_af_d3( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e8(shared_secret0, shared_secret1); + kdf_af_d3(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -7407,7 +6890,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -7417,12 +6902,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7434,7 +6919,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7449,7 +6934,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7468,7 +6953,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -7485,7 +6970,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -7493,7 +6978,7 @@ static KRML_MUSTINLINE void serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -7514,15 +6999,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7553,7 +7038,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7564,10 +7049,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -7586,7 +7071,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7616,10 +7101,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(uu____0); + return shake128_init_absorb_final_41(uu____0); } /** @@ -7628,7 +7113,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7650,9 +7135,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_10(self, ret); + shake128_squeeze_first_three_blocks_54(self, ret); } /** @@ -7662,7 +7147,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7701,7 +7186,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( +static KRML_MUSTINLINE void shake128_squeeze_next_block_88( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7722,9 +7207,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ed(self, ret); + shake128_squeeze_next_block_88(self, ret); } /** @@ -7734,7 +7219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7774,9 +7259,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7787,29 +7272,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( + bool done = sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_c1(&xof_state, randomness); + shake128_squeeze_next_block_f1_68(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( + done = sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -7817,7 +7302,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_13(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7830,12 +7315,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7848,7 +7333,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7887,7 +7372,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7909,9 +7394,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_63(input, ret); } /** @@ -7923,11 +7408,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7938,14 +7423,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7968,7 +7453,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7994,14 +7479,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8024,10 +7509,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8043,10 +7528,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8054,14 +7539,14 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8072,10 +7557,10 @@ static tuple_9b generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8124,10 +7609,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_93( +static void closure_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8139,7 +7624,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8158,7 +7643,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8168,18 +7653,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_93(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_01(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_97(&ind_cpa_public_key.A[j][i1]); + clone_d5_22(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8189,13 +7674,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -8235,18 +7720,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, + serialize_public_key_9a(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -8264,7 +7749,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8293,7 +7778,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -8326,7 +7811,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8336,13 +7821,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -8351,12 +7836,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_from_e7_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); } /** @@ -8369,10 +7854,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8383,11 +7868,11 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -8412,9 +7897,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -8423,18 +7908,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -8443,14 +7928,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8472,11 +7957,11 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d4(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8490,18 +7975,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -8514,7 +7999,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8532,7 +8017,7 @@ static void compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8558,14 +8043,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8573,7 +8058,7 @@ static void encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8581,31 +8066,31 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( + PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8631,11 +8116,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8647,7 +8132,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8661,7 +8146,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8670,7 +8155,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d8( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8689,13 +8174,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_39(Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -8705,12 +8189,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8722,7 +8206,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8748,10 +8232,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( + deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8759,8 +8243,8 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8790,7 +8274,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8805,13 +8289,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -8833,15 +8316,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( + entropy_preprocess_af_39( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8849,8 +8332,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), + H_f1_af(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8858,7 +8341,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8868,25 +8351,25 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_6d(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -8897,12 +8380,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_ec( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8922,9 +8405,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); + deserialize_then_decompress_ring_element_u_38(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_ed(&u_as_ntt[i0]); + ntt_vector_u_82(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8938,17 +8421,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = subtract_reduce_89_52(v, result); return result; } @@ -8962,20 +8445,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_e5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_ec(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_0b( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ac(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_72(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8989,8 +8472,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -9015,14 +8498,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e5(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9034,7 +8517,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9044,7 +8527,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9053,9 +8536,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9063,10 +8546,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_9d( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9084,12 +8567,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_49( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9101,7 +8584,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_f5(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9119,10 +8602,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_49(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -9133,7 +8616,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9159,7 +8642,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -9178,9 +8661,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -9189,7 +8672,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -9199,31 +8682,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( + kdf_af_6d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_b6(shared_secret0, shared_secret1); + kdf_af_6d(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -9231,5 +8714,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6d716c024..add9d4b95 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem_portable_H @@ -39,10 +39,49 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -53,6 +92,55 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -82,23 +170,9 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -109,22 +183,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -419,55 +477,6 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -483,19 +492,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 55c1eb7c3..0adf52479 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_H @@ -26,35 +26,35 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -113,7 +113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 03bc68b29..454d3c0cf 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,2530 +7,85 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = zero_ef(); - lit.st[0U][1U] = zero_ef(); - lit.st[0U][2U] = zero_ef(); - lit.st[0U][3U] = zero_ef(); - lit.st[0U][4U] = zero_ef(); - lit.st[1U][0U] = zero_ef(); - lit.st[1U][1U] = zero_ef(); - lit.st[1U][2U] = zero_ef(); - lit.st[1U][3U] = zero_ef(); - lit.st[1U][4U] = zero_ef(); - lit.st[2U][0U] = zero_ef(); - lit.st[2U][1U] = zero_ef(); - lit.st[2U][2U] = zero_ef(); - lit.st[2U][3U] = zero_ef(); - lit.st[2U][4U] = zero_ef(); - lit.st[3U][0U] = zero_ef(); - lit.st[3U][1U] = zero_ef(); - lit.st[3U][2U] = zero_ef(); - lit.st[3U][3U] = zero_ef(); - lit.st[3U][4U] = zero_ef(); - lit.st[4U][0U] = zero_ef(); - lit.st[4U][1U] = zero_ef(); - lit.st[4U][2U] = zero_ef(); - lit.st[4U][3U] = zero_ef(); - lit.st[4U][4U] = zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); - uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_77(s, o1); - } - } -} - -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_29 +KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); -} - -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 4c7cd868d..f031b706b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_avx2_H @@ -20,53 +20,46 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; +#include "libcrux_sha3_neon.h" void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -libcrux_sha3_generic_keccak_KeccakState_29 +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; + +libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 3158b0431..cd1f05dbb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -198,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -274,12 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -289,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -316,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -327,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -354,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -365,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -392,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -403,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -430,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -441,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -457,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -468,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -495,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -506,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -533,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -544,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -571,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -582,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -609,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -620,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -647,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -658,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -685,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -696,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -723,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -734,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -761,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -772,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -799,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -810,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -837,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -848,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -875,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -886,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -913,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -924,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -951,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -989,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -1000,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1027,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1038,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1065,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1076,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1103,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1114,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1141,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1152,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1179,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1189,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1225,76 +1225,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1389,7 +1389,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1417,7 +1417,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1454,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1466,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1477,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1518,12 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1534,7 +1534,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1562,7 +1562,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1599,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1611,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1626,12 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -1641,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1655,12 +1655,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -1689,10 +1689,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1715,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1743,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1768,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -1815,11 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } /** @@ -1827,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -1871,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1885,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -1901,12 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1945,7 +1945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1966,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -2000,10 +2000,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2040,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2052,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2065,11 +2065,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2093,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2107,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2118,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } } @@ -2165,11 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** @@ -2177,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); } /** @@ -2221,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2235,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de2(s, buf); } /** @@ -2251,12 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); } /** @@ -2267,7 +2267,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2295,7 +2295,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2316,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_392(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); } /** @@ -2350,10 +2350,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_392(a, b); } /** @@ -2390,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2402,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2415,11 +2415,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2443,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2468,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } } @@ -2515,11 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } /** @@ -2531,12 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -2546,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2560,12 +2560,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -2594,10 +2594,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2620,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2648,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2662,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2673,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2720,11 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } /** @@ -2735,7 +2735,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2766,10 +2766,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2838,11 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } /** @@ -2850,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** @@ -2894,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2908,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_de1(s, buf); } /** @@ -2924,12 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); } /** @@ -2940,7 +2940,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2968,7 +2968,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2989,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_391(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -3022,10 +3022,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_391(a, b); } /** @@ -3062,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3074,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3087,11 +3087,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3115,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3129,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -3187,11 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e7228e4e2..3130b58fc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,76 +7,3560 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #include "libcrux_sha3_neon.h" +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = zero_fa(); + lit.st[0U][1U] = zero_fa(); + lit.st[0U][2U] = zero_fa(); + lit.st[0U][3U] = zero_fa(); + lit.st[0U][4U] = zero_fa(); + lit.st[1U][0U] = zero_fa(); + lit.st[1U][1U] = zero_fa(); + lit.st[1U][2U] = zero_fa(); + lit.st[1U][3U] = zero_fa(); + lit.st[1U][4U] = zero_fa(); + lit.st[2U][0U] = zero_fa(); + lit.st[2U][1U] = zero_fa(); + lit.st[2U][2U] = zero_fa(); + lit.st[2U][3U] = zero_fa(); + lit.st[2U][4U] = zero_fa(); + lit.st[3U][0U] = zero_fa(); + lit.st[3U][1U] = zero_fa(); + lit.st[3U][2U] = zero_fa(); + lit.st[3U][3U] = zero_fa(); + lit.st[3U][4U] = zero_fa(); + lit.st[4U][0U] = zero_fa(); + lit.st[4U][1U] = zero_fa(); + lit.st[4U][2U] = zero_fa(); + lit.st[4U][3U] = zero_fa(); + lit.st[4U][4U] = zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_eb(s); + pi_a0(s); + chi_b0(s); + iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_07(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a5(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a5(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(uu____0, out); +} + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f0(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a50(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a50(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(uu____0, out); } void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } } -KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(uu____0, out); } -KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2_6e1(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c1(s, buf); } -KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_071(uu____3, uu____4); + keccakf1600_3e(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final_fe2(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d1(s, o1); + squeeze_next_block_5d1(s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks_2e(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block_5d1(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f1(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_072(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f2(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a1(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a51(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f2(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a51(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block_451(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe3(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e71(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f2(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_701(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(uu____0, out); } KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e2(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f2(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_073(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f3(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a2(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a52(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a52(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block_452(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe4(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e72(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f3(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_702(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(uu____0, out); } KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e3(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 161fce491..6a5424103 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_neon_H @@ -20,8 +20,19 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" +#include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- $2size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -29,23 +40,19 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d20926d66..d54ca40b1 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 +F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 +Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 61930afda..e43445be6 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_core_H @@ -53,8 +53,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -78,118 +76,6 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_6f_tags; - -/** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_1c(core_result_Result_6f self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_34(core_result_Result_7a self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -static inline void core_result_unwrap_41_e8(core_result_Result_cd self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -221,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_06( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +122,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_57(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -269,7 +155,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -285,7 +171,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_e0(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -314,7 +200,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_20(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -330,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -340,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -353,13 +239,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_00_tags; + /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -392,7 +283,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -414,7 +305,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_88( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -425,7 +316,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -443,7 +334,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -456,13 +347,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t + +*/ +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; + /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -490,13 +391,18 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; + /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; + core_result_Result_00_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8d20f24d7..5303fbfc1 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 720830b0b..e67555cd5 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,8 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_ct_ops.h" -#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -45,5965 +43,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( - void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - core_core_arch_x86___m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, - Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( - Eurydice_slice input, Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e( - vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e0( - vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db0( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e1( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db1( - coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_2e2( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_db2( - re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_56( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_f9( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_eb(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_f9(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( - Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } -} - -typedef libcrux_sha3_avx2_x4_incremental_KeccakState - libcrux_ml_kem_hash_functions_avx2_Simd256Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( - uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( - uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( - self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( - uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( - Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_07(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_07( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_070(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_070( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_071(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_071( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_072(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( - vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_072( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_58(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d(key_pair, ciphertext, - ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_75( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( - Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_7c(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_5a(uu____0, - uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_51( - uu____0, uu____1); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( - self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_2e( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_f7( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ac(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_b8(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_13(uu____0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_2a( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), - uint8_t, Eurydice_slice), - ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); - memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_18( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_1f( - uu____0, uu____1); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ad( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} +typedef libcrux_sha3_avx2_x4_incremental_KeccakState + libcrux_ml_kem_hash_functions_avx2_Simd256Hash; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index c805c83b2..474841aed 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,6 +21,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" +#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -47,7 +48,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -122,268 +123,870 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); } -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; lit.elements[5U] = (int16_t)0; lit.elements[6U] = (int16_t)0; lit.elements[7U] = (int16_t)0; @@ -399,14 +1002,13 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -433,8 +1035,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } static KRML_MUSTINLINE void @@ -454,565 +1056,43 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -1020,124 +1100,192 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; - } +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +static inline void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -1146,87 +1294,216 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } - return v; -} +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +static inline void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -1235,296 +1512,293 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +static inline void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** @@ -1532,67 +1806,290 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } - return result; + return lhs; } /** @@ -1600,144 +2097,45 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } return v; } @@ -1746,171 +2144,101 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +} + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1919,191 +2247,87 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } return v; } @@ -2112,313 +2336,5163 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x3_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; -} uint8_t_x3; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x3 -libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); - return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_12( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[24U]) { - uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); - uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); - uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); - uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); - uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); -} - -typedef struct int16_t_x2_s { - int16_t fst; - int16_t snd; -} int16_t_x2; - -static KRML_MUSTINLINE int16_t_x2 -libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); - int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); - return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; + } + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; + +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + +typedef struct uint8_t_x3_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; +} uint8_t_x3; + +static KRML_MUSTINLINE uint8_t_x3 +libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) >> + 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U); + uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 4U & + (int16_t)255); + return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[24U]) { + uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, + Eurydice_slice)); + uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, + Eurydice_slice)); + uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, + Eurydice_slice)); + uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, + Eurydice_slice)); + uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[24U] = {0U}; + result[0U] = r0_2.fst; + result[1U] = r0_2.snd; + result[2U] = r0_2.thd; + result[3U] = r3_5.fst; + result[4U] = r3_5.snd; + result[5U] = r3_5.thd; + result[6U] = r6_8.fst; + result[7U] = r6_8.snd; + result[8U] = r6_8.thd; + result[9U] = r9_11.fst; + result[10U] = r9_11.snd; + result[11U] = r9_11.thd; + result[12U] = r12_14.fst; + result[13U] = r12_14.snd; + result[14U] = r12_14.thd; + result[15U] = r15_17.fst; + result[16U] = r15_17.snd; + result[17U] = r15_17.thd; + result[18U] = r18_20.fst; + result[19U] = r18_20.snd; + result[20U] = r18_20.thd; + result[21U] = r21_23.fst; + result[22U] = r21_23.snd; + result[23U] = r21_23.thd; + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + +typedef struct int16_t_x2_s { + int16_t fst; + int16_t snd; +} int16_t_x2; + +static KRML_MUSTINLINE int16_t_x2 +libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice bytes) { + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); + int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); + return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + size_t i0 = i; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); +} + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, + uint8_t ret[64U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, + uint8_t ret[32U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, + uint8_t ret[32U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( + uint8_t input[3U][34U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +libcrux_ml_kem_hash_functions_neon_Simd128Hash +libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( + uint8_t input[3U][34U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][504U]); + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( + libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, + uint8_t ret[3U][168U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[3U][128U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[3U][128U]); + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, + uint8_t ret[128U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]); + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +void libcrux_ml_kem_ind_cca_kdf_43_33( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_24(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_46( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a9(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( + v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( + v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4(serialized); +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( + v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( + coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( + v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5d( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( + re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_ntt_multiply_89_16( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0; + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_subtract_reduce_89_88( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_message_cc( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_88(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_shift_right_20_97( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_shift_right_20_97(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_36( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + libcrux_ml_kem_matrix_compute_message_cc(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_36(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static inline void libcrux_ml_kem_ind_cpa_decrypt_e1(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_46(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_f3( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = + libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b0 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b0 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = + libcrux_ml_kem_polynomial_ZERO_89_06(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_27(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_ca( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_91( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_270( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_910( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_270(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_910( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_271( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_911( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_271(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_compress_20_911( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2( + core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_272( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_20_912( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_272(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + libcrux_ml_kem_vector_neon_compress_20_912( + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + libcrux_ml_kem_matrix_compute_ring_element_v_9b( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_6e( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_33( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +void libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d(Eurydice_slice randomness, + uint8_t ret[32U]); + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]); + +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fa( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]); + +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( + uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_traits_to_standard_domain_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_fc( + self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_64( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( + uint8_t randomness[64U]); + +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e6( + size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_polynomial_clone_d5_8c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a(i, + A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + libcrux_ml_kem_polynomial_clone_d5_8c(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( + uint8_t randomness[64U]); + +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +void libcrux_ml_kem_ind_cca_kdf_6c_f5( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +static inline void libcrux_ml_kem_ind_cca_decapsulate_6e0( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_neon_PRF_48_6e( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_f5( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); + +static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28(Eurydice_slice randomness, + uint8_t ret[32U]); + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_neon_H_48_85( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_neon_G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_20(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]); + +static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( + uu____0, uu____1); } -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_06(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); + } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( + ring_element); + deserialized_pk[i0] = uu____0; } - return sampled; + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } /** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 */ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( + uint8_t *public_key); -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_neon_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -2440,7 +7514,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2468,8 +7542,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_1d(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -2479,10 +7553,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2504,12 +7578,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -2522,7 +7596,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2550,8 +7624,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c0(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -2561,7 +7635,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2586,9 +7660,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( v); } @@ -2599,10 +7673,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_77( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -2614,7 +7688,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( coefficient); re.coefficients[i0] = uu____0; } @@ -2628,7 +7702,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2653,9 +7727,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( v); } @@ -2666,10 +7740,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_580( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -2681,7 +7755,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( coefficient); re.coefficients[i0] = uu____0; } @@ -2695,9 +7769,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_77(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +7786,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +7800,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +7819,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +7832,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +7849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,7 +7869,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2818,7 +7892,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2849,7 +7923,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2867,21 +7941,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -2893,12 +7967,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -2919,10 +7993,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_f0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2936,7 +8010,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2961,9 +8035,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( v); } @@ -2974,10 +8048,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_08( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -2988,7 +8062,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( coefficient); re.coefficients[i0] = uu____0; } @@ -3002,7 +8076,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3027,9 +8101,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( v); } @@ -3040,10 +8114,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -3056,7 +8130,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,9 +8144,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_08(serialized); } /** @@ -3086,11 +8160,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_89_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3123,7 +8197,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3149,7 +8223,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3176,7 +8250,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3199,7 +8273,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3221,7 +8295,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3229,7 +8303,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3242,7 +8316,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3257,7 +8331,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3274,22 +8348,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -3303,7 +8377,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_79( +libcrux_ml_kem_polynomial_subtract_reduce_89_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3329,21 +8403,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b8( +libcrux_ml_kem_matrix_compute_message_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_60(v, result); return result; } @@ -3353,7 +8427,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3373,9 +8447,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); } /** @@ -3385,10 +8459,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3402,13 +8476,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_fb( +libcrux_ml_kem_serialize_compress_then_serialize_message_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3437,21 +8511,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_37(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d0(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3465,11 +8539,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_e8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -3480,7 +8554,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3494,7 +8568,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3504,7 +8578,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3523,9 +8597,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); } /** @@ -3536,9 +8610,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -3548,10 +8622,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -3577,12 +8651,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -3595,7 +8669,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( ring_element); deserialized_pk[i0] = uu____0; } @@ -3612,8 +8686,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -3623,10 +8697,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } } @@ -3646,7 +8720,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3678,11 +8752,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( uu____0); } @@ -3693,7 +8767,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3718,10 +8792,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( self, ret); } @@ -3733,7 +8807,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3776,7 +8850,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3801,10 +8875,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, ret); } @@ -3816,7 +8890,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3863,9 +8937,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3887,8 +8961,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( +libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_48( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -3900,7 +8974,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3908,25 +8982,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -3934,7 +9008,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); } memcpy( ret, ret0, @@ -3948,12 +9022,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3971,7 +9045,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -4012,10 +9086,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b0_s { +typedef struct tuple_b00_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b0; +} tuple_b00; /** A monomorphic instance of @@ -4028,8 +9102,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4038,7 +9112,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4061,9 +9135,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); } /** @@ -4073,7 +9147,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4110,7 +9184,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4121,7 +9195,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4157,7 +9231,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -4168,9 +9242,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( randomness); } @@ -4180,7 +9254,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4204,20 +9278,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); } /** @@ -4229,12 +9303,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4248,21 +9322,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4280,8 +9354,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4293,12 +9367,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4312,11 +9386,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -4325,7 +9399,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b00 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4338,7 +9412,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4357,9 +9431,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); } /** @@ -4369,8 +9443,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -4383,7 +9457,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4407,14 +9481,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -4437,12 +9511,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4456,7 +9530,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_e9( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4471,10 +9545,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4484,7 +9558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4501,7 +9575,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4531,22 +9605,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_02(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( error_2, message, result); return result; } @@ -4557,7 +9631,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_94( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4580,9 +9654,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_94(v); } /** @@ -4592,15 +9666,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4621,7 +9695,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_940( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4644,9 +9718,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_9b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_940(v); } /** @@ -4656,15 +9730,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4687,10 +9761,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4703,7 +9777,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4721,7 +9795,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -4736,7 +9810,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_941( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4759,9 +9833,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_9b1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_941(v); } /** @@ -4771,15 +9845,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4798,7 +9872,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_942( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4821,9 +9895,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_9b2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_942(v); } /** @@ -4833,15 +9907,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_9b2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4862,9 +9936,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); } /** @@ -4885,15 +9959,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4901,7 +9975,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4910,33 +9984,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_c8( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4961,12 +10035,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4974,8 +10048,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -5005,7 +10079,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5021,14 +10095,13 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_44( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -5053,7 +10126,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_88( +static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -5072,10 +10145,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5084,7 +10157,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5094,32 +10167,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc( + libcrux_ml_kem_ind_cca_kdf_43_44( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -5127,7 +10200,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5151,16 +10226,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_cb(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_3e( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( private_key, ciphertext, ret); } @@ -5220,14 +10295,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5239,7 +10314,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5249,7 +10324,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5258,9 +10333,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5268,11 +10343,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5306,17 +10381,17 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_92(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_63( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( private_key, ciphertext, ret); } @@ -5330,13 +10405,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( Eurydice_slice randomness, uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); } /** @@ -5348,7 +10422,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5372,15 +10446,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5388,9 +10462,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5398,7 +10472,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5408,27 +10482,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -5449,13 +10523,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -5464,7 +10538,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, uu____1); } @@ -5487,11 +10561,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5503,7 +10577,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5517,7 +10591,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5527,7 +10601,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -5555,14 +10629,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_54(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4(uu____0, uu____1); } @@ -5573,7 +10647,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( uu____0, uu____1); } @@ -5585,10 +10659,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b_s { +typedef struct tuple_9b0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; +} tuple_9b0; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -5597,8 +10671,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -5608,7 +10682,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5625,7 +10699,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5633,7 +10707,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_a1( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5649,14 +10723,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -5680,12 +10754,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5702,10 +10776,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5713,15 +10787,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5732,12 +10806,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5770,7 +10844,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } /** @@ -5780,14 +10854,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_af( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5809,7 +10883,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5828,7 +10902,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5845,7 +10919,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5853,7 +10927,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -5879,19 +10953,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -5910,7 +10984,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5939,7 +11013,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5972,7 +11046,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5982,13 +11056,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -5997,12 +11071,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + return libcrux_ml_kem_types_from_64_2c( + uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); } /** @@ -6018,18 +11092,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( uu____0); } @@ -6048,9 +11122,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_86( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -6068,10 +11142,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } } @@ -6086,7 +11160,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_75( +libcrux_ml_kem_polynomial_clone_d5_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6114,7 +11188,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6124,7 +11198,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6132,7 +11206,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b0(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6140,7 +11214,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_75(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_ea(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6152,13 +11226,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -6200,11 +11274,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_d4(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -6212,7 +11286,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b4( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( uu____0); } @@ -6227,18 +11301,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_8a(ciphertext), + libcrux_ml_kem_types_as_slice_a8_06(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -6246,7 +11320,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -6274,7 +11348,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_880( +static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6293,10 +11367,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6305,7 +11379,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6315,32 +11389,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_47(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72( + libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_47(ciphertext), + libcrux_ml_kem_types_as_ref_ba_88(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -6348,7 +11422,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t, Eurydice_slice), shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -6373,16 +11449,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_cb0(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_9f( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( private_key, ciphertext, ret); } @@ -6396,9 +11472,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); } /** @@ -6420,15 +11496,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6436,9 +11512,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_af( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6446,7 +11522,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6456,27 +11532,27 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_20(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; } /** @@ -6498,13 +11574,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -6513,7 +11589,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( uu____0, uu____1); } @@ -6525,9 +11601,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_02(); } /** @@ -6538,12 +11614,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -6556,7 +11632,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( ring_element); deserialized_pk[i0] = uu____0; } @@ -6573,16 +11649,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -6600,16 +11676,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -6619,6 +11695,16 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 92b3e6d06..432df7253 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_avx2_H @@ -20,2759 +20,98 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" #include "libcrux_sha3_portable.h" -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, - uint64_t c) { - return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( - Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( - Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); - lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); - } - } -} - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -typedef libcrux_sha3_generic_keccak_KeccakState_29 - libcrux_sha3_avx2_x4_incremental_KeccakState; +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)4U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 108f13034..44f2cfac1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 + * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 */ #ifndef __libcrux_sha3_portable_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -79,14 +80,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -198,7 +199,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +234,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -262,12 +263,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -277,7 +278,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -288,9 +289,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -304,8 +305,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -315,7 +316,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -326,9 +327,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -342,8 +343,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -353,7 +354,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -364,9 +365,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -380,8 +381,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -391,7 +392,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -402,9 +403,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -418,8 +419,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -429,9 +430,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -445,8 +446,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -456,7 +457,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -467,9 +468,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -483,8 +484,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -494,7 +495,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -505,9 +506,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -521,8 +522,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -532,7 +533,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -543,9 +544,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -559,8 +560,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -570,7 +571,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -581,9 +582,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -597,8 +598,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -608,7 +609,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -619,9 +620,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -635,8 +636,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -646,7 +647,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -657,9 +658,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -673,8 +674,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -684,7 +685,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -695,9 +696,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -711,8 +712,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -722,7 +723,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -733,9 +734,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -749,8 +750,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -760,7 +761,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -771,9 +772,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -787,8 +788,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -798,7 +799,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -809,9 +810,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -825,8 +826,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -836,7 +837,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -847,9 +848,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -863,8 +864,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -874,7 +875,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -885,9 +886,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -901,8 +902,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -912,7 +913,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -923,9 +924,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -939,8 +940,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -950,7 +951,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -961,9 +962,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -977,8 +978,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -988,7 +989,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -999,9 +1000,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1015,8 +1016,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1026,7 +1027,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1037,9 +1038,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1053,8 +1054,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1064,7 +1065,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1075,9 +1076,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1091,8 +1092,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1102,7 +1103,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1113,9 +1114,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1129,8 +1130,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1140,7 +1141,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1151,9 +1152,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1167,8 +1168,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1177,7 +1178,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1213,76 +1214,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1292,7 +1293,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1328,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1349,7 +1350,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1361,14 +1362,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1379,13 +1380,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1393,11 +1394,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -1409,12 +1410,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -1425,7 +1426,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1445,8 +1446,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1454,7 +1455,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1475,12 +1476,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1495,9 +1496,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -1508,10 +1509,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1536,9 +1537,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1548,9 +1549,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1560,10 +1561,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1573,11 +1574,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1601,10 +1602,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1615,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1626,12 +1627,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1639,7 +1640,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1657,12 +1658,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -1673,18 +1674,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } /** @@ -1692,7 +1693,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1721,12 +1722,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -1736,13 +1737,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1750,11 +1751,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1766,12 +1767,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1782,7 +1783,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1802,8 +1803,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1811,7 +1812,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1832,12 +1833,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1853,9 +1854,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -1866,10 +1867,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1894,9 +1895,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1906,9 +1907,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1918,10 +1919,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1931,11 +1932,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1959,10 +1960,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1973,7 +1974,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1984,12 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1997,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2015,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2031,18 +2032,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } /** @@ -2053,7 +2054,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2073,8 +2074,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2085,10 +2086,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2099,7 +2100,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2110,12 +2111,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2123,7 +2124,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2141,12 +2142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2157,293 +2158,3079 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__veor5q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); } -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); } -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_58( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vrax1q_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64( + uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); +} -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vbcaxq_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_and_not_xor_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__veorq_n_u64( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); } -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_constant_fa( + core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( + Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( + Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- RATE= 168 +- $2size_t */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_generic_keccak_new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); + lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa with const generics -- RATE= 168 +- BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 */ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_580( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- BLOCKSIZE= 168 +- LEFT= 36 +- RIGHT= 28 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c1( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_580(ab); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 +- LEFT= 36 +- RIGHT= 28 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_581( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- RATE= 168 +- LEFT= 3 +- RIGHT= 61 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c10( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_581(ab); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- BLOCKSIZE= 168 +- LEFT= 3 +- RIGHT= 61 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_582( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c11( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_582(ab); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa with const generics -- N= 1 -- RATE= 168 +- LEFT= 41 +- RIGHT= 23 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_583( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); } -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c12( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_583(ab); } -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); +} -typedef uint8_t libcrux_sha3_Algorithm; +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c13( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_58(ab); +} -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_584( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c14( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_585( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c15( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_586( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c16( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_587( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c17( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_588( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c18( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_589( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c19( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5810( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c110( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5811( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c111( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5812( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c112( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5813( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c113( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5814( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c114( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5815( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c115( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5816( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c116( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5817( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c117( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5818( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c118( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5819( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c119( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5820( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c120( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5821( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c121( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_rotate_left_5822( + core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64__vxarq_u64_c122( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return libcrux_sha3_simd_arm64_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( + core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_a0(s); + libcrux_sha3_generic_keccak_chi_b0(s); + libcrux_sha3_generic_keccak_iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, + ret); + libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_59(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_590(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_591(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_neon_keccakx2_6e1(buf0, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState_fc + libcrux_sha3_neon_x2_incremental_KeccakState; + +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); +} + +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + Eurydice_slice data1) { + Eurydice_slice buf[2U] = {data0, data1}; + libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); +} + +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); +} + +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; + +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_7a(); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_252(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_391(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); +} + +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); +} + +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 + +typedef uint8_t libcrux_sha3_Algorithm; + +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { case libcrux_sha3_Sha224: { uu____0 = (size_t)28U; break; @@ -2456,27 +5243,385 @@ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { uu____0 = (size_t)48U; break; } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + uint8_t uu____0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_392(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_392(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types uint64_t +with const generics +- N= 1 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_7a(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } - return uu____0; } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics - RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block +with const generics +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; core_result_Result_56 dst; @@ -2501,14 +5646,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -2516,27 +5661,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -2546,14 +5691,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -2561,10 +5706,10 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2578,24 +5723,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; + size_t uu____2 = (size_t)104U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, @@ -2612,14 +5757,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2632,12 +5777,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -2645,13 +5790,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2674,11 +5819,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2686,11 +5831,11 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2698,12 +5843,276 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_13(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types uint64_t +with const generics +- N= 1 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_7a(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t +with const generics +- N= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); +} + +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_391(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types uint64_t +with const generics +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } } /** @@ -2711,13 +6120,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 144 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2738,27 +6147,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 144 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -2766,20 +6175,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2792,17 +6201,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -2810,123 +6219,183 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 144 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); } +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block +A monomorphic instance of libcrux_sha3.simd.arm64.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_simd_arm64_load_block_3c2(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2936,81 +6405,121 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block +A monomorphic instance of libcrux_sha3.simd.arm64.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f2(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3026,57 +6535,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f2(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3093,51 +6602,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 104 +- N= 2 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, + ret); + libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3146,174 +6655,308 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); + } + } } -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_592(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); } -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } } -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); } -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_load_block_3c3(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa with const generics -- BLOCKSIZE= 168 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 6U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_3e(s); } /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full +A monomorphic instance of libcrux_sha3.simd.arm64.store_block with const generics -- RATE= 168 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_arm64_store_block_2f3(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ /** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa with const generics -- BLOCKSIZE= 168 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3328,19 +6971,58 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( } } +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + libcrux_sha3_simd_arm64_store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(s); + libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); +} + /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 +- N= 2 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_keccakf1600_3e(&s); + uint8_t b[2U][200U]; + libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)2U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -3357,51 +7039,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t +with types core_core_arch_arm_shared_neon_uint64x2_t with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 +- N= 2 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = + libcrux_sha3_generic_keccak_new_1e_12(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, + ret); + libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + libcrux_sha3_simd_arm64_slice_n_fa( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3413,78 +7095,43 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.portable.keccakx1 +A monomorphic instance of libcrux_sha3.neon.keccakx2 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 104 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); -} - -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( + Eurydice_slice data[2U], Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_593(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); } /** @@ -3495,7 +7142,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3503,62 +7150,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_251(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** @@ -3635,6 +7282,12 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } +typedef core_core_arch_arm_shared_neon_uint64x2_t + libcrux_sha3_simd_arm64_uint64x2_t; + +typedef libcrux_sha3_generic_keccak_KeccakState_fc + libcrux_sha3_neon_x2_incremental_KeccakState2Internal; + typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From 10326226c4f66959e1b3a0c9af84ba023915adce Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 20 Aug 2024 08:31:15 +0200 Subject: [PATCH 120/348] use latest hax/main, that includes hacspec/hax#856 --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3c0e1010a..7d17f54ba 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,7 +711,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "hax-lib-macros-types", "paste", @@ -724,7 +724,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#46df00505bae4cccc92adf8c5c5e80cee00cb294" +source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" dependencies = [ "proc-macro2", "quote", From 08bf8c917cc4dccc202f77ce20e12ac16e2b7bd8 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 13:09:01 +0000 Subject: [PATCH 121/348] refresh from amd server --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 229 +- .../c/internal/libcrux_mlkem_avx2.h | 26 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 42 +- libcrux-ml-kem/c/libcrux_core.c | 306 +- libcrux-ml-kem/c/libcrux_core.h | 120 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 38 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8582 ++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 530 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8712 +-------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 575 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2859 +++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 184 +- libcrux-ml-kem/c/libcrux_sha3.h | 16 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2539 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 740 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3568 +----- libcrux-ml-kem/c/libcrux_sha3_neon.h | 27 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 166 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 5965 +++++++++- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 9588 ++++------------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2741 ++++- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 5499 ++-------- 42 files changed, 26399 insertions(+), 26994 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index d54ca40b1..cb530ac49 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 -Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 253615d5f..2dfcbe7fb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( + uint8_t value[1568U]); /** This function found in impl @@ -83,12 +85,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -97,10 +99,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -109,10 +111,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -120,10 +122,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -132,18 +134,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -152,10 +154,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( + uint8_t value[1184U]); /** This function found in impl @@ -164,12 +166,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -178,10 +180,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +192,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -201,10 +203,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -213,18 +215,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -233,10 +235,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( + uint8_t value[800U]); /** This function found in impl @@ -245,12 +247,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -259,10 +261,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -271,10 +273,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -282,17 +284,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -323,7 +325,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -333,36 +335,95 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -387,10 +448,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e44ef6e5a..28e377d29 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( uint8_t randomness[64U]); /** @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c41( +void libcrux_ml_kem_ind_cca_decapsulate_201( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( uint8_t randomness[64U]); /** @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c40( +void libcrux_ml_kem_ind_cca_decapsulate_200( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c4( +void libcrux_ml_kem_ind_cca_decapsulate_20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index c480f371d..f2a37e1b8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_a01( +void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_a00( +void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_a0( +void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 6f37ca94f..78a4a2cb4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 983924def..d110706a9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __internal_libcrux_sha3_internal_H @@ -26,14 +26,14 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -44,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } #define libcrux_sha3_Sha224 0 @@ -134,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index a24172405..605062f34 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "internal/libcrux_core.h" @@ -85,14 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_571( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -103,13 +103,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -119,14 +120,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e01( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -137,14 +138,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_201( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -154,10 +155,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -168,22 +169,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d1( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -191,7 +192,7 @@ void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -201,14 +202,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_570( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -219,14 +220,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -236,14 +237,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e00( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -254,14 +255,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_200( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -271,10 +272,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -285,22 +286,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d0( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -308,7 +309,7 @@ void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -318,14 +319,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_57( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -336,14 +337,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -353,14 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e0( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -371,14 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_20( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -388,10 +388,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -400,7 +400,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -458,22 +458,22 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_2d( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -481,7 +481,7 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -489,7 +489,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -502,6 +502,66 @@ void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 36f322946..b169a72c5 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index a19337f1b..55cdf6e81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index a230fa8ed..fbde59b63 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,18 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_69( +static void decapsulate_96( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_200(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_69(private_key, ciphertext, ret); + decapsulate_96(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_18( +static void decapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_230(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_18(private_key, ciphertext, ret); + decapsulate_unpacked_72(private_key, ciphertext, ret); } /** @@ -102,7 +102,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_c4( +static tuple_21 encapsulate_70( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c4(uu____0, uu____1); + return encapsulate_70(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_f1( +static tuple_21 encapsulate_unpacked_27( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c0(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f1(uu____0, uu____1); + return encapsulate_unpacked_27(uu____0, uu____1); } /** @@ -170,7 +170,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b7( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -181,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b7(uu____0); + return generate_keypair_ff(uu____0); } /** @@ -197,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_24(uint8_t randomness[64U]) { +generate_keypair_unpacked_d2(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f0(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 @@ -208,7 +208,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_24(uu____0); + return generate_keypair_unpacked_d2(uu____0); } /** @@ -219,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e00(uint8_t *public_key) { +static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e00(public_key.value)) { + if (validate_public_key_a30(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 46115ce9d..eaa977785 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 201cf1e6c..38d29afa1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_03( +static void decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a01(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e31(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_03(private_key, ciphertext, ret); + decapsulate_e5(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_fe( +static void decapsulate_unpacked_6e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fe(private_key, ciphertext, ret); + decapsulate_unpacked_6e(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_52( +static tuple_21 encapsulate_da( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_52(uu____0, uu____1); + return encapsulate_da(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_70( +static tuple_21 encapsulate_unpacked_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_70(uu____0, uu____1); + return encapsulate_unpacked_c8(uu____0, uu____1); } /** @@ -171,18 +171,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(uu____0); + return generate_keypair_0e(uu____0); } /** @@ -198,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_c3(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -209,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c3(uu____0); + return generate_keypair_unpacked_5a(uu____0); } /** @@ -220,14 +220,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_e11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2a1(public_key.value)) { + if (validate_public_key_e11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index deb259ece..da63b3e1e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a766a23ce..e8b65f32f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index c9b430e4e..4332da098 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem512_avx2.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_42(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_9f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_20(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_42(private_key, ciphertext, ret); + decapsulate_9f(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4b( +static void decapsulate_unpacked_a6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_23(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4b(private_key, ciphertext, ret); + decapsulate_unpacked_a6(private_key, ciphertext, ret); } /** @@ -98,7 +98,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_00( +static tuple_ec encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_00(uu____0, uu____1); + return encapsulate_8e(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_62( +static tuple_ec encapsulate_unpacked_ae( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_62(uu____0, uu____1); + return encapsulate_unpacked_ae(uu____0, uu____1); } /** @@ -166,7 +166,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9a( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b1( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -177,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9a(uu____0); + return generate_keypair_b1(uu____0); } /** @@ -193,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_df(uint8_t randomness[64U]) { +generate_keypair_unpacked_ad(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_df(uu____0); + return generate_keypair_unpacked_ad(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e0(uint8_t *public_key) { +static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e0(public_key.value)) { + if (validate_public_key_a3(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 9623db789..7138d4add 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 96f88f71f..fe1e4e668 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_4a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a00(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e30(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_80(private_key, ciphertext, ret); + decapsulate_4a(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_ff( +static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ff(private_key, ciphertext, ret); + decapsulate_unpacked_d4(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_69( +static tuple_ec encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_69(uu____0, uu____1); + return encapsulate_7d(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ed( +static tuple_ec encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ed(uu____0, uu____1); + return encapsulate_unpacked_84(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(uu____0); + return generate_keypair_df(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_aa(uint8_t randomness[64U]) { +generate_keypair_unpacked_bc(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_aa(uu____0); + return generate_keypair_unpacked_bc(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_e10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2a0(public_key.value)) { + if (validate_public_key_e10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 825e036d9..c7a16b3f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 2ac469e6e..fb6d7275c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 659c863ae..7ec20abe6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem768_avx2.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_1e( +static void decapsulate_3f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_201(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_1e(private_key, ciphertext, ret); + decapsulate_3f(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d5( +static void decapsulate_unpacked_e5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_231(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d5(private_key, ciphertext, ret); + decapsulate_unpacked_e5(private_key, ciphertext, ret); } /** @@ -98,7 +98,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_d0( +static tuple_3c encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d0(uu____0, uu____1); + return encapsulate_ec(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1f( +static tuple_3c encapsulate_unpacked_2b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6c1(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1f(uu____0, uu____1); + return encapsulate_unpacked_2b(uu____0, uu____1); } /** @@ -166,7 +166,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c2( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -177,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_4e(uu____0); + return generate_keypair_c2(uu____0); } /** @@ -193,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_94(uint8_t randomness[64U]) { +generate_keypair_unpacked_51(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7f1(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_94(uu____0); + return generate_keypair_unpacked_51(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e01(uint8_t *public_key) { +static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e01(public_key.value)) { + if (validate_public_key_a31(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 3feac85db..edc9d8b97 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 532179755ebf8a52897604eaa5ce673b354c2c59 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 3cb9bd2bc..7595346ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_d6( +static void decapsulate_39( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e3(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d6(private_key, ciphertext, ret); + decapsulate_39(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_64( +static void decapsulate_unpacked_6b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_64(private_key, ciphertext, ret); + decapsulate_unpacked_6b(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ba( +static tuple_3c encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ba(uu____0, uu____1); + return encapsulate_4f(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_99( +static tuple_3c encapsulate_unpacked_08( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_99(uu____0, uu____1); + return encapsulate_unpacked_08(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(uu____0); + return generate_keypair_ff(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_69(uint8_t randomness[64U]) { +generate_keypair_unpacked_8b(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_69(uu____0); + return generate_keypair_unpacked_8b(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2a(public_key.value)) { + if (validate_public_key_e1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index da2b0fc35..f51a6740f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b7cac78d0..e66d6e928 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,11 +7,15 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +34,8575 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_a8(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +static core_core_arch_x86___m256i shift_right_ea_aa( + core_core_arch_x86___m256i vector) { + return shift_right_a8(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static core_core_arch_x86___m256i to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_ea_aa(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_ae1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_5d4( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_6b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_1b1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca1(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_470(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c1(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_971( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_42(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_6c1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_451( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_75( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_451(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_75(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_d01( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_751( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_e11(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_751( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_571( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + invert_ntt_montgomery_571(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i decompress_1_91( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_711( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_00(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i compress_ea_d4( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_00(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_d4(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_000(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i compress_ea_d40( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_000(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_841( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_001(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i compress_ea_d41( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_001(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_d41(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_002(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i compress_ea_d42( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_002(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + compress_ea_d42(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_841( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_f50(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_121(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_5d3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_121( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f50(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_e51(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e9(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e9(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_f2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e90(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e90(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_cb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d0(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_52(Eurydice_slice serialized) { + return deserialize_then_decompress_10_f2(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_4b( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_52(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_4b(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e91(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d1( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e91(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_5e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d1(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_e92(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d2( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_e92(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_43(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_ea_5d2(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_29(Eurydice_slice serialized) { + return deserialize_then_decompress_4_5e(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_89_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_751( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = subtract_reduce_89_fe(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_07( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_a4(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_251( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_29( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_751(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_07(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_251(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_051( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_c7(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_841(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_051(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_251(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_201( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_841(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_e51( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e51(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_ae0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_5d2( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_6b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_1b0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca0(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_970( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_6c0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_450( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_450(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_75(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_d00( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_750( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_e10(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_750( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_570( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + invert_ntt_montgomery_570(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_710( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_ea_d40(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_d10(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_b20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_35(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_840( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_390( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_f51(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_120(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_5d1( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_120( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f51(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_e50(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_520(Eurydice_slice serialized) { + return deserialize_then_decompress_11_cb(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_4b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_520(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_4b0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_290(Eurydice_slice serialized) { + return deserialize_then_decompress_5_43(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_750( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = subtract_reduce_89_fe(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_250( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_290( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_750(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_07(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_250(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_050( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_c7(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_840(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_050(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_250(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_200( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_840(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_e50( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e50(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_6b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_47(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_43(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_47(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_45(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_75(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + invert_ntt_montgomery_57(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_12(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_12( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_e5(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_52(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_4b(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_75( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = subtract_reduce_89_fe(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_25( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_29( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_07(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_25(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_05( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_c7(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_84(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_05(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_25(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_20( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_84(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_e5( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_e5(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 36b278db1..e669d55c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,530 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index e3c234634..7dd1bf4f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -7,14 +7,11 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -33,8706 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_2c(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_72( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_2c(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_72(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_701( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_5d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_a64( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_701( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_b71(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( - Simd128Hash *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_7d1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_27(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c0(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_951( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_ff1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_661( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_661(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_ec(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_701( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_701(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d81( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_161(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d81( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_e01(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c1( - uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c3(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_621( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - invert_ntt_montgomery_621(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_23(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_69(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_69(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_69(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_69(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_69(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_22( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_ca0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_22(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_690(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d0(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_690(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_690(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_690(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_690(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_220( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_ca0(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_691(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d1(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_691(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_691(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_691(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_691(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_221( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_221(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_692(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_5d2(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_692(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_692(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_692(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_692(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_222( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_5d2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_222(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_541( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d71( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_ef1(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_a63( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_021(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_ef1( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_201(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_021(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b7(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b7(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b7(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b7(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b7(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_60( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_13(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_60(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b70(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b70(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b70(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b70(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b70(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_600( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_cd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_600(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_da0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_13(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7e1( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_da0(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_700(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b71(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b71(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b71(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b71(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b71(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_601( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_bf(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_601(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_b72(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_3e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_b72(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_b72(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_b72(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_b72(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_602( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_3e2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_46(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_602(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_7b0(Eurydice_slice serialized) { - return deserialize_then_decompress_4_bf(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_89_b3(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_441( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = subtract_reduce_89_b3(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_571( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_7e1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_7b0( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_441(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a0(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_571(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_b71( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_e9(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_9b1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_b71(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_571(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_5b1( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_9b1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_021( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_021(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_5d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_a62( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_b70(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( - Simd128Hash *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_7d0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_950( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_ff0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_660( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_660(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_ec(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_700( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d80( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_160(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d80( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_620( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - invert_ntt_montgomery_620(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_540( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d70( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_ef0(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_a61( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_020(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_ef0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_020(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7e0( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_da0(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_700(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_440( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = subtract_reduce_89_b3(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_570( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_7e0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_7b0( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_440(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a0(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_570(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_b70( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_e9(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_9b0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_b70(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_570(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_5b0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_9b0(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_020( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_020(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_b7(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( - Simd128Hash *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_7d(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_66( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_66(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_ec(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_e00(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c0( - uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - invert_ntt_montgomery_62(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_220(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_55(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_84(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_2b(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d7( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_ef(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_02(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_ef( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_200(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_02(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_da(Eurydice_slice serialized) { - return deserialize_then_decompress_11_cd(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7e( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_da(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_70(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_7b(Eurydice_slice serialized) { - return deserialize_then_decompress_5_46(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_44( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = subtract_reduce_89_b3(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_57( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_7e(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_7b( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_44(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_a0(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_57(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_b7( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_e9(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_9b(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_b7(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_57(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_5b( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_9b(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_02( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_02(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 39cdcd9d7..d224d23d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,576 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 66a522c1e..b3596a256 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,407 +68,20 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -476,8 +89,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } KRML_MUSTINLINE uint8_t_x11 @@ -676,6 +289,28 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -715,6 +350,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1320,68 +1486,311 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1470,6 +1879,112 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -1718,7 +2233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1746,8 +2261,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1772,12 +2287,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1789,7 +2304,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1803,7 +2318,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1822,8 +2337,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1833,10 +2348,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_af( +to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1849,14 +2364,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re->coefficients[i0]); + to_unsigned_representative_78(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1877,7 +2392,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_e81( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -1896,7 +2411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -1913,7 +2428,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_9a1( +static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -1921,7 +2436,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a1( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_e81(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -1942,15 +2457,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_524( + deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -1981,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -1992,10 +2507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2014,7 +2529,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_411(uint8_t input[4U][34U]) { +shake128_init_absorb_final_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2044,10 +2559,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_411(uu____0); + return shake128_init_absorb_final_751(uu____0); } /** @@ -2056,7 +2571,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2078,9 +2593,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_541(self, ret); + shake128_squeeze_first_three_blocks_101(self, ret); } /** @@ -2090,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2129,7 +2644,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_881( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2150,9 +2665,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_881(self, ret); + shake128_squeeze_next_block_ed1(self, ret); } /** @@ -2162,7 +2677,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2206,8 +2721,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); +from_i16_array_89_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2228,9 +2743,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2241,29 +2756,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( + bool done = sample_from_uniform_distribution_next_053( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_681(&xof_state, randomness); + shake128_squeeze_next_block_f1_c11(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( + done = sample_from_uniform_distribution_next_054( uu____2, sampled_coefficients, out); } } @@ -2271,7 +2786,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_991(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2284,12 +2799,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2302,7 +2817,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_2b1(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2341,7 +2856,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2363,9 +2878,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } /** @@ -2375,7 +2890,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2411,7 +2926,7 @@ sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2422,7 +2937,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2457,7 +2972,7 @@ sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2468,8 +2983,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c8(randomness); +sample_from_binomial_distribution_66(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_20(randomness); } /** @@ -2478,7 +2993,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_1c( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2507,7 +3022,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_29( +montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2521,12 +3036,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_29(b, zeta_r); + montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2540,7 +3055,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2553,7 +3068,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2570,7 +3085,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c1( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2588,7 +3103,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_46( +static KRML_MUSTINLINE void ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2608,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c9( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2636,7 +3151,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2654,17 +3169,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_1c(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -2676,11 +3191,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -2691,14 +3206,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -2722,9 +3237,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2757,7 +3272,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e1( +static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -2784,7 +3299,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a1( +to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2800,14 +3315,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -2822,14 +3337,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a51( +static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2852,10 +3367,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -2871,10 +3386,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a91( +static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2882,14 +3397,14 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2900,10 +3415,10 @@ static tuple_540 generate_keypair_unpacked_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -2952,10 +3467,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_011( +static void closure_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2968,7 +3483,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_22( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -2990,7 +3505,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3009,7 +3524,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3019,18 +3534,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_011(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_9d1(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_22(&ind_cpa_public_key.A[j][i1]); + clone_d5_1e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3040,13 +3555,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_281( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3086,18 +3601,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1(pk.t_as_ntt, + serialize_public_key_801(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3115,7 +3630,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6b( +static KRML_MUSTINLINE void serialize_kem_secret_key_f2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3144,7 +3659,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); + H_f1_2e1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3177,7 +3692,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3187,13 +3702,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e81(ind_cpa_keypair_randomness); + generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6b( + serialize_kem_secret_key_f2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3202,12 +3717,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_e00(uu____1); + libcrux_ml_kem_types_from_e7_a71(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c0( - uu____2, libcrux_ml_kem_types_from_07_570(uu____3)); + return libcrux_ml_kem_types_from_64_c91( + uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); } /** @@ -3220,10 +3735,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3234,11 +3749,11 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -3258,7 +3773,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3276,9 +3791,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3287,7 +3802,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3311,7 +3826,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3331,7 +3846,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3351,7 +3866,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3359,7 +3874,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3371,7 +3886,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3386,7 +3901,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3403,18 +3918,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d41( +static KRML_MUSTINLINE void invert_ntt_montgomery_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -3427,7 +3942,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_b9( +static KRML_MUSTINLINE void add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3451,14 +3966,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_571( +static KRML_MUSTINLINE void compute_vector_u_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3480,11 +3995,11 @@ static KRML_MUSTINLINE void compute_vector_u_571( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_d41(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_861(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3498,7 +4013,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3512,8 +4027,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3523,7 +4038,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e9(coefficient_compressed); + decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3539,7 +4054,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_11( +add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3569,18 +4084,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c81( +compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -3590,7 +4105,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3611,9 +4126,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3622,7 +4137,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3644,8 +4159,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -3654,14 +4169,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_2d0( +static KRML_MUSTINLINE void compress_then_serialize_11_e10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3682,10 +4197,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_2d0(re, uu____0); + compress_then_serialize_11_e10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -3698,7 +4213,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_251( +static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3716,7 +4231,7 @@ static void compress_then_serialize_u_251( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d80(&re, ret); + compress_then_serialize_ring_element_u_2f0(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -3730,7 +4245,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3752,8 +4267,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -3762,14 +4277,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_09( +static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3787,7 +4302,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3809,8 +4324,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -3819,14 +4334,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_b9( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3845,9 +4360,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_b9(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -3868,14 +4383,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_651( +static void encrypt_unpacked_6c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -3883,7 +4398,7 @@ static void encrypt_unpacked_651( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -3891,32 +4406,32 @@ static void encrypt_unpacked_651( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( + PRF_f1_044( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_251( + compress_then_serialize_u_241( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d60( + compress_then_serialize_ring_element_v_310( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -3942,11 +4457,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -3958,7 +4473,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -3972,7 +4487,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -3981,7 +4496,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a11( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_200(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4000,7 +4515,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_46(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_3d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -4015,12 +4530,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4032,7 +4547,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4058,10 +4573,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_523( + deserialize_ring_elements_reduced_723( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4069,8 +4584,8 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4100,7 +4615,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4115,7 +4630,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -4142,15 +4657,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_46( + entropy_preprocess_af_3d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4158,8 +4673,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4167,7 +4682,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4177,18 +4692,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_1f0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_200(uu____4); + libcrux_ml_kem_types_from_15_f51(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_ab(shared_secret, shared_secret_array); + kdf_af_ef(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4205,7 +4720,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4230,9 +4745,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4242,8 +4757,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_26(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_10_fc(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4255,7 +4770,7 @@ deserialize_then_decompress_10_26(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4268,7 +4783,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4293,9 +4808,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4305,8 +4820,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_29(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_11_ba(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4318,7 +4833,7 @@ deserialize_then_decompress_11_29(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4331,8 +4846,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_380(Eurydice_slice serialized) { - return deserialize_then_decompress_11_29(serialized); +deserialize_then_decompress_ring_element_u_980(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ba(serialized); } /** @@ -4341,17 +4856,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_820( +static KRML_MUSTINLINE void ntt_vector_u_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -4362,12 +4877,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_ec1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4387,9 +4902,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ec1( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_380(u_bytes); + deserialize_then_decompress_ring_element_u_980(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_820(&u_as_ntt[i0]); + ntt_vector_u_7a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4403,7 +4918,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4428,9 +4943,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4440,8 +4955,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_51(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_4_8f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4452,7 +4967,7 @@ deserialize_then_decompress_4_51(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4465,7 +4980,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4490,9 +5005,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4502,8 +5017,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_bc(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_5_04(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4516,7 +5031,7 @@ deserialize_then_decompress_5_bc(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4529,8 +5044,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_bc(serialized); +deserialize_then_decompress_ring_element_v_df0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_04(serialized); } /** @@ -4544,7 +5059,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_52(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_70(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4569,17 +5084,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ac1( +compute_message_ff1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = subtract_reduce_89_52(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = subtract_reduce_89_70(v, result); return result; } @@ -4589,13 +5104,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_72( +static KRML_MUSTINLINE void compress_then_serialize_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re.coefficients[i0]); + to_unsigned_representative_78(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -4621,20 +5136,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e51( +static void decrypt_unpacked_5d1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_ec1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_af1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0b0( + deserialize_then_decompress_ring_element_v_df0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ac1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ff1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_72(message, ret0); + compress_then_serialize_message_c1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4643,7 +5158,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -4661,8 +5176,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -4687,15 +5202,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e51(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5d1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4707,7 +5222,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4717,7 +5232,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -4726,9 +5241,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -4736,10 +5251,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f51( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4758,8 +5273,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -4781,12 +5296,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_491( +static KRML_MUSTINLINE void deserialize_secret_key_591( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4798,7 +5313,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_491( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4816,10 +5331,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_5d1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_671(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_491(secret_key, secret_as_ntt); + deserialize_secret_key_591(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -4830,7 +5345,7 @@ static void decrypt_5d1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e51(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5d1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4856,7 +5371,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_a01( +void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4876,9 +5391,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a01( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_5d1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_671(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -4887,7 +5402,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a01( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -4897,31 +5412,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a01( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab( + kdf_af_ef( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_ab(shared_secret0, shared_secret1); + kdf_af_ef(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_711(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -4941,12 +5456,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4958,7 +5473,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4973,7 +5488,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_e80( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -4992,7 +5507,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5009,14 +5524,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_9a0( +static KRML_MUSTINLINE void serialize_public_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_e80(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5037,15 +5552,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_522( + deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5062,10 +5577,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5076,7 +5591,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5087,10 +5602,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5109,7 +5624,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_410(uint8_t input[2U][34U]) { +shake128_init_absorb_final_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5139,10 +5654,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_410(uu____0); + return shake128_init_absorb_final_750(uu____0); } /** @@ -5151,7 +5666,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5173,9 +5688,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_540(self, ret); + shake128_squeeze_first_three_blocks_100(self, ret); } /** @@ -5185,7 +5700,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5224,7 +5739,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_880( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5245,9 +5760,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_880(self, ret); + shake128_squeeze_next_block_ed0(self, ret); } /** @@ -5257,7 +5772,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5297,9 +5812,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5310,29 +5825,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( + bool done = sample_from_uniform_distribution_next_051( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_680(&xof_state, randomness); + shake128_squeeze_next_block_f1_c10(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( + done = sample_from_uniform_distribution_next_052( uu____2, sampled_coefficients, out); } } @@ -5340,7 +5855,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_990(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5353,12 +5868,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -5371,7 +5886,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_2b0(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5399,10 +5914,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5410,7 +5925,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5432,9 +5947,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -5444,8 +5959,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b8(randomness); +sample_from_binomial_distribution_660(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_85(randomness); } /** @@ -5457,11 +5972,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5472,19 +5987,19 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e30(Eurydice_array_to_slice( + sample_from_binomial_distribution_660(Eurydice_array_to_slice( (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5502,7 +6017,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e0( +static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -5528,14 +6043,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a50( +static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5558,10 +6073,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -5577,10 +6092,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_a90( +static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5588,14 +6103,14 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5606,10 +6121,10 @@ static tuple_4c generate_keypair_unpacked_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -5641,7 +6156,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -5658,10 +6173,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_010( +static void closure_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5673,7 +6188,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5692,7 +6207,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5702,18 +6217,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_010(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_9d0(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_22(&ind_cpa_public_key.A[j][i1]); + clone_d5_1e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -5723,13 +6238,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_280( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -5769,18 +6284,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0(pk.t_as_ntt, + serialize_public_key_800(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -5798,7 +6313,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b4( +static KRML_MUSTINLINE void serialize_kem_secret_key_41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -5827,7 +6342,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); + H_f1_2e0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -5860,7 +6375,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5870,13 +6385,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e80(ind_cpa_keypair_randomness); + generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b4( + serialize_kem_secret_key_41( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -5885,12 +6400,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_e01(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c1( - uu____2, libcrux_ml_kem_types_from_07_571(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -5899,7 +6414,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5921,9 +6436,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -5935,11 +6450,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -5950,18 +6465,18 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5979,9 +6494,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -5990,18 +6505,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d40( +static KRML_MUSTINLINE void invert_ntt_montgomery_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -6010,14 +6525,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_570( +static KRML_MUSTINLINE void compute_vector_u_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6039,11 +6554,11 @@ static KRML_MUSTINLINE void compute_vector_u_570( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_d40(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_860(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6057,18 +6572,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c80( +compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -6078,14 +6593,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_54( +static KRML_MUSTINLINE void compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6106,10 +6621,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_54(re, uu____0); + compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6122,7 +6637,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_250( +static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6140,7 +6655,7 @@ static void compress_then_serialize_u_250( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6155,9 +6670,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_09(re, out); + compress_then_serialize_4_e5(re, out); } /** @@ -6178,14 +6693,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_650( +static void encrypt_unpacked_6c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6193,7 +6708,7 @@ static void encrypt_unpacked_650( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); + tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6201,31 +6716,31 @@ static void encrypt_unpacked_650( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( + PRF_f1_042( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_250( + compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6251,11 +6766,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6267,7 +6782,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6281,7 +6796,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6290,7 +6805,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a10( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_201(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6309,7 +6824,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_f4(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -6324,12 +6839,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6341,7 +6856,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6367,10 +6882,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_521( + deserialize_ring_elements_reduced_721( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6378,8 +6893,8 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -6409,7 +6924,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6424,7 +6939,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_d3(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_f5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -6451,15 +6966,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4f( + entropy_preprocess_af_f4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -6467,8 +6982,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6476,7 +6991,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6486,18 +7001,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_1f1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_201(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_d3(shared_secret, shared_secret_array); + kdf_af_f5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6514,8 +7029,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_38(Eurydice_slice serialized) { - return deserialize_then_decompress_10_26(serialized); +deserialize_then_decompress_ring_element_u_98(Eurydice_slice serialized) { + return deserialize_then_decompress_10_fc(serialized); } /** @@ -6524,17 +7039,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_82( +static KRML_MUSTINLINE void ntt_vector_u_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -6545,12 +7060,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_ec0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -6570,9 +7085,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ec0( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_38(u_bytes); + deserialize_then_decompress_ring_element_u_98(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_82(&u_as_ntt[i0]); + ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6586,8 +7101,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_51(serialized); +deserialize_then_decompress_ring_element_v_df(Eurydice_slice serialized) { + return deserialize_then_decompress_4_8f(serialized); } /** @@ -6597,17 +7112,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ac0( +compute_message_ff0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = subtract_reduce_89_52(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = subtract_reduce_89_70(v, result); return result; } @@ -6621,20 +7136,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e50( +static void decrypt_unpacked_5d0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_ec0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_af0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0b( + deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ac0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ff0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_72(message, ret0); + compress_then_serialize_message_c1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6648,8 +7163,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -6674,14 +7189,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e50(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5d0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6693,7 +7208,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6703,7 +7218,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -6712,9 +7227,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -6722,10 +7237,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f50( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6743,12 +7258,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_490( +static KRML_MUSTINLINE void deserialize_secret_key_590( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6760,7 +7275,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_490( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6778,10 +7293,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_5d0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_670(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_490(secret_key, secret_as_ntt); + deserialize_secret_key_590(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -6792,7 +7307,7 @@ static void decrypt_5d0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e50(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5d0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6818,7 +7333,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_a00( +void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6837,9 +7352,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a00( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_5d0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_670(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -6848,7 +7363,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a00( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -6858,31 +7373,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a00( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_d3( + kdf_af_f5( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_d3(shared_secret0, shared_secret1); + kdf_af_f5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_71(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -6902,12 +7417,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6919,7 +7434,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6934,7 +7449,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_e8( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6953,7 +7468,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -6970,7 +7485,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_9a( +static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -6978,7 +7493,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_e8(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -6999,15 +7514,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_520( + deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7038,7 +7553,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7049,10 +7564,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7071,7 +7586,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_41(uint8_t input[3U][34U]) { +shake128_init_absorb_final_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7101,10 +7616,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_41(uu____0); + return shake128_init_absorb_final_75(uu____0); } /** @@ -7113,7 +7628,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7135,9 +7650,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_54(self, ret); + shake128_squeeze_first_three_blocks_10(self, ret); } /** @@ -7147,7 +7662,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7186,7 +7701,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_88( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7207,9 +7722,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_88(self, ret); + shake128_squeeze_next_block_ed(self, ret); } /** @@ -7219,7 +7734,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7259,9 +7774,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -7272,29 +7787,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( + bool done = sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_68(&xof_state, randomness); + shake128_squeeze_next_block_f1_c1(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( + done = sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -7302,7 +7817,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_99(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7315,12 +7830,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -7333,7 +7848,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7372,7 +7887,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -7394,9 +7909,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -7408,11 +7923,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7423,14 +7938,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7453,7 +7968,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e( +static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7479,14 +7994,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a5( +static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7509,10 +8024,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -7528,10 +8043,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a9( +static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7539,14 +8054,14 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7557,10 +8072,10 @@ static tuple_9b generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -7609,10 +8124,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_01( +static void closure_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7624,7 +8139,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7643,7 +8158,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7653,18 +8168,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_01(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_9d(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_22(&ind_cpa_public_key.A[j][i1]); + clone_d5_1e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -7674,13 +8189,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_28( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -7720,18 +8235,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a(pk.t_as_ntt, + serialize_public_key_80(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -7749,7 +8264,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_97( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7778,7 +8293,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); + H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -7811,7 +8326,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7821,13 +8336,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e8(ind_cpa_keypair_randomness); + generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_97( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -7836,12 +8351,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_from_e7_a70(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); + return libcrux_ml_kem_types_from_64_c90( + uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); } /** @@ -7854,10 +8369,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -7868,11 +8383,11 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -7897,9 +8412,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -7908,18 +8423,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -7928,14 +8443,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_57( +static KRML_MUSTINLINE void compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7957,11 +8472,11 @@ static KRML_MUSTINLINE void compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_d4(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_86(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7975,18 +8490,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c8( +compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -7999,7 +8514,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_25( +static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8017,7 +8532,7 @@ static void compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8043,14 +8558,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_65( +static void encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8058,7 +8573,7 @@ static void encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8066,31 +8581,31 @@ static void encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( + PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_25( + compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8116,11 +8631,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8132,7 +8647,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8146,7 +8661,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8155,7 +8670,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a1( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8174,7 +8689,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_39(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_56(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -8189,12 +8704,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8206,7 +8721,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8232,10 +8747,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_52( + deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8243,8 +8758,8 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -8274,7 +8789,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8289,7 +8804,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_27(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -8316,15 +8831,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_39( + entropy_preprocess_af_56( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -8332,8 +8847,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8341,7 +8856,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8351,18 +8866,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f50(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_6d(shared_secret, shared_secret_array); + kdf_af_27(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8380,12 +8895,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_ec( +static KRML_MUSTINLINE void deserialize_then_decompress_u_af( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -8405,9 +8920,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_ec( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_38(u_bytes); + deserialize_then_decompress_ring_element_u_98(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_82(&u_as_ntt[i0]); + ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8421,17 +8936,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ac( +compute_message_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = subtract_reduce_89_52(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = subtract_reduce_89_70(v, result); return result; } @@ -8445,20 +8960,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e5( +static void decrypt_unpacked_5d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_ec(ciphertext, u_as_ntt); + deserialize_then_decompress_u_af(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0b( + deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ac(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_ff(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_72(message, ret0); + compress_then_serialize_message_c1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8472,8 +8987,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -8498,14 +9013,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e5(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_5d(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -8517,7 +9032,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -8527,7 +9042,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -8536,9 +9051,9 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -8546,10 +9061,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f5( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8567,12 +9082,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_49( +static KRML_MUSTINLINE void deserialize_secret_key_59( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8584,7 +9099,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_49( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f5(secret_bytes); + deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8602,10 +9117,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_5d(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_67(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_49(secret_key, secret_as_ntt); + deserialize_secret_key_59(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8616,7 +9131,7 @@ static void decrypt_5d(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_5d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8642,7 +9157,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_a0( +void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8661,9 +9176,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_5d(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_67(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -8672,7 +9187,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_a0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -8682,31 +9197,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_a0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6d( + kdf_af_27( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_6d(shared_secret0, shared_secret1); + kdf_af_27(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_2d(ciphertext), + libcrux_ml_kem_types_as_ref_ba_710(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index add9d4b95..fb4bb6956 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -477,6 +419,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -492,6 +483,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 0adf52479..8330670f7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_H @@ -26,35 +26,35 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, @@ -113,7 +113,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 454d3c0cf..74008b788 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,85 +7,2530 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} + +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); +} + +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index f031b706b..8c1635b0b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_avx2_H @@ -20,46 +20,53 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - -libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index cd1f05dbb..f39b36172 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -198,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -258,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -274,12 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -289,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -316,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -327,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -354,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -365,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -392,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -403,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -430,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -441,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -457,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -468,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -495,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -506,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -533,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -544,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -571,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -582,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -609,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -620,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -647,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -658,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -685,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -696,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -723,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -734,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -761,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -772,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -799,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -810,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -837,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -848,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -875,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -886,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -913,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -924,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -951,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -989,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1000,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1027,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1038,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1065,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1076,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1103,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1114,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1141,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1152,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1179,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1189,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1225,76 +1225,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1389,7 +1389,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1408,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1417,7 +1417,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1442,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1454,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1466,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1477,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1502,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1518,12 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1534,7 +1534,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1553,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1562,7 +1562,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1587,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1599,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1611,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1626,12 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -1641,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1655,12 +1655,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1676,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1689,10 +1689,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1715,11 +1715,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1743,10 +1743,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1757,7 +1757,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1768,12 +1768,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1815,11 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); } /** @@ -1827,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1856,12 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** @@ -1871,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1885,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1901,12 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1936,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1945,7 +1945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,12 +1966,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1987,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -2000,10 +2000,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2028,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2040,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2052,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2065,11 +2065,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2093,10 +2093,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2107,7 +2107,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2118,12 +2118,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2165,11 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); } /** @@ -2177,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2206,12 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -2221,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2235,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2251,12 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -2267,7 +2267,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2286,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2295,7 +2295,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2316,12 +2316,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2337,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2350,10 +2350,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2378,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2390,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2402,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2415,11 +2415,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2443,10 +2443,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2457,7 +2457,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2468,12 +2468,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2515,11 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } /** @@ -2531,12 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -2546,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2560,12 +2560,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2581,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2594,10 +2594,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2620,11 +2620,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2648,10 +2648,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2662,7 +2662,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2673,12 +2673,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2720,11 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } /** @@ -2735,7 +2735,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2754,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2766,10 +2766,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2791,12 +2791,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2838,11 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } /** @@ -2850,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2879,12 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** @@ -2894,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2908,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2924,12 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** @@ -2940,7 +2940,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2959,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2968,7 +2968,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,12 +2989,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -3009,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3022,10 +3022,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3050,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3062,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3074,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3087,11 +3087,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3115,10 +3115,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3129,7 +3129,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3140,12 +3140,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3187,11 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 3130b58fc..460d5a51f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,3560 +7,76 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); -} - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6a5424103..a3fd0fbba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_neon_H @@ -20,19 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); @@ -40,19 +29,23 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState_fc +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index d54ca40b1..cb530ac49 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 -Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 +F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 +Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index e43445be6..4e1e51db7 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_core_H @@ -53,6 +53,8 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x0, uint8_t x1); #define LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE ((size_t)32U) @@ -76,6 +78,118 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_6f_tags; + +/** +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_1c(core_result_Result_6f self, + uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_34(core_result_Result_7a self, + uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_6f_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +static inline void core_result_unwrap_41_e8(core_result_Result_cd self, + uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -107,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_06( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_63( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -122,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_57(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -155,7 +269,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_2c(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -171,7 +285,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_e0(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -200,7 +314,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_20(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; @@ -216,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_1f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -226,7 +340,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -239,18 +353,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_972( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_00_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -283,7 +392,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_971( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -305,7 +414,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_88( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_9f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -316,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_970( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -334,7 +443,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -347,23 +456,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_97( memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t - -*/ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; - /** A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; @@ -391,18 +490,13 @@ static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, } } -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; - /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; + core_result_Result_6f_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 5303fbfc1..5af8da87c 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index e67555cd5..f078580e7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_avx2_H @@ -20,6 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_ct_ops.h" +#include "libcrux_mlkem768_portable.h" #include "libcrux_sha3_avx2.h" #include "libcrux_sha3_portable.h" @@ -43,9 +45,5968 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } +typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( + void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( + core_core_arch_x86___m256i x, int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, + int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, + core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, + Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( + Eurydice_slice input, Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_e1(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( + secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_8d(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b7( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b7( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f40( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b70( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f40( + vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_11_07( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b70( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f(serialized); +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer, size_t _initial_coefficient_bound) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer, size_t _initial_coefficient_bound) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U; + } +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( + u_bytes); + u_as_ntt[i0] = uu____0; + libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f41( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b71( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f41( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b71( + coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f42( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f42( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( + re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_slice serialized) { + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_ntt_multiply_89_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t _layer) { + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)4U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)5U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)6U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + (size_t)7U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_subtract_reduce_89_8d( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_message_72( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + &u_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_8d(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1a( + core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_shift_right_ea_eb( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1a(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_shift_right_ea_eb(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_message_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, + u_as_ntt); + uint8_t ret0[32U]; + libcrux_ml_kem_serialize_compress_then_serialize_message_77(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_decrypt_1d(Eurydice_slice secret_key, + uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_67(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( + Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + typedef libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_Simd256Hash; +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, + Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, + int16_t, Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; + } + } + } + bool done = true; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { + done = false; + } + } + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, + Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + uu____0); + uint8_t randomness0[3U][504U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + &xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + &xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + } + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + seeds[j][32U] = (uint8_t)i1; + seeds[j][33U] = (uint8_t)j; + } + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + } + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( + uint8_t (*input)[33U], uint8_t ret[3U][128U]) { + libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( + Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_slice randomness) { + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + re_as_ntt[i0] = uu____1; + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE tuple_b00 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], + uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + } + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U; + } + uint8_t prf_outputs[3U][128U]; + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, + Eurydice_slice)); + error_1[i0] = uu____1; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( + Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_slice input, uint8_t ret[128U]) { + libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = + libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + } + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = + libcrux_ml_kem_polynomial_ZERO_89_d5(); + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + &r_as_ntt[i0]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + } + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_1d( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b0( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d0(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b0( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_11_d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_1d0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b1( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d1(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b1( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_compress_ea_1d1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b2( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_ea_1d2(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b2( + vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + libcrux_ml_kem_vector_avx2_compress_ea_1d2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( + uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_71( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, + ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( + Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_01( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_1d(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_43_ca( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_01(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8(private_key, + ciphertext, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const +generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6(key_pair, ciphertext, + ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( + Eurydice_slice randomness, uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa(uu____0, + uu____1); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9(uu____0, + uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = + public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( + uu____0, uu____1); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i +libcrux_ml_kem_vector_traits_to_standard_domain_42( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_traits_to_standard_domain_42( + self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + &s_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + &product); + } + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + &result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, + Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( + uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with +types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_c6( + size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b5( + size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_polynomial_clone_d5_60( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b5(i, + A[i]); + } + for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1; + } + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const +generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e(uu____0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( + uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( + uu____0); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_14( + Eurydice_slice shared_secret, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t kdf_input[64U]; + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret0[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1088U, + libcrux_ml_kem_types_as_slice_a8_63(ciphertext), + uint8_t, Eurydice_slice), + ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t ret1[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), + ret1); + memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cca_decapsulate_010( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + libcrux_ml_kem_ind_cpa_decrypt_1d(ind_cpa_secret_key, ciphertext->value, + decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_14( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + ciphertext, implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret0, ciphertext, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_010(private_key, ciphertext, ret); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( + private_key, ciphertext, ret); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::Kyber)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( + Eurydice_slice randomness, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_Kyber +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + libcrux_ml_kem_hash_functions_avx2_H_a9_65( + Eurydice_array_to_slice((size_t)1184U, + libcrux_ml_kem_types_as_slice_f6_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, + ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_f5(uu____4); + uint8_t shared_secret_array[32U]; + libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret, &ciphertext0, + shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( + uu____0, uu____1); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( + size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_d5(); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + for (size_t i = (size_t)0U; i < (size_t)3U; i++) { + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + } + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( + uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const +generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline bool +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( + uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_option_Option_92 +libcrux_ml_kem_mlkem768_avx2_validate_public_key( + libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { + core_option_Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( + public_key.value)) { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, + .f0 = public_key}); + } else { + uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + } + return uu____0; +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 474841aed..f54652b72 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_mlkem768_portable_H @@ -21,7 +21,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" #include "libcrux_ct_ops.h" -#include "libcrux_sha3_libcrux_ml_kem.h" #include "libcrux_sha3_portable.h" #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE ((size_t)168U) @@ -48,7 +47,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( } typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; + libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; } libcrux_ml_kem_hash_functions_neon_Simd128Hash; static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( @@ -123,862 +122,260 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = #define LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS \ ((int16_t)1353) -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ + (62209U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} +typedef struct uint8_t_x11_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; + uint8_t f5; + uint8_t f6; + uint8_t f7; + uint8_t f8; + uint8_t f9; + uint8_t f10; +} uint8_t_x11; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +static KRML_MUSTINLINE uint8_t_x11 +libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)31) + << 3U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 5U); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)127) + << 1U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 10U); + uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) >> + 7U); + uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) & + (int16_t)1) + << 7U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *, int16_t) >> + 4U); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); + uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, + int16_t *, int16_t) >> + 9U); + uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) & + (int16_t)7) + << 5U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *, int16_t) >> + 6U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); + return (CLITERAL(uint8_t_x11){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7, + .f8 = r8, + .f9 = r9, + .f10 = r10}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[22U]) { + uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x11 r11_21 = + libcrux_ml_kem_vector_portable_serialize_serialize_11_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[22U] = {0U}; + result[0U] = r0_10.fst; + result[1U] = r0_10.snd; + result[2U] = r0_10.thd; + result[3U] = r0_10.f3; + result[4U] = r0_10.f4; + result[5U] = r0_10.f5; + result[6U] = r0_10.f6; + result[7U] = r0_10.f7; + result[8U] = r0_10.f8; + result[9U] = r0_10.f9; + result[10U] = r0_10.f10; + result[11U] = r11_21.fst; + result[12U] = r11_21.snd; + result[13U] = r11_21.thd; + result[14U] = r11_21.f3; + result[15U] = r11_21.f4; + result[16U] = r11_21.f5; + result[17U] = r11_21.f6; + result[18U] = r11_21.f7; + result[19U] = r11_21.f8; + result[20U] = r11_21.f9; + result[21U] = r11_21.f10; + memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ - (62209U) - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_zero(void) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; @@ -1002,13 +399,14 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, +libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1035,8 +433,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } static KRML_MUSTINLINE void @@ -1056,43 +454,565 @@ static inline void libcrux_ml_kem_vector_portable_to_i16_array_0d( libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ZERO_0d(void) { + return libcrux_ml_kem_vector_portable_vector_type_zero(); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_add( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + } + return lhs; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_add_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; +libcrux_ml_kem_vector_portable_arithmetic_sub( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + } + return lhs; } /** @@ -1100,192 +1020,124 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); +libcrux_ml_kem_vector_portable_sub_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { + return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); } -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] * c; + } + return v; +} -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] & c; + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, + c); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){ + .start = (size_t)0U, + .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + core_option_Option_b3 uu____0 = + core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3); + if (!(uu____0.tag == core_option_None)) { + size_t i = uu____0.f0; + if (v.elements[i] >= (int16_t)3329) { + size_t uu____1 = i; + v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; + } + continue; + } + return v; + } } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int32_t)20159) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) + +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) + +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + int16_t value) { + int32_t t = (int32_t)value * + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + + (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + int16_t quotient = + (int16_t)(t >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v.elements[i0]); + } return v; } @@ -1294,216 +1146,53 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +libcrux_ml_kem_vector_portable_barrett_reduce_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} +#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ + ((int32_t)1 << (uint32_t) \ + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +static inline int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + int32_t value) { + int32_t k = + (int32_t)(int16_t)value * + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; + int32_t k_times_modulus = + (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + int16_t c = + (int16_t)(k_times_modulus >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + int16_t value_high = + (int16_t)(value >> + (uint32_t) + LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); + return value_high - c; } -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + int16_t fe, int16_t fer) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)fe * (int32_t)fer); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v.elements[i0], c); + } return v; } @@ -1512,292 +1201,159 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { + return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( + v, r); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static inline uint8_t +libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + uint16_t fe) { + int16_t shifted = (int16_t)1664 - (int16_t)fe; + int16_t mask = shifted >> 15U; + int16_t shifted_to_positive = mask ^ shifted; + int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; + return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_compress_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + v.elements[i0] = (int16_t) + libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( + (uint16_t)v.elements[i0]); + } + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_compress_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return libcrux_ml_kem_vector_portable_compress_compress_1(v); } -typedef struct uint8_t_x11_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; - uint8_t f5; - uint8_t f6; - uint8_t f7; - uint8_t f8; - uint8_t f9; - uint8_t f10; -} uint8_t_x11; +static KRML_MUSTINLINE uint32_t +libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + uint8_t n, uint32_t value) { + return value & ((1U << (uint32_t)n) - 1U); +} -static KRML_MUSTINLINE uint8_t_x11 -libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)31) - << 3U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)127) - << 1U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 10U); - uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> - 7U); - uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & - (int16_t)1) - << 7U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> - 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); - uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> - 9U); - uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & - (int16_t)7) - << 5U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> - 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); - return (CLITERAL(uint8_t_x11){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7, - .f8 = r8, - .f9 = r9, - .f10 = r10}); +static inline int16_t +libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( + uint8_t coefficient_bits, uint16_t fe) { + uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; + compressed = compressed + 1664ULL; + compressed = compressed * 10321340ULL; + compressed = compressed >> 35U; + return (int16_t) + libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( + coefficient_bits, (uint32_t)compressed); } -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_11( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[22U]) { - uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x11 r11_21 = - libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t t = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + v->elements[j], zeta); + v->elements[j] = v->elements[i] - t; + v->elements[i] = v->elements[i] + t; +} + +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -static KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; +libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); return v; } @@ -1806,268 +1362,44 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; +static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, + size_t i, size_t j) { + int16_t a_minus_b = v->elements[j] - v->elements[i]; + v->elements[i] = + libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + v->elements[i] + v->elements[j]); + v->elements[j] = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( + a_minus_b, zeta); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline size_t libcrux_ml_kem_vector_neon_rej_sample_20( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)2U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)3U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + (size_t)15U); + return v; } /** @@ -2075,21 +1407,34 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ZERO_0d(void) { - return libcrux_ml_kem_vector_portable_vector_type_zero(); +libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( + a, zeta0, zeta1, zeta2, zeta3); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_add( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, + int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + (size_t)4U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + (size_t)5U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + (size_t)6U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + (size_t)7U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + (size_t)15U); + return v; } /** @@ -2097,23 +1442,33 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_add_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_add(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, + zeta1); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_sub( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; - } - return lhs; +libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + (size_t)10U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + (size_t)11U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + (size_t)12U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + (size_t)13U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + (size_t)14U); + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + (size_t)15U); + return v; } /** @@ -2121,22 +1476,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_sub_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs) { - return libcrux_ml_kem_vector_portable_arithmetic_sub(lhs, rhs); +libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { + return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); +} + +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, + size_t i, size_t j, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[i] + + (int32_t) + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]) * + (int32_t)zeta); + int16_t o1 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[i] * (int32_t)b->elements[j] + + (int32_t)a->elements[j] * (int32_t)b->elements[i]); + out->elements[i] = o0; + out->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; - } - return v; +libcrux_ml_kem_vector_portable_ntt_ntt_multiply( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_vector_type_zero(); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( + lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + return out; } /** @@ -2144,57 +1532,67 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); +libcrux_ml_kem_vector_portable_ntt_multiply_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, + libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, + zeta2, zeta3); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[2U]) { + uint8_t result[2U] = {0U}; + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + size_t uu____0 = (size_t)0U; + result[uu____0] = (uint32_t)result[uu____0] | + (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; } - return v; + for (size_t i = (size_t)8U; i < (size_t)16U; i++) { + size_t i0 = i; + size_t uu____1 = (size_t)1U; + result[uu____1] = + (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] + << (uint32_t)(i0 - (size_t)8U); + } + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant(v, - c); +static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; - } - return v; +libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_portable_vector_type_zero(); + for (size_t i = (size_t)0U; i < (size_t)8U; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U); + } + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } + return result; } /** @@ -2202,98 +1600,144 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int32_t)20159) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +typedef struct uint8_t_x4_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; +} uint8_t_x4; -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - int16_t value) { - int32_t t = (int32_t)value * - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); - int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); - return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; +static KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_barrett_reduce_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); -} - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT (16U) - -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) - -static inline int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - int32_t value) { - int32_t k = - (int32_t)(int16_t)value * - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R; - int32_t k_times_modulus = - (int32_t)(int16_t)k * (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - int16_t c = - (int16_t)(k_times_modulus >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - int16_t value_high = - (int16_t)(value >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT); - return value_high - c; +static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } -static KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - int16_t fe, int16_t fer) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); - } +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2302,128 +1746,171 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r) { - return libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - v, r); +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); } -static inline uint8_t -libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - uint16_t fe) { - int16_t shifted = (int16_t)1664 - (int16_t)fe; - int16_t mask = shifted >> 15U; - int16_t shifted_to_positive = mask ^ shifted; - int16_t shifted_positive_in_range = shifted_to_positive - (int16_t)832; - return (uint8_t)(shifted_positive_in_range >> 15U & (int16_t)1); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - v.elements[i0] = (int16_t) - libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); - } - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); -} - -static KRML_MUSTINLINE uint32_t -libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - uint8_t n, uint32_t value) { - return value & ((1U << (uint32_t)n) - 1U); -} - -static inline int16_t -libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - uint8_t coefficient_bits, uint16_t fe) { - uint64_t compressed = (uint64_t)fe << (uint32_t)coefficient_bits; - compressed = compressed + 1664ULL; - compressed = compressed * 10321340ULL; - compressed = compressed >> 35U; - return (int16_t) - libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( - coefficient_bits, (uint32_t)compressed); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t t = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step(a, zeta0, zeta1, - zeta2, zeta3); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2432,143 +1919,191 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step(a, zeta0, zeta1); +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); - return v; +static KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)63) + << 2U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *, int16_t) >> + 8U & + (int16_t)3); + uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) >> + 6U & + (int16_t)15); + uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, + int16_t *, int16_t) & + (int16_t)3) + << 6U | + (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *, int16_t) >> + 4U & + (int16_t)63); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - a_minus_b, zeta); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, - (size_t)15U); - return v; +static KRML_MUSTINLINE void +libcrux_ml_kem_vector_portable_serialize_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[20U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); + uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[20U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + result[10U] = r10_14.fst; + result[11U] = r10_14.snd; + result[12U] = r10_14.thd; + result[13U] = r10_14.f3; + result[14U] = r10_14.f4; + result[15U] = r15_19.fst; + result[16U] = r15_19.snd; + result[17U] = r15_19.thd; + result[18U] = r15_19.f3; + result[19U] = r15_19.f4; + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - a, zeta0, zeta1, zeta2, zeta3); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, - (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, - (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, - (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, - (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, - (size_t)15U); - return v; +static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step(a, zeta0, - zeta1); +static KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, - (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, - (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, - (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, - (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, - (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, - (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, - (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, - (size_t)15U); +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; return v; } @@ -2577,286 +2112,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta) { - return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); - int16_t o1 = - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); - out->elements[i] = o0; - out->elements[j] = o1; -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_ntt_multiply( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); - return out; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_ntt_multiply_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_portable_ntt_ntt_multiply(lhs, rhs, zeta0, zeta1, - zeta2, zeta3); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); -} - -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -typedef struct uint8_t_x4_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; -} uint8_t_x4; - -static KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -static KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)63) - << 2U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> - 8U & - (int16_t)3); - uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> - 6U & - (int16_t)15); - uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & - (int16_t)3) - << 6U | - (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> - 4U & - (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -static KRML_MUSTINLINE void -libcrux_ml_kem_vector_portable_serialize_serialize_10( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[20U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); - uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -2969,4530 +2226,199 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { - int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); - int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); - int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); - int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); - int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); - int16_t_x2 v10_11 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); - int16_t_x2 v12_13 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); - int16_t_x2 v14_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); -} - -static KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, - Eurydice_slice result) { - size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { - size_t i0 = i; - int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____0; - int16_t uu____1; - bool uu____2; - size_t uu____3; - int16_t uu____4; - size_t uu____5; - int16_t uu____6; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; - sampled++; - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - continue; - } - } - uu____1 = d2; - uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____0 = uu____1 < uu____6; - if (uu____0) { - uu____3 = sampled; - uu____2 = uu____3 < (size_t)16U; - if (uu____2) { - uu____4 = d2; - uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; - sampled++; - continue; - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( - Eurydice_slice a, Eurydice_slice out) { - return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); -} - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) - -#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) - -#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) - -#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) - -#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) - -#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) - -#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) - -typedef libcrux_ml_kem_types_MlKemPrivateKey_55 - libcrux_ml_kem_mlkem768_MlKem768PrivateKey; - -typedef libcrux_ml_kem_types_MlKemPublicKey_15 - libcrux_ml_kem_mlkem768_MlKem768PublicKey; - -#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ - (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ - (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_G_48_77(Eurydice_slice input, - uint8_t ret[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b4(Eurydice_slice input, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_6b( - uint8_t input[3U][34U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -libcrux_ml_kem_hash_functions_neon_Simd128Hash -libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uint8_t input[3U][34U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_b7( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][504U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][504U]); - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_7d( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *st, uint8_t ret[3U][168U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - libcrux_ml_kem_hash_functions_neon_Simd128Hash *self, - uint8_t ret[3U][168U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[3U][128U]); - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_b40(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -void libcrux_ml_kem_hash_functions_neon_PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]); - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_43_33( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_24(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_46( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_49( - secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a9(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_30(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_73( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_300(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e0( - v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_730( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_a4(serialized); -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer, size_t _initial_coefficient_bound) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer, size_t _initial_coefficient_bound) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] + (size_t)3U; - } -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_af( - u_bytes); - u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_301(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e1( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_731( - coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_decompress_uint32x4_t_302(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_decompress_ciphertext_coefficient_4e2( - v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5d( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_decompress_ciphertext_coefficient_20_732( - re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_ntt_multiply_89_16( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)3U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t _layer) { - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0; - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_4b(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_74(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fd(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_subtract_reduce_89_88( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_message_cc( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_88(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_shift_right_20_97( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_shift_right_7d(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_shift_right_20_97(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_36( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8a(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bb( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - libcrux_ml_kem_matrix_compute_message_cc(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_36(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static inline void libcrux_ml_kem_ind_cpa_decrypt_e1(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_46(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b6( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_de( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; - } - } - } - bool done = true; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { - done = false; - } - } - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_xof_closure_d5(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_f3( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c0( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_hash_functions_neon_Simd128Hash xof_state = - libcrux_ml_kem_hash_functions_neon_shake128_init_absorb_final_48_55( - uu____0); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_first_three_blocks_48_e9( - &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_neon_shake128_squeeze_next_block_48_ad( - &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_d5(uu____3[i]); - } - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_de(i, A_transpose[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - seeds[j][32U] = (uint8_t)i1; - seeds[j][33U] = (uint8_t)j; - } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - } - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_07(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_27( - Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return libcrux_ml_kem_polynomial_from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c3( - randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_f4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_d0(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_39(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_5f(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_55(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); - } - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U; - } - uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_neon_PRFxN_48_a9(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - error_1[i0] = uu____1; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b0 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_then_decompress_message_23( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = - libcrux_ml_kem_polynomial_ZERO_89_06(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_62(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_3a( - error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_27(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_ca( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_91( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_270( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e0(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_910( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_270(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_910( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ca(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_84(&re, - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_271( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e1(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_911( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_271(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_compress_20_911( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2( - core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_272( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - libcrux_ml_kem_vector_neon_compress_compress_int32x4_t_7e2(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_20_912( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_272(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - libcrux_ml_kem_vector_neon_compress_20_912( - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_21(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_eb( - uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_6a(public_key->A, r_as_ntt, error_1, - u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_23(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - libcrux_ml_kem_matrix_compute_ring_element_v_9b( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d7( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_4e(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, randomness, - ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_6e( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_33( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_5d(private_key, - ciphertext, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_2e( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_decapsulate_unpacked_cc( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_43 -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -void libcrux_ml_kem_hash_functions_neon_H_48_85(Eurydice_slice input, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_33(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_6f(uu____0, - uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fa( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = - public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_encapsulate_unpacked_59( - uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]); - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_matrix_compute_As_plus_e_closure_7c(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_traits_to_standard_domain_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_fc( - self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - libcrux_ml_kem_polynomial_ntt_multiply_89_16(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_ae(&result[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_1f(uu____3, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_95(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_64( - re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_16(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5d(sk.secret_as_ntt, - secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_4d( - uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e6( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_polynomial_clone_d5_8c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_ff( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_7a(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - libcrux_ml_kem_polynomial_clone_d5_8c(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( - uint8_t randomness[64U]); - -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_generate_keypair_unpacked_8f( - uu____0); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -void libcrux_ml_kem_ind_cca_kdf_6c_f5( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_decapsulate_6e0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e1(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_neon_PRF_48_6e( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____5, uu____6, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_f5( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - ciphertext, implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret0, ciphertext, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_decapsulate with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -static inline void libcrux_ml_kem_mlkem768_neon_kyber_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_neon_kyber_decapsulate_2f( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_6c -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28(Eurydice_slice randomness, - uint8_t ret[32U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_Kyber -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_28( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_neon_H_48_85( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_neon_G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_4e(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_f5(shared_secret, &ciphertext0, - shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.kyber_encapsulate with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]); - -static inline tuple_3c libcrux_ml_kem_mlkem768_neon_kyber_encapsulate( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_neon_kyber_encapsulate_0b( - uu____0, uu____1); +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { + int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); + int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); + int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); + int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); + int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); + int16_t_x2 v10_11 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); + int16_t_x2 v12_13 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); + int16_t_x2 v14_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector re = + libcrux_ml_kem_vector_portable_vector_type_zero(); + re.elements[0U] = v0_1.fst; + re.elements[1U] = v0_1.snd; + re.elements[2U] = v2_3.fst; + re.elements[3U] = v2_3.snd; + re.elements[4U] = v4_5.fst; + re.elements[5U] = v4_5.snd; + re.elements[6U] = v6_7.fst; + re.elements[7U] = v6_7.snd; + re.elements[8U] = v8_9.fst; + re.elements[9U] = v8_9.snd; + re.elements[10U] = v10_11.fst; + re.elements[11U] = v10_11.snd; + re.elements[12U] = v12_13.fst; + re.elements[13U] = v12_13.snd; + re.elements[14U] = v14_15.fst; + re.elements[15U] = v14_15.snd; + return re; } /** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b60( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_06(); +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_06(); - } +static KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, + Eurydice_slice result) { + size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e3( - ring_element); - deserialized_pk[i0] = uu____0; + int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, + uint8_t, uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, + uint8_t, uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, + uint8_t, uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____0; + int16_t uu____1; + bool uu____2; + size_t uu____3; + int16_t uu____4; + size_t uu____5; + int16_t uu____6; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + sampled++; + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } + continue; + } + } + uu____1 = d2; + uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____0 = uu____1 < uu____6; + if (uu____0) { + uu____3 = sampled; + uu____2 = uu____3 < (size_t)16U; + if (uu____2) { + uu____4 = d2; + uu____5 = sampled; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; + sampled++; + continue; + } + } } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return sampled; } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_7e( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +static inline size_t libcrux_ml_kem_vector_portable_rej_sample_0d( + Eurydice_slice a, Eurydice_slice out) { + return libcrux_ml_kem_vector_portable_sampling_rej_sample(a, out); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const -generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( - uint8_t *public_key); +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 ((size_t)10U) -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_neon_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_neon_validate_public_key_d4( - public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -} +#define LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_U_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_RANK_768 ((size_t)3U) + +#define LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_BLOCK_SIZE_768 * LIBCRUX_ML_KEM_MLKEM768_RANK_768) + +#define LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 ((size_t)4U) + +#define LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768 \ + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_MLKEM768_VECTOR_V_COMPRESSION_FACTOR_768 / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_C1_SIZE_768 + LIBCRUX_ML_KEM_MLKEM768_C2_SIZE_768) + +#define LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_T_AS_NTT_ENCODED_SIZE_768 + (size_t)32U) + +#define LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA1_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA1 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM768_ETA2_RANDOMNESS_SIZE \ + (LIBCRUX_ML_KEM_MLKEM768_ETA2 * (size_t)64U) + +#define LIBCRUX_ML_KEM_MLKEM768_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ + (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_CIPHERTEXT_SIZE_768) + +typedef libcrux_ml_kem_types_MlKemPrivateKey_55 + libcrux_ml_kem_mlkem768_MlKem768PrivateKey; + +typedef libcrux_ml_kem_types_MlKemPublicKey_15 + libcrux_ml_kem_mlkem768_MlKem768PublicKey; + +#define LIBCRUX_ML_KEM_MLKEM768_RANKED_BYTES_PER_RING_ELEMENT_768 \ + (LIBCRUX_ML_KEM_MLKEM768_RANK_768 * \ + LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) + +#define LIBCRUX_ML_KEM_MLKEM768_SECRET_KEY_SIZE_768 \ + (LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_SECRET_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_MLKEM768_CPA_PKE_PUBLIC_KEY_SIZE_768 + \ + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -7514,7 +2440,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_02(void) { +libcrux_ml_kem_polynomial_ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -7542,8 +2468,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_1d(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_fc(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7553,10 +2479,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -7578,12 +2504,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / @@ -7596,7 +2522,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_bb( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -7624,8 +2550,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c0(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ef(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -7635,7 +2561,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7660,9 +2586,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_41( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( v); } @@ -7673,10 +2599,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_77( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -7688,7 +2614,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_77( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( coefficient); re.coefficients[i0] = uu____0; } @@ -7702,7 +2628,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -7727,9 +2653,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_410( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( v); } @@ -7740,10 +2666,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_580( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_98( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -7755,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_580( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( coefficient); re.coefficients[i0] = uu____0; } @@ -7769,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_77(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -7786,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -7800,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -7819,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -7832,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -7849,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7869,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7892,7 +2818,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -7923,7 +2849,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -7941,21 +2867,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -7967,12 +2893,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( @@ -7993,10 +2919,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( u_bytes); u_as_ntt[i0] = uu____0; - libcrux_ml_kem_ntt_ntt_vector_u_f0(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_de(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8010,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8035,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_411( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( v); } @@ -8048,10 +2974,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_08( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_47( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -8062,7 +2988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_08( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( coefficient); re.coefficients[i0] = uu____0; } @@ -8076,7 +3002,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8101,9 +3027,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_412( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( v); } @@ -8114,10 +3040,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_c0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -8130,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_cc2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -8144,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_08(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_47(serialized); } /** @@ -8160,11 +3086,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_f7( +libcrux_ml_kem_polynomial_ntt_multiply_89_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8197,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8223,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8250,7 +3176,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8273,7 +3199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -8295,7 +3221,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -8303,7 +3229,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -8316,7 +3242,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -8331,7 +3257,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_56( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -8348,22 +3274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2a(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_84(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_75(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_0f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -8377,7 +3303,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_60( +libcrux_ml_kem_polynomial_subtract_reduce_89_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -8403,21 +3329,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_37( +libcrux_ml_kem_matrix_compute_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_60(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_78(v, result); return result; } @@ -8427,7 +3353,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_83( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -8447,9 +3373,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_bf( +libcrux_ml_kem_vector_portable_shift_right_0d_4b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_83(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); } /** @@ -8459,10 +3385,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_af( +libcrux_ml_kem_vector_traits_to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_bf(a); + libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -8476,13 +3402,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d0( +libcrux_ml_kem_serialize_compress_then_serialize_message_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -8511,21 +3437,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a3( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_37(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d0(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8539,11 +3465,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_e8(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_06(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_9d(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8554,7 +3480,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_e8(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_34(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8568,7 +3494,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_11( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8578,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -8597,9 +3523,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b6(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); } /** @@ -8610,9 +3536,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8622,10 +3548,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -8651,12 +3577,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -8669,7 +3595,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -8686,8 +3612,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_ee(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -8697,10 +3623,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_82( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -8720,7 +3646,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -8752,11 +3678,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_41( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uu____0); } @@ -8767,7 +3693,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -8792,10 +3718,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_54( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( self, ret); } @@ -8807,7 +3733,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8850,7 +3776,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -8875,10 +3801,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_88(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, ret); } @@ -8890,7 +3816,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -8937,9 +3863,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -8961,8 +3887,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_13(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_48( +libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8974,7 +3900,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8982,25 +3908,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_51( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uu____0); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_7f( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_02( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_68( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_020( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( uu____2, sampled_coefficients, out); } } @@ -9008,7 +3934,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f6( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_13(uu____3[i]); + ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); } memcpy( ret, ret0, @@ -9022,12 +3948,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_82(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -9045,7 +3971,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_55( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_f6(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -9086,10 +4012,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[3size_t], uint8_t */ -typedef struct tuple_b00_s { +typedef struct tuple_b0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[3U]; uint8_t snd; -} tuple_b00; +} tuple_b0; /** A monomorphic instance of @@ -9102,8 +4028,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_50(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9112,7 +4038,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_63( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -9135,9 +4061,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_63(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } /** @@ -9147,7 +4073,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9184,7 +4110,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9195,7 +4121,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -9231,7 +4157,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b8( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_48(Eurydice_array_to_slice( + return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -9242,9 +4168,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c8( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( randomness); } @@ -9254,7 +4180,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -9278,20 +4204,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_1c(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_c1(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_46(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c9(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_55(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } /** @@ -9303,12 +4229,12 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9322,21 +4248,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); re_as_ntt[i0] = uu____1; - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9354,8 +4280,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9367,12 +4293,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], +static KRML_MUSTINLINE tuple_b0 +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9386,11 +4312,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_77(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1; @@ -9399,7 +4325,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], memcpy( uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b00 lit; + tuple_b0 lit; memcpy( lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -9412,7 +4338,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_b60( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -9431,9 +4357,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_b60(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); } /** @@ -9443,8 +4369,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_11(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -9457,7 +4383,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_b9( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -9481,14 +4407,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -9511,12 +4437,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_b9(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9530,7 +4456,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_e9( +libcrux_ml_kem_vector_traits_decompress_1_89( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -9545,10 +4471,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9558,7 +4484,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_e9(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -9575,7 +4501,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -9605,22 +4531,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_c8( +libcrux_ml_kem_matrix_compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_02(); + libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_d4(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_11( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( error_2, message, result); return result; } @@ -9631,7 +4557,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_94( +libcrux_ml_kem_vector_portable_compress_compress_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9654,9 +4580,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b( +libcrux_ml_kem_vector_portable_compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_94(v); + return libcrux_ml_kem_vector_portable_compress_compress_be(v); } /** @@ -9666,15 +4592,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_54( +libcrux_ml_kem_serialize_compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_31( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -9695,7 +4621,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_940( +libcrux_ml_kem_vector_portable_compress_compress_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9718,9 +4644,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b0( +libcrux_ml_kem_vector_portable_compress_0d_310( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_940(v); + return libcrux_ml_kem_vector_portable_compress_compress_be0(v); } /** @@ -9730,15 +4656,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_2d( +libcrux_ml_kem_serialize_compress_then_serialize_11_e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_310( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -9761,10 +4687,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_54(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -9777,7 +4703,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9795,7 +4721,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d8(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, @@ -9810,7 +4736,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_941( +libcrux_ml_kem_vector_portable_compress_compress_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9833,9 +4759,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b1( +libcrux_ml_kem_vector_portable_compress_0d_311( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_941(v); + return libcrux_ml_kem_vector_portable_compress_compress_be1(v); } /** @@ -9845,15 +4771,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_09( +libcrux_ml_kem_serialize_compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_9b1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_311( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -9872,7 +4798,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_942( +libcrux_ml_kem_vector_portable_compress_compress_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -9895,9 +4821,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_9b2( +libcrux_ml_kem_vector_portable_compress_0d_312( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_942(v); + return libcrux_ml_kem_vector_portable_compress_compress_be2(v); } /** @@ -9907,15 +4833,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b9( +libcrux_ml_kem_serialize_compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_9b2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_portable_compress_0d_312( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -9936,9 +4862,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_09(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } /** @@ -9959,15 +4885,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____0, 0U); + tuple_b0 uu____1 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9975,7 +4901,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -9984,33 +4910,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_e3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_57(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c8( + libcrux_ml_kem_matrix_compute_ring_element_v_1f( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_25( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_d6( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -10035,12 +4961,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_52( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -10048,8 +4974,8 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -10079,7 +5005,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f7(Eurydice_slice public_key, uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -10095,7 +5021,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_44( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -10126,7 +5052,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( +static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -10145,10 +5071,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_06(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -10157,7 +5083,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -10167,32 +5093,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_44( + libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -10226,16 +5152,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_cb(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5a( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( private_key, ciphertext, ret); } @@ -10295,14 +5221,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_e5( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10314,7 +5240,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10324,7 +5250,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -10333,9 +5259,9 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -10343,11 +5269,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -10381,17 +5307,17 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_11(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab(key_pair, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( private_key, ciphertext, ret); } @@ -10405,7 +5331,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -10422,7 +5348,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_af( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -10446,15 +5372,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_56( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -10462,9 +5388,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -10472,7 +5398,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10482,19 +5408,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_44(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -10523,13 +5449,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -10538,7 +5464,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_d4(uu____0, + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d(uu____0, uu____1); } @@ -10561,11 +5487,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -10577,7 +5503,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -10591,7 +5517,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -10601,7 +5527,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -10629,14 +5555,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15(uu____0, uu____1); } @@ -10647,7 +5573,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_2d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( uu____0, uu____1); } @@ -10659,10 +5585,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] */ -typedef struct tuple_9b0_s { +typedef struct tuple_9b_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b0; +} tuple_9b; /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure @@ -10671,8 +5597,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_37(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -10682,7 +5608,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_a1( +libcrux_ml_kem_vector_traits_to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -10699,7 +5625,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -10707,7 +5633,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_a1( + libcrux_ml_kem_vector_traits_to_standard_domain_3e( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -10723,14 +5649,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( @@ -10754,12 +5680,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_f7(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_8e(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_0b( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -10776,10 +5702,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10787,15 +5713,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____1, 0U); + tuple_b0 uu____2 = + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -10806,12 +5732,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_01(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_a5(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -10844,7 +5770,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( memcpy( sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } /** @@ -10854,14 +5780,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_af( + libcrux_ml_kem_vector_traits_to_unsigned_representative_78( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -10883,7 +5809,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -10902,7 +5828,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_05(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -10919,7 +5845,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -10927,7 +5853,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -10953,19 +5879,19 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e8(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9(key_generation_seed); +libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { + tuple_9b uu____0 = + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_e8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); @@ -10984,7 +5910,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -11013,7 +5939,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -11046,7 +5972,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -11056,13 +5982,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_97( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -11071,12 +5997,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e0(uu____1); + libcrux_ml_kem_types_from_e7_a7(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_2c( - uu____2, libcrux_ml_kem_types_from_07_57(uu____3)); + return libcrux_ml_kem_types_from_64_c9( + uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); } /** @@ -11092,18 +6018,18 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_64( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uu____0); } @@ -11122,9 +6048,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_86( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_ac( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11142,10 +6068,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_52( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } } @@ -11160,7 +6086,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_ea( +libcrux_ml_kem_polynomial_clone_d5_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -11188,7 +6114,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -11198,7 +6124,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a9( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -11206,7 +6132,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_af(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_52(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -11214,7 +6140,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_ea(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_f7(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -11226,13 +6152,13 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); @@ -11274,11 +6200,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_99(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6(uu____0); } static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -11286,7 +6212,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_0d( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( uu____0); } @@ -11301,18 +6227,18 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d2( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_97(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_06(ciphertext), + libcrux_ml_kem_types_as_slice_a8_63(ciphertext), uint8_t, Eurydice_slice), ret0); core_slice___Slice_T___copy_from_slice( @@ -11320,7 +6246,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); @@ -11348,7 +6274,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -11367,10 +6293,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e8(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_06(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -11379,7 +6305,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -11389,32 +6315,32 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_cb0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_88(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_6f( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____5, uu____6, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da( + libcrux_ml_kem_ind_cca_kdf_6c_d2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_88(ciphertext), + libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -11449,16 +6375,16 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_cb0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); } static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_6a( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( private_key, ciphertext, ret); } @@ -11472,9 +6398,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_af(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } /** @@ -11496,15 +6422,15 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_99( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -11512,9 +6438,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_af( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_1f(public_key), + libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -11522,7 +6448,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_11( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -11532,19 +6458,19 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f7(uu____2, uu____3, pseudorandomness, + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_20(uu____4); + libcrux_ml_kem_types_from_15_f5(uu____4); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; @@ -11574,13 +6500,13 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( @@ -11589,7 +6515,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_79( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( uu____0, uu____1); } @@ -11601,9 +6527,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_5b0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_02(); + return libcrux_ml_kem_polynomial_ZERO_89_39(); } /** @@ -11614,12 +6540,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_02(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / @@ -11632,7 +6558,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); deserialized_pk[i0] = uu____0; } @@ -11649,16 +6575,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_99( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_520( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_9a( + libcrux_ml_kem_ind_cpa_serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -11676,16 +6602,16 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_2a( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -11695,16 +6621,6 @@ libcrux_ml_kem_mlkem768_portable_validate_public_key( return uu____0; } -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -static inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 432df7253..2e86dfce4 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_avx2_H @@ -20,98 +20,2759 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +#include "libcrux_core.h" #include "libcrux_sha3_portable.h" +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, + core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256( + uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, + uint64_t c) { + return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( + Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +libcrux_sha3_simd_avx2_split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return libcrux_sha3_simd_avx2_split_at_mut_4(a, mid); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_generic_keccak_new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[0U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[1U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[2U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[3U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][0U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][1U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][2U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][3U] = libcrux_sha3_simd_avx2_zero_ef(); + lit.st[4U][4U] = libcrux_sha3_simd_avx2_zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); + core_core_arch_x86___m256i uu____4 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { + size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)5U; i++) { + size_t j = i; + s->st[i1][j] = libcrux_sha3_simd_avx2_and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_theta_rho_71(s); + libcrux_sha3_generic_keccak_pi_01(s); + libcrux_sha3_generic_keccak_chi_9b(s); + libcrux_sha3_generic_keccak_iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_store_block_e9(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(&s); + uint8_t b[4U][200U]; + libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; + uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; + lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( + Eurydice_slice data[4U], Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = + libcrux_sha3_generic_keccak_new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, + ret); + libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + libcrux_sha3_simd_avx2_slice_n_ef( + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + } + } +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_keccak_14(buf0, buf); } -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; +typedef libcrux_sha3_generic_keccak_KeccakState_29 + libcrux_sha3_avx2_x4_incremental_KeccakState; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return libcrux_sha3_generic_keccak_new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_simd_avx2_load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)4U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( + core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 44f2cfac1..dd93141a1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 + * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 */ #ifndef __libcrux_sha3_portable_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_sha3_libcrux_ml_kem.h" static const uint64_t libcrux_sha3_generic_keccak_ROUNDCONSTANTS[24U] = { 1ULL, @@ -80,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -199,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -234,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -263,12 +262,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); } /** @@ -278,7 +277,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -289,9 +288,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -305,8 +304,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -316,7 +315,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -327,9 +326,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -343,8 +342,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -354,7 +353,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -365,9 +364,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -381,8 +380,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -392,7 +391,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -403,9 +402,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -419,8 +418,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -430,9 +429,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -446,8 +445,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -457,7 +456,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -468,9 +467,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -484,8 +483,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -495,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -506,9 +505,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -522,8 +521,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -533,7 +532,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -544,9 +543,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -560,8 +559,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -571,7 +570,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -582,9 +581,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -598,8 +597,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -609,7 +608,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -620,9 +619,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -636,8 +635,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -647,7 +646,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -658,9 +657,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -674,8 +673,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -685,7 +684,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -696,9 +695,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -712,8 +711,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -723,7 +722,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -734,9 +733,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -750,8 +749,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -761,7 +760,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -772,9 +771,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -788,8 +787,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -799,7 +798,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -810,9 +809,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -826,8 +825,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -837,7 +836,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -848,9 +847,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -864,8 +863,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -875,7 +874,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -886,9 +885,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -902,8 +901,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -913,7 +912,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -924,9 +923,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -940,8 +939,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -951,7 +950,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -962,9 +961,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -978,8 +977,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -989,7 +988,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1000,9 +999,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1016,8 +1015,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1027,7 +1026,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1038,9 +1037,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1054,8 +1053,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1065,7 +1064,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1076,9 +1075,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1092,8 +1091,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1103,7 +1102,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1114,9 +1113,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1130,8 +1129,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1141,7 +1140,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1152,9 +1151,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1168,8 +1167,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1178,7 +1177,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1214,76 +1213,76 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[1U][0U] = uu____4; uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[2U][0U] = uu____5; uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[3U][0U] = uu____6; uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[4U][0U] = uu____7; uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[0U][1U] = uu____8; uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[1U][1U] = uu____9; uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[2U][1U] = uu____10; uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[3U][1U] = uu____11; uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[4U][1U] = uu____12; uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[0U][2U] = uu____13; uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[1U][2U] = uu____14; uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[2U][2U] = uu____15; uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[3U][2U] = uu____16; uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[4U][2U] = uu____17; uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[0U][3U] = uu____18; uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[1U][3U] = uu____19; uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[2U][3U] = uu____20; uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[3U][3U] = uu____21; uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[4U][3U] = uu____22; uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[0U][4U] = uu____23; uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[1U][4U] = uu____24; uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[2U][4U] = uu____25; uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1293,7 +1292,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1328,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1350,7 +1349,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1362,14 +1361,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1380,13 +1379,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1394,11 +1393,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -1410,12 +1409,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); } /** @@ -1426,7 +1425,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1446,8 +1445,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1455,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1476,12 +1475,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1496,9 +1495,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -1509,10 +1508,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1537,9 +1536,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1549,9 +1548,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1561,10 +1560,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1574,11 +1573,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1602,10 +1601,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -1616,7 +1615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -1627,12 +1626,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1640,7 +1639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1658,12 +1657,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -1674,18 +1673,18 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -1693,7 +1692,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1722,12 +1721,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); } /** @@ -1737,13 +1736,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1751,11 +1750,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1767,12 +1766,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); } /** @@ -1783,7 +1782,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1803,8 +1802,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1812,7 +1811,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1833,12 +1832,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1854,9 +1853,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -1867,10 +1866,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1895,9 +1894,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1907,9 +1906,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1919,10 +1918,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1932,11 +1931,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1960,10 +1959,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -1974,7 +1973,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -1985,12 +1984,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1998,7 +1997,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2016,12 +2015,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2032,18 +2031,18 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -2054,7 +2053,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2074,8 +2073,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2086,10 +2085,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2100,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2111,12 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2124,7 +2123,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2142,12 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2158,3470 +2157,326 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veor5q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return libcrux_sha3_simd_arm64__veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_58( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vrax1q_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64( - uu____0, libcrux_sha3_simd_arm64_rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vrax1q_u64(a, b); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vbcaxq_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_and_not_xor_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_sha3_simd_arm64__vbcaxq_u64(a, b, c); +static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__veorq_n_u64( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); +static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_constant_fa( - core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return libcrux_sha3_simd_arm64__veorq_n_u64(a, c); -} +typedef libcrux_sha3_generic_keccak_KeccakState_48 + libcrux_sha3_portable_KeccakState; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_2( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); +static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_neon_x2_incremental_shake128_init(void) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_slice_n_fa( - Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - libcrux_sha3_simd_arm64_slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + Eurydice_slice data1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -libcrux_sha3_simd_arm64_split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return libcrux_sha3_simd_arm64_split_at_mut_2(a, mid); +static KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_generic_keccak_new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[0U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[1U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[2U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[3U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][0U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][1U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][2U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][3U] = libcrux_sha3_simd_arm64_zero_fa(); - lit.st[4U][4U] = libcrux_sha3_simd_arm64_zero_fa(); - return lit; +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 +libcrux_sha3_portable_incremental_shake128_init(void) { + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- BLOCKSIZE= 72 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_580( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- LEFT= 36 -- RIGHT= 28 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_580(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types uint64_t with const generics -- LEFT= 36 -- RIGHT= 28 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c1(a, b); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } + blocks[i0][last_len] = 31U; + size_t uu____1 = i0; + size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; + } + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_581( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { + Eurydice_slice buf[1U] = {data0}; + libcrux_sha3_generic_keccak_absorb_final_722(s, buf); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- LEFT= 3 -- RIGHT= 61 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_581(ab); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- LEFT= 3 -- RIGHT= 61 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c10(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_582( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_582(ab); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types uint64_t with const generics -- LEFT= 41 -- RIGHT= 23 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c11(a, b); +static KRML_MUSTINLINE void +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o10[1U]; + memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); + Eurydice_slice o1[1U]; + memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o2[1U]; + memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_583( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_583(ab); +static KRML_MUSTINLINE void +libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { + Eurydice_slice buf[1U] = {out0}; + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c12(a, b); -} +#define libcrux_sha3_Sha224 0 +#define libcrux_sha3_Sha256 1 +#define libcrux_sha3_Sha384 2 +#define libcrux_sha3_Sha512 3 -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_58(ab); -} +typedef uint8_t libcrux_sha3_Algorithm; -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_584( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_585( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_586( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_587( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_588( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_589( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5810( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c110( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5811( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c111( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5812( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c112( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5813( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c113( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5814( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c114( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5815( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c115( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5816( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c116( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5817( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c117( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5818( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c118( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5819( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c119( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5820( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c120( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5821( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c121( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_rotate_left_5822( - core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64__vxarq_u64_c122( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return libcrux_sha3_simd_arm64_rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22( - core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_sha3_simd_arm64__vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_arm64_xor5_fa(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_arm64_rotate_left1_and_xor_fa( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - libcrux_sha3_simd_arm64_xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)5U; i++) { - size_t j = i; - s->st[i1][j] = libcrux_sha3_simd_arm64_and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = libcrux_sha3_simd_arm64_xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_a0(s); - libcrux_sha3_generic_keccak_chi_b0(s); - libcrux_sha3_generic_keccak_iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_07(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a5(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_59( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, - ret); - libcrux_sha3_generic_keccak_absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_59(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a50(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_590( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e0( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_590(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_070(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_591( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); - libcrux_sha3_generic_keccak_absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e1( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_591(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_neon_keccakx2_6e1(buf0, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_071(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, - Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - libcrux_sha3_generic_keccak_absorb_final_fe2(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2e(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - libcrux_sha3_generic_keccak_squeeze_next_block_5d1(s, buf); -} - -typedef libcrux_sha3_generic_keccak_KeccakState_48 - libcrux_sha3_portable_KeccakState; - -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 31U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { - Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_252(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - Eurydice_slice_uint8_t_1size_t__x2 uu____0 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o10[1U]; - memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); - Eurydice_slice_uint8_t_1size_t__x2 uu____1 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); - Eurydice_slice o1[1U]; - memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o2[1U]; - memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); -} - -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, buf); -} - -#define libcrux_sha3_Sha224 0 -#define libcrux_sha3_Sha256 1 -#define libcrux_sha3_Sha384 2 -#define libcrux_sha3_Sha512 3 - -typedef uint8_t libcrux_sha3_Algorithm; - -static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { - size_t uu____0; - switch (mode) { - case libcrux_sha3_Sha224: { - uu____0 = (size_t)28U; - break; - } - case libcrux_sha3_Sha256: { - uu____0 = (size_t)32U; - break; - } - case libcrux_sha3_Sha384: { - uu____0 = (size_t)48U; - break; - } - case libcrux_sha3_Sha512: { - uu____0 = (size_t)64U; - break; - } - default: { - KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, - __LINE__); - KRML_HOST_EXIT(253U); - } - } - return uu____0; -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( - uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - uint8_t uu____0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); - size_t uu____1 = i0 / (size_t)5U; - size_t uu____2 = i0 % (size_t)5U; - s[uu____1][uu____2] = - s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( - uint64_t (*a)[5U], uint8_t b[1U][200U]) { - uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[1U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); +static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { + size_t uu____0; + switch (mode) { + case libcrux_sha3_Sha224: { + uu____0 = (size_t)28U; + break; } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - uint64_t(*uu____3)[5U] = s->st; - uint8_t uu____4[1U][200U]; - memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( - uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); - uint8_t ret[8U]; - core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, - (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } + case libcrux_sha3_Sha256: { + uu____0 = (size_t)32U; + break; } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + case libcrux_sha3_Sha384: { + uu____0 = (size_t)48U; + break; } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + case libcrux_sha3_Sha512: { + uu____0 = (size_t)64U; + break; + } + default: { + KRML_HOST_EPRINTF("KaRaMeL incomplete match at %s:%d\n", __FILE__, + __LINE__); + KRML_HOST_EXIT(253U); + } + } + return uu____0; } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; core_result_Result_56 dst; @@ -5646,14 +2501,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); } /** @@ -5661,27 +2516,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -5691,14 +2546,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); } /** @@ -5706,10 +2561,10 @@ A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -5723,24 +2578,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; + size_t uu____2 = (size_t)144U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, @@ -5757,14 +2612,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -5777,12 +2632,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -5790,13 +2645,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last with types uint64_t with const generics - N= 1 -- RATE= 104 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -5819,11 +2674,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -5831,288 +2686,24 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t with const generics - N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types uint64_t -with const generics -- N= 1 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, - (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); - Eurydice_slice o0[1U]; - memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice o1[1U]; - memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); - Eurydice_slice o[1U]; - memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); - Eurydice_slice orest[1U]; - memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); - memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.portable.keccakx1 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); -} - -static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, - Eurydice_slice data) { - Eurydice_slice buf0[1U] = {data}; - Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha224(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, - uint8_t ret[28U]) { - uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha256(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha384(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, - uint8_t ret[48U]) { - uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, - Eurydice_slice payload) { - libcrux_sha3_portable_sha512(digest, payload); -} - -static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, - uint8_t ret[64U]) { - uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); - memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { - uint64_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); -} - -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( - uint64_t (*s)[5U], uint8_t ret[1U][200U]) { - uint8_t out[200U] = {0U}; - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a -with const generics -- BLOCKSIZE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)1U; i++) { - size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; - uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; - lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); - } + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -6120,13 +2711,13 @@ A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last with types uint64_t with const generics - N= 1 -- RATE= 168 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -6147,27 +2738,27 @@ A monomorphic instance of libcrux_sha3.generic_keccak.keccak with types uint64_t with const generics - N= 1 -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; Eurydice_slice uu____1[1U]; memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, - (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + (size_t)144U, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; Eurydice_slice uu____3[1U]; memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); @@ -6175,20 +2766,20 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)168U; - size_t last = outlen - outlen % (size_t)168U; + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); Eurydice_slice o0[1U]; memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6201,17 +2792,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = - libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)144U); Eurydice_slice o[1U]; memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -6219,183 +2810,123 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( /** A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 168 -- DELIM= 31 +- RATE= 144 +- DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } -static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( - Eurydice_slice digest, Eurydice_slice data) { +static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, + Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake128(out, data); -} - -static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, - Eurydice_slice data) { - libcrux_sha3_portable_shake256(out, data); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } -static const size_t libcrux_sha3_generic_keccak__PI[24U] = { - (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, - (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, - (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, - (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, - (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; - -static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { - (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, - (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, - (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, - (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, - (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; - /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block +A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( + uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + core_result_unwrap_41_ac(dst, uu____0); + size_t uu____1 = i0 / (size_t)5U; + size_t uu____2 = i0 % (size_t)5U; + s[uu____1][uu____2] = + s[uu____1][uu____2] ^ core_num__u64_9__from_le_bytes(uu____0); } } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( + uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c2(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e2(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( + uint64_t (*a)[5U], uint8_t b[1U][200U]) { + uint64_t(*uu____0)[5U] = a; + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); } /** A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6405,121 +2936,81 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe3( } blocks[i0][last_len] = 6U; size_t uu____1 = i0; - size_t uu____2 = (size_t)144U - (size_t)1U; + size_t uu____2 = (size_t)104U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_072(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); + uint64_t(*uu____3)[5U] = s->st; + uint8_t uu____4[1U][200U]; + memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( + uint64_t (*s)[5U], Eurydice_slice out[1U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); } } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 144 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f2(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_583(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a1(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6535,57 +3026,57 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e71( } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f2(a, b); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_902(s->st, out); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a51(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6602,51 +3093,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_701( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 144 +- N= 1 +- RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, - ret); - libcrux_sha3_generic_keccak_absorb_block_451(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + (size_t)104U, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe3(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e71(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f2(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -6658,305 +3149,171 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_592( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)104U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_701(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e2( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_592(uu____0, out); +/** +A monomorphic instance of libcrux_sha3.portable.keccakx1 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, + Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha224(digest, payload); +} + +static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, + uint8_t ret[28U]) { + uint8_t out[28U] = {0U}; + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e2(uu____0, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha256(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } +static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_3c3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha384(digest, payload); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_arm64_load_block_fa_0f2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, + uint8_t ret[48U]) { + uint8_t out[48U] = {0U}; + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_load_block_3c3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, + Eurydice_slice payload) { + libcrux_sha3_portable_sha512(digest, payload); } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_3e3(uu____0, uu____1); +static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, + uint8_t ret[64U]) { + uint8_t out[64U] = {0U}; + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { - size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } - blocks[i0][last_len] = 6U; - size_t uu____1 = i0; - size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; - } - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_arm64_load_block_full_fa_073(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_3e(s); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types uint64_t with const generics -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { + uint64_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics -- RATE= 104 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - libcrux_sha3_simd_arm64_store_block_2f3(s, buf); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( + uint64_t (*s)[5U], uint8_t ret[1U][200U]) { + uint8_t out[200U] = {0U}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_581(s, buf); uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} */ /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - libcrux_sha3_simd_arm64_store_block_full_9a2(a, ret); +static KRML_MUSTINLINE void +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], + uint8_t ret[1U][200U]) { + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s->st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( + libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -6971,58 +3328,19 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_e72( } } -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_simd_arm64_store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - libcrux_sha3_simd_arm64_store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(s); - libcrux_sha3_simd_arm64_store_block_fa_903(s->st, out); -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 +- N= 1 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_keccakf1600_3e(&s); - uint8_t b[2U][200U]; - libcrux_sha3_simd_arm64_store_block_full_fa_a52(s.st, b); - for (size_t i = (size_t)0U; i < (size_t)2U; i++) { +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( + libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_85(&s); + uint8_t b[1U][200U]; + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -7039,51 +3357,51 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_702( /** A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t +with types uint64_t with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 +- N= 1 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = - libcrux_sha3_generic_keccak_new_1e_12(); +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_KeccakState_48 s = + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, - ret); - libcrux_sha3_generic_keccak_absorb_block_452(uu____0, ret); + libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + (size_t)168U, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - libcrux_sha3_simd_arm64_slice_n_fa( + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_fe4(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; + size_t blocks = outlen / (size_t)168U; + size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_e72(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_3f3(&s, o0); + Eurydice_slice_uint8_t_1size_t__x2 uu____4 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); + Eurydice_slice o0[1U]; + memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice o1[1U]; + memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -7095,43 +3413,78 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_593( .tag == core_option_None) { break; } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - libcrux_sha3_simd_arm64_split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice_uint8_t_1size_t__x2 uu____5 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(o1, (size_t)168U); + Eurydice_slice o[1U]; + memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice orest[1U]; + memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_702(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 +A monomorphic instance of libcrux_sha3.portable.keccakx1 with const generics -- RATE= 104 -- DELIM= 6 +- RATE= 168 +- DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_neon_keccakx2_6e3( - Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_593(uu____0, out); +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( + Eurydice_slice data[1U], Eurydice_slice out[1U]) { + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(uu____0, out); +} + +static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( + Eurydice_slice digest, Eurydice_slice data) { + Eurydice_slice buf0[1U] = {data}; + Eurydice_slice buf[1U] = {digest}; + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake128(out, data); +} + +static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, + Eurydice_slice data) { + libcrux_sha3_portable_shake256(out, data); +} + +static const size_t libcrux_sha3_generic_keccak__PI[24U] = { + (size_t)6U, (size_t)12U, (size_t)18U, (size_t)24U, (size_t)3U, + (size_t)9U, (size_t)10U, (size_t)16U, (size_t)22U, (size_t)1U, + (size_t)7U, (size_t)13U, (size_t)19U, (size_t)20U, (size_t)4U, + (size_t)5U, (size_t)11U, (size_t)17U, (size_t)23U, (size_t)2U, + (size_t)8U, (size_t)14U, (size_t)15U, (size_t)21U}; + +static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { + (size_t)1U, (size_t)62U, (size_t)28U, (size_t)27U, (size_t)36U, + (size_t)44U, (size_t)6U, (size_t)55U, (size_t)20U, (size_t)3U, + (size_t)10U, (size_t)43U, (size_t)25U, (size_t)39U, (size_t)41U, + (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, + (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; + +static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, + Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - libcrux_sha3_neon_keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -7142,7 +3495,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -7150,62 +3503,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_251(s, buf); + libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** @@ -7282,12 +3635,6 @@ static inline libcrux_sha3_Algorithm libcrux_sha3_from_2d(uint32_t v) { return uu____0; } -typedef core_core_arch_arm_shared_neon_uint64x2_t - libcrux_sha3_simd_arm64_uint64x2_t; - -typedef libcrux_sha3_generic_keccak_KeccakState_fc - libcrux_sha3_neon_x2_incremental_KeccakState2Internal; - typedef uint8_t libcrux_sha3_Sha3_512Digest[64U]; typedef uint8_t libcrux_sha3_Sha3_384Digest[48U]; From 5e897fdb6460a724877eb3fdc6e029be416e08c5 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 14:15:33 +0000 Subject: [PATCH 122/348] regen c --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 26 +- .../c/internal/libcrux_mlkem_avx2.h | 8 +- .../c/internal/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 38 +- libcrux-ml-kem/c/libcrux_core.c | 185 +- libcrux-ml-kem/c/libcrux_core.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 118 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 118 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 116 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 3415 ++++++++------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 14 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 3928 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 90 +- libcrux-ml-kem/c/libcrux_sha3.h | 79 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 744 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 35 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 605 ++- libcrux-ml-kem/c/libcrux_sha3_neon.c | 39 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 39 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 84 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 35 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1694 ++++--- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2195 +++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 725 ++- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 731 +-- 43 files changed, 9365 insertions(+), 6471 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index cb530ac49..8f2f9d27d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 0576bfc67e99aae86c51930421072688138b672b +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 +Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,25 +90,26 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 2dfcbe7fb..95fb8cd69 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_core_H @@ -139,6 +139,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -220,6 +223,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -289,6 +295,9 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -320,6 +329,9 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -340,6 +352,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -348,6 +363,9 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 28e377d29..92f3e8455 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f2a37e1b8..def1624ad 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 78a4a2cb4..d603711fc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d110706a9..03ca80d96 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,11 +24,17 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -63,6 +69,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -70,6 +79,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -167,6 +182,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -174,6 +192,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -181,11 +202,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -193,6 +220,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 605062f34..a5f2f39b1 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,14 +28,17 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -43,6 +49,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -50,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -89,10 +98,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -124,10 +134,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -142,10 +153,11 @@ with const generics */ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -173,10 +185,12 @@ with const generics */ Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -186,12 +200,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } @@ -206,10 +218,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -241,10 +254,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -259,10 +273,11 @@ with const generics */ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -290,10 +305,12 @@ with const generics */ Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -303,12 +320,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -323,10 +338,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -357,10 +373,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -375,10 +392,11 @@ with const generics */ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -395,6 +413,9 @@ uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -404,12 +425,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -433,6 +452,9 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -442,12 +464,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -462,10 +482,12 @@ with const generics */ Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -475,15 +497,16 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -493,12 +516,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b169a72c5..943b4e083 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 55cdf6e81..b5cf3724c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index fbde59b63..05d316a3a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem1024_avx2.h" @@ -42,6 +42,13 @@ static void decapsulate_96( libcrux_ml_kem_ind_cca_decapsulate_200(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +56,9 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( decapsulate_96(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -78,6 +88,13 @@ static void decapsulate_unpacked_72( ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -106,20 +123,32 @@ static tuple_21 encapsulate_70( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_70(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_70(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -143,20 +172,32 @@ static tuple_21 encapsulate_unpacked_27( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_27(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_27(uu____0, copy_of_randomness); } /** @@ -172,18 +213,26 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_ff(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -198,17 +247,23 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 generate_keypair_unpacked_d2(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d2(copy_of_randomness); } /** @@ -223,6 +278,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index eaa977785..26425cbb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 38d29afa1..0032daf9a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem1024_portable.h" @@ -42,6 +42,13 @@ static void decapsulate_e5( libcrux_ml_kem_ind_cca_decapsulate_e31(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +56,9 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( decapsulate_e5(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -78,6 +88,13 @@ static void decapsulate_unpacked_6e( ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -106,20 +123,32 @@ static tuple_21 encapsulate_da( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_da(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_da(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -143,20 +172,32 @@ static tuple_21 encapsulate_unpacked_c8( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c8(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_c8(uu____0, copy_of_randomness); } /** @@ -173,18 +214,26 @@ generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_0e(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -199,17 +248,23 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 generate_keypair_unpacked_5a(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_5a(copy_of_randomness); } /** @@ -224,6 +279,11 @@ static bool validate_public_key_e11(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index da63b3e1e..624ef0798 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e8b65f32f..df871eb6d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 4332da098..364933d64 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem512_avx2.h" @@ -41,12 +41,22 @@ static void decapsulate_9f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_20(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_9f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_a6( ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_ec encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_8e(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_ec encapsulate_unpacked_ae( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ae(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ae(uu____0, copy_of_randomness); } /** @@ -168,18 +207,26 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b1( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_b1(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -194,17 +241,23 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 generate_keypair_unpacked_ad(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_ad(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_ad(copy_of_randomness); } /** @@ -219,6 +272,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 7138d4add..893c5c37d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index fe1e4e668..8a3ec38f0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem512_portable.h" @@ -41,12 +41,22 @@ static void decapsulate_4a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_e30(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_4a(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_d4( ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_ec encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_7d(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_ec encapsulate_unpacked_84( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_84(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_84(uu____0, copy_of_randomness); } /** @@ -169,18 +208,26 @@ generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_df(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -195,17 +242,23 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae generate_keypair_unpacked_bc(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_bc(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_bc(copy_of_randomness); } /** @@ -220,6 +273,11 @@ static bool validate_public_key_e10(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index c7a16b3f2..5626a47b6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index fb6d7275c..62edf65bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 7ec20abe6..7abc80c7d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem768_avx2.h" @@ -41,12 +41,22 @@ static void decapsulate_3f( libcrux_ml_kem_ind_cca_decapsulate_201(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_3f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_e5( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_3c encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ec(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_3c encapsulate_unpacked_2b( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2b(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_2b(uu____0, copy_of_randomness); } /** @@ -168,18 +207,26 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c2( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_c2(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -194,17 +241,23 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 generate_keypair_unpacked_51(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_51(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_51(copy_of_randomness); } /** @@ -219,6 +272,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index edc9d8b97..46c8025c0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7595346ef..bd8699614 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem768_portable.h" @@ -41,12 +41,22 @@ static void decapsulate_39( libcrux_ml_kem_ind_cca_decapsulate_e3(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_39(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -75,6 +85,13 @@ static void decapsulate_unpacked_6b( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -102,20 +119,32 @@ static tuple_3c encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4f(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_4f(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -139,20 +168,30 @@ static tuple_3c encapsulate_unpacked_08( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_08(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_08(uu____0, copy_of_randomness); } /** @@ -169,18 +208,26 @@ generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_ff(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -195,17 +242,23 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 generate_keypair_unpacked_8b(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_8b(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_8b(copy_of_randomness); } /** @@ -220,6 +273,11 @@ static bool validate_public_key_e1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index f51a6740f..1efa41d23 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e66d6e928..e6f3a05e8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,8 +21,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -30,8 +29,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -66,7 +64,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -169,6 +167,10 @@ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( core_core_arch_x86___m256i vector) { @@ -651,38 +653,22 @@ KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, @@ -737,15 +723,13 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -763,38 +747,22 @@ KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, @@ -858,23 +826,20 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -891,22 +856,22 @@ void libcrux_ml_kem_vector_avx2_serialize_5_ea( KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); core_core_arch_x86___m256i coefficients_loaded0 = @@ -980,23 +945,21 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1021,16 +984,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1066,11 +1029,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1092,7 +1054,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -1141,20 +1103,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1179,16 +1139,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1239,8 +1199,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); core_core_arch_x86___m128i lower_coefficients0 = @@ -1254,8 +1214,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); @@ -1264,8 +1224,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1320,6 +1279,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1330,13 +1295,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = @@ -1345,6 +1307,12 @@ deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1359,7 +1327,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1367,7 +1335,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -1434,16 +1402,16 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1456,29 +1424,29 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1491,20 +1459,16 @@ static KRML_MUSTINLINE void serialize_public_key_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1520,14 +1484,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; deserialize_ring_elements_reduced_5d4( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_d01( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1582,11 +1546,10 @@ shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -1602,9 +1565,10 @@ generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(copy_of_input); } /** @@ -1621,10 +1585,10 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1652,6 +1616,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( shake128_squeeze_first_three_blocks_6b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1670,12 +1675,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1706,10 +1710,10 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1737,6 +1741,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( shake128_squeeze_next_block_1b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1755,12 +1800,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1795,8 +1839,7 @@ from_i16_array_89_10(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -1809,8 +1852,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -1824,33 +1867,38 @@ static KRML_MUSTINLINE void sample_from_xof_b01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(uu____0); + shake128_init_absorb_final_a9_ca1(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); + ret0[i] = closure_791(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1870,24 +1918,25 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( closure_b81(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); + sample_from_xof_b01(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1896,7 +1945,9 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -1927,14 +1978,14 @@ static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1962,6 +2013,55 @@ static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], PRFxN_1c2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1972,24 +2072,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2005,8 +2103,8 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2019,21 +2117,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2051,8 +2147,8 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2246,6 +2342,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2259,12 +2359,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2272,23 +2373,49 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( PRFxN_a9_512(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2323,6 +2450,10 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2337,11 +2468,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2385,6 +2515,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2400,22 +2533,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -2431,6 +2562,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2443,9 +2615,9 @@ static tuple_9b0 generate_keypair_unpacked_6c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -2455,53 +2627,59 @@ static tuple_9b0 generate_keypair_unpacked_6c1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -2577,12 +2755,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -2607,33 +2784,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( serialize_public_key_d01( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2655,19 +2835,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d01( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -2686,43 +2871,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -2742,12 +2921,11 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_e11(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -2756,22 +2934,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2785,12 +2967,13 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2799,16 +2982,17 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -2822,8 +3006,7 @@ with const generics static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2999,6 +3182,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3014,22 +3200,20 @@ static KRML_MUSTINLINE void compute_vector_u_001( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3073,8 +3257,8 @@ deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); + (size_t)2U * i0 + (size_t)2U, + uint8_t)); re.coefficients[i0] = decompress_1_91(coefficient_compressed);); return re; } @@ -3110,6 +3294,9 @@ add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3226,12 +3413,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3327,6 +3511,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3340,25 +3527,21 @@ static void compress_then_serialize_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3455,12 +3638,10 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( compress_ea_d41(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3557,12 +3738,10 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( compress_ea_d42(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3578,6 +3757,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3600,17 +3820,20 @@ static void encrypt_unpacked_881( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3618,18 +3841,18 @@ static void encrypt_unpacked_881( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); + deserialize_then_decompress_message_b9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -3640,12 +3863,11 @@ static void encrypt_unpacked_881( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); compress_then_serialize_u_841( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3672,46 +3894,46 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3728,11 +3950,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_121(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3747,7 +3974,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3755,7 +3982,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -3786,45 +4013,48 @@ static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a21(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3842,8 +4072,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -3871,54 +4100,51 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_121( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_e51(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4007,13 +4233,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_f2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d(coefficient); @@ -4106,13 +4329,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_cb(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d0(coefficient); @@ -4150,6 +4370,10 @@ static KRML_MUSTINLINE void ntt_vector_u_4b( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4165,10 +4389,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4181,10 +4404,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_52(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_52(u_bytes); ntt_vector_u_4b(&u_as_ntt[i0]); } memcpy( @@ -4277,12 +4498,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_5e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d1(coefficient); @@ -4375,13 +4594,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_43(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d2(re.coefficients[i0]); @@ -4426,6 +4642,12 @@ subtract_reduce_89_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4465,15 +4687,37 @@ static KRML_MUSTINLINE void compress_then_serialize_message_07( uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4492,8 +4736,7 @@ static void decrypt_unpacked_251( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = deserialize_then_decompress_ring_element_v_29( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = compute_message_751(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -4509,8 +4752,7 @@ with const generics static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4557,57 +4799,53 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4622,18 +4860,18 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4647,7 +4885,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_051( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4655,7 +4893,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_051( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -4679,14 +4917,15 @@ static void decrypt_841(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; deserialize_secret_key_051(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; decrypt_unpacked_251(&secret_key_unpacked, ciphertext, ret0); @@ -4718,17 +4957,16 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_201( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -4737,19 +4975,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( decrypt_841(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4758,40 +4993,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e51( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e51(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_e51(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4806,7 +5045,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4814,7 +5053,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -4824,6 +5063,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4836,29 +5078,29 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4871,20 +5113,16 @@ static KRML_MUSTINLINE void serialize_public_key_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4900,14 +5138,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; deserialize_ring_elements_reduced_5d2( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_d00( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4962,11 +5200,10 @@ shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); return state; } @@ -4982,9 +5219,10 @@ generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(copy_of_input); } /** @@ -5001,10 +5239,10 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -5035,6 +5273,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( shake128_squeeze_first_three_blocks_6b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5053,12 +5332,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5089,10 +5367,10 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -5123,6 +5401,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( shake128_squeeze_next_block_1b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5141,12 +5460,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5171,8 +5489,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5186,33 +5504,38 @@ static KRML_MUSTINLINE void sample_from_xof_b00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(uu____0); + shake128_init_absorb_final_a9_ca0(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); + ret0[i] = closure_790(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5232,24 +5555,25 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( closure_b80(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); + sample_from_xof_b00(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5258,7 +5582,9 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); @@ -5289,14 +5615,14 @@ static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5327,6 +5653,10 @@ static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], PRFxN_1c1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5340,12 +5670,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5353,23 +5684,26 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( PRFxN_a9_511(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5384,11 +5718,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5396,6 +5729,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5411,22 +5747,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5442,6 +5776,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5454,9 +5829,9 @@ static tuple_54 generate_keypair_unpacked_6c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; @@ -5466,53 +5841,59 @@ static tuple_54 generate_keypair_unpacked_6c0( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -5567,12 +5948,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; @@ -5597,33 +5977,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( serialize_public_key_d00( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5645,19 +6028,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d00( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -5676,43 +6064,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -5732,12 +6114,11 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_e10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5746,22 +6127,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5775,12 +6160,13 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5789,16 +6175,17 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -5839,6 +6226,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_570( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5854,22 +6244,20 @@ static KRML_MUSTINLINE void compute_vector_u_000( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -5885,6 +6273,9 @@ static KRML_MUSTINLINE void compute_vector_u_000( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5924,12 +6315,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -5948,6 +6336,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5961,25 +6352,21 @@ static void compress_then_serialize_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -5995,6 +6382,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( compress_then_serialize_5_35(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6017,17 +6445,20 @@ static void encrypt_unpacked_880( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6035,18 +6466,18 @@ static void encrypt_unpacked_880( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); + deserialize_then_decompress_message_b9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6056,14 +6487,12 @@ static void encrypt_unpacked_880( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6090,46 +6519,46 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6146,11 +6575,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_120(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6165,7 +6599,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6173,7 +6607,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -6204,45 +6638,48 @@ static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a20(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6260,8 +6697,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -6289,54 +6725,51 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_120( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_e50(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -6370,6 +6803,10 @@ static KRML_MUSTINLINE void ntt_vector_u_4b0( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6385,10 +6822,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6401,10 +6837,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_520(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_520(u_bytes); ntt_vector_u_4b0(&u_as_ntt[i0]); } memcpy( @@ -6423,6 +6857,12 @@ deserialize_then_decompress_ring_element_v_290(Eurydice_slice serialized) { return deserialize_then_decompress_5_43(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6444,6 +6884,30 @@ compute_message_750( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6462,8 +6926,7 @@ static void decrypt_unpacked_250( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = deserialize_then_decompress_ring_element_v_290( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = compute_message_750(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -6515,61 +6978,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6583,7 +7045,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_050( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6591,7 +7053,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_050( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -6615,14 +7077,15 @@ static void decrypt_840(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; deserialize_secret_key_050(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; decrypt_unpacked_250(&secret_key_unpacked, ciphertext, ret0); @@ -6655,17 +7118,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -6674,19 +7136,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( decrypt_840(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6695,40 +7154,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e50(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_e50(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6743,7 +7206,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6751,7 +7214,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -6761,6 +7224,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6773,29 +7239,29 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6809,18 +7275,15 @@ static KRML_MUSTINLINE void serialize_public_key_d0( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6836,14 +7299,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; deserialize_ring_elements_reduced_5d0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6898,11 +7361,10 @@ shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -6918,9 +7380,10 @@ generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(copy_of_input); } /** @@ -6937,10 +7400,10 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -6965,6 +7428,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( shake128_squeeze_first_three_blocks_6b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6983,12 +7487,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7019,10 +7522,10 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7047,6 +7550,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( shake128_squeeze_next_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7065,12 +7609,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7095,8 +7638,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7110,33 +7653,38 @@ static KRML_MUSTINLINE void sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(uu____0); + shake128_init_absorb_final_a9_ca(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_next_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); + ret0[i] = closure_79(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7156,24 +7704,25 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( closure_b8(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); + sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7182,7 +7731,9 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); @@ -7213,14 +7764,14 @@ static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7256,6 +7807,10 @@ sample_from_binomial_distribution_47(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_43(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7269,12 +7824,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7282,23 +7838,26 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( PRFxN_a9_51(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7313,11 +7872,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7325,6 +7883,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7340,22 +7901,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -7371,6 +7930,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7383,9 +7983,9 @@ static tuple_4c generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; @@ -7395,53 +7995,59 @@ static tuple_4c generate_keypair_unpacked_6c( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -7496,12 +8102,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; @@ -7526,33 +8131,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( serialize_public_key_d0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7574,19 +8182,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d0( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -7605,43 +8218,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -7661,12 +8268,11 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7675,20 +8281,21 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -7705,14 +8312,14 @@ static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -7737,6 +8344,9 @@ static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], PRFxN_1c0(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7750,12 +8360,13 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7764,16 +8375,17 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -7814,6 +8426,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_57( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7829,22 +8444,20 @@ static KRML_MUSTINLINE void compute_vector_u_00( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -7860,6 +8473,9 @@ static KRML_MUSTINLINE void compute_vector_u_00( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7882,6 +8498,9 @@ compute_ring_element_v_71( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7895,28 +8514,65 @@ static void compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7939,17 +8595,20 @@ static void encrypt_unpacked_88( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7957,18 +8616,18 @@ static void encrypt_unpacked_88( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); + deserialize_then_decompress_message_b9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -7979,12 +8638,11 @@ static void encrypt_unpacked_88( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -8011,46 +8669,46 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8067,11 +8725,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_12(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8086,7 +8749,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8094,7 +8757,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_reduced_ring_element_dd(ring_element); deserialized_pk[i0] = uu____0; @@ -8125,45 +8788,48 @@ static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8181,8 +8847,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -8210,57 +8875,58 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_12( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_e5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8276,10 +8942,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8292,10 +8957,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_52(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_52(u_bytes); ntt_vector_u_4b(&u_as_ntt[i0]); } memcpy( @@ -8303,6 +8966,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8324,6 +8993,30 @@ compute_message_75( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8342,8 +9035,7 @@ static void decrypt_unpacked_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = deserialize_then_decompress_ring_element_v_29( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -8394,61 +9086,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8462,7 +9153,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_05( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8470,7 +9161,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_05( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -8494,14 +9185,15 @@ static void decrypt_84(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; deserialize_secret_key_05(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; decrypt_unpacked_25(&secret_key_unpacked, ciphertext, ret0); @@ -8533,17 +9225,16 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -8552,19 +9243,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( decrypt_84(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -8573,34 +9261,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e5( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e5(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_e5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e669d55c8..9d7aa0ed7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem_avx2_H @@ -115,6 +115,10 @@ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( core_core_arch_x86___m256i vector); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 7dd1bf4f2..019effe21 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_mlkem_neon.h" @@ -17,8 +17,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index d224d23d5..e2979d8d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index b3596a256..f2edc753e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -75,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -95,68 +91,64 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -174,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -219,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -314,12 +295,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1018,6 +997,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +1045,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,6 +1077,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1102,6 +1119,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1413,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1465,19 +1526,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1493,26 +1552,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1523,11 +1582,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1553,32 +1612,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1594,11 +1653,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1632,40 +1689,24 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1674,11 +1715,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1706,44 +1746,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1758,11 +1798,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1795,37 +1833,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1834,17 +1871,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1882,60 +1917,52 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -1949,12 +1976,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1987,20 +2012,17 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2008,29 +2030,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2072,12 +2090,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2086,32 +2104,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2145,15 +2155,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2165,7 +2175,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2176,8 +2186,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2194,8 +2203,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2254,6 +2262,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2264,13 +2278,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2280,6 +2291,12 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2294,7 +2311,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2302,7 +2319,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -2375,16 +2392,16 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2397,29 +2414,29 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2432,20 +2449,16 @@ static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_f81(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2461,14 +2474,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2534,16 +2547,17 @@ shake128_init_absorb_final_751(uint8_t input[4U][34U]) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2560,9 +2574,10 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_751(copy_of_input); } /** @@ -2578,8 +2593,7 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2598,6 +2612,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( shake128_squeeze_first_three_blocks_101(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2616,12 +2671,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2647,11 +2701,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2670,6 +2724,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( shake128_squeeze_next_block_ed1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2688,12 +2783,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2729,8 +2823,7 @@ from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2745,8 +2838,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2761,32 +2854,37 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_053( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_next_block_f1_c11(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_054( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_991(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2807,24 +2905,25 @@ static KRML_MUSTINLINE void sample_matrix_A_231( closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2833,7 +2932,9 @@ static KRML_MUSTINLINE void sample_matrix_A_231( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2859,12 +2960,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2883,6 +2983,55 @@ static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], PRFxN_1d2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2893,24 +3042,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2926,8 +3073,8 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2940,21 +3087,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2972,8 +3117,8 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3001,9 +3146,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3108,13 +3252,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_7b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3128,7 +3272,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3138,7 +3282,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3182,6 +3326,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3196,12 +3344,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3209,23 +3358,49 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3262,6 +3437,10 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3276,13 +3455,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3331,6 +3508,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3346,22 +3526,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -3377,6 +3555,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3390,9 +3609,9 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; @@ -3402,53 +3621,59 @@ static tuple_540 generate_keypair_unpacked_f41( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3528,12 +3753,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; @@ -3558,33 +3782,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3607,19 +3834,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_801( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -3638,43 +3870,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -3695,12 +3921,11 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -3709,22 +3934,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_f2( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(uu____1); + libcrux_ml_kem_types_from_e7_a71(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3739,12 +3968,13 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3753,16 +3983,17 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -3776,8 +4007,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3807,7 +4037,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3817,7 +4047,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3831,13 +4061,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3960,6 +4190,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3975,22 +4208,20 @@ static KRML_MUSTINLINE void compute_vector_u_a11( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -4036,7 +4267,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); @@ -4077,6 +4308,9 @@ add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4180,12 +4414,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_e10( uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4204,6 +4435,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4217,25 +4451,21 @@ static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; compress_then_serialize_ring_element_u_2f0(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -4287,12 +4517,10 @@ static KRML_MUSTINLINE void compress_then_serialize_4_e5( compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4344,12 +4572,10 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a3( compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4365,6 +4591,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( compress_then_serialize_5_a3(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4388,17 +4655,20 @@ static void encrypt_unpacked_6c1( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4406,18 +4676,18 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4427,14 +4697,12 @@ static void encrypt_unpacked_6c1( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); compress_then_serialize_u_241( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; compress_then_serialize_ring_element_v_310( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4462,46 +4730,46 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4518,11 +4786,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_3d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4537,7 +4810,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4545,7 +4818,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -4577,45 +4850,48 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_723( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4633,8 +4909,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4662,54 +4937,51 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_3d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(uu____4); + libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_ef(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4760,13 +5032,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_fc(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4823,13 +5092,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_ba(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4869,6 +5135,10 @@ static KRML_MUSTINLINE void ntt_vector_u_7a0( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4884,10 +5154,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -4900,10 +5169,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_980(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_980(u_bytes); ntt_vector_u_7a0(&u_as_ntt[i0]); } memcpy( @@ -4958,12 +5225,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_8f(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5020,16 +5285,12 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_04(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -5077,6 +5338,12 @@ subtract_reduce_89_70(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5117,15 +5384,37 @@ static KRML_MUSTINLINE void compress_then_serialize_message_c1( uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5144,8 +5433,7 @@ static void decrypt_unpacked_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_df0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = compute_message_ff1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -5161,8 +5449,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5211,57 +5498,53 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5276,13 +5559,10 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5290,6 +5570,9 @@ deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5303,7 +5586,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_591( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5311,7 +5594,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_591( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -5335,14 +5618,15 @@ static void decrypt_671(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; deserialize_secret_key_591(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_5d1(&secret_key_unpacked, ciphertext, ret0); @@ -5375,17 +5659,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5394,19 +5677,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( decrypt_671(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5415,40 +5695,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ef( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_ef(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_ef(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_711(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5463,7 +5747,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5471,7 +5755,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -5481,6 +5765,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5493,29 +5780,29 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5529,18 +5816,15 @@ static KRML_MUSTINLINE void serialize_public_key_800( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_f80(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5556,14 +5840,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5629,16 +5913,17 @@ shake128_init_absorb_final_750(uint8_t input[2U][34U]) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5655,9 +5940,10 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_750(copy_of_input); } /** @@ -5673,8 +5959,7 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5693,6 +5978,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( shake128_squeeze_first_three_blocks_100(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5711,12 +6037,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5742,11 +6067,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -5765,6 +6090,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( shake128_squeeze_next_block_ed0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5783,12 +6149,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5814,8 +6179,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5830,32 +6195,37 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_051( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_next_block_f1_c10(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_052( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_990(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5876,24 +6246,25 @@ static KRML_MUSTINLINE void sample_matrix_A_230( closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -5902,7 +6273,9 @@ static KRML_MUSTINLINE void sample_matrix_A_230( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -5928,12 +6301,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -5963,6 +6335,10 @@ sample_from_binomial_distribution_660(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_85(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5977,12 +6353,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5990,23 +6367,26 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_660( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6021,13 +6401,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6037,6 +6415,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6052,22 +6433,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -6083,6 +6462,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6096,9 +6516,9 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; @@ -6108,53 +6528,59 @@ static tuple_4c0 generate_keypair_unpacked_f40( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -6211,12 +6637,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; @@ -6241,33 +6666,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6290,19 +6718,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_800( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -6321,43 +6754,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -6378,12 +6805,11 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -6392,20 +6818,21 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_41( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -6417,12 +6844,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6441,6 +6867,9 @@ static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], PRFxN_1d1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6455,12 +6884,13 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6469,16 +6899,17 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6519,6 +6950,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_860( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6534,22 +6968,20 @@ static KRML_MUSTINLINE void compute_vector_u_a10( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -6565,6 +6997,9 @@ static KRML_MUSTINLINE void compute_vector_u_a10( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6604,12 +7039,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_3b( uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -6628,6 +7060,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6641,25 +7076,21 @@ static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -6675,6 +7106,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6698,17 +7170,20 @@ static void encrypt_unpacked_6c0( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6716,18 +7191,18 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6738,12 +7213,11 @@ static void encrypt_unpacked_6c0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -6771,46 +7245,46 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6827,11 +7301,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_f4(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6846,7 +7325,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6854,7 +7333,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -6886,45 +7365,48 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_721( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6942,8 +7424,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_f5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -6971,54 +7452,51 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_f4( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_f5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -7052,6 +7530,10 @@ static KRML_MUSTINLINE void ntt_vector_u_7a( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7067,10 +7549,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7083,10 +7564,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_98(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_98(u_bytes); ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( @@ -7105,6 +7584,12 @@ deserialize_then_decompress_ring_element_v_df(Eurydice_slice serialized) { return deserialize_then_decompress_4_8f(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7126,6 +7611,30 @@ compute_message_ff0( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7144,8 +7653,7 @@ static void decrypt_unpacked_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = compute_message_ff0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -7197,61 +7705,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7265,7 +7772,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_590( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7273,7 +7780,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_590( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -7297,14 +7804,15 @@ static void decrypt_670(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; deserialize_secret_key_590(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_5d0(&secret_key_unpacked, ciphertext, ret0); @@ -7336,17 +7844,16 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -7355,19 +7862,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( decrypt_670(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -7376,40 +7880,44 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f5( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_f5(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_f5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_71(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7424,7 +7932,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7432,7 +7940,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -7442,6 +7950,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7454,29 +7965,29 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7489,20 +8000,16 @@ static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7518,14 +8025,14 @@ bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7591,16 +8098,17 @@ shake128_init_absorb_final_75(uint8_t input[3U][34U]) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7617,9 +8125,10 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_75(copy_of_input); } /** @@ -7635,8 +8144,7 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -7655,6 +8163,47 @@ static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( shake128_squeeze_first_three_blocks_10(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7673,12 +8222,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7704,11 +8252,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -7727,6 +8275,47 @@ static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( shake128_squeeze_next_block_ed(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7745,12 +8334,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7776,8 +8364,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7792,32 +8380,37 @@ static KRML_MUSTINLINE void sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_05( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_next_block_f1_c1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_050( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_99(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7838,24 +8431,25 @@ static KRML_MUSTINLINE void sample_matrix_A_23( closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -7864,7 +8458,9 @@ static KRML_MUSTINLINE void sample_matrix_A_23( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -7890,12 +8486,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -7914,6 +8509,10 @@ static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], PRFxN_1d(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7928,12 +8527,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7941,23 +8541,26 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7972,13 +8575,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -7988,6 +8589,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8003,22 +8607,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -8034,6 +8636,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8047,9 +8690,9 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -8059,53 +8702,59 @@ static tuple_9b generate_keypair_unpacked_f4( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8162,12 +8811,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -8192,33 +8840,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8241,19 +8892,24 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_80( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -8272,43 +8928,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -8329,12 +8979,11 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -8343,22 +8992,26 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(uu____1); + libcrux_ml_kem_types_from_e7_a70(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8373,12 +9026,13 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_39();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8387,16 +9041,17 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8437,6 +9092,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_86( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8452,22 +9110,20 @@ static KRML_MUSTINLINE void compute_vector_u_a1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -8483,6 +9139,9 @@ static KRML_MUSTINLINE void compute_vector_u_a1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8505,6 +9164,9 @@ compute_ring_element_v_1f( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8518,28 +9180,65 @@ static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8563,17 +9262,20 @@ static void encrypt_unpacked_6c( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8581,18 +9283,18 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -8603,12 +9305,11 @@ static void encrypt_unpacked_6c( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -8636,46 +9337,46 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8692,11 +9393,16 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_56(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8711,7 +9417,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8719,7 +9425,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; @@ -8751,45 +9457,48 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_72( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8807,8 +9516,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_27(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -8836,57 +9544,58 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t randomness[32U]) { uint8_t randomness0[32U]; entropy_preprocess_af_56( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(uu____4); + libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_27(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8902,10 +9611,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8918,10 +9626,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_98(u_bytes); - u_as_ntt[i0] = uu____0; + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_98(u_bytes); ntt_vector_u_7a(&u_as_ntt[i0]); } memcpy( @@ -8929,6 +9635,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8950,6 +9662,30 @@ compute_message_ff( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8968,8 +9704,7 @@ static void decrypt_unpacked_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_df( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = compute_message_ff(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; @@ -9021,61 +9756,60 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9089,7 +9823,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_59( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9097,7 +9831,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_59( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = deserialize_to_uncompressed_ring_element_53(secret_bytes); secret_as_ntt[i0] = uu____0; @@ -9121,14 +9855,15 @@ static void decrypt_67(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; deserialize_secret_key_59(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_5d(&secret_key_unpacked, ciphertext, ret0); @@ -9160,17 +9895,16 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -9179,19 +9913,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( decrypt_67(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -9200,34 +9931,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_27( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_27(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; kdf_af_27(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_710(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index fb4bb6956..6cd386f96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem_portable_H @@ -205,6 +205,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +239,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +282,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +413,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 8330670f7..0fe581b92 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_H @@ -22,6 +22,9 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -29,6 +32,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -36,6 +42,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -43,6 +52,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -50,6 +62,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -57,58 +72,88 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -116,11 +161,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 74008b788..fb35528f9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "internal/libcrux_sha3_avx2.h" @@ -119,14 +119,10 @@ xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -135,10 +131,11 @@ usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); + slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -148,19 +145,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -185,6 +182,9 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -236,21 +236,21 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -296,34 +296,30 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -332,34 +328,30 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -384,9 +376,10 @@ with const generics static KRML_MUSTINLINE void load_block_ef_6a( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); } /** @@ -1418,75 +1411,29 @@ static KRML_MUSTINLINE void theta_rho_71( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); core_core_arch_x86___m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1598,14 +1545,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_91( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c7(s, buf); } @@ -1621,9 +1565,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_ef_05( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); } /** @@ -1636,15 +1581,14 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -1704,23 +1648,19 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1729,36 +1669,31 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1766,40 +1701,31 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1815,22 +1741,25 @@ static KRML_MUSTINLINE void store_block_full_0b( uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1863,12 +1792,11 @@ static KRML_MUSTINLINE void squeeze_first_and_last_a4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1926,12 +1854,11 @@ static KRML_MUSTINLINE void squeeze_last_77( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1946,27 +1873,26 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2006,6 +1932,9 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], } } +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -2015,6 +1944,9 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, keccak_14(buf0, buf); } +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { return new_1e_16(); @@ -2030,21 +1962,21 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -2090,34 +2022,30 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -2126,34 +2054,30 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -2173,14 +2097,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_910( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c70(s, buf); } @@ -2196,9 +2117,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_ef_050( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); } /** @@ -2211,15 +2133,14 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -2230,6 +2151,9 @@ static KRML_MUSTINLINE void absorb_final_5e0( keccakf1600_07(s); } +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2286,23 +2210,19 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2311,36 +2231,31 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2348,40 +2263,31 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2450,6 +2356,9 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2457,6 +2366,9 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2504,6 +2416,9 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2512,6 +2427,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2519,6 +2437,9 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2527,6 +2448,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 8c1635b0b..2f398d999 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_avx2_H @@ -33,38 +33,65 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index f39b36172..6a597aa5c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_internal_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,8 +262,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b3(s, buf); } @@ -277,9 +279,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1224,75 +1227,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1391,14 +1371,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1422,14 +1402,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1486,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1504,8 +1480,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b30(s, buf); } @@ -1521,9 +1497,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1536,14 +1513,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1567,14 +1544,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1629,9 +1603,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1659,11 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1699,12 +1675,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1726,12 +1702,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1748,28 +1724,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1817,9 +1792,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -1836,9 +1812,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1859,9 +1834,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -1887,8 +1863,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b33(s, buf); } @@ -1904,9 +1880,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -1919,14 +1896,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1950,14 +1927,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1970,11 +1944,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2010,12 +1985,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2076,12 +2051,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2098,28 +2073,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2167,9 +2141,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -2186,9 +2161,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2209,9 +2183,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2237,8 +2212,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b32(s, buf); } @@ -2254,9 +2229,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2269,14 +2245,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2300,14 +2276,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2320,11 +2293,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2360,12 +2334,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2426,12 +2400,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2448,28 +2422,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2517,9 +2490,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2534,9 +2508,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -2564,11 +2539,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2604,12 +2580,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2631,12 +2607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2653,28 +2629,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2722,9 +2697,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2737,14 +2713,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2771,28 +2747,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2840,9 +2815,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2859,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2882,9 +2857,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -2910,8 +2886,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b31(s, buf); } @@ -2927,9 +2903,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2942,14 +2919,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2973,14 +2950,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2993,11 +2967,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3032,12 +3007,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3098,12 +3073,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3120,28 +3095,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -3189,9 +3163,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 460d5a51f..c40d397e5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,27 +4,38 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #include "libcrux_sha3_neon.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -34,6 +45,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } +/** + Initialise the `KeccakState2`. +*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -41,6 +55,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -49,6 +66,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,6 +79,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -67,6 +92,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -74,6 +102,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index a3fd0fbba..f399cf819 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_neon_H @@ -22,10 +22,21 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -33,23 +44,43 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index cb530ac49..8f2f9d27d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 0576bfc67e99aae86c51930421072688138b672b +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 +Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 4e1e51db7..9b9fa652e 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_core_H @@ -237,10 +237,11 @@ with const generics */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -286,10 +287,11 @@ with const generics */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -315,10 +317,11 @@ with const generics */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -335,6 +338,9 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -344,12 +350,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -387,6 +391,9 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -396,12 +403,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -416,10 +421,12 @@ with const generics */ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_9f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -429,15 +436,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -447,12 +455,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 5af8da87c..f9f0d6642 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_ct_ops_H @@ -21,6 +21,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -36,15 +39,18 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } @@ -55,6 +61,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { @@ -64,11 +74,10 @@ static inline void libcrux_ml_kem_constant_time_ops_select_ct( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index f078580e7..787bb8e41 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_avx2_H @@ -30,8 +30,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -40,8 +39,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -84,7 +82,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -203,6 +201,10 @@ libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( @@ -721,38 +723,22 @@ static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, @@ -809,15 +795,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( core_core_arch_x86___m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -837,38 +821,22 @@ static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { core_core_arch_x86___m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, @@ -934,23 +902,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -969,22 +934,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); core_core_arch_x86___m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); core_core_arch_x86___m256i coefficients_loaded0 = @@ -1060,23 +1025,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( core_core_arch_x86___m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); core_core_arch_x86___m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1103,16 +1066,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1150,11 +1113,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1178,7 +1140,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -1229,20 +1191,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1269,16 +1229,16 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); core_core_arch_x86___m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); core_core_arch_x86___m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( @@ -1332,8 +1292,8 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); core_core_arch_x86___m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); core_core_arch_x86___m128i lower_coefficients0 = @@ -1347,8 +1307,8 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); core_core_arch_x86___m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); @@ -1357,8 +1317,7 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1441,18 +1400,18 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1468,7 +1427,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1476,7 +1435,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( secret_bytes); @@ -1604,13 +1563,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = @@ -1713,13 +1669,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = @@ -1922,6 +1875,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1940,10 +1897,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -1956,11 +1912,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + uint8_t); + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); } memcpy( @@ -2061,12 +2016,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = @@ -2169,13 +2122,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( @@ -2197,6 +2147,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2234,6 +2211,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_48( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2249,11 +2230,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2438,6 +2418,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_8d( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2532,16 +2518,37 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_77( uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2561,8 +2568,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, u_as_ntt); @@ -2587,14 +2593,15 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_1d(Eurydice_slice secret_key, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; libcrux_ml_kem_ind_cpa_deserialize_secret_key_67(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, @@ -2627,8 +2634,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -2662,6 +2668,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2675,13 +2687,10 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = @@ -2690,6 +2699,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2707,7 +2722,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2715,7 +2730,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( ring_element); @@ -2768,11 +2783,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -2790,10 +2804,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( - uu____0); + copy_of_input); } /** @@ -2812,10 +2827,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -2846,6 +2861,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2864,14 +2920,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -2907,10 +2962,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -2940,6 +2995,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2958,14 +3054,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3005,8 +3100,7 @@ libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -3021,8 +3115,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -3037,18 +3130,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( - uu____0); + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -3056,17 +3151,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); } memcpy( ret, ret0, @@ -3089,28 +3188,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -3179,14 +3279,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -3215,6 +3315,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3227,24 +3376,22 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3260,8 +3407,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3276,21 +3423,19 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3308,8 +3453,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3372,6 +3517,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3388,11 +3537,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3403,20 +3553,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3436,6 +3585,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3452,11 +3604,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3469,17 +3622,17 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3495,8 +3648,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3554,6 +3706,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3571,22 +3726,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3633,9 +3786,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); } @@ -3674,6 +3827,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3804,12 +3960,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3916,12 +4069,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3942,6 +4092,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3956,26 +4109,22 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -4080,12 +4229,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b7( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4190,12 +4337,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_35( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4213,6 +4358,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4236,19 +4422,21 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4257,19 +4445,19 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = libcrux_ml_kem_matrix_compute_ring_element_v_71( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4280,12 +4468,11 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -4313,46 +4500,49 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4372,8 +4562,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4403,17 +4592,16 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_decapsulate_01( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -4423,19 +4611,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4444,35 +4630,34 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -4506,6 +4691,13 @@ static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8( libcrux_ml_kem_ind_cca_decapsulate_01(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -4578,62 +4770,62 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -4664,6 +4856,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, @@ -4686,8 +4885,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4731,57 +4929,55 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4808,20 +5004,29 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( + uu____0, copy_of_randomness); } /** @@ -4848,50 +5053,53 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -4917,22 +5125,32 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -5001,6 +5219,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5018,22 +5239,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5052,6 +5271,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5065,9 +5325,9 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -5077,21 +5337,23 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5100,34 +5362,38 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -5152,16 +5418,16 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5175,29 +5441,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5211,20 +5477,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5248,20 +5510,24 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -5281,43 +5547,37 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5338,12 +5598,11 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5352,20 +5611,21 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -5383,18 +5643,23 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( - uu____0); + copy_of_randomness); } /** @@ -5481,12 +5746,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 @@ -5518,38 +5782,44 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( libcrux_ml_kem_ind_cpa_serialize_public_key_d0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -5566,19 +5836,25 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( - uu____0); + copy_of_randomness); } /** @@ -5600,21 +5876,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_14( libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, libcrux_ml_kem_types_as_slice_a8_63(ciphertext), - uint8_t, Eurydice_slice), + uint8_t), ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5644,17 +5917,16 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_decapsulate_010( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5664,19 +5936,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5685,41 +5955,43 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_6c_14( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics @@ -5748,6 +6020,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( libcrux_ml_kem_ind_cca_decapsulate_010(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -5797,60 +6076,61 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics @@ -5874,20 +6154,29 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -5904,6 +6193,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5921,7 +6216,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5929,7 +6224,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( ring_element); @@ -5954,14 +6249,14 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5982,6 +6277,11 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index f54652b72..3a4cb9119 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_mlkem768_portable_H @@ -32,8 +32,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -41,8 +40,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -54,8 +52,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -63,8 +60,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -136,10 +132,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -170,68 +164,64 @@ typedef struct uint8_t_x11_s { static KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -250,12 +240,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -306,66 +295,56 @@ typedef struct int16_t_x8_s { static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -401,12 +380,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1115,6 +1092,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1157,6 +1147,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1176,6 +1180,17 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1207,6 +1222,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { @@ -1481,6 +1518,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -1577,20 +1636,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U); } for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1613,26 +1670,26 @@ typedef struct uint8_t_x4_s { static KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1644,11 +1701,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1674,32 +1731,32 @@ static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1715,11 +1772,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1761,40 +1816,24 @@ typedef struct uint8_t_x5_s { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1804,11 +1843,10 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1836,44 +1874,44 @@ static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1888,11 +1926,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1925,37 +1961,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1965,17 +2000,15 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2013,60 +2046,52 @@ static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -2080,12 +2105,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2124,20 +2147,17 @@ typedef struct uint8_t_x3_s { static KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2146,29 +2166,25 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2215,12 +2231,12 @@ typedef struct int16_t_x2_s { static KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2229,32 +2245,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2289,15 +2297,15 @@ static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2309,7 +2317,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2320,8 +2328,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2338,8 +2345,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2484,13 +2490,10 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -2498,6 +2501,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2512,7 +2518,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2520,7 +2526,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( secret_bytes); @@ -2604,13 +2610,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2671,13 +2674,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2801,13 +2801,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2824,7 +2823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2834,7 +2833,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2884,6 +2882,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_de( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2901,10 +2903,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -2917,11 +2918,10 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + uint8_t); + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_de(&u_as_ntt[i0]); } memcpy( @@ -2979,12 +2979,10 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3045,16 +3043,12 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); @@ -3075,6 +3069,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_47(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3113,6 +3134,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_d5( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3127,13 +3152,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3155,7 +3178,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3165,7 +3188,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3182,13 +3204,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3322,6 +3343,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_78( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3417,16 +3444,37 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_66( libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3445,8 +3493,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = libcrux_ml_kem_matrix_compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); @@ -3470,14 +3517,15 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_06(Eurydice_slice secret_key, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; libcrux_ml_kem_ind_cpa_decrypt_unpacked_34(&secret_key_unpacked, ciphertext, @@ -3508,8 +3556,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -3541,6 +3588,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3553,13 +3606,10 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3569,6 +3619,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3585,7 +3641,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3593,7 +3649,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); @@ -3655,14 +3711,15 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], - uint8_t, Eurydice_slice)); + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); } - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -3680,10 +3737,11 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( - uu____0); + copy_of_input); } /** @@ -3701,8 +3759,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -3725,6 +3782,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3742,14 +3840,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3784,8 +3881,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -3808,6 +3904,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3825,14 +3962,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3872,8 +4008,7 @@ libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -3889,8 +4024,7 @@ generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { return libcrux_ml_kem_polynomial_from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -3905,18 +4039,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( - uu____0); + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -3924,17 +4060,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); } memcpy( ret, ret0, @@ -3957,28 +4097,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -4044,9 +4185,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -4066,6 +4206,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4077,24 +4266,22 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -4110,8 +4297,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4125,21 +4312,19 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -4157,8 +4342,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4188,9 +4373,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -4220,6 +4404,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4236,11 +4424,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4251,20 +4440,19 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - re_as_ntt[i0] = uu____1; + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4284,6 +4472,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4300,11 +4491,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4317,17 +4509,17 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4342,8 +4534,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4401,6 +4592,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4417,22 +4611,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -4482,7 +4674,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0; @@ -4524,6 +4716,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4605,12 +4800,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_3b( uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4669,12 +4861,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_e1( uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4694,6 +4883,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4707,26 +4899,22 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -4783,12 +4971,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_e5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4845,12 +5031,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_a3( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4867,6 +5051,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4890,19 +5115,21 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( - uu____2, domain_separator0); + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4911,19 +5138,19 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( prf_input[32U] = domain_separator; uint8_t prf_output[128U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = libcrux_ml_kem_matrix_compute_ring_element_v_1f( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4934,12 +5161,11 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -4967,46 +5193,49 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5025,8 +5254,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -5055,17 +5283,16 @@ libcrux_ml_kem_ind_cca_MlKem with const generics static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5075,19 +5302,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5096,35 +5321,34 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_43_02( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -5158,6 +5382,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5229,62 +5460,62 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -5314,6 +5545,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5334,8 +5572,7 @@ with const generics static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -5377,57 +5614,55 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -5453,19 +5688,28 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( + uu____0, copy_of_randomness); } /** @@ -5492,50 +5736,53 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -5560,21 +5807,31 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -5643,6 +5900,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5659,22 +5919,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -5693,6 +5951,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5706,9 +6005,9 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -5718,21 +6017,23 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5741,34 +6042,38 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -5792,16 +6097,16 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5814,29 +6119,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5849,20 +6154,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5886,20 +6187,24 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_80( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -5918,43 +6223,37 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5975,12 +6274,11 @@ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -5989,20 +6287,21 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(uu____1); + libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(uu____3)); + uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); } /** @@ -6020,17 +6319,22 @@ generics static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( - uu____0); + copy_of_randomness); } /** @@ -6118,12 +6422,11 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 @@ -6155,38 +6458,44 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( libcrux_ml_kem_ind_cpa_serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -6202,18 +6511,24 @@ const generics static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( - uu____0); + copy_of_randomness); } /** @@ -6234,21 +6549,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d2( libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, libcrux_ml_kem_types_as_slice_a8_63(ciphertext), - uint8_t, Eurydice_slice), + uint8_t), ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6277,17 +6589,16 @@ libcrux_ml_kem_ind_cca_Kyber with const generics static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -6297,19 +6608,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6318,41 +6627,43 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_ind_cca_kdf_6c_d2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -6381,6 +6692,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6427,60 +6745,61 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t randomness[32U]) { uint8_t randomness0[32U]; libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), - uint8_t, Eurydice_slice), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(uu____4); + libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -6504,19 +6823,28 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( - uu____0, uu____1); + uu____0, copy_of_randomness); } /** @@ -6532,6 +6860,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6548,7 +6882,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6556,7 +6890,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( ring_element); @@ -6580,14 +6914,14 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; libcrux_ml_kem_ind_cpa_serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6607,6 +6941,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2e86dfce4..426dd490c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_avx2_H @@ -150,14 +150,10 @@ static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -167,10 +163,11 @@ usize> for core::core_arch::x86::__m256i)} KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + libcrux_sha3_simd_avx2_slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -181,19 +178,19 @@ libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -229,6 +226,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -282,21 +282,21 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -342,34 +342,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -378,34 +374,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -431,9 +423,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); } /** @@ -1595,75 +1588,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = + s->st[1U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = + s->st[2U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = + s->st[3U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = + s->st[4U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = + s->st[0U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = + s->st[1U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = + s->st[2U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = + s->st[3U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = + s->st[4U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = + s->st[0U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = + s->st[1U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = + s->st[2U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = + s->st[3U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = + s->st[4U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = + s->st[0U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = + s->st[1U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = + s->st[2U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = + s->st[3U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = + s->st[4U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = + s->st[0U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = + s->st[1U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = + s->st[2U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = + s->st[3U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; core_core_arch_x86___m256i uu____27 = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1784,14 +1754,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c7(s, buf); } @@ -1808,9 +1775,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); } /** @@ -1824,15 +1792,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -1896,23 +1863,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1921,36 +1884,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1958,40 +1916,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2008,22 +1957,25 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -2061,12 +2013,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2131,12 +2083,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2154,28 +2106,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( libcrux_sha3_generic_keccak_KeccakState_29 s = libcrux_sha3_generic_keccak_new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); + libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, + (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2215,6 +2166,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( } } +/** + Perform 4 SHAKE256 operations in parallel +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, @@ -2228,6 +2182,9 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** + Initialise the [`KeccakState`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { @@ -2245,21 +2202,21 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); core_core_arch_x86___m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); core_core_arch_x86___m256i v1h = @@ -2305,34 +2262,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -2341,34 +2294,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); core_core_arch_x86___m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, @@ -2389,14 +2338,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c70(s, buf); } @@ -2413,9 +2359,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); } /** @@ -2429,15 +2376,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2451,6 +2397,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_keccakf1600_07(s); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -2510,23 +2459,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2535,36 +2480,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2572,40 +2512,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2679,6 +2610,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -2688,6 +2622,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } +/** + Squeeze another block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -2739,6 +2676,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( @@ -2748,6 +2688,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( @@ -2757,6 +2700,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( @@ -2766,6 +2712,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index dd93141a1..01a592f8b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: d6111233152fe392e83036ad6c29da60f591aef9 + * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a */ #ifndef __libcrux_sha3_portable_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -265,9 +267,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1212,75 +1215,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1395,8 +1375,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b3(s, buf); } @@ -1412,9 +1392,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1427,15 +1408,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1459,14 +1439,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1479,11 +1456,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1518,12 +1496,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1584,12 +1562,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1606,28 +1584,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -1675,11 +1652,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -1701,9 +1682,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1724,9 +1704,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -1752,8 +1733,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b30(s, buf); } @@ -1769,9 +1750,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1784,15 +1766,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1816,14 +1797,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1836,11 +1814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1876,12 +1855,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1942,12 +1921,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1964,28 +1943,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2033,11 +2011,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2055,15 +2037,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2090,28 +2071,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2159,11 +2139,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2171,6 +2155,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2178,6 +2165,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2185,6 +2175,11 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -2201,6 +2196,9 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2208,6 +2206,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, @@ -2217,6 +2218,10 @@ libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2226,6 +2231,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2235,6 +2244,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); @@ -2254,9 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2272,8 +2283,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b31(s, buf); } @@ -2289,9 +2300,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2304,15 +2316,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2326,6 +2337,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_keccakf1600_85(s); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -2343,14 +2357,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2420,6 +2431,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2427,6 +2441,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2441,6 +2458,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -2483,9 +2503,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2506,9 +2525,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2534,8 +2554,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b32(s, buf); } @@ -2551,9 +2571,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2566,15 +2587,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2598,14 +2618,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2618,11 +2635,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2658,12 +2676,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2724,12 +2742,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2746,28 +2764,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2815,11 +2832,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2841,9 +2862,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2864,9 +2884,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -2892,8 +2913,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b33(s, buf); } @@ -2909,9 +2930,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -2924,15 +2946,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2956,14 +2977,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2976,11 +2994,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3016,12 +3035,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3082,12 +3101,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3104,28 +3123,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -3173,11 +3191,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3185,55 +3207,82 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -3249,9 +3298,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -3279,11 +3329,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3319,12 +3370,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3346,12 +3397,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3368,28 +3419,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -3437,11 +3487,15 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3449,11 +3503,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); @@ -3473,6 +3537,9 @@ static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3480,6 +3547,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3528,6 +3598,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -3535,6 +3608,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -3542,11 +3618,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -3554,6 +3636,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { From 776320407e887bb1f5546cdf9844e636ac0fd3b7 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 14:31:43 +0000 Subject: [PATCH 123/348] updated eurydice_glue.h from main --- libcrux-ml-kem/cg/eurydice_glue.h | 2799 +++++++++++++++++++++++++++-- 1 file changed, 2629 insertions(+), 170 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 2d6575328..d152baa36 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -1,170 +1,2629 @@ -#pragma once - -#if defined(__cplusplus) -extern "C" { -#endif - -#include -#include -#include -#include -#include - -#include "karamel/target.h" - -// SLICES, ARRAYS, ETC. - -// The MSVC C++ compiler does not support compound literals. -// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++ -// compiler. -#if defined(__cplusplus) -#define CLITERAL(type) type -#else -#define CLITERAL(type) (type) -#endif - -// We represent a slice as a pair of an (untyped) pointer, along with the length -// of the slice, i.e. the number of elements in the slice (this is NOT the -// number of bytes). This design choice has two important consequences. -// - if you need to use `ptr`, you MUST cast it to a proper type *before* -// performing pointer -// arithmetic on it (remember that C desugars pointer arithmetic based on the -// type of the address) -// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you -// need to multiply it -// by sizeof t, where t is the type of the elements. -// -// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that -// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL + -// start`). -typedef struct { - void *ptr; - size_t len; -} Eurydice_slice; - -// Helper macro to create a slice out of a pointer x, a start index in x -// (included), and an end index in x (excluded). The argument x must be suitably -// cast to something that can decay (see remark above about how pointer -// arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ - (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) -#define EURYDICE_SLICE_LEN(s, _) s.len -// This macro is a pain because in case the dereferenced element type is an -// array, you cannot simply write `t x` as it would yield `int[4] x` instead, -// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that -// adds an extra argument to this macro at the last minute so that we have the -// correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, r.start, r.end) -// Variant for when the start and end indices are statically known (i.e., the -// range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ - EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ - EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ - end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ - EURYDICE_SLICE((t *)x, r.start, r.end) -// Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ - EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ - EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ - EURYDICE_SLICE((t *)x, r, size) -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ - memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ - ((Eurydice_slice){.ptr = ptr_, .len = len_}) - -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ - (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t - -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ - (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq - -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ - .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ - .len = slice.len - mid}}) - -// Conversion of slice to an array, rewritten (by Eurydice) to name the -// destination array, since arrays are not values in C. -// N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ - sizeof(t_arr)) - -static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, - Eurydice_slice src, size_t sz) { - *dst_tag = 0; - memcpy(dst_ok, src.ptr, sz); -} - -// CORE STUFF (conversions, endianness, ...) - -static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { - memcpy(buf, &v, sizeof(v)); -} -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { - uint64_t v; - memcpy(&v, buf, sizeof(v)); - return v; -} - -static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { - uint32_t v; - memcpy(&v, buf, sizeof(v)); - return v; -} - -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { -#ifdef _MSC_VER - return __popcnt(x0); -#else - return __builtin_popcount(x0); -#endif -} - -// unsigned overflow wraparound semantics in C -static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { - return x + y; -} -static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { - return x - y; -} - -// ITERATORS - -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = (iter_ptr)->start++})) - -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ - Eurydice_range_iter_next - -// See note in karamel/lib/Inlining.ml if you change this -#define Eurydice_into_iter(x, t, _ret_t) (x) -#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ - Eurydice_into_iter - -#if defined(__cplusplus) -} -#endif + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + libcrux/libcrux-ml-kem/cg/eurydice_glue.h at main · cryspen/libcrux · GitHub + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ + + +
+ Skip to content + + + + + + + + + + + +
+ + + + + + + + + + + + + + + +
+ +
+ + + + + + + + +
+ + + + + +
+ + + + + + + + + +
+
+
+ + + + + + + + + + + + +
+ +
+ +
+ +
+ + + + / + + libcrux + + + Public +
+ + +
+ +
+ + +
+
+ +
+
+ + + + +
+ + + + + + +
+ + + + + + + + + + + + + + + + + + +

Latest commit

 

History

History
176 lines (153 loc) · 6.67 KB

eurydice_glue.h

File metadata and controls

176 lines (153 loc) · 6.67 KB
Raw
+ + + + + +
+ + + +
+
+ +
+ +
+

Footer

+ + + + +
+
+ + + + + © 2024 GitHub, Inc. + +
+ + +
+
+ + + + + + + + + + + + + + + + + + + +
+ +
+
+ + + From f549fee9612e3cd9973f66eeeaccce6eb9374976 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 14:48:39 +0000 Subject: [PATCH 124/348] updated eurydice_glue.h from main --- libcrux-ml-kem/cg/eurydice_glue.h | 2805 ++--------------------------- 1 file changed, 176 insertions(+), 2629 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index d152baa36..4b994a998 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -1,2629 +1,176 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - libcrux/libcrux-ml-kem/cg/eurydice_glue.h at main · cryspen/libcrux · GitHub - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - -
- Skip to content - - - - - - - - - - - -
- - - - - - - - - - - - - - - -
- -
- - - - - - - - -
- - - - - -
- - - - - - - - - -
-
-
- - - - - - - - - - - - -
- -
- -
- -
- - - - / - - libcrux - - - Public -
- - -
- -
- - -
-
- -
-
- - - - -
- - - - - - -
- - - - - - - - - - - - - - - - - - -

Latest commit

 

History

History
176 lines (153 loc) · 6.67 KB

eurydice_glue.h

File metadata and controls

176 lines (153 loc) · 6.67 KB
Raw
- - - - - -
- - - -
-
- -
- -
-

Footer

- - - - -
-
- - - - - © 2024 GitHub, Inc. - -
- - -
-
- - - - - - - - - - - - - - - - - - - -
- -
-
- - - +/* + * SPDX-FileCopyrightText: 2024 Eurydice Contributors + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#pragma once + +#if defined(__cplusplus) +extern "C" { +#endif + +#include +#include +#include +#include +#include + +#include "karamel/target.h" + +// SLICES, ARRAYS, ETC. + +// The MSVC C++ compiler does not support compound literals. +// This CLITERAL is used to turn `(type){...}` into `type{...}` when using a C++ +// compiler. +#if defined(__cplusplus) +#define CLITERAL(type) type +#else +#define CLITERAL(type) (type) +#endif + +// We represent a slice as a pair of an (untyped) pointer, along with the length +// of the slice, i.e. the number of elements in the slice (this is NOT the +// number of bytes). This design choice has two important consequences. +// - if you need to use `ptr`, you MUST cast it to a proper type *before* +// performing pointer +// arithmetic on it (remember that C desugars pointer arithmetic based on the +// type of the address) +// - if you need to use `len` for a C style function (e.g. memcpy, memcmp), you +// need to multiply it +// by sizeof t, where t is the type of the elements. +// +// Empty slices have `len == 0` and `ptr` always needs to be valid pointer that +// is not NULL (otherwise the construction in EURYDICE_SLICE computes `NULL + +// start`). +typedef struct { + void *ptr; + size_t len; +} Eurydice_slice; + +// Helper macro to create a slice out of a pointer x, a start index in x +// (included), and an end index in x (excluded). The argument x must be suitably +// cast to something that can decay (see remark above about how pointer +// arithmetic works in C), meaning either pointer or array type. +#define EURYDICE_SLICE(x, start, end) \ + (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) +#define EURYDICE_SLICE_LEN(s, _) s.len +// This macro is a pain because in case the dereferenced element type is an +// array, you cannot simply write `t x` as it would yield `int[4] x` instead, +// which is NOT correct C syntax, so we add a dedicated phase in Eurydice that +// adds an extra argument to this macro at the last minute so that we have the +// correct type of *pointers* to elements. +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ + EURYDICE_SLICE((t *)s.ptr, r.start, r.end) +// Variant for when the start and end indices are statically known (i.e., the +// range argument `r` is a literal). +#define Eurydice_slice_subslice2(s, start, end, t) \ + EURYDICE_SLICE((t *)s.ptr, start, end) +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ + EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ + EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ + end) /* x is already at an array type, no need for cast */ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ + EURYDICE_SLICE((t *)x, r.start, r.end) +// Same as above, variant for when start and end are statically known +#define Eurydice_array_to_subslice2(x, start, end, t) \ + EURYDICE_SLICE((t *)x, start, end) +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ + EURYDICE_SLICE((t *)x, 0, r) +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ + EURYDICE_SLICE((t *)x, r, size) +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ + memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ + ((Eurydice_slice){.ptr = ptr_, .len = len_}) + +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ + (memcpy(dst, src, len * sizeof(elem_type))) +#define TryFromSliceError uint8_t + +#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ + (memcmp(a1, a2, sz * sizeof(t)) == 0) +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ + Eurydice_array_eq + +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ + .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ + .len = slice.len - mid}}) + +// Conversion of slice to an array, rewritten (by Eurydice) to name the +// destination array, since arrays are not values in C. +// N.B.: see note in karamel/lib/Inlining.ml if you change this. +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ + sizeof(t_arr)) + +static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, + Eurydice_slice src, size_t sz) { + *dst_tag = 0; + memcpy(dst_ok, src.ptr, sz); +} + +// CORE STUFF (conversions, endianness, ...) + +static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { + memcpy(buf, &v, sizeof(v)); +} +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { + uint64_t v; + memcpy(&v, buf, sizeof(v)); + return v; +} + +static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { + uint32_t v; + memcpy(&v, buf, sizeof(v)); + return v; +} + +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { +#ifdef _MSC_VER + return __popcnt(x0); +#else + return __builtin_popcount(x0); +#endif +} + +// unsigned overflow wraparound semantics in C +static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { + return x + y; +} +static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { + return x - y; +} + +// ITERATORS + +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = None}) \ + : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) + +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ + Eurydice_range_iter_next + +// See note in karamel/lib/Inlining.ml if you change this +#define Eurydice_into_iter(x, t, _ret_t) (x) +#define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ + Eurydice_into_iter + +#if defined(__cplusplus) +} +#endif From 01793f2047fcee62af262e60208deeafaf8ab45b Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 15:38:25 +0000 Subject: [PATCH 125/348] fixes to none/tryfromslice --- libcrux-ml-kem/cg/eurydice_glue.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 4b994a998..2c1a560ef 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -93,7 +93,7 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define TryFromSliceError uint8_t +#define core_array_TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) @@ -160,8 +160,8 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None}) \ - : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next From 5a8573e9ae68be4613688afa887ad7cf75e360a1 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 20 Aug 2024 15:52:54 +0000 Subject: [PATCH 126/348] fixes to none/tryfromslice --- libcrux-ml-kem/cg/eurydice_glue.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 2c1a560ef..b9566a023 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -160,8 +160,9 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ + .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next From b88b13f05b79d3c28ffac4fa2b17c07a3bb93fa4 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 25 Aug 2024 14:30:02 +0000 Subject: [PATCH 127/348] Update MLKEM F* files --- .../Libcrux_ml_kem.Constant_time_ops.fst | 34 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 66 ++-- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 66 ++-- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 325 ++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 47 ++- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 83 +++-- .../extraction/Libcrux_ml_kem.Matrix.fst | 267 ++++++-------- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 99 +++--- .../extraction/Libcrux_ml_kem.Polynomial.fst | 120 +++---- .../extraction/Libcrux_ml_kem.Sampling.fst | 120 +++---- .../extraction/Libcrux_ml_kem.Serialize.fst | 314 ++++++++--------- .../extraction/Libcrux_ml_kem.Serialize.fsti | 110 +++++- .../extraction/Libcrux_ml_kem.Types.fsti | 6 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 5 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 24 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 32 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 136 +++----- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 51 +-- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 17 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 59 ++-- 21 files changed, 895 insertions(+), 1094 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..018593ecd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -16,17 +16,12 @@ let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len #u8 lhs <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #u8 lhs <: usize) + (fun r temp_1_ -> + let r:u8 = r in + let _:usize = temp_1_ in + true) r (fun r i -> let r:u8 = r in @@ -42,17 +37,12 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (fun out temp_1_ -> + let out:t_Array u8 (sz 32) = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 (sz 32) = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 94b75e85b..a7e3360f2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -26,7 +26,7 @@ let encapsulate_unpacked (randomness: t_Array u8 (sz 32)) = let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -39,7 +39,7 @@ let encapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize public_key.f_public_key_hash <: t_Slice u8) + (public_key.f_public_key_hash <: t_Slice u8) <: t_Slice u8) in @@ -47,11 +47,11 @@ let encapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = @@ -96,7 +96,7 @@ let decapsulate_unpacked ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -109,7 +109,7 @@ let decapsulate_unpacked Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize key_pair.f_public_key.f_public_key_hash <: t_Slice u8) + (key_pair.f_public_key.f_public_key_hash <: t_Slice u8) <: t_Slice u8) in @@ -117,17 +117,17 @@ let decapsulate_unpacked Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - (Rust_primitives.unsize key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) + (key_pair.f_private_key.f_implicit_rejection_value <: t_Slice u8) in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -154,7 +154,7 @@ let decapsulate_unpacked #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE @@ -170,10 +170,10 @@ let decapsulate_unpacked ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) in Libcrux_ml_kem.Constant_time_ops.select_shared_secret_in_constant_time shared_secret - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) selector let generate_keypair_unpacked @@ -222,21 +222,22 @@ let generate_keypair_unpacked v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A i -> let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -244,14 +245,15 @@ let generate_keypair_unpacked v_A in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A j -> let v_A:t_Array @@ -295,15 +297,13 @@ let generate_keypair_unpacked v_PUBLIC_KEY_SIZE #v_Vector ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A - <: - t_Slice u8) + (ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let public_key_hash:t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize pk_serialized <: t_Slice u8) + (pk_serialized <: t_Slice u8) in let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Core.Result.impl__unwrap #(t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 97ba9aea5..9ab226abf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -86,12 +86,10 @@ let serialize_kem_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - public_key - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + public_key <: t_Slice u8) <: @@ -207,10 +205,9 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = - let _:Prims.unit = admit () in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) + (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) v_CPA_SECRET_KEY_SIZE in let ind_cpa_public_key, secret_key:(t_Slice u8 & t_Slice u8) = @@ -230,7 +227,7 @@ let decapsulate ciphertext.Libcrux_ml_kem.Types.f_value in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize decrypted <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -251,11 +248,11 @@ let decapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 @@ -288,7 +285,7 @@ let decapsulate #v_K #FStar.Tactics.Typeclasses.solve (sz 32) - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE @@ -302,7 +299,7 @@ let decapsulate v_K v_CIPHERTEXT_SIZE #v_Hasher - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) ciphertext in let shared_secret:t_Array u8 (sz 32) = @@ -322,11 +319,12 @@ let decapsulate ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) in let result:t_Array u8 (sz 32) = shared_secret in + let _:Prims.unit = admit () (* Panic freedom *) in result #pop-options @@ -352,10 +350,10 @@ let encapsulate #FStar.Tactics.Typeclasses.solve v_K #v_Hasher - (Rust_primitives.unsize randomness <: t_Slice u8) + (randomness <: t_Slice u8) in let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = - Libcrux_ml_kem.Utils.into_padded_array (sz 64) (Rust_primitives.unsize randomness <: t_Slice u8) + Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash @@ -368,17 +366,10 @@ let encapsulate Core.Ops.Range.t_RangeFrom usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE - public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) - <: - t_Array u8 (sz 32)) + (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) <: t_Slice u8) <: @@ -388,22 +379,19 @@ let encapsulate Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize to_hash <: t_Slice u8) + (to_hash <: t_Slice u8) in let shared_secret, pseudorandomness:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 - (Rust_primitives.unsize hashed <: t_Slice u8) + (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in let ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Rust_primitives.unsize (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key - <: - t_Array u8 v_PUBLIC_KEY_SIZE) - <: - t_Slice u8) randomness pseudorandomness + (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + pseudorandomness in let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) @@ -425,7 +413,7 @@ let encapsulate <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result #pop-options @@ -473,8 +461,8 @@ let generate_keypair serialize_kem_secret_key v_K v_PRIVATE_KEY_SIZE #v_Hasher - (Rust_primitives.unsize ind_cpa_private_key <: t_Slice u8) - (Rust_primitives.unsize public_key <: t_Slice u8) + (ind_cpa_private_key <: t_Slice u8) + (public_key <: t_Slice u8) implicit_rejection_value in let (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_PRIVATE_KEY_SIZE):Libcrux_ml_kem.Types.t_MlKemPrivateKey diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 5c0f1c2cf..f965b5758 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -27,37 +27,37 @@ let sample_ring_element_cbd v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - prf_inputs - (fun prf_inputs i -> - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in + let v__domain_separator_init:u8 = domain_separator in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ i -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] - <: - t_Array u8 (sz 33)) - (sz 32) - (domain_separator +! (cast (i <: usize) <: u8) <: u8) - <: - t_Array u8 (sz 33)) - <: - t_Array (t_Array u8 (sz 33)) v_K) + v domain_separator == v v__domain_separator_init + v i) + (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + (fun temp_0_ i -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let i:usize = i in + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] + <: + t_Array u8 (sz 33)) + (sz 32) + domain_separator + <: + t_Array u8 (sz 33)) + in + let domain_separator:u8 = domain_separator +! 1uy in + domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) in - let domain_separator:u8 = domain_separator +! (cast (v_K <: usize) <: u8) in let (prf_outputs: t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA2_RANDOMNESS_SIZE) v_K = Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher @@ -67,14 +67,14 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun error_1_ temp_1_ -> + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + error_1_ + in + let _:usize = temp_1_ in + true) error_1_ (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -85,9 +85,7 @@ let sample_ring_element_cbd i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA2_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -118,37 +116,37 @@ let sample_vector_cbd_then_ntt v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) - prf_inputs - (fun prf_inputs i -> - let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = prf_inputs in + let v__domain_separator_init:u8 = domain_separator in + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ i -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs - i - (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] - <: - t_Array u8 (sz 33)) - (sz 32) - (domain_separator +! (cast (i <: usize) <: u8) <: u8) - <: - t_Array u8 (sz 33)) - <: - t_Array (t_Array u8 (sz 33)) v_K) + v domain_separator == v v__domain_separator_init + v i) + (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) + (fun temp_0_ i -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let i:usize = i in + let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize prf_inputs + i + (Rust_primitives.Hax.Monomorphized_update_at.update_at_usize (prf_inputs.[ i ] + <: + t_Array u8 (sz 33)) + (sz 32) + domain_separator + <: + t_Array u8 (sz 33)) + in + let domain_separator:u8 = domain_separator +! 1uy in + domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) in - let domain_separator:u8 = domain_separator +! (cast (v_K <: usize) <: u8) in let (prf_outputs: t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K):t_Array (t_Array u8 v_ETA_RANDOMNESS_SIZE) v_K = Libcrux_ml_kem.Hash_functions.f_PRFxN #v_Hasher @@ -158,14 +156,14 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun re_as_ntt temp_1_ -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt + in + let _:usize = temp_1_ in + true) re_as_ntt (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -177,9 +175,7 @@ let sample_vector_cbd_then_ntt i (Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA #v_Vector - (Rust_primitives.unsize (prf_outputs.[ i ] <: t_Array u8 v_ETA_RANDOMNESS_SIZE) - <: - t_Slice u8) + (prf_outputs.[ i ] <: t_Slice u8) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -201,8 +197,6 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) (#v_Vector: Type0) @@ -213,29 +207,26 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (Rust_primitives.unsize input - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (input <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Slice u8 = out in let i:usize = i in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = input.[ i ] in + let _:Prims.unit = + Hax_lib.v__internal_loop_invariant #usize + (fun i -> + let i:usize = i in + (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN <: bool) + in let out:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ @@ -257,13 +248,10 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u - v_COMPRESSION_FACTOR - v_BLOCK_LEN - #v_Vector - re - <: - t_Array u8 v_BLOCK_LEN) + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR + v_BLOCK_LEN + #v_Vector + re <: t_Slice u8) <: @@ -271,11 +259,11 @@ let compress_then_serialize_u in out) in - let hax_temp_output:Prims.unit = () <: Prims.unit in + let result:Prims.unit = () <: Prims.unit in + let _:Prims.unit = admit () (* Panic freedom *) in + let hax_temp_output:Prims.unit = result in out -#pop-options - let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -289,32 +277,26 @@ let deserialize_then_decompress_u v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 (Rust_primitives.unsize ciphertext <: t_Slice u8) <: usize) /! - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 (ciphertext <: t_Slice u8) <: usize) /! + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: usize + ) /! + sz 8 + <: + usize) <: - Core.Ops.Range.t_Range usize) + usize) + (fun u_as_ntt temp_1_ -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let _:usize = temp_1_ in + true) u_as_ntt (fun u_as_ntt i -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -395,27 +377,23 @@ let deserialize_secret_key v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 secret_key <: usize) /! - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 secret_key <: usize) /! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: - Core.Ops.Range.t_Range usize) + usize) + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + secret_as_ntt + in + let _:usize = temp_1_ in + true) secret_as_ntt (fun secret_as_ntt i -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K @@ -455,8 +433,6 @@ let deserialize_secret_key let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let serialize_secret_key (v_K v_OUT_LEN: usize) (#v_Vector: Type0) @@ -467,24 +443,15 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (Rust_primitives.unsize key - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (key <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 v_OUT_LEN = out in @@ -517,11 +484,7 @@ let serialize_secret_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element - #v_Vector - re - <: - t_Array u8 (sz 384)) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re <: t_Slice u8) <: @@ -529,9 +492,9 @@ let serialize_secret_key in out) in - out - -#pop-options + let result:t_Array u8 v_OUT_LEN = out in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -559,12 +522,7 @@ let serialize_public_key Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize (serialize_secret_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - #v_Vector - tt_as_ntt - <: - t_Array u8 v_RANKED_BYTES_PER_RING_ELEMENT) + (serialize_secret_key v_K v_RANKED_BYTES_PER_RING_ELEMENT #v_Vector tt_as_ntt <: t_Slice u8) <: @@ -698,12 +656,12 @@ let encrypt_unpacked #v_K #FStar.Tactics.Typeclasses.solve v_ETA2_RANDOMNESS_SIZE - (Rust_primitives.unsize prf_input <: t_Slice u8) + (prf_input <: t_Slice u8) in let error_2_:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Sampling.sample_from_binomial_distribution v_ETA2 #v_Vector - (Rust_primitives.unsize prf_output <: t_Slice u8) + (prf_output <: t_Slice u8) in let u:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Matrix.compute_vector_u v_K @@ -823,8 +781,6 @@ let encrypt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let generate_keypair_unpacked (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -843,7 +799,7 @@ let generate_keypair_unpacked key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = - Core.Slice.impl__split_at #u8 (Rust_primitives.unsize hashed <: t_Slice u8) (sz 32) + Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -898,12 +854,15 @@ let generate_keypair_unpacked <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector in - sk, pk - <: - (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - -#pop-options + let result:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + sk, pk + <: + (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -932,7 +891,7 @@ let generate_keypair v_PUBLIC_KEY_SIZE #v_Vector pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (Rust_primitives.unsize pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + (pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_secret_key v_K diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index e21f8e265..bbaa34293 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -61,7 +61,7 @@ val compress_then_serialize_u (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v_BLOCK_LEN = Spec.MLKEM.v_C1_BLOCK_SIZE v_K) + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ Core.Slice.impl__len #u8 out == v_OUT_LEN) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in @@ -94,8 +94,11 @@ val deserialize_secret_key {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: t_Slice u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (requires Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K - ) + (requires + Spec.MLKEM.is_rank v_K /\ length secret_key == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + v (Core.Slice.impl__len #u8 secret_key) / + v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <= + v v_K) (ensures fun res -> let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in @@ -162,7 +165,12 @@ val decrypt_unpacked {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (secret_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) (ciphertext: t_Array u8 v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v v_VECTOR_U_ENCODED_SIZE <= v v_CIPHERTEXT_SIZE) + (fun _ -> Prims.l_True) val decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: @@ -192,7 +200,7 @@ val decrypt /// Input: encryption randomness r ∈ 𝔹^{32}. /// Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. /// N ← 0 -/// t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) +/// t\u{302} ← ByteDecode₁₂(ekₚₖₑ[0:384k]) /// ρ ← ekₚₖₑ[384k: 384k + 32] /// for (i ← 0; i < k; i++) /// for(j ← 0; j < k; j++) @@ -208,10 +216,10 @@ val decrypt /// N ← N + 1 /// end for /// e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) -/// r̂ ← NTT(r) -/// u ← NTT-¹(Âᵀ ◦ r̂) + e₁ +/// r\u{302} ← NTT(r) +/// u ← NTT-¹(Âᵀ ◦ r\u{302}) + e₁ /// μ ← Decompress₁(ByteDecode₁(m))) -/// v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ +/// v ← NTT-¹(t\u{302}ᵀ ◦ rˆ) + e₂ + μ /// c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) /// c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) /// return c ← (c₁ ‖ c₂) @@ -227,7 +235,17 @@ val encrypt_unpacked (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) - : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_CIPHERTEXT_SIZE) + (requires + Spec.MLKEM.is_rank v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ + v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ + v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ + v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\ + v (Core.Slice.impl__len #u8 randomness) <= 33) + (fun _ -> Prims.l_True) val encrypt (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: @@ -259,7 +277,7 @@ val encrypt /// This function implements most of Algorithm 12 of the /// NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation algorithm. -/// We say "most of" since Algorithm 12 samples the required randomness within +/// We say \"most of\" since Algorithm 12 samples the required randomness within /// the function itself, whereas this implementation expects it to be provided /// through the `key_generation_seed` parameter. /// Algorithm 12 is reproduced below: @@ -284,8 +302,8 @@ val encrypt /// end for /// ŝ ← NTT(s) /// ê ← NTT(e) -/// t̂ ← Â◦ŝ + ê -/// ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ +/// t\u{302} ← Â◦ŝ + ê +/// ekₚₖₑ ← ByteEncode₁₂(t\u{302}) ‖ ρ /// dkₚₖₑ ← ByteEncode₁₂(ŝ) /// ``` /// The NIST FIPS 203 standard can be found at @@ -299,7 +317,10 @@ val generate_keypair_unpacked : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) - Prims.l_True + (requires + Spec.MLKEM.is_rank v_K /\ + v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K / v_ETA1 == + Spec.MLKEM.v_ETA1 v_K) (fun _ -> Prims.l_True) val generate_keypair diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fe53b5ec3..7adb734e8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -39,14 +39,14 @@ let invert_ntt_at_layer_1_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -100,14 +100,14 @@ let invert_ntt_at_layer_2_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -153,14 +153,14 @@ let invert_ntt_at_layer_3_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -202,14 +202,14 @@ let invert_ntt_at_layer_4_plus = let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -223,17 +223,12 @@ let invert_ntt_at_layer_4_plus in let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -332,7 +327,7 @@ let invert_ntt_montgomery let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index f3e80aaf9..748a18489 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -10,8 +10,6 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--admit_smt_queries true" - let compute_As_plus_e (v_K: usize) (#v_Vector: Type0) @@ -28,31 +26,25 @@ let compute_As_plus_e v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize matrix_A - <: - t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - ) - <: - usize - } + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K) + (matrix_A <: - Core.Ops.Range.t_Range usize) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -63,25 +55,18 @@ let compute_As_plus_e matrix_A.[ i ] in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result j -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -93,7 +78,7 @@ let compute_As_plus_e row.[ j ] in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -101,7 +86,7 @@ let compute_As_plus_e v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K (result.[ i ] <: @@ -115,7 +100,7 @@ let compute_As_plus_e let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_standard_error_reduce #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_standard_error_reduce #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -123,10 +108,10 @@ let compute_As_plus_e in result) in + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in + let _:Prims.unit = admit () (* Panic freedom *) in result -#pop-options - let compute_ring_element_v (v_K: usize) (#v_Vector: Type0) @@ -137,28 +122,26 @@ let compute_ring_element_v (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (r_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K result product + Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product in result) in @@ -166,14 +149,12 @@ let compute_ring_element_v Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_message_error_reduce #v_Vector error_2_ message result + Libcrux_ml_kem.Polynomial.impl_2__add_message_error_reduce #v_Vector error_2_ message result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let compute_vector_u (v_K: usize) (#v_Vector: Type0) @@ -189,31 +170,25 @@ let compute_vector_u v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (Rust_primitives.unsize a_as_ntt - <: - t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - ) - <: - usize - } + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K) + (a_as_ntt <: - Core.Ops.Range.t_Range usize) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -224,25 +199,18 @@ let compute_vector_u a_as_ntt.[ i ] in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result j -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -254,7 +222,7 @@ let compute_vector_u row.[ j ] in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector a_element (r_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -262,7 +230,7 @@ let compute_vector_u v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K (result.[ i ] <: @@ -285,7 +253,7 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl__add_error_reduce #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_error_reduce #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_1_.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -293,10 +261,10 @@ let compute_vector_u in result) in + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in + let _:Prims.unit = admit () (* Panic freedom *) in result -#pop-options - let compute_message (v_K: usize) (#v_Vector: Type0) @@ -308,28 +276,26 @@ let compute_message t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__add_to_ring_element #v_Vector v_K result product + Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product in result) in @@ -337,14 +303,12 @@ let compute_message Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__subtract_reduce #v_Vector v result + Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let _:Prims.unit = admit () in + let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let sample_matrix_A (v_K: usize) (#v_Vector #v_Hasher: Type0) @@ -367,7 +331,7 @@ let sample_matrix_A v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -375,14 +339,15 @@ let sample_matrix_A in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose i -> let v_A_transpose:t_Array @@ -392,14 +357,12 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun seeds temp_1_ -> + let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let _:usize = temp_1_ in + true) seeds (fun seeds j -> let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in @@ -431,25 +394,18 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (Rust_primitives.unsize sampled - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (sampled <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) <: - Core.Ops.Range.t_Range usize) + usize) + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose j -> let v_A_transpose:t_Array @@ -494,6 +450,9 @@ let sample_matrix_A in v_A_transpose)) in - v_A_transpose - -#pop-options + let result:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K + = + v_A_transpose + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 3eae8cab8..339c364d9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -36,14 +36,14 @@ let ntt_at_layer_1_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -97,14 +97,14 @@ let ntt_at_layer_2_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -150,14 +150,14 @@ let ntt_at_layer_3_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -205,14 +205,14 @@ let ntt_at_layer_4_plus in let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -224,17 +224,12 @@ let ntt_at_layer_4_plus let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -289,14 +284,12 @@ let ntt_at_layer_7_ = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + step + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -397,7 +390,7 @@ let ntt_binomially_sampled_ring_element let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -456,7 +449,7 @@ let ntt_vector_u let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index e9d375205..ce6e76d43 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -37,14 +37,12 @@ let impl_2__add_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -89,14 +87,12 @@ let impl_2__add_message_error_reduce (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -147,14 +143,12 @@ let impl_2__add_standard_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -198,22 +192,12 @@ let impl_2__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #v_Vector - (Rust_primitives.unsize self.f_coefficients <: t_Slice v_Vector) - <: - usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -248,14 +232,12 @@ let impl_2__from_i16_array = let result:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -295,14 +277,12 @@ let impl_2__ntt_multiply = let out:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun out temp_1_ -> + let out:t_PolynomialRingElement v_Vector = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_PolynomialRingElement v_Vector = out in @@ -358,14 +338,12 @@ let impl_2__poly_barrett_reduce (self: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -398,14 +376,12 @@ let impl_2__subtract_reduce (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun b temp_1_ -> + let b:t_PolynomialRingElement v_Vector = b in + let _:usize = temp_1_ in + true) b (fun b i -> let b:t_PolynomialRingElement v_Vector = b in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index dc95bce35..dc801c7f9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -21,28 +21,29 @@ let sample_from_uniform_distribution_next (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (v_N /! sz 24 <: usize) + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & @@ -114,14 +115,12 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (done, sampled_coefficients <: (bool & t_Array usize v_K)) (fun temp_0_ i -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -154,17 +153,12 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 randomness <: usize) /! sz 4 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 randomness <: usize) /! sz 4 <: usize) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s chunk_number -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -190,17 +184,12 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS /! 4ul <: u32 - } - <: - Core.Ops.Range.t_Range u32) - <: - Core.Ops.Range.t_Range u32) + Rust_primitives.Hax.Folds.fold_range 0ul + (Core.Num.impl__u32__BITS /! 4ul <: u32) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:u32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -222,8 +211,7 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -234,17 +222,12 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 randomness <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 randomness <: usize) /! sz 3 <: usize) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s chunk_number -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -268,14 +251,12 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l /! 6l <: i32 } - <: - Core.Ops.Range.t_Range i32) - <: - Core.Ops.Range.t_Range i32) + Rust_primitives.Hax.Folds.fold_range 0l + (24l /! 6l <: i32) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:i32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -297,8 +278,7 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector - (Rust_primitives.unsize sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) @@ -402,7 +382,7 @@ let sample_from_xof out (fun s -> let s:t_Array i16 (sz 272) = s in - Libcrux_ml_kem.Polynomial.impl__from_i16_array #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 106563259..b6fe62dcf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -19,17 +19,12 @@ let compress_then_serialize_10_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -65,7 +60,7 @@ let compress_then_serialize_10_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -83,17 +78,12 @@ let compress_then_serialize_11_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -129,7 +119,7 @@ let compress_then_serialize_11_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -145,18 +135,14 @@ let compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = + let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized i -> + let serialized:t_Slice u8 = serialized in + let i:usize = i in + (Core.Slice.impl__len #u8 serialized <: usize) =. v__serialized_len <: bool) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -192,7 +178,7 @@ let compress_then_serialize_4_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -209,18 +195,14 @@ let compress_then_serialize_5_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = + let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized i -> + let serialized:t_Slice u8 = serialized in + let i:usize = i in + (Core.Slice.impl__len #u8 serialized <: usize) =. v__serialized_len <: bool) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -256,7 +238,7 @@ let compress_then_serialize_5_ Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -274,14 +256,12 @@ let compress_then_serialize_message = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in @@ -317,7 +297,7 @@ let compress_then_serialize_message Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in @@ -333,6 +313,10 @@ let compress_then_serialize_ring_element_u Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + let _:Prims.unit = + assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/ + (v (cast v_COMPRESSION_FACTOR <: u32) == 11)) + in match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re | 11ul -> compress_then_serialize_11_ v_OUT_LEN #v_Vector re @@ -351,6 +335,10 @@ let compress_then_serialize_ring_element_v (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (out: t_Slice u8) = + let _:Prims.unit = + assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/ + (v (cast v_COMPRESSION_FACTOR <: u32) == 5)) + in let out, hax_temp_output:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 4ul -> compress_then_serialize_4_ #v_Vector re out, () <: (t_Slice u8 & Prims.unit) @@ -373,23 +361,22 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = + assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + in + let v__coefficients_length:usize = + Core.Slice.impl__len #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients <: t_Slice v_Vector) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 serialized <: usize) /! sz 20 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 20 <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -436,23 +423,19 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = + assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 serialized <: usize) /! sz 22 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 22 <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -499,21 +482,19 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = + assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 serialized <: usize) /! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 8 <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -560,23 +541,19 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = + assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 serialized <: usize) /! sz 10 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 10 <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -636,17 +613,15 @@ let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -690,6 +665,10 @@ let deserialize_then_decompress_ring_element_u Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = + assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/ + (v (cast v_COMPRESSION_FACTOR <: u32) == 11)) + in match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 10ul -> deserialize_then_decompress_10_ #v_Vector serialized | 11ul -> deserialize_then_decompress_11_ #v_Vector serialized @@ -707,6 +686,10 @@ let deserialize_then_decompress_ring_element_v Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = + assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/ + (v (cast v_COMPRESSION_FACTOR <: u32) == 5)) + in match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 4ul -> deserialize_then_decompress_4_ #v_Vector serialized | 5ul -> deserialize_then_decompress_5_ #v_Vector serialized @@ -723,23 +706,17 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -791,27 +768,23 @@ let deserialize_ring_elements_reduced v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 public_key <: usize) /! - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize - } - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 public_key <: usize) /! + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: - Core.Ops.Range.t_Range usize) + usize) + (fun deserialized_pk temp_1_ -> + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + deserialized_pk + in + let _:usize = temp_1_ in + true) deserialized_pk (fun deserialized_pk i -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -853,23 +826,17 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - (Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -912,17 +879,12 @@ let serialize_uncompressed_ring_element = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in @@ -953,7 +915,7 @@ let serialize_uncompressed_ring_element Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Rust_primitives.unsize bytes <: t_Slice u8) + (bytes <: t_Slice u8) <: t_Slice u8) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index f4e2ef812..58669a1c8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -14,28 +14,56 @@ val compress_then_serialize_10_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires + ((sz 20 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! + sz 20 + <: + usize) <=. + v_OUT_LEN) + (fun _ -> Prims.l_True) val compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires + ((sz 22 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! + sz 22 + <: + usize) <=. + v_OUT_LEN) + (fun _ -> Prims.l_True) val compress_then_serialize_4_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice u8) + (requires + ((sz 8 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! + sz 8 + <: + usize) <=. + (Core.Slice.impl__len #u8 serialized <: usize)) + (fun _ -> Prims.l_True) val compress_then_serialize_5_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice u8) + (requires + ((sz 10 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! + sz 10 + <: + usize) <=. + (Core.Slice.impl__len #u8 serialized <: usize)) + (fun _ -> Prims.l_True) val compress_then_serialize_message (#v_Vector: Type0) @@ -48,7 +76,15 @@ val compress_then_serialize_ring_element_u (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires + (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! + sz 8 + <: + usize) =. + v_OUT_LEN) + (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) @@ -56,14 +92,30 @@ val compress_then_serialize_ring_element_v {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (out: t_Slice u8) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice u8) + (requires + (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) && + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! + sz 8 + <: + usize) =. + v_OUT_LEN && + (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN) + (ensures + fun out_future -> + let out_future:t_Slice u8 = out_future in + Core.Slice.impl__len #u8 out_future == Core.Slice.impl__len #u8 out) val deserialize_then_decompress_10_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 serialized <: usize) =. + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10 <: usize) /! sz 8 + <: + usize)) (fun _ -> Prims.l_True) val deserialize_then_decompress_11_ @@ -71,7 +123,11 @@ val deserialize_then_decompress_11_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 serialized <: usize) =. + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11 <: usize) /! sz 8 + <: + usize)) (fun _ -> Prims.l_True) val deserialize_then_decompress_4_ @@ -79,7 +135,10 @@ val deserialize_then_decompress_4_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 serialized <: usize) =. + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4 <: usize) /! sz 8 <: usize + )) (fun _ -> Prims.l_True) val deserialize_then_decompress_5_ @@ -87,7 +146,10 @@ val deserialize_then_decompress_5_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 serialized <: usize) =. + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5 <: usize) /! sz 8 <: usize + )) (fun _ -> Prims.l_True) val deserialize_then_decompress_message @@ -104,7 +166,13 @@ val deserialize_then_decompress_ring_element_u {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && + (Core.Slice.impl__len #u8 serialized <: usize) =. + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! + sz 8 + <: + usize)) (fun _ -> Prims.l_True) val deserialize_then_decompress_ring_element_v @@ -113,7 +181,13 @@ val deserialize_then_decompress_ring_element_v {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) && + (Core.Slice.impl__len #u8 serialized <: usize) =. + ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! + sz 8 + <: + usize)) (fun _ -> Prims.l_True) /// Only use with public values. @@ -123,7 +197,9 @@ val deserialize_to_reduced_ring_element {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 serialized <: usize) =. + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT) (fun _ -> Prims.l_True) /// This function deserializes ring elements and reduces the result by the field @@ -135,7 +211,9 @@ val deserialize_ring_elements_reduced {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (public_key: t_Slice u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 public_key <: usize) =. v_PUBLIC_KEY_SIZE && + (v_PUBLIC_KEY_SIZE /! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize) <=. v_K) (fun _ -> Prims.l_True) val deserialize_to_uncompressed_ring_element @@ -143,7 +221,9 @@ val deserialize_to_uncompressed_ring_element {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (Core.Slice.impl__len #u8 serialized <: usize) =. + Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT) (fun _ -> Prims.l_True) val serialize_uncompressed_ring_element diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 8c8b5545e..4216d3c89 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -23,7 +23,7 @@ let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Sl { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemCiphertext v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -72,7 +72,7 @@ let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPrivateKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -121,7 +121,7 @@ let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); - f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> Rust_primitives.unsize self.f_value + f_as_ref = fun (self: t_MlKemPublicKey v_SIZE) -> self.f_value <: t_Slice u8 } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 89351a259..33c894793 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -22,9 +22,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let lower_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize lower_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients @@ -46,9 +44,7 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = usize ] in let upper_shuffles:u8 = - Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (Rust_primitives.unsize upper_shuffles - <: - t_Slice u8) + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 3faac2293..a7fa366a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -492,8 +492,7 @@ let deserialize_11_ (bytes: t_Slice u8) = #FStar.Tactics.Typeclasses.solve output in - Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (Rust_primitives.unsize array <: t_Slice i16 - ) + Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (array <: t_Slice i16) let serialize_11_ (vector: u8) = let array:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in @@ -503,7 +502,7 @@ let serialize_11_ (vector: u8) = let input:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize array <: t_Slice i16) + (array <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index cf6dd3074..dc8d03610 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -12,9 +12,7 @@ let inv_ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -84,9 +82,7 @@ let inv_ntt_layer_2_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -184,9 +180,7 @@ let ntt_layer_1_step FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s32 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s32 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s32_s16 v @@ -252,9 +246,7 @@ let ntt_layer_2_step (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let dup_a:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_s64 (Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s64 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s64_s16 v @@ -363,9 +355,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let zeta:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize zetas <: t_Slice i16) - in + let zeta:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (zetas <: t_Slice i16) in let a0:u8 = Libcrux_intrinsics.Arm64_extract.v__vtrn1q_s16 lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low lhs.Libcrux_ml_kem.Vector.Neon.Vector_type.f_high @@ -476,9 +466,7 @@ let ntt_multiply FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let low2:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_s16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u8_s16 low1 <: u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 437f01c03..aa783010c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -18,9 +18,7 @@ let deserialize_1_ (a: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 low shift in let high:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 high shift in { @@ -42,17 +40,13 @@ let deserialize_12_ (v: t_Slice u8) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); Rust_primitives.Hax.array_of_list 16 list in - let index_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize indexes <: t_Slice u8) - in + let index_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (indexes <: t_Slice u8) in let (shifts: t_Array i16 (sz 8)):t_Array i16 (sz 8) = let list = [0s; (-4s); 0s; (-4s); 0s; (-4s); 0s; (-4s)] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift_vec:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifts <: t_Slice i16) - in + let shift_vec:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifts <: t_Slice i16) in let mask12:u8 = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_u16 4095us in let input0:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input0:t_Array u8 (sz 16) = @@ -74,9 +68,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec0:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input0 <: t_Slice u8) - in + let input_vec0:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input0 <: t_Slice u8) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let input1:t_Array u8 (sz 16) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range input1 @@ -97,9 +89,7 @@ let deserialize_12_ (v: t_Slice u8) = <: t_Slice u8) in - let input_vec1:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (Rust_primitives.unsize input1 <: t_Slice u8) - in + let input_vec1:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_u8 (input1 <: t_Slice u8) in let moved0:u8 = Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_u8 (Libcrux_intrinsics.Arm64_extract.v__vqtbl1q_u8 input_vec0 @@ -143,9 +133,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let low:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low shift @@ -516,9 +504,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list in - let shift:u8 = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (Rust_primitives.unsize shifter <: t_Slice i16) - in + let shift:u8 = Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (shifter <: t_Slice i16) in let lowt:u8 = Libcrux_intrinsics.Arm64_extract.v__vshlq_u16 (Libcrux_intrinsics.Arm64_extract.v__vreinterpretq_u16_s16 v.Libcrux_ml_kem.Vector.Neon.Vector_type.f_low @@ -728,7 +714,7 @@ let serialize_11_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve @@ -739,7 +725,7 @@ let serialize_5_ (v: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) = let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_from_i16_array #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve - (Rust_primitives.unsize out_i16s <: t_Slice i16) + (out_i16s <: t_Slice i16) in Libcrux_ml_kem.Vector.Traits.f_serialize_5_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index c7e8f4fdb..3eb5abd35 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -35,17 +35,12 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -71,17 +66,12 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -111,17 +101,12 @@ let bitwise_and_with_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -144,17 +129,12 @@ let bitwise_and_with_constant let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -199,17 +179,12 @@ let montgomery_multiply_by_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -238,17 +213,12 @@ let montgomery_multiply_by_constant let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -271,17 +241,12 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -306,17 +271,12 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index fc5eed14e..4a470d7d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -27,17 +27,12 @@ let compress (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -65,17 +60,12 @@ let compress let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -110,17 +100,12 @@ let decompress_ciphertext_coefficient (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index 400e0026d..aec49a64f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,17 +6,12 @@ open FStar.Mul let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + (fun temp_0_ temp_1_ -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let _:usize = temp_1_ in + true) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1c580dafd..9a88facf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -247,14 +247,12 @@ let serialize_5_int (v: t_Slice i16) = let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -272,14 +270,12 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector t_Array u8 (sz 2)) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + (sz 16) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -755,14 +751,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -782,17 +776,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in From f2d7092a39f86d246c70f52a6a998a0537a142b9 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 25 Aug 2024 15:35:33 +0000 Subject: [PATCH 128/348] Update ind_cpa.rs --- Cargo.lock | 62 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 5 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- 3 files changed, 34 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index baca6bfe8..74c8ae0ea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.75", + "syn 2.0.76", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.13" +version = "1.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72db2f7947ecee9b03b510377e8bb9077afa27176fdbff55c51027e976fdcc48" +checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932" dependencies = [ "jobserver", "libc", @@ -319,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,20 +712,20 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", @@ -889,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.157" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "374af5f94e54fa97cf75e945cce8a6b201e88a1a07e688b47dfd2a59c66dbd86" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libcrux" @@ -1202,7 +1202,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -1364,12 +1364,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.20" +version = "0.2.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +checksum = "a909e6e8053fa1a5ad670f5816c7d93029ee1fa8898718490544a6b0d5d38b3e" dependencies = [ "proc-macro2", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -1438,9 +1438,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1620,29 +1620,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.208" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.208" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] name = "serde_json" -version = "1.0.125" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", @@ -1734,9 +1734,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.75" +version = "2.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f6af063034fc1935ede7be0122941bafa9bacb949334d090b77ca98b5817c7d9" +checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" dependencies = [ "proc-macro2", "quote", @@ -1855,7 +1855,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", "wasm-bindgen-shared", ] @@ -1889,7 +1889,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1923,7 +1923,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -2081,7 +2081,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] [[package]] @@ -2101,5 +2101,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.75", + "syn 2.0.76", ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index bbaa34293..ba4b696bc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -318,9 +318,8 @@ val generate_keypair_unpacked (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) (requires - Spec.MLKEM.is_rank v_K /\ - v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K / v_ETA1 == - Spec.MLKEM.v_ETA1 v_K) + Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA1 == Spec.MLKEM.v_ETA1 v_K) (fun _ -> Prims.l_True) val generate_keypair diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index d87e01f87..154908e1f 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -203,7 +203,7 @@ fn sample_vector_cbd_then_ntt< #[allow(non_snake_case)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ - $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K"))] pub(crate) fn generate_keypair_unpacked< const K: usize, From 695fcca2eb07727c8be91c5be7abaada19ef525b Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 25 Aug 2024 17:15:38 +0000 Subject: [PATCH 129/348] Update MLKEM F* files --- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 207 ++++------- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 2 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 109 +++--- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 4 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 22 +- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 18 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 50 +-- .../extraction/Libcrux_ml_kem.Serialize.fst | 185 +++------ .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 351 ------------------ .../proofs/fstar/extraction/Makefile | 2 +- libcrux-ml-kem/src/helper.rs | 4 +- libcrux-ml-kem/src/ind_cpa.rs | 2 + libcrux-ml-kem/src/polynomial.rs | 4 +- 14 files changed, 222 insertions(+), 740 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index a7e3360f2..4d8f75559 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -222,7 +222,7 @@ let generate_keypair_unpacked v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index f965b5758..3483966d4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -27,7 +27,7 @@ let sample_ring_element_cbd v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -116,7 +116,7 @@ let sample_vector_cbd_then_ntt v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -206,26 +206,23 @@ let compress_then_serialize_u (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (out: t_Slice u8) = + let _:Prims.unit = + assert ((v Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT * v v_COMPRESSION_FACTOR) / 8 == + 320 \/ + (v Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT * v v_COMPRESSION_FACTOR) / 8 == + 352) + in let out:t_Slice u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (input <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize) - (fun out temp_1_ -> - let out:t_Slice u8 = out in - let _:usize = temp_1_ in - true) - out + Rust_primitives.Hax.Folds.fold_enumerated_slice input (fun out i -> let out:t_Slice u8 = out in let i:usize = i in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = input.[ i ] in - let _:Prims.unit = - Hax_lib.v__internal_loop_invariant #usize - (fun i -> - let i:usize = i in - (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN <: bool) + (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN <: bool) + out + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_1_ in let out:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out @@ -277,20 +274,19 @@ let deserialize_then_decompress_u v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 (ciphertext <: t_Slice u8) <: usize) /! - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR <: usize - ) /! - sz 8 + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR <: - usize) + usize) /! + sz 8 <: usize) + (ciphertext <: t_Slice u8) (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt @@ -298,48 +294,11 @@ let deserialize_then_decompress_u let _:usize = temp_1_ in true) u_as_ntt - (fun u_as_ntt i -> + (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in - let i:usize = i in - let u_bytes:t_Slice u8 = - ciphertext.[ { - Core.Ops.Range.f_start - = - i *! - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - usize; - Core.Ops.Range.f_end - = - (i *! - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! - v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - usize) +! - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let i, u_bytes:(usize & t_Slice u8) = temp_1_ in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize u_as_ntt i @@ -377,16 +336,13 @@ let deserialize_secret_key v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 secret_key <: usize) /! - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + secret_key (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -395,37 +351,20 @@ let deserialize_secret_key let _:usize = temp_1_ in true) secret_as_ntt - (fun secret_as_ntt i -> + (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = secret_as_ntt in - let i:usize = i in - let secret_bytes:t_Slice u8 = - secret_key.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize) +! - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize - } + let i, secret_bytes:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt + i + (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector + secret_bytes <: - Core.Ops.Range.t_Range usize ] - in - let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize secret_as_ntt - i - (Libcrux_ml_kem.Serialize.deserialize_to_uncompressed_ring_element #v_Vector - secret_bytes - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - secret_as_ntt) + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = secret_as_ntt @@ -443,54 +382,50 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (key <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize) + Rust_primitives.Hax.Folds.fold_enumerated_slice key (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in let _:usize = temp_1_ in true) out - (fun out i -> + (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in - let i:usize = i in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = key.[ i ] in - let out:t_Array u8 v_OUT_LEN = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (out.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize - } + let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_1_ + in + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re + usize + } <: - t_Slice u8) - <: - t_Slice u8) - in - out) + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re + <: + t_Slice u8) + <: + t_Slice u8) + <: + t_Array u8 v_OUT_LEN) in let result:t_Array u8 v_OUT_LEN = out in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 7adb734e8..9ebede517 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -327,7 +327,7 @@ let invert_ntt_montgomery let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_1__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 748a18489..2333fb3db 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -26,19 +26,14 @@ let compute_As_plus_e v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K) - (matrix_A - <: - t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: - usize) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result @@ -46,20 +41,18 @@ let compute_As_plus_e let _:usize = temp_1_ in true) result - (fun result i -> + (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let i:usize = i in - let row:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - matrix_A.[ i ] + let i, row:(usize & + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = + temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - usize) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -68,17 +61,17 @@ let compute_As_plus_e let _:usize = temp_1_ in true) result - (fun result j -> + (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let j:usize = j in - let matrix_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - row.[ j ] + let j, matrix_element:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -86,7 +79,7 @@ let compute_As_plus_e v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector + (Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector v_K (result.[ i ] <: @@ -100,7 +93,7 @@ let compute_As_plus_e let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl_2__add_standard_error_reduce #v_Vector + (Libcrux_ml_kem.Polynomial.impl_1__add_standard_error_reduce #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -122,7 +115,7 @@ let compute_ring_element_v (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -136,12 +129,12 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (r_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product + Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector v_K result product in result) in @@ -149,7 +142,7 @@ let compute_ring_element_v Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__add_message_error_reduce #v_Vector error_2_ message result + Libcrux_ml_kem.Polynomial.impl_1__add_message_error_reduce #v_Vector error_2_ message result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let _:Prims.unit = admit () (* Panic freedom *) in @@ -170,19 +163,14 @@ let compute_vector_u v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K) - (a_as_ntt - <: - t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice (a_as_ntt <: - usize) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result @@ -190,20 +178,18 @@ let compute_vector_u let _:usize = temp_1_ in true) result - (fun result i -> + (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let i:usize = i in - let row:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - a_as_ntt.[ i ] + let i, row:(usize & + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = + temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - usize) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -212,17 +198,17 @@ let compute_vector_u let _:usize = temp_1_ in true) result - (fun result j -> + (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let j:usize = j in - let a_element:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - row.[ j ] + let j, a_element:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector a_element (r_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -230,7 +216,7 @@ let compute_vector_u v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector + (Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector v_K (result.[ i ] <: @@ -253,7 +239,7 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl_2__add_error_reduce #v_Vector + (Libcrux_ml_kem.Polynomial.impl_1__add_error_reduce #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_1_.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -276,7 +262,7 @@ let compute_message t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -290,12 +276,12 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product + Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector v_K result product in result) in @@ -303,7 +289,7 @@ let compute_message Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result + Libcrux_ml_kem.Polynomial.impl_1__subtract_reduce #v_Vector v result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let _:Prims.unit = admit () (* Panic freedom *) in @@ -331,7 +317,7 @@ let sample_matrix_A v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -394,11 +380,7 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Rust_primitives.Hax.Folds.fold_range (sz 0) - (Core.Slice.impl__len #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (sampled <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - usize) + Rust_primitives.Hax.Folds.fold_enumerated_slice sampled (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = @@ -407,14 +389,13 @@ let sample_matrix_A let _:usize = temp_1_ in true) v_A_transpose - (fun v_A_transpose j -> + (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = v_A_transpose in - let j:usize = j in - let sample:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - sampled.[ j ] + let j, sample:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_1_ in if transpose then diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 339c364d9..139ad22c3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -390,7 +390,7 @@ let ntt_binomially_sampled_ring_element let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_1__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -449,7 +449,7 @@ let ntt_vector_u let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_1__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index ce6e76d43..df19c569e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let impl_2__ZERO +let impl_1__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -29,7 +29,7 @@ let impl_2__ZERO <: t_PolynomialRingElement v_Vector -let impl_2__add_error_reduce +let impl_1__add_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -79,7 +79,7 @@ let impl_2__add_error_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_2__add_message_error_reduce +let impl_1__add_message_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -135,7 +135,7 @@ let impl_2__add_message_error_reduce in result -let impl_2__add_standard_error_reduce +let impl_1__add_standard_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -183,7 +183,7 @@ let impl_2__add_standard_error_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_2__add_to_ring_element +let impl_1__add_to_ring_element (#v_Vector: Type0) (v_K: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -223,14 +223,14 @@ let impl_2__add_to_ring_element let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_2__from_i16_array +let impl_1__from_i16_array (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a: t_Slice i16) = - let result:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in + let result:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -268,14 +268,14 @@ let impl_2__from_i16_array in result -let impl_2__ntt_multiply +let impl_1__ntt_multiply (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = - let out:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in + let out:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -330,7 +330,7 @@ let impl_2__ntt_multiply in out -let impl_2__poly_barrett_reduce +let impl_1__poly_barrett_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -368,7 +368,7 @@ let impl_2__poly_barrett_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_2__subtract_reduce +let impl_1__subtract_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index ad9e5e1b4..98b6cc98d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -51,25 +51,25 @@ let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r = createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i])) -val impl_2__ZERO: +val impl_1__ZERO: #v_Vector: Type0 -> {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> Prims.unit -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_2__add_error_reduce +val impl_1__add_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_2__add_message_error_reduce +val impl_1__add_message_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self message result: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_2__add_standard_error_reduce +val impl_1__add_standard_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) @@ -77,14 +77,14 @@ val impl_2__add_standard_error_reduce /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise /// sum of their constituent coefficients. -val impl_2__add_to_ring_element +val impl_1__add_to_ring_element (#v_Vector: Type0) (v_K: usize) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_2__from_i16_array +val impl_1__from_i16_array (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a: t_Slice i16) @@ -113,19 +113,19 @@ val impl_2__from_i16_array /// this function are in the Montgomery domain. /// The NIST FIPS 203 standard can be found at /// . -val impl_2__ntt_multiply +val impl_1__ntt_multiply (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_2__poly_barrett_reduce +val impl_1__poly_barrett_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_2__subtract_reduce +val impl_1__subtract_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self b: t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index dc801c7f9..1a7aefd49 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -153,24 +153,16 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 randomness <: usize) /! sz 4 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + randomness (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let _:usize = temp_1_ in true) sampled_i16s - (fun sampled_i16s chunk_number -> + (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in - let chunk_number:usize = chunk_number in - let byte_chunk:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = chunk_number *! sz 4 <: usize; - Core.Ops.Range.f_end = (chunk_number *! sz 4 <: usize) +! sz 4 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u32: u32):u32 = (((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Rust_primitives.Hax.Folds.fold_range 0ul - (Core.Num.impl__u32__BITS /! 4ul <: u32) + Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Core.Num.impl__u32__BITS + (sz 4) (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let _:u32 = temp_1_ in @@ -194,7 +187,6 @@ let sample_from_binomial_distribution_2_ (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let outcome_set:u32 = outcome_set in - let outcome_set:u32 = outcome_set *! 4ul in let outcome_1_:i16 = cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 3ul <: u32) <: i16 in @@ -211,7 +203,7 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -222,24 +214,16 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 randomness <: usize) /! sz 3 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + randomness (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let _:usize = temp_1_ in true) sampled_i16s - (fun sampled_i16s chunk_number -> + (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in - let chunk_number:usize = chunk_number in - let byte_chunk:t_Slice u8 = - randomness.[ { - Core.Ops.Range.f_start = chunk_number *! sz 3 <: usize; - Core.Ops.Range.f_end = (chunk_number *! sz 3 <: usize) +! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let chunk_number, byte_chunk:(usize & t_Slice u8) = temp_1_ in let (random_bits_as_u24: u32):u32 = ((cast (byte_chunk.[ sz 0 ] <: u8) <: u32) |. ((cast (byte_chunk.[ sz 1 ] <: u8) <: u32) <>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Rust_primitives.Hax.Folds.fold_range 0l - (24l /! 6l <: i32) + Rust_primitives.Hax.Folds.fold_range_step_by 0l + 24l + (sz 6) (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let _:i32 = temp_1_ in @@ -261,7 +246,6 @@ let sample_from_binomial_distribution_3_ (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in let outcome_set:i32 = outcome_set in - let outcome_set:i32 = outcome_set *! 6l in let outcome_1_:i16 = cast ((coin_toss_outcomes >>! outcome_set <: u32) &. 7ul <: u32) <: i16 in @@ -278,7 +262,7 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) let sample_from_binomial_distribution (v_ETA: usize) @@ -382,7 +366,7 @@ let sample_from_xof out (fun s -> let s:t_Array i16 (sz 272) = s in - Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector + Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index b6fe62dcf..62d74574d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -365,30 +365,22 @@ let deserialize_then_decompress_10_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let v__coefficients_length:usize = Core.Slice.impl__len #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients <: t_Slice v_Vector) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 20 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in true) re - (fun re i -> + (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i:usize = i in - let bytes:t_Slice u8 = - serialized.[ { - Core.Ops.Range.f_start = i *! sz 20 <: usize; - Core.Ops.Range.f_end = (i *! sz 20 <: usize) +! sz 20 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let i, bytes:(usize & t_Slice u8) = temp_1_ in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_10_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -427,27 +419,19 @@ let deserialize_then_decompress_11_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 22 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in true) re - (fun re i -> + (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i:usize = i in - let bytes:t_Slice u8 = - serialized.[ { - Core.Ops.Range.f_start = i *! sz 22 <: usize; - Core.Ops.Range.f_end = (i *! sz 22 <: usize) +! sz 22 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let i, bytes:(usize & t_Slice u8) = temp_1_ in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -486,27 +470,19 @@ let deserialize_then_decompress_4_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 8 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in true) re - (fun re i -> + (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i:usize = i in - let bytes:t_Slice u8 = - serialized.[ { - Core.Ops.Range.f_start = i *! sz 8 <: usize; - Core.Ops.Range.f_end = (i *! sz 8 <: usize) +! sz 8 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let i, bytes:(usize & t_Slice u8) = temp_1_ in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_4_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -545,27 +521,19 @@ let deserialize_then_decompress_5_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 10 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in true) re - (fun re i -> + (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i:usize = i in - let bytes:t_Slice u8 = - serialized.[ { - Core.Ops.Range.f_start = i *! sz 10 <: usize; - Core.Ops.Range.f_end = (i *! sz 10 <: usize) +! sz 10 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let i, bytes:(usize & t_Slice u8) = temp_1_ in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -613,7 +581,7 @@ let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -708,27 +676,19 @@ let deserialize_to_reduced_ring_element = let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in true) re - (fun re i -> + (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i:usize = i in - let bytes:t_Slice u8 = - serialized.[ { - Core.Ops.Range.f_start = i *! sz 24 <: usize; - Core.Ops.Range.f_end = (i *! sz 24 <: usize) +! sz 24 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in + let i, bytes:(usize & t_Slice u8) = temp_1_ in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector #FStar.Tactics.Typeclasses.solve @@ -768,16 +728,13 @@ let deserialize_ring_elements_reduced v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 public_key <: usize) /! - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + public_key (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -786,36 +743,19 @@ let deserialize_ring_elements_reduced let _:usize = temp_1_ in true) deserialized_pk - (fun deserialized_pk i -> + (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = deserialized_pk in - let i:usize = i in - let ring_element:t_Slice u8 = - public_key.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize) +! - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - usize - } + let i, ring_element:(usize & t_Slice u8) = temp_1_ in + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk + i + (deserialize_to_reduced_ring_element #v_Vector ring_element <: - Core.Ops.Range.t_Range usize ] - in - let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize deserialized_pk - i - (deserialize_to_reduced_ring_element #v_Vector ring_element - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - deserialized_pk) + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in deserialized_pk @@ -828,45 +768,36 @@ let deserialize_to_uncompressed_ring_element = let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Rust_primitives.Hax.Folds.fold_range (sz 0) - ((Core.Slice.impl__len #u8 serialized <: usize) /! sz 24 <: usize) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let _:usize = temp_1_ in true) re - (fun re i -> + (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let i:usize = i in - let bytes:t_Slice u8 = - serialized.[ { - Core.Ops.Range.f_start = i *! sz 24 <: usize; - Core.Ops.Range.f_end = (i *! sz 24 <: usize) +! sz 24 <: usize - } - <: - Core.Ops.Range.t_Range usize ] - in - let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - { - re with - Libcrux_ml_kem.Polynomial.f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Polynomial.f_coefficients - i - (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector - #FStar.Tactics.Typeclasses.solve - bytes - <: - v_Vector) - } + let i, bytes:(usize & t_Slice u8) = temp_1_ in + { + re with + Libcrux_ml_kem.Polynomial.f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re + .Libcrux_ml_kem.Polynomial.f_coefficients + i + (Libcrux_ml_kem.Vector.Traits.f_deserialize_12_ #v_Vector + #FStar.Tactics.Typeclasses.solve + bytes + <: + v_Vector) <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector - in - re) + t_Array v_Vector (sz 16) + } + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst deleted file mode 100644 index acdcf619b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst +++ /dev/null @@ -1,351 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - in - let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - in - let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - in - let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - in - let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - in - let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - in - let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_10_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_10_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_10_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_10_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_10_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r0_10_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r0_10_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r0_10_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r0_10_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r0_10_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r0_10_._11 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r11_21_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r11_21_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r11_21_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r11_21_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r11_21_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r11_21_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r11_21_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r11_21_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r11_21_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 20) r11_21_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 21) r11_21_._11 - in - result - -let to_i16_array (v: t_PortableVector) = v.f_elements - -let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:t_PortableVector = zero () in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 0) v0_7_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 1) v0_7_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 2) v0_7_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 3) v0_7_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 4) v0_7_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 5) v0_7_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 6) v0_7_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 7) v0_7_._8 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 8) v8_15_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 9) v8_15_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 10) v8_15_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 11) v8_15_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 12) v8_15_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 13) v8_15_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 14) v8_15_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 15) v8_15_._8 - } - <: - t_PortableVector - in - v diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index c101dd0b2..dcda117ee 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -5,7 +5,7 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Sampling.fst \ - Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ Libcrux_ml_kem.Vector.Avx2.Compress.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ diff --git a/libcrux-ml-kem/src/helper.rs b/libcrux-ml-kem/src/helper.rs index 7455a821e..22308a179 100644 --- a/libcrux-ml-kem/src/helper.rs +++ b/libcrux-ml-kem/src/helper.rs @@ -1,7 +1,7 @@ /// The following macros are defined so that the extraction from Rust to C code /// can go through. -#[cfg(any(eurydice,hax))] +#[cfg(eurydice)] macro_rules! cloop { (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => { for $i in 0..$val.$values.len() / ($($chunk_size)*) { @@ -35,7 +35,7 @@ macro_rules! cloop { }; } -#[cfg(all(not(eurydice),not(hax)))] +#[cfg(not(eurydice))] macro_rules! cloop { (for ($i:ident, $chunk:ident) in $val:ident.$values:ident.chunks_exact($($chunk_size:expr),*).enumerate() $body:block) => { for ($i, $chunk) in $val.$values.chunks_exact($($chunk_size),*).enumerate() $body diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 154908e1f..de449eea6 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -310,6 +310,8 @@ fn compress_then_serialize_u< input: [PolynomialRingElement; K], out: &mut [u8], ) { + hax_lib::fstar!("assert ((v $COEFFICIENTS_IN_RING_ELEMENT * v $COMPRESSION_FACTOR) / 8 == 320 \\/ + (v $COEFFICIENTS_IN_RING_ELEMENT * v $COMPRESSION_FACTOR) / 8 == 352)"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 cloop! { diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 72a942f3b..b508af0e8 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -14,8 +14,8 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; -#[cfg_attr(any(eurydice,hax), derive(Clone, Copy))] -#[cfg_attr(all(not(eurydice),not(hax)), derive(Clone))] +#[cfg_attr(eurydice, derive(Clone, Copy))] +#[cfg_attr(not(eurydice), derive(Clone))] #[cfg_attr(hax, hax_lib::fstar::after(interface, "let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r = From ebe00b4f7f5ec3248d53675d5b7a45175cc8800d Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 25 Aug 2024 17:33:08 +0000 Subject: [PATCH 130/348] Update MLKEM Makefile --- .../Libcrux_ml_kem.Vector.Avx2.Portable.fsti | 30 ------------------- .../proofs/fstar/extraction/Makefile | 1 + 2 files changed, 1 insertion(+), 30 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti deleted file mode 100644 index fe64003c4..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fsti +++ /dev/null @@ -1,30 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -val deserialize_11_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) - -val serialize_11_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - Prims.l_True - (fun _ -> Prims.l_True) - -type t_PortableVector = { f_elements:t_Array i16 (sz 16) } - -val from_i16_array (array: t_Array i16 (sz 16)) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) - -val serialize_11_ (v: t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - -val to_i16_array (v: t_PortableVector) - : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) - -val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) - -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index dcda117ee..26a853479 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -25,6 +25,7 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Traits.fst OTHERFLAGS="--query_stats" From 19f1c40e6708780cc55b37fe457d97afffc7056c Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 25 Aug 2024 17:40:40 +0000 Subject: [PATCH 131/348] Update MLKEM Makefile --- .../fstar/extraction/ML.KEM.fst.config.json | 26 ------------------- .../proofs/fstar/extraction/Makefile | 1 - 2 files changed, 27 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json diff --git a/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json b/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json deleted file mode 100644 index d7b3a38b6..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/ML.KEM.fst.config.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "fstar_exe": "fstar.exe", - "options": [ - "--warn_error", - "-274-321-331", - "--cache_checked_modules", - "--query_stats", - "--record_hints", - "--log_queries", - "--cache_dir", - ".cache", - "--no_location_info", - "--use_hints" - ], - "include_dirs": [ - "${HACL_HOME}/lib", - "${HACL_HOME}/specs", - "${HAX_HOME}/proof-libs/fstar/rust_primitives", - "${HAX_HOME}/proof-libs/fstar/core", - "${HAX_HOME}/hax-lib/proofs/fstar/extraction", - "../spec", - "../../../../sys/platform/proofs/fstar/extraction", - "../../../../libcrux-sha3/proofs/fstar/extraction", - "../../../../libcrux-intrinsics/proofs/fstar/extraction" - ] -} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 26a853479..82aca3f95 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -10,7 +10,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.Compress.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ - Libcrux_ml_kem.Vector.Avx2.Portable.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ From a73b092aaa2ec924efeb78a30f28e41ede2d3e06 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 25 Aug 2024 14:01:18 -0400 Subject: [PATCH 132/348] back to verification --- fstar-helpers/Makefile.template | 16 ++-- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 6 +- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 24 +++++- .../Libcrux_ml_kem.Vector.Avx2.fsti | 59 ++++++++++++-- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 79 +++++++++++-------- ...ibcrux_ml_kem.Vector.Neon.Vector_type.fsti | 26 +++++- .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 1 + .../Libcrux_ml_kem.Vector.Neon.fsti | 32 ++++++-- ...ux_ml_kem.Vector.Portable.Vector_type.fsti | 22 +++++- .../Libcrux_ml_kem.Vector.Portable.fsti | 49 +++++++++--- .../Libcrux_ml_kem.Vector.Traits.fsti | 17 +++- .../proofs/fstar/spec/Spec.MLKEM.fst | 2 +- libcrux-ml-kem/src/vector/avx2.rs | 22 +++++- libcrux-ml-kem/src/vector/neon.rs | 12 +++ libcrux-ml-kem/src/vector/neon/vector_type.rs | 27 ++++--- libcrux-ml-kem/src/vector/portable.rs | 20 ++++- .../src/vector/portable/vector_type.rs | 13 +-- libcrux-ml-kem/src/vector/traits.rs | 13 ++- 18 files changed, 335 insertions(+), 105 deletions(-) diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template index b1971d30e..314101ac6 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.template @@ -101,7 +101,7 @@ endef export FINDLIBS FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') -FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(HACL_HOME)/specs $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) # Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and # an error message otherwise @@ -144,8 +144,6 @@ endif ROOTS ?= $(wildcard *.fst *fsti) ADMIT_MODULES ?= -ADMIT_MODULE_FLAGS ?= "--admit_smt_queries true" - # Can be useful for debugging purposes FINDLIBS.sh: $(Q)echo '${FINDLIBS}' > FINDLIBS.sh @@ -212,10 +210,12 @@ run:%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run:%=%) -ADMIT_MODULE_FLAGS = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/, ${ADMIT_MODULES})) -$(ADMIT_MODULE_FLAGS): +VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) +ADMIT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,${ADMIT_MODULES})) + +$(ADMIT_CHECKED): $(Q)printf '${ANSI_COLOR_BBLUE}[${ANSI_COLOR_TONE}ADMIT${ANSI_COLOR_BBLUE}] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" - $(Q)$(FSTAR) $(OTHERFLAGS) $(LAX_MODULE_FLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + $(Q)$(FSTAR) $(OTHERFLAGS) --admit_smt_queries true $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ echo "" ; \ exit 1 ; \ } @@ -230,7 +230,7 @@ $(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) touch $@ $(Q)printf "\n\n" -verify: $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) $(HACL_HOME) +verify: $(VERIFIED_CHECKED) $(ADMIT_CHECKED) # Targets for interactive mode @@ -251,4 +251,4 @@ SHELL=bash # Clean target clean: rm -rf $(CACHE_DIR)/* - rm *.fst \ No newline at end of file + rm *.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 7ed7958f3..9ab226abf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -319,9 +319,9 @@ let decapsulate ciphertext <: t_Slice u8) - (Rust_primitives.unsize expected_ciphertext <: t_Slice u8) - (Rust_primitives.unsize shared_secret <: t_Slice u8) - (Rust_primitives.unsize implicit_rejection_shared_secret <: t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) in let result:t_Array u8 (sz 32) = shared_secret in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index 1aa183708..5b4e78639 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -3,15 +3,33 @@ module Libcrux_ml_kem.Vector.Avx2 open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + +let repr (x:t_SIMD256Vector) = admit() + let from_i16_array (array: t_Slice i16) = - { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 array } <: t_SIMD256Vector + let result:t_SIMD256Vector = + { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 array } <: t_SIMD256Vector + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let to_i16_array (v: t_SIMD256Vector) = let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in let output:t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.mm256_storeu_si256_i16 output v.f_elements in - output + let result:t_Array i16 (sz 16) = output in + let _:Prims.unit = admit () (* Panic freedom *) in + result let zero (_: Prims.unit) = - { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () } <: t_SIMD256Vector + let result:t_SIMD256Vector = + { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () } <: t_SIMD256Vector + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 9622d0152..e03d573a9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -3,29 +3,72 @@ module Libcrux_ml_kem.Vector.Avx2 open Core open FStar.Mul +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Traits in + () + type t_SIMD256Vector = { f_elements:u8 } +val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) + val from_i16_array (array: t_Slice i16) - : Prims.Pure t_SIMD256Vector Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_SIMD256Vector + Prims.l_True + (ensures + fun result -> + let result:t_SIMD256Vector = result in + repr result == array) val to_i16_array (v: t_SIMD256Vector) - : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i16 (sz 16)) + Prims.l_True + (ensures + fun result -> + let result:t_Array i16 (sz 16) = result in + result == repr v) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector = + { + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + f_repr_pre = (fun (x: t_SIMD256Vector) -> true); + f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); + f_repr = fun (x: t_SIMD256Vector) -> to_i16_array x + } -val zero: Prims.unit -> Prims.Pure t_SIMD256Vector Prims.l_True (fun _ -> Prims.l_True) +val zero: Prims.unit + -> Prims.Pure t_SIMD256Vector + Prims.l_True + (ensures + fun result -> + let result:t_SIMD256Vector = result in + to_i16_array result == Seq.create 16 0s) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = +let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve; f_ZERO_pre = (fun (_: Prims.unit) -> true); - f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> true); + f_ZERO_post + = + (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> zero ()); - f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); - f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> true); + f_from_i16_array_pre + = + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + f_from_i16_array_post + = + (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array); f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true); - f_to_i16_array_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); + f_to_i16_array_post + = + (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> to_i16_array x); f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst index 12686d3bb..405550dc1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst @@ -3,39 +3,19 @@ module Libcrux_ml_kem.Vector.Neon.Vector_type open Core open FStar.Mul -let v_ZERO (_: Prims.unit) = - { - f_low = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s; - f_high = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s - } - <: - t_SIMD128Vector +let repr (x:t_SIMD128Vector) = admit() -let from_i16_array (array: t_Slice i16) = - { - f_low - = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16); - f_high - = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - } - <: - t_SIMD128Vector +let v_ZERO (_: Prims.unit) = + let result:t_SIMD128Vector = + { + f_low = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s; + f_high = Libcrux_intrinsics.Arm64_extract.v__vdupq_n_s16 0s + } + <: + t_SIMD128Vector + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let to_i16_array (v: t_SIMD128Vector) = let out:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in @@ -73,4 +53,37 @@ let to_i16_array (v: t_SIMD128Vector) = <: t_Slice i16) in - out + let result:t_Array i16 (sz 16) = out in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +let from_i16_array (array: t_Slice i16) = + let v__dummy:t_Array i16 (sz 16) = to_i16_array (v_ZERO () <: t_SIMD128Vector) in + let result:t_SIMD128Vector = + { + f_low + = + Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16); + f_high + = + Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + } + <: + t_SIMD128Vector + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti index d80603ff5..144742531 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti @@ -8,10 +8,28 @@ type t_SIMD128Vector = { f_high:u8 } -val v_ZERO: Prims.unit -> Prims.Pure t_SIMD128Vector Prims.l_True (fun _ -> Prims.l_True) +val repr (x:t_SIMD128Vector) : t_Array i16 (sz 16) -val from_i16_array (array: t_Slice i16) - : Prims.Pure t_SIMD128Vector Prims.l_True (fun _ -> Prims.l_True) +val v_ZERO: Prims.unit + -> Prims.Pure t_SIMD128Vector + Prims.l_True + (ensures + fun result -> + let result:t_SIMD128Vector = result in + repr result == Seq.create 16 0s) val to_i16_array (v: t_SIMD128Vector) - : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i16 (sz 16)) + Prims.l_True + (ensures + fun result -> + let result:t_Array i16 (sz 16) = result in + result == repr v) + +val from_i16_array (array: t_Slice i16) + : Prims.Pure t_SIMD128Vector + Prims.l_True + (ensures + fun result -> + let result:t_SIMD128Vector = result in + repr result == array) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst index d33fcee14..b05106d98 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let rej_sample (a: t_Slice u8) (result: t_Slice i16) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti index b68a453af..8093d76b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti @@ -7,26 +7,48 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () val rej_sample (a: t_Slice u8) (result: t_Slice i16) : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: Libcrux_ml_kem.Vector.Traits.t_Operations +let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = + { + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + f_repr_post + = + (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> + true); + f_repr + = + fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + Libcrux_ml_kem.Vector.Neon.Vector_type.to_i16_array x + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = { _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve; f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ()); - f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); + f_from_i16_array_pre + = + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); + (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + impl.f_repr out == array); f_from_i16_array = (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Neon.Vector_type.from_i16_array array); @@ -34,7 +56,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_to_i16_array_post = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> - true); + out == impl.f_repr x); f_to_i16_array = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index 4c354edf7..66df77004 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -6,9 +6,25 @@ open FStar.Mul type t_PortableVector = { f_elements:t_Array i16 (sz 16) } val from_i16_array (array: t_Slice i16) - : Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_PortableVector + Prims.l_True + (ensures + fun result -> + let result:t_PortableVector = result in + result.f_elements == array) val to_i16_array (x: t_PortableVector) - : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array i16 (sz 16)) + Prims.l_True + (ensures + fun result -> + let result:t_Array i16 (sz 16) = result in + result == x.f_elements) -val zero: Prims.unit -> Prims.Pure t_PortableVector Prims.l_True (fun _ -> Prims.l_True) +val zero: Prims.unit + -> Prims.Pure t_PortableVector + Prims.l_True + (ensures + fun result -> + let result:t_PortableVector = result in + to_i16_array result == Seq.create 16 0s) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 164f28caa..db88552b0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -7,27 +7,36 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: Libcrux_ml_kem.Vector.Traits.t_Operations +let impl: Libcrux_ml_kem.Vector.Traits.t_Repr Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; - f_ZERO_pre = (fun (_: Prims.unit) -> true); - f_ZERO_post - = - (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()); - f_from_i16_array_pre = (fun (array: t_Slice i16) -> true); - f_from_i16_array_post + f_repr_pre = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + f_repr_post = - (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + (fun + (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (out: t_Array i16 (sz 16)) + -> true); - f_from_i16_array + f_repr = - (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Portable.Vector_type.from_i16_array array); + fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations +Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; + _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; + _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve; f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -37,11 +46,27 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array i16 (sz 16)) -> - true); + out == impl.f_repr x); f_to_i16_array = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x); + f_ZERO_pre = (fun (_: Prims.unit) -> true); + f_ZERO_post + = + (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + impl.f_repr out == Seq.create 16 0s); + f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()); + f_from_i16_array_pre + = + (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); + f_from_i16_array_post + = + (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + impl.f_repr out == array); + f_from_i16_array + = + (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Portable.Vector_type.from_i16_array array); f_add_pre = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 56952c6e4..8ca8440e1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -3,11 +3,22 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul +class t_Repr (v_Self: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; + [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; + f_repr_pre:x: v_Self -> pred: Type0{true ==> pred}; + f_repr_post:v_Self -> t_Array i16 (sz 16) -> Type0; + f_repr:x0: v_Self + -> Prims.Pure (t_Array i16 (sz 16)) (f_repr_pre x0) (fun result -> f_repr_post x0 result) +} + class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; + [@@@ FStar.Tactics.Typeclasses.no_method]_super_8706949974463268012:t_Repr v_Self; f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; - f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> Type0; + f_to_i16_array_post:x: v_Self -> result: t_Array i16 (sz 16) + -> pred: Type0{pred ==> f_repr x == result}; f_to_i16_array:x0: v_Self -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) @@ -15,7 +26,7 @@ class t_Operations (v_Self: Type0) = { f_from_i16_array_pre:array: t_Slice i16 -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; f_from_i16_array_post:array: t_Slice i16 -> result: v_Self - -> pred: Type0{pred ==> f_to_i16_array result == array}; + -> pred: Type0{pred ==> f_repr result == array}; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); f_ZERO_pre:Prims.unit -> Type0; @@ -24,7 +35,7 @@ class t_Operations (v_Self: Type0) = { Type0 { pred ==> (let _:Prims.unit = x in - f_to_i16_array result == Seq.create 16 0uy) }; + f_repr result == Seq.create 16 0s) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_add_post:v_Self -> v_Self -> v_Self -> Type0; diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 8ba36443d..44ae4d7af 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -225,7 +225,7 @@ val ind_cpa_generate_keypair (r:rank) (randomness:t_Array u8 v_CPA_KEY_GENERATIO let ind_cpa_generate_keypair r randomness = let hashed = v_G randomness in let (seed_for_A, seed_for_secret_and_error) = split hashed (sz 32) in - let matrix_A_as_ntt = sample_matrix_A_ntt #r seed_for_A in + let (matrix_A_as_ntt, sufficient_randomness) = sample_matrix_A_ntt #r seed_for_A in let secret_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error (sz 0) in let error_as_ntt = sample_vector_cbd_then_ntt #r seed_for_secret_and_error r in let t_as_ntt = compute_As_plus_e_ntt #r matrix_A_as_ntt secret_as_ntt error_as_ntt in diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 178ed4478..7611de912 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -1,5 +1,5 @@ use super::traits::Operations; - +use crate::vector::traits::Repr; pub(crate) use libcrux_intrinsics::avx2::*; mod arithmetic; @@ -9,18 +9,25 @@ mod sampling; mod serialize; #[derive(Clone, Copy)] +#[hax_lib::fstar::after(interface,"val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16)")] +#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = admit()")] pub struct SIMD256Vector { elements: Vec256, } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("to_i16_array ${result} == Seq.create 16 0s"))] fn zero() -> SIMD256Vector { SIMD256Vector { elements: mm256_setzero_si256(), } } + #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("${result} == repr ${v}"))] fn to_i16_array(v: SIMD256Vector) -> [i16; 16] { let mut output = [0i16; 16]; mm256_storeu_si256_i16(&mut output, v.elements); @@ -29,21 +36,34 @@ fn to_i16_array(v: SIMD256Vector) -> [i16; 16] { } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("repr ${result} == ${array}"))] fn from_i16_array(array: &[i16]) -> SIMD256Vector { SIMD256Vector { elements: mm256_loadu_si256_i16(array), } } +impl Repr for SIMD256Vector { + fn repr(x: Self) -> [i16; 16] { + to_i16_array(x) + } +} + +#[hax_lib::attributes] impl Operations for SIMD256Vector { + #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { zero() } + #[requires(array.len() == 16)] + #[ensures(|result| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } + #[ensures(|result| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { to_i16_array(x) } diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 68539971e..058f4a90a 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -1,6 +1,7 @@ //! Vectors for libcrux using aarch64 (neon) intrinsics use super::{Operations, FIELD_MODULUS}; +use crate::vector::traits::Repr; // mod sampling; mod arithmetic; @@ -16,16 +17,27 @@ use serialize::*; pub(crate) use vector_type::SIMD128Vector; use vector_type::*; +impl Repr for SIMD128Vector { + fn repr(x: Self) -> [i16; 16] { + to_i16_array(x) + } +} + +#[hax_lib::attributes] impl Operations for SIMD128Vector { #[inline(always)] + #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { ZERO() } + #[requires(array.len() == 16)] + #[ensures(|result| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } + #[ensures(|result| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { to_i16_array(x) } diff --git a/libcrux-ml-kem/src/vector/neon/vector_type.rs b/libcrux-ml-kem/src/vector/neon/vector_type.rs index 61b4d319d..434f82756 100644 --- a/libcrux-ml-kem/src/vector/neon/vector_type.rs +++ b/libcrux-ml-kem/src/vector/neon/vector_type.rs @@ -1,20 +1,15 @@ use libcrux_intrinsics::arm64::*; #[derive(Clone, Copy)] +#[hax_lib::fstar::after(interface,"val repr (x:t_SIMD128Vector) : t_Array i16 (sz 16)")] +#[hax_lib::fstar::after("let repr (x:t_SIMD128Vector) = admit()")] pub struct SIMD128Vector { pub low: _int16x8_t, pub high: _int16x8_t, } -#[allow(non_snake_case)] -#[inline(always)] -pub(crate) fn ZERO() -> SIMD128Vector { - SIMD128Vector { - low: _vdupq_n_s16(0), - high: _vdupq_n_s16(0), - } -} - #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("${result} == repr ${v}"))] pub(crate) fn to_i16_array(v: SIMD128Vector) -> [i16; 16] { let mut out = [0i16; 16]; _vst1q_s16(&mut out[0..8], v.low); @@ -23,9 +18,23 @@ pub(crate) fn to_i16_array(v: SIMD128Vector) -> [i16; 16] { } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("repr ${result} == $array"))] pub(crate) fn from_i16_array(array: &[i16]) -> SIMD128Vector { + let _dummy = to_i16_array(ZERO()); // This is because hax unnecessarily reorders this SIMD128Vector { low: _vld1q_s16(&array[0..8]), high: _vld1q_s16(&array[8..16]), } } + +#[allow(non_snake_case)] +#[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("repr result == Seq.create 16 0s"))] +pub(crate) fn ZERO() -> SIMD128Vector { + SIMD128Vector { + low: _vdupq_n_s16(0), + high: _vdupq_n_s16(0), + } +} \ No newline at end of file diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 2ed759d54..3beb4f215 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -1,5 +1,5 @@ use super::Operations; - +use crate::vector::traits::Repr; mod arithmetic; mod compress; mod ntt; @@ -16,18 +16,30 @@ use vector_type::*; pub(crate) use vector_type::PortableVector; +impl Repr for PortableVector { + fn repr(x: Self) -> [i16; 16] { + to_i16_array(x) + } +} + +#[hax_lib::attributes] impl Operations for PortableVector { + #[ensures(|result| fstar!("out == impl.f_repr $x"))] + fn to_i16_array(x: Self) -> [i16; 16] { + to_i16_array(x) + } + + #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { zero() } + #[requires(array.len() == 16)] + #[ensures(|result| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } - fn to_i16_array(x: Self) -> [i16; 16] { - to_i16_array(x) - } fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs index 75b3b30c6..b09748d4f 100644 --- a/libcrux-ml-kem/src/vector/portable/vector_type.rs +++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs @@ -11,6 +11,7 @@ pub struct PortableVector { #[allow(non_snake_case)] #[inline(always)] +#[hax_lib::ensures(|result| fstar!("to_i16_array $result == Seq.create 16 0s"))] pub fn zero() -> PortableVector { PortableVector { elements: [0i16; FIELD_ELEMENTS_IN_VECTOR], @@ -18,13 +19,15 @@ pub fn zero() -> PortableVector { } #[inline(always)] +#[hax_lib::ensures(|result| fstar!("${result} == ${x}.f_elements"))] +pub fn to_i16_array(x: PortableVector) -> [i16; 16] { + x.elements +} + +#[inline(always)] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == $array"))] pub fn from_i16_array(array: &[i16]) -> PortableVector { PortableVector { elements: array[0..16].try_into().unwrap(), } } - -#[inline(always)] -pub fn to_i16_array(x: PortableVector) -> [i16; 16] { - x.elements -} diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 0670e7244..d3341f64c 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -4,16 +4,23 @@ pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R #[hax_lib::attributes] -pub trait Operations: Copy + Clone { +pub trait Repr: Copy + Clone { #[requires(true)] + fn repr(x: Self) -> [i16; 16]; +} + +#[hax_lib::attributes] +pub trait Operations: Copy + Clone + Repr { + #[requires(true)] + #[ensures(|result| fstar!("f_repr $x == $result"))] fn to_i16_array(x: Self) -> [i16; 16]; #[requires(array.len() == 16)] - #[ensures(|result| fstar!("f_to_i16_array $result == $array"))] + #[ensures(|result| fstar!("f_repr $result == $array"))] fn from_i16_array(array: &[i16]) -> Self; #[allow(non_snake_case)] - #[ensures(|result| fstar!("f_to_i16_array $result == Seq.create 16 0uy"))] + #[ensures(|result| fstar!("f_repr $result == Seq.create 16 0s"))] fn ZERO() -> Self; // Basic arithmetic From 5cc4b70a624527733049367b7fa90e15047c47c7 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 25 Aug 2024 20:45:05 +0000 Subject: [PATCH 133/348] refreshed c code --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/eurydice_glue.h | 3 +- libcrux-ml-kem/c/internal/libcrux_core.h | 38 +- .../c/internal/libcrux_mlkem_avx2.h | 44 +- .../c/internal/libcrux_mlkem_portable.h | 44 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1844 +++++++---------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1782 ++++++---------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 16 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 959 ++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 889 ++++---- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 43 files changed, 2399 insertions(+), 3576 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 8f2f9d27d..ad21f1c33 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 0576bfc67e99aae86c51930421072688138b672b Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a +Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..acc002d93 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -88,7 +88,8 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t +#define core_array_TryFromSliceError \ + uint8_t #define core_array_TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 95fb8cd69..a85a438d4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __internal_libcrux_core_H @@ -75,7 +75,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_201( uint8_t value[1568U]); /** @@ -88,7 +88,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_981( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -101,7 +101,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_781( uint8_t value[3168U]); /** @@ -113,7 +113,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_251( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( +uint8_t *libcrux_ml_kem_types_as_slice_f6_501( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c01( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -159,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_200( uint8_t value[1184U]); /** @@ -172,7 +172,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_980( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -185,7 +185,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_780( uint8_t value[2400U]); /** @@ -197,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_250( uint8_t value[1088U]); /** @@ -208,7 +208,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( +uint8_t *libcrux_ml_kem_types_as_slice_f6_500( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -220,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c00( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_20( uint8_t value[800U]); /** @@ -256,7 +256,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_98( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -269,7 +269,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_78( uint8_t value[1632U]); /** @@ -281,7 +281,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_25( uint8_t value[768U]); /** @@ -292,7 +292,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( +uint8_t *libcrux_ml_kem_types_as_slice_f6_50( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -349,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 92f3e8455..d4700dfc1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_001(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_061( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_3f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_981( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_231( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f41( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_201( +void libcrux_ml_kem_ind_cca_decapsulate_4c1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_000(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_060( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_3f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_980( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f40( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_200( +void libcrux_ml_kem_ind_cca_decapsulate_4c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_06( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_3f( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_20( +void libcrux_ml_kem_ind_cca_decapsulate_4c( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index def1624ad..7c7ce91c9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_b91(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_bb1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_331( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_e31( +void libcrux_ml_kem_ind_cca_decapsulate_111( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_b90(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_bb0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_330( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_e30( +void libcrux_ml_kem_ind_cca_decapsulate_110( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_b9(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_33( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_e3( +void libcrux_ml_kem_ind_cca_decapsulate_11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index d603711fc..e961da1eb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 03ca80d96..1a8c84ed9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index a5f2f39b1..5f266592c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_4c1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_201( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_981( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a71( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_781( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_251( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f21( +uint8_t *libcrux_ml_kem_types_as_slice_f6_501( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_711( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c01( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_4c0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_200( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_980( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a70( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_780( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_250( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f20( +uint8_t *libcrux_ml_kem_types_as_slice_f6_500( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_710( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c00( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_4c( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_20( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_98( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a7( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_78( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_25( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( +uint8_t *libcrux_ml_kem_types_as_slice_f6_50( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_71( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 943b4e083..8758a7e21 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index b5cf3724c..39b02ed44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 05d316a3a..7871f93e7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_96( +static void decapsulate_24( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_200(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4c0(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_96(private_key, ciphertext, ret); + decapsulate_24(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_72( +static void decapsulate_unpacked_90( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f40(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_72(private_key, ciphertext, ret); + decapsulate_unpacked_90(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_70( +static tuple_21 encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_70(uu____0, copy_of_randomness); + return encapsulate_4f(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_27( +static tuple_21 encapsulate_unpacked_4e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_27( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_980( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_27(uu____0, copy_of_randomness); + return encapsulate_unpacked_4e(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_3f0(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(copy_of_randomness); + return generate_keypair_b3(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_d2(uint8_t randomness[64U]) { +generate_keypair_unpacked_96(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_060( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d2(copy_of_randomness); + return generate_keypair_unpacked_96(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_a30(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); +static bool validate_public_key_ff0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_000(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_a30(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_a30(public_key.value)) { + if (validate_public_key_ff0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 26425cbb7..1345e0769 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 0032daf9a..f6a609c25 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_e5( +static void decapsulate_2a( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e31(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_111(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e5(private_key, ciphertext, ret); + decapsulate_2a(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_6e( +static void decapsulate_unpacked_64( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_6e(private_key, ciphertext, ret); + decapsulate_unpacked_64(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_da( +static tuple_21 encapsulate_4f( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9f1(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_da(uu____0, copy_of_randomness); + return encapsulate_4f(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_c8( +static tuple_21 encapsulate_unpacked_26( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_c8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_331( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c8(uu____0, copy_of_randomness); + return encapsulate_unpacked_26(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_59( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_bb1(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(copy_of_randomness); + return generate_keypair_59(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_5a(uint8_t randomness[64U]) { +generate_keypair_unpacked_76(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a(copy_of_randomness); + return generate_keypair_unpacked_76(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_341(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b91(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_e11(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_341(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 624ef0798..ba9729035 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index df871eb6d..3668c7624 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 364933d64..46b140e0e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_9f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_44(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_20(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4c(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_9f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_9f(private_key, ciphertext, ret); + decapsulate_44(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_a6( +static void decapsulate_unpacked_5a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f4(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_a6( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_a6(private_key, ciphertext, ret); + decapsulate_unpacked_5a(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_8e( +static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8e(uu____0, copy_of_randomness); + return encapsulate_10(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ae( +static tuple_ec encapsulate_unpacked_b5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_ae( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ae(uu____0, copy_of_randomness); + return encapsulate_unpacked_b5(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b1( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_3f(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b1(copy_of_randomness); + return generate_keypair_9b(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_ad(uint8_t randomness[64U]) { +generate_keypair_unpacked_20(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_06( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_ad(copy_of_randomness); + return generate_keypair_unpacked_20(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_a3(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +static bool validate_public_key_ff(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_a3(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_a3(public_key.value)) { + if (validate_public_key_ff(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 893c5c37d..ac7835c79 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 8a3ec38f0..5204186f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_4a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f5(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e30(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_110(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_4a(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_4a(private_key, ciphertext, ret); + decapsulate_f5(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_d4( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_4b(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_7d( +static tuple_ec encapsulate_31( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9f0(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d(uu____0, copy_of_randomness); + return encapsulate_31(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_84( +static tuple_ec encapsulate_unpacked_f8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_84( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_330( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_84(uu____0, copy_of_randomness); + return encapsulate_unpacked_f8(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f7( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_bb0(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(copy_of_randomness); + return generate_keypair_f7(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_bc(uint8_t randomness[64U]) { +generate_keypair_unpacked_88(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_bc(copy_of_randomness); + return generate_keypair_unpacked_88(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_340(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b90(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_e10(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_340(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 5626a47b6..eaf92ba6a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 62edf65bc..96925018a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 7abc80c7d..bba3cba4a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_3f( +static void decapsulate_68( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_201(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4c1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_3f( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_3f(private_key, ciphertext, ret); + decapsulate_68(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_e5( +static void decapsulate_unpacked_cb( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f41(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_e5( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_e5(private_key, ciphertext, ret); + decapsulate_unpacked_cb(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ec( +static tuple_3c encapsulate_85( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, copy_of_randomness); + return encapsulate_85(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_2b( +static tuple_3c encapsulate_unpacked_f3( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_2b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_981( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2b(uu____0, copy_of_randomness); + return encapsulate_unpacked_f3(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c2( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_da( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_3f1(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c2(copy_of_randomness); + return generate_keypair_da(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_51(uint8_t randomness[64U]) { +generate_keypair_unpacked_e3(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_061( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_51(copy_of_randomness); + return generate_keypair_unpacked_e3(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_a31(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); +static bool validate_public_key_ff1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_001(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_a31(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_a31(public_key.value)) { + if (validate_public_key_ff1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 46c8025c0..3f3a9c040 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index bd8699614..cd0a84200 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_39( +static void decapsulate_b5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e3(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_11(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_39( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_39(private_key, ciphertext, ret); + decapsulate_b5(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_6b( +static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_6b( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_6b(private_key, ciphertext, ret); + decapsulate_unpacked_70(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4f( +static tuple_3c encapsulate_73( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9f(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4f(uu____0, copy_of_randomness); + return encapsulate_73(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_08( +static tuple_3c encapsulate_unpacked_82( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_08( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_33( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_08(uu____0, copy_of_randomness); + return encapsulate_unpacked_82(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ca( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_bb(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(copy_of_randomness); + return generate_keypair_ca(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_8b(uint8_t randomness[64U]) { +generate_keypair_unpacked_d9(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_8b(copy_of_randomness); + return generate_keypair_unpacked_d9(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_34(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_b9(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_e1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_34(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 1efa41d23..8e8518fb8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e6f3a05e8..d9b3d3699 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "internal/libcrux_mlkem_avx2.h" @@ -1250,15 +1250,15 @@ inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_d5(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1279,12 +1279,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1292,8 +1286,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_to_reduced_ring_element_b4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1307,12 +1301,6 @@ deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1320,12 +1308,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1337,7 +1325,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_b4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1351,7 +1339,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_a8(core_core_arch_x86___m256i vector) { +shift_right_f8(core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); } @@ -1365,9 +1353,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_aa( +static core_core_arch_x86___m256i shift_right_ea_5e( core_core_arch_x86___m256i vector) { - return shift_right_a8(vector); + return shift_right_f8(vector); } /** @@ -1376,9 +1364,9 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_a4( +static core_core_arch_x86___m256i to_unsigned_representative_d4( core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_aa(a); + core_core_arch_x86___m256i t = shift_right_ea_5e(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1391,14 +1379,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re->coefficients[i0]); + to_unsigned_representative_d4(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1409,9 +1397,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1419,7 +1404,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_ae1( +static KRML_MUSTINLINE void serialize_secret_key_a81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1437,16 +1422,15 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); + serialize_uncompressed_ring_element_d7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1455,21 +1439,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_d01( +static KRML_MUSTINLINE void serialize_public_key_371( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); + serialize_secret_key_a81(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, (size_t)1152U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + uint8_t result[1184U]; + memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); } /** @@ -1480,15 +1466,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_001(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( + deserialize_ring_elements_reduced_bd4( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_371( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1532,7 +1518,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_b81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_20_d5();); } /** @@ -1823,17 +1809,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); +from_i16_array_20_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1852,7 +1838,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( int16_t s[272U]) { - return from_i16_array_89_10( + return from_i16_array_20_10( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1948,7 +1934,11 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( } ); - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; + memcpy(result, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } @@ -2069,7 +2059,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_25(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2103,7 +2093,7 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10( + return from_i16_array_20_10( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2114,7 +2104,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_92(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2147,7 +2137,7 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10( + return from_i16_array_20_10( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2158,8 +2148,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); +sample_from_binomial_distribution_920(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_25(randomness); } /** @@ -2168,7 +2158,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_45( +static KRML_MUSTINLINE void ntt_at_layer_7_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2194,7 +2184,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_9d( +static core_core_arch_x86___m256i montgomery_multiply_fe_55( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2206,9 +2196,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, +ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); + core_core_arch_x86___m256i t = montgomery_multiply_fe_55(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2221,7 +2211,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2234,7 +2224,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( + ntt_layer_int_vec_step_88( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2251,7 +2241,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( +static KRML_MUSTINLINE void ntt_at_layer_3_45( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2267,7 +2257,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( +static KRML_MUSTINLINE void ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2286,7 +2276,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( +static KRML_MUSTINLINE void ntt_at_layer_1_83( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2305,15 +2295,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_c2( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void poly_barrett_reduce_20_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2329,23 +2319,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_48( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); + ntt_at_layer_7_64(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_45(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_83(&zeta_i, re); + poly_barrett_reduce_20_94(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2354,11 +2340,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_701( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); + re_as_ntt[i] = ZERO_20_d5();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2373,63 +2359,36 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( PRFxN_a9_512(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( + re_as_ntt[i0] = sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b00 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_41(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_d5(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2450,21 +2409,17 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_971( +static KRML_MUSTINLINE void add_to_ring_element_20_871( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2485,7 +2440,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_42( +static core_core_arch_x86___m256i to_standard_domain_f0( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2493,45 +2448,42 @@ static core_core_arch_x86___m256i to_standard_domain_42( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( +static KRML_MUSTINLINE void add_standard_error_reduce_20_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); + to_standard_domain_f0(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_f01( +static KRML_MUSTINLINE void compute_As_plus_e_bb1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); + result0[i] = ZERO_20_d5();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2552,57 +2504,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); + ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_871(&result0[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2611,7 +2526,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_6c1( +static tuple_9b0 generate_keypair_unpacked_751( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); @@ -2630,7 +2545,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2642,10 +2557,10 @@ static tuple_9b0 generate_keypair_unpacked_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_701(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_bb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -2697,23 +2612,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_451( +static void closure_ce1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_20_d5();); } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_75( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -2751,7 +2666,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_061( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2760,18 +2675,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_751(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_451(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_ce1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_75(&ind_cpa_public_key.A[j][i1]); + clone_3a_47(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2781,7 +2696,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_371( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -2829,17 +2744,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_541( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_751(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_371( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_a81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2848,12 +2763,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -2863,7 +2778,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( +static KRML_MUSTINLINE void serialize_kem_secret_key_171( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2918,7 +2833,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_3f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2927,13 +2842,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); + generate_keypair_541(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( + serialize_kem_secret_key_171( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2942,18 +2857,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_780(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_980( + uu____2, libcrux_ml_kem_types_from_07_200(copy_of_public_key)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2963,10 +2875,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_991(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); + error_1[i] = ZERO_20_d5();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2982,7 +2894,7 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( + sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2990,12 +2902,12 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b00 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -3031,7 +2943,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_62( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3055,7 +2967,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3075,7 +2987,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_8e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3093,14 +3005,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, +inv_ntt_layer_int_vec_step_reduce_75(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = montgomery_multiply_fe_55(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -3111,7 +3023,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3126,7 +3038,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_75( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -3143,31 +3055,31 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( +static KRML_MUSTINLINE void invert_ntt_montgomery_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_62(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_8e(&zeta_i, re); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_94(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_91( +static KRML_MUSTINLINE void add_error_reduce_20_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3182,23 +3094,20 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_001( +static KRML_MUSTINLINE void compute_vector_u_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); + result0[i] = ZERO_20_d5();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3218,12 +3127,16 @@ static KRML_MUSTINLINE void compute_vector_u_001( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); + ntt_multiply_20_41(a_element, &r_as_ntt[j]); + add_to_ring_element_20_871(&result0[i1], &product); } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_8e1(&result0[i1]); + add_error_reduce_20_44(&result0[i1], &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -3235,7 +3148,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_91( +static core_core_arch_x86___m256i decompress_1_0c( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), @@ -3250,8 +3163,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_message_bb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3259,22 +3172,22 @@ deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + re.coefficients[i0] = decompress_1_0c(coefficient_compressed);); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( +add_message_error_reduce_20_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3294,9 +3207,6 @@ add_message_error_reduce_89_67( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3304,18 +3214,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( +compute_ring_element_v_321( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_871(&result, &product);); + invert_ntt_montgomery_8e1(&result); + result = add_message_error_reduce_20_d5(error_2, message, result); return result; } @@ -3326,7 +3236,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_00(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_bc(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3391,9 +3301,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_d4( +static core_core_arch_x86___m256i compress_ea_2e( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_00(vector); + return compress_ciphertext_coefficient_bc(vector); } /** @@ -3402,14 +3312,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( +static KRML_MUSTINLINE void compress_then_serialize_10_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_d4(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_2e(to_unsigned_representative_d4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3427,7 +3337,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_000(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_bc0(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3492,9 +3402,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_d40( +static core_core_arch_x86___m256i compress_ea_2e0( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_000(vector); + return compress_ciphertext_coefficient_bc0(vector); } /** @@ -3504,16 +3414,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); + compress_then_serialize_10_fd(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3523,7 +3430,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_841( +static void compress_then_serialize_u_7a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3539,7 +3446,7 @@ static void compress_then_serialize_u_841( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); + compress_then_serialize_ring_element_u_71(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3552,7 +3459,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_001(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_bc1(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3617,9 +3524,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_d41( +static core_core_arch_x86___m256i compress_ea_2e1( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_001(vector); + return compress_ciphertext_coefficient_bc1(vector); } /** @@ -3628,14 +3535,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( +static KRML_MUSTINLINE void compress_then_serialize_4_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_d41(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_2e1(to_unsigned_representative_d4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3652,7 +3561,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_002(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_bc2(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3717,9 +3626,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_d42( +static core_core_arch_x86___m256i compress_ea_2e2( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_002(vector); + return compress_ciphertext_coefficient_bc2(vector); } /** @@ -3728,14 +3637,16 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_35( +static KRML_MUSTINLINE void compress_then_serialize_5_11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - compress_ea_d42(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_2e2(to_unsigned_representative_d4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3752,52 +3663,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); + compress_then_serialize_4_f8(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3815,7 +3685,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_881( +static void encrypt_unpacked_5a1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3823,7 +3693,7 @@ static void encrypt_unpacked_881( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3833,7 +3703,7 @@ static void encrypt_unpacked_881( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_991(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3844,28 +3714,28 @@ static void encrypt_unpacked_881( PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( + sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7b1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_bb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_321(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( + compress_then_serialize_u_7a1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( + compress_then_serialize_ring_element_v_07( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3889,7 +3759,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_981( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3916,7 +3786,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_5a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3926,7 +3796,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b1( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3947,19 +3817,13 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_121(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_021(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3967,12 +3831,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3984,7 +3848,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_b4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4009,10 +3873,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_de1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( + deserialize_ring_elements_reduced_bd3( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4053,9 +3917,9 @@ static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t result[1088U]; + encrypt_unpacked_5a1(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -4069,7 +3933,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_401(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -4095,11 +3959,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_231( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_121( + entropy_preprocess_af_021( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4109,7 +3973,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( size_t); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4123,19 +3987,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_de1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e51(shared_secret, shared_secret_array); + kdf_af_401(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4155,7 +4019,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e9(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_de(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4218,9 +4082,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d9( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e9(vector); + return decompress_ciphertext_coefficient_de(vector); } /** @@ -4230,8 +4094,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_f2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_10_6c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + LowStar_Ignore_ignore( + Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i), + size_t, void *); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -4239,7 +4108,7 @@ deserialize_then_decompress_10_f2(Eurydice_slice serialized) { serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d9(coefficient); } return re; } @@ -4251,7 +4120,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e90(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_de0(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4314,9 +4183,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d0( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d90( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e90(vector); + return decompress_ciphertext_coefficient_de0(vector); } /** @@ -4326,8 +4195,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_cb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_11_25(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4335,7 +4204,7 @@ deserialize_then_decompress_11_cb(Eurydice_slice serialized) { serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d90(coefficient); } return re; } @@ -4347,8 +4216,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_52(Eurydice_slice serialized) { - return deserialize_then_decompress_10_f2(serialized); +deserialize_then_decompress_ring_element_u_4c(Eurydice_slice serialized) { + return deserialize_then_decompress_10_6c(serialized); } /** @@ -4357,23 +4226,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_4b( +static KRML_MUSTINLINE void ntt_vector_u_21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_45(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_83(&zeta_i, re); + poly_barrett_reduce_20_94(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4382,12 +4247,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_331( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -4405,11 +4270,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_52(u_bytes); - ntt_vector_u_4b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_4c(u_bytes); + ntt_vector_u_21(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -4420,7 +4289,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e91(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_de1(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4483,9 +4352,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d1( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d91( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e91(vector); + return decompress_ciphertext_coefficient_de1(vector); } /** @@ -4495,8 +4364,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_5e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_4_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4504,7 +4373,7 @@ deserialize_then_decompress_4_5e(Eurydice_slice serialized) { serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_5d1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d91(coefficient); } return re; } @@ -4516,7 +4385,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_e92(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_de2(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4579,9 +4448,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_5d2( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d92( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_e92(vector); + return decompress_ciphertext_coefficient_de2(vector); } /** @@ -4591,8 +4460,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_43(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_5_08(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4600,7 +4469,7 @@ deserialize_then_decompress_5_43(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_5d2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_d92(re.coefficients[i0]); } return re; } @@ -4612,22 +4481,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_29(Eurydice_slice serialized) { - return deserialize_then_decompress_4_5e(serialized); +deserialize_then_decompress_ring_element_v_5e(Eurydice_slice serialized) { + return deserialize_then_decompress_4_f5(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_90(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4642,12 +4511,6 @@ subtract_reduce_89_fe(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4655,17 +4518,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_751( +compute_message_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_fe(v, result); + ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_871(&result, &product);); + invert_ntt_montgomery_8e1(&result); + result = subtract_reduce_20_90(v, result); return result; } @@ -4675,13 +4538,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_07( +static KRML_MUSTINLINE void compress_then_serialize_message_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re.coefficients[i0]); + to_unsigned_representative_d4(re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; @@ -4694,30 +4557,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_07( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4728,19 +4567,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_251( +static void decrypt_unpacked_991( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_331(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_29( + deserialize_then_decompress_ring_element_v_5e( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_751(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c11(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_07(message, ret0); + compress_then_serialize_message_5d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4791,11 +4630,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f41( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_251(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_991(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4824,7 +4663,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4835,11 +4674,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_5a1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4857,8 +4696,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_to_uncompressed_ring_element_7d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4869,21 +4708,18 @@ deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_051( +static KRML_MUSTINLINE void deserialize_secret_key_6b1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4895,11 +4731,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_051( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_c7(secret_bytes); + deserialize_to_uncompressed_ring_element_7d(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -4913,10 +4753,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_841(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_a61(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_051(secret_key, secret_as_ntt); + deserialize_secret_key_6b1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4927,9 +4767,9 @@ static void decrypt_841(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_251(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_991(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -4954,7 +4794,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_201( +void libcrux_ml_kem_ind_cca_decapsulate_4c1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4972,7 +4812,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_841(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_a61(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4994,7 +4834,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -5004,17 +4844,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_de1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e51(Eurydice_array_to_slice( + kdf_af_401(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e51(shared_secret0, shared_secret1); + kdf_af_401(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5025,12 +4865,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_201( memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5038,12 +4872,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5055,7 +4889,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_b4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5063,9 +4897,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5073,7 +4904,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_ae0( +static KRML_MUSTINLINE void serialize_secret_key_a80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -5091,16 +4922,15 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); + serialize_uncompressed_ring_element_d7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5109,21 +4939,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_d00( +static KRML_MUSTINLINE void serialize_public_key_370( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); + serialize_secret_key_a80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, (size_t)1536U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + uint8_t result[1568U]; + memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } /** @@ -5134,15 +4966,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_000(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( + deserialize_ring_elements_reduced_bd2( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_370( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -5186,7 +5018,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_b80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_20_d5();); } /** @@ -5489,7 +5321,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( int16_t s[272U]) { - return from_i16_array_89_10( + return from_i16_array_20_10( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5585,7 +5417,11 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( } ); - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U][4U]; + memcpy(result, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); } @@ -5653,10 +5489,6 @@ static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], PRFxN_1c1(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5665,11 +5497,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_700( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); + re_as_ntt[i] = ZERO_20_d5();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5684,37 +5516,33 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( PRFxN_a9_511(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( + re_as_ntt[i0] = sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; + tuple_71 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_970( +static KRML_MUSTINLINE void add_to_ring_element_20_870( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5729,23 +5557,20 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_f00( +static KRML_MUSTINLINE void compute_As_plus_e_bb0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); + result0[i] = ZERO_20_d5();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5766,57 +5591,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); + ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_870(&result0[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5825,7 +5613,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_6c0( +static tuple_54 generate_keypair_unpacked_750( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); @@ -5844,7 +5632,7 @@ static tuple_54 generate_keypair_unpacked_6c0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5856,10 +5644,10 @@ static tuple_54 generate_keypair_unpacked_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_700(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_bb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -5911,10 +5699,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_450( +static void closure_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_20_d5();); } /** @@ -5944,7 +5732,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_060( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5953,18 +5741,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_750(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_450(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_ce0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_75(&ind_cpa_public_key.A[j][i1]); + clone_3a_47(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5974,7 +5762,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b0( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_370( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6022,17 +5810,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_540( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_750(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_370( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_a80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6041,12 +5829,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -6056,7 +5844,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( +static KRML_MUSTINLINE void serialize_kem_secret_key_170( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -6111,7 +5899,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_3f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6120,13 +5908,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); + generate_keypair_540(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( + serialize_kem_secret_key_170( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6135,18 +5923,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_781(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_981( + uu____2, libcrux_ml_kem_types_from_07_201(copy_of_public_key)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6156,10 +5941,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_990(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); + error_1[i] = ZERO_20_d5();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6175,7 +5960,7 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( + sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6183,12 +5968,12 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; + tuple_71 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -6212,37 +5997,34 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( +static KRML_MUSTINLINE void invert_ntt_montgomery_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_62(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_8e(&zeta_i, re); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_94(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_000( +static KRML_MUSTINLINE void compute_vector_u_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); + result0[i] = ZERO_20_d5();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6262,20 +6044,21 @@ static KRML_MUSTINLINE void compute_vector_u_000( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); + ntt_multiply_20_41(a_element, &r_as_ntt[j]); + add_to_ring_element_20_870(&result0[i1], &product); } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_8e0(&result0[i1]); + add_error_reduce_20_44(&result0[i1], &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6283,18 +6066,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( +compute_ring_element_v_320( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_870(&result, &product);); + invert_ntt_montgomery_8e0(&result); + result = add_message_error_reduce_20_d5(error_2, message, result); return result; } @@ -6304,14 +6087,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( +static KRML_MUSTINLINE void compress_then_serialize_11_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_ea_d40(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_2e0(to_unsigned_representative_d4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6329,16 +6112,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_710( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); + compress_then_serialize_11_e60(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6348,7 +6128,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_840( +static void compress_then_serialize_u_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6364,7 +6144,7 @@ static void compress_then_serialize_u_840( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); + compress_then_serialize_ring_element_u_710(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -6377,52 +6157,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_070( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); + compress_then_serialize_5_11(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6440,7 +6179,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_880( +static void encrypt_unpacked_5a0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6448,7 +6187,7 @@ static void encrypt_unpacked_880( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6458,7 +6197,7 @@ static void encrypt_unpacked_880( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_990(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6469,28 +6208,28 @@ static void encrypt_unpacked_880( PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( + sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7b0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_bb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_320(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( + compress_then_serialize_u_7a0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( + compress_then_serialize_ring_element_v_070( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6514,7 +6253,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_980( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6541,7 +6280,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_5a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6551,7 +6290,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b0( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6572,19 +6311,13 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_120(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_020(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6592,12 +6325,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6609,7 +6342,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_b4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6634,10 +6367,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_de0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( + deserialize_ring_elements_reduced_bd1( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -6678,9 +6411,9 @@ static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_5a0(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } /** @@ -6694,7 +6427,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_400(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -6720,11 +6453,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_120( + entropy_preprocess_af_020( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6734,7 +6467,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( size_t); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6748,19 +6481,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_de0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e50(shared_secret, shared_secret_array); + kdf_af_400(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6780,8 +6513,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_520(Eurydice_slice serialized) { - return deserialize_then_decompress_11_cb(serialized); +deserialize_then_decompress_ring_element_u_4c0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_25(serialized); } /** @@ -6790,23 +6523,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_4b0( +static KRML_MUSTINLINE void ntt_vector_u_210( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_45(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_83(&zeta_i, re); + poly_barrett_reduce_20_94(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6815,12 +6544,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_330( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6838,11 +6567,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_520(u_bytes); - ntt_vector_u_4b0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_4c0(u_bytes); + ntt_vector_u_210(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -6853,16 +6586,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_290(Eurydice_slice serialized) { - return deserialize_then_decompress_5_43(serialized); +deserialize_then_decompress_ring_element_v_5e0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_08(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6870,44 +6597,20 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_750( +compute_message_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_fe(v, result); + ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_870(&result, &product);); + invert_ntt_montgomery_8e0(&result); + result = subtract_reduce_20_90(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6918,19 +6621,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_250( +static void decrypt_unpacked_990( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_330(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_290( + deserialize_then_decompress_ring_element_v_5e0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_750(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c10(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_07(message, ret0); + compress_then_serialize_message_5d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6969,12 +6672,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f40( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_250(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_990(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -7003,7 +6706,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -7014,11 +6717,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_5a0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7029,21 +6732,18 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_050( +static KRML_MUSTINLINE void deserialize_secret_key_6b0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7055,11 +6755,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_050( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_c7(secret_bytes); + deserialize_to_uncompressed_ring_element_7d(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -7073,10 +6777,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_840(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_a60(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_050(secret_key, secret_as_ntt); + deserialize_secret_key_6b0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -7087,9 +6791,9 @@ static void decrypt_840(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_250(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_990(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -7114,7 +6818,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_200( +void libcrux_ml_kem_ind_cca_decapsulate_4c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -7133,7 +6837,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_840(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_a60(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7155,7 +6859,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -7165,17 +6869,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_de0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e50(Eurydice_array_to_slice( + kdf_af_400(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e50(shared_secret0, shared_secret1); + kdf_af_400(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7186,12 +6890,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_200( memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7199,12 +6897,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7216,7 +6914,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_b4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7224,9 +6922,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7234,7 +6929,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_ae( +static KRML_MUSTINLINE void serialize_secret_key_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -7252,16 +6947,15 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); + serialize_uncompressed_ring_element_d7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7270,21 +6964,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_d0( +static KRML_MUSTINLINE void serialize_public_key_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); + serialize_secret_key_a8(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, (size_t)768U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + uint8_t result[800U]; + memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); } /** @@ -7295,15 +6991,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( + deserialize_ring_elements_reduced_bd0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_37( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -7347,7 +7043,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_20_d5();); } /** @@ -7638,7 +7334,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( int16_t s[272U]) { - return from_i16_array_89_10( + return from_i16_array_20_10( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7734,7 +7430,11 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( } ); - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U][2U]; + memcpy(result, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); } @@ -7803,14 +7503,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); +sample_from_binomial_distribution_92(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_92(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7819,11 +7515,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); + re_as_ntt[i] = ZERO_20_d5();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7838,37 +7534,33 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( PRFxN_a9_51(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( + re_as_ntt[i0] = sample_from_binomial_distribution_92( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; + tuple_74 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_97( +static KRML_MUSTINLINE void add_to_ring_element_20_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7883,23 +7575,20 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_f0( +static KRML_MUSTINLINE void compute_As_plus_e_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); + result0[i] = ZERO_20_d5();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7920,57 +7609,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); + ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_87(&result0[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7979,7 +7631,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_6c( +static tuple_4c generate_keypair_unpacked_75( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); @@ -7998,7 +7650,7 @@ static tuple_4c generate_keypair_unpacked_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8010,10 +7662,10 @@ static tuple_4c generate_keypair_unpacked_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_bb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -8065,10 +7717,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_45( +static void closure_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_20_d5();); } /** @@ -8098,7 +7750,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_06( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8107,18 +7759,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_75(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_45(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_ce(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_75(&ind_cpa_public_key.A[j][i1]); + clone_3a_47(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -8128,7 +7780,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7b( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_37( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -8176,17 +7828,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_54( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_75(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_37( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_a8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8195,12 +7847,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair512 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)800U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -8210,7 +7862,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( +static KRML_MUSTINLINE void serialize_kem_secret_key_17( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -8264,7 +7916,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_3f( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8274,13 +7926,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); + generate_keypair_54(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( + serialize_kem_secret_key_17( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8289,13 +7941,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_98( + uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); } /** @@ -8344,9 +7996,6 @@ static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], PRFxN_1c0(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8356,10 +8005,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_99(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); + error_1[i] = ZERO_20_d5();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8375,7 +8024,7 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( + sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8383,12 +8032,12 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; + tuple_74 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -8412,37 +8061,34 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( +static KRML_MUSTINLINE void invert_ntt_montgomery_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_62(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_8e(&zeta_i, re); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_94(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_00( +static KRML_MUSTINLINE void compute_vector_u_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); + result0[i] = ZERO_20_d5();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8462,20 +8108,21 @@ static KRML_MUSTINLINE void compute_vector_u_00( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); + ntt_multiply_20_41(a_element, &r_as_ntt[j]); + add_to_ring_element_20_87(&result0[i1], &product); } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_8e(&result0[i1]); + add_error_reduce_20_44(&result0[i1], &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8483,24 +8130,21 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( +compute_ring_element_v_32( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_87(&result, &product);); + invert_ntt_montgomery_8e(&result); + result = add_message_error_reduce_20_d5(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8510,7 +8154,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_84( +static void compress_then_serialize_u_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8526,53 +8170,12 @@ static void compress_then_serialize_u_84( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); + compress_then_serialize_ring_element_u_71(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8590,7 +8193,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_88( +static void encrypt_unpacked_5a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8598,7 +8201,7 @@ static void encrypt_unpacked_88( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -8608,7 +8211,7 @@ static void encrypt_unpacked_88( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_99(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8619,28 +8222,28 @@ static void encrypt_unpacked_88( PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( + sample_from_binomial_distribution_920( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_bb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_32(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( + compress_then_serialize_u_7a( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( + compress_then_serialize_ring_element_v_07( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8664,7 +8267,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8691,7 +8294,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8701,7 +8304,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_7b( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8722,19 +8325,13 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_12(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_02(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8742,12 +8339,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8759,7 +8356,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_b4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8784,10 +8381,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_de(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( + deserialize_ring_elements_reduced_bd( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8828,9 +8425,9 @@ static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + encrypt_unpacked_5a(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -8844,7 +8441,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_40(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -8870,11 +8467,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_12( + entropy_preprocess_af_02( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -8884,7 +8481,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( size_t); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8898,19 +8495,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_de(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e5(shared_secret, shared_secret_array); + kdf_af_40(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8923,10 +8520,6 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( return result; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8935,12 +8528,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( +static KRML_MUSTINLINE void deserialize_then_decompress_u_33( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8958,20 +8551,18 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_52(u_bytes); - ntt_vector_u_4b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_4c(u_bytes); + ntt_vector_u_21(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8979,44 +8570,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_75( +compute_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_fe(v, result); + ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_87(&result, &product);); + invert_ntt_montgomery_8e(&result); + result = subtract_reduce_20_90(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9027,19 +8594,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_25( +static void decrypt_unpacked_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); + deserialize_then_decompress_u_33(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_29( + deserialize_then_decompress_ring_element_v_5e( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_07(message, ret0); + compress_then_serialize_message_5d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9078,11 +8645,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_25(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_99(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -9111,7 +8678,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -9122,11 +8689,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_5a(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9137,21 +8704,18 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4b( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_05( +static KRML_MUSTINLINE void deserialize_secret_key_6b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_20_d5();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9163,11 +8727,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_05( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_c7(secret_bytes); + deserialize_to_uncompressed_ring_element_7d(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -9181,10 +8749,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_84(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_a6(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_05(secret_key, secret_as_ntt); + deserialize_secret_key_6b(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -9195,9 +8763,9 @@ static void decrypt_84(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_25(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_99(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -9222,7 +8790,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_20( +void libcrux_ml_kem_ind_cca_decapsulate_4c( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9240,7 +8808,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_84(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_a6(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9262,7 +8830,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -9272,16 +8840,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_20( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_de(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e5(Eurydice_array_to_slice((size_t)32U, + kdf_af_40(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e5(shared_secret0, shared_secret1); + kdf_af_40(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 9d7aa0ed7..963c96aad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 019effe21..d151aa78f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index e2979d8d5..6442f2b5f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index f2edc753e..774d09a15 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "internal/libcrux_mlkem_portable.h" @@ -2233,15 +2233,15 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,12 +2262,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2275,8 +2269,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_d4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2291,12 +2285,6 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2304,12 +2292,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2321,7 +2309,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2365,7 +2353,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_23( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = shift_right_0d_4b(a); @@ -2381,14 +2369,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_23(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2399,9 +2387,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2409,7 +2394,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2427,16 +2412,15 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_62(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2445,21 +2429,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_f91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_c11(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, (size_t)1536U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + uint8_t result[1568U]; + memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } /** @@ -2470,15 +2456,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_b91(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_cc4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_f91( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2523,7 +2509,7 @@ generics static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_20_39();); } /** @@ -2806,17 +2792,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_20_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2838,7 +2824,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_6b( + return from_i16_array_20_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2935,7 +2921,11 @@ static KRML_MUSTINLINE void sample_matrix_A_231( } ); - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U][4U]; + memcpy(result, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); + memcpy(ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); } @@ -3039,7 +3029,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_76(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3073,7 +3063,7 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b( + return from_i16_array_20_6b( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3084,7 +3074,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_e7(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3117,7 +3107,7 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b( + return from_i16_array_20_6b( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3128,8 +3118,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_91(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_76(randomness); } /** @@ -3138,7 +3128,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3166,7 +3156,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3180,12 +3170,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_99(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3199,7 +3189,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_e5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3212,7 +3202,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_9f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3229,7 +3219,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3247,7 +3237,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_cf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3267,7 +3257,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3287,15 +3277,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_20_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3313,23 +3303,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_62(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_e0(&zeta_i, re); + poly_barrett_reduce_20_fd(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3339,11 +3325,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_531( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_20_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3358,63 +3344,36 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( + re_as_ntt[i0] = sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_710 lit; + tuple_710 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_64(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3437,21 +3396,17 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_20_521( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3476,7 +3431,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3484,22 +3439,22 @@ to_standard_domain_3e( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_20_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_0c(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3508,23 +3463,20 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_971( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3545,57 +3497,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_521(&result0[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3605,7 +3520,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_f61( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); @@ -3624,7 +3539,7 @@ static tuple_540 generate_keypair_unpacked_f41( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3636,10 +3551,10 @@ static tuple_540 generate_keypair_unpacked_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_531(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_971(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -3692,23 +3607,23 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_9d1( +static void closure_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_20_39();); } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_1e( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3749,7 +3664,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3758,18 +3673,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f61(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_9d1(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_951(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_1e(&ind_cpa_public_key.A[j][i1]); + clone_3a_c4(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3779,7 +3694,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_481( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_f91( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -3828,17 +3743,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_801( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f61(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_f91( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_c11(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3847,12 +3762,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -3862,7 +3777,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_e8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3918,7 +3833,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_bb1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3927,13 +3842,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_801(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( + serialize_kem_secret_key_e8( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3942,18 +3857,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a71(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_781(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c91( - uu____2, libcrux_ml_kem_types_from_07_4c1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_981( + uu____2, libcrux_ml_kem_types_from_07_201(copy_of_public_key)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3964,10 +3876,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_561(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_20_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3983,7 +3895,7 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( + sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3991,12 +3903,12 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_710 lit; + tuple_710 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -4032,7 +3944,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4056,7 +3968,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_c5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4076,7 +3988,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4096,7 +4008,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4104,7 +4016,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_99(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4116,7 +4028,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4131,7 +4043,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_2c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4148,31 +4060,31 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_031( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_a0(&zeta_i, re); + invert_ntt_at_layer_2_c5(&zeta_i, re); + invert_ntt_at_layer_3_a6(&zeta_i, re); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_fd(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4190,23 +4102,20 @@ static KRML_MUSTINLINE void add_error_reduce_89_08( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_031( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4226,12 +4135,16 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_20_64(a_element, &r_as_ntt[j]); + add_to_ring_element_20_521(&result0[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_031(&result0[i1]); + add_error_reduce_20_a1(&result0[i1], &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4244,7 +4157,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_8a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4258,8 +4171,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_24(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4269,23 +4182,23 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_8a(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_20_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4308,9 +4221,6 @@ add_message_error_reduce_89_8b( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4318,18 +4228,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_5a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_521(&result, &product);); + invert_ntt_montgomery_031(&result); + result = add_message_error_reduce_20_41(error_2, message, result); return result; } @@ -4403,14 +4313,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_420( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_23(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4428,16 +4338,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_210( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_420(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4447,7 +4354,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4463,7 +4370,7 @@ static void compress_then_serialize_u_241( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_210(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4507,14 +4414,16 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_23(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4562,14 +4471,16 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_23(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4586,52 +4497,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_eb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_7e(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4650,7 +4520,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_5b1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4658,7 +4528,7 @@ static void encrypt_unpacked_6c1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4668,7 +4538,7 @@ static void encrypt_unpacked_6c1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_561(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4679,28 +4549,28 @@ static void encrypt_unpacked_6c1( PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( + sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_031(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_24(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_5a1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( + compress_then_serialize_u_e61( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( + compress_then_serialize_ring_element_v_eb0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4725,7 +4595,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_331( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4752,7 +4622,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_5b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4762,7 +4632,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_841( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4783,19 +4653,13 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_3d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_62(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4803,12 +4667,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4820,7 +4684,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4846,10 +4710,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0c1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( + deserialize_ring_elements_reduced_cc3( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4890,9 +4754,9 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_5b1(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } /** @@ -4906,7 +4770,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c6(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -4932,11 +4796,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_3d( + entropy_preprocess_af_62( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4946,7 +4810,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( size_t); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4960,19 +4824,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_f21(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ef(shared_secret, shared_secret_array); + kdf_af_c6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5029,8 +4893,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_fc(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_21(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); + LowStar_Ignore_ignore( + Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)16U, re.coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + size_t, void *); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -5089,8 +4960,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_ba(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_94(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -5112,8 +4983,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_980(Eurydice_slice serialized) { - return deserialize_then_decompress_11_ba(serialized); +deserialize_then_decompress_ring_element_u_b20(Eurydice_slice serialized) { + return deserialize_then_decompress_11_94(serialized); } /** @@ -5122,23 +4993,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_7a0( +static KRML_MUSTINLINE void ntt_vector_u_8f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_e0(&zeta_i, re); + poly_barrett_reduce_20_fd(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5147,12 +5014,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_e51( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5170,11 +5037,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_980(u_bytes); - ntt_vector_u_7a0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_b20(u_bytes); + ntt_vector_u_8f0(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -5222,8 +5093,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_8f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_02(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5282,8 +5153,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_04(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_d8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5305,22 +5176,22 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_df0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_04(serialized); +deserialize_then_decompress_ring_element_v_0a0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_d8(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_70(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_d0(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5338,12 +5209,6 @@ subtract_reduce_89_70(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5351,17 +5216,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ff1( +compute_message_3e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_70(v, result); + ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_521(&result, &product);); + invert_ntt_montgomery_031(&result); + result = subtract_reduce_20_d0(v, result); return result; } @@ -5371,13 +5236,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_c1( +static KRML_MUSTINLINE void compress_then_serialize_message_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_23(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5391,30 +5256,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_c1( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5425,19 +5266,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_5d1( +static void decrypt_unpacked_741( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_af1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_e51(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_df0( + deserialize_then_decompress_ring_element_v_0a0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ff1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3e1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_c1(message, ret0); + compress_then_serialize_message_dd(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5489,12 +5330,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_5d1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_741(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5523,7 +5364,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5534,11 +5375,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_5b1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5556,8 +5397,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_43(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5570,21 +5411,18 @@ deserialize_to_uncompressed_ring_element_53(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_591( +static KRML_MUSTINLINE void deserialize_secret_key_381( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5596,11 +5434,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_591( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_53(secret_bytes); + deserialize_to_uncompressed_ring_element_43(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -5614,10 +5456,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_671(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_da1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_591(secret_key, secret_as_ntt); + deserialize_secret_key_381(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5628,9 +5470,9 @@ static void decrypt_671(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_5d1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_741(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5655,7 +5497,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_e31( +void libcrux_ml_kem_ind_cca_decapsulate_111( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5674,7 +5516,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_671(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_da1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5696,7 +5538,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5706,17 +5548,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0c1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ef(Eurydice_array_to_slice((size_t)32U, + kdf_af_c6(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_ef(shared_secret0, shared_secret1); + kdf_af_c6(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_711(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5727,12 +5569,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_e31( memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5740,12 +5576,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5757,7 +5593,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5765,9 +5601,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5775,7 +5608,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5793,16 +5626,15 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_62(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5811,21 +5643,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_f90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_c10(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, (size_t)768U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + uint8_t result[800U]; + memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); } /** @@ -5836,15 +5670,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_b90(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_cc2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_f90( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5889,7 +5723,7 @@ generics static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_20_39();); } /** @@ -6179,7 +6013,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_6b( + return from_i16_array_20_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6276,7 +6110,11 @@ static KRML_MUSTINLINE void sample_matrix_A_230( } ); - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U][2U]; + memcpy(result, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); + memcpy(ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); } @@ -6331,14 +6169,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_910(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_e7(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6348,11 +6182,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_530( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_20_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6367,37 +6201,33 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( + re_as_ntt[i0] = sample_from_binomial_distribution_910( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_740 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_20_520( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6415,23 +6245,20 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_970( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6452,57 +6279,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_520(&result0[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6512,7 +6302,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c0 generate_keypair_unpacked_f60( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); @@ -6531,7 +6321,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6543,10 +6333,10 @@ static tuple_4c0 generate_keypair_unpacked_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_530(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_970(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -6599,10 +6389,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_9d0( +static void closure_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_20_39();); } /** @@ -6633,7 +6423,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6642,18 +6432,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f60(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_9d0(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_950(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_1e(&ind_cpa_public_key.A[j][i1]); + clone_3a_c4(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6663,7 +6453,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_480( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_f90( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6712,17 +6502,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_800( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f60(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_f90( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_c10(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6731,12 +6521,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair512 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)800U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -6746,7 +6536,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_59( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6802,7 +6592,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_bb0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6811,13 +6601,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_800(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( + serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6826,13 +6616,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_98( + uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); } /** @@ -6867,9 +6657,6 @@ static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], PRFxN_1d1(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6880,10 +6667,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_560(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_20_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6899,7 +6686,7 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( + sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6907,12 +6694,12 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_740 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -6936,37 +6723,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_030( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_a0(&zeta_i, re); + invert_ntt_at_layer_2_c5(&zeta_i, re); + invert_ntt_at_layer_3_a6(&zeta_i, re); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_fd(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_030( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6986,20 +6770,21 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_20_64(a_element, &r_as_ntt[j]); + add_to_ring_element_20_520(&result0[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_030(&result0[i1]); + add_error_reduce_20_a1(&result0[i1], &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7007,18 +6792,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_5a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_520(&result, &product);); + invert_ntt_montgomery_030(&result); + result = add_message_error_reduce_20_41(error_2, message, result); return result; } @@ -7028,14 +6813,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_23(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -7053,16 +6838,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_e8(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7072,7 +6854,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7088,7 +6870,7 @@ static void compress_then_serialize_u_240( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_21(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7101,52 +6883,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_8c(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7165,7 +6906,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_5b0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7173,7 +6914,7 @@ static void encrypt_unpacked_6c0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7183,7 +6924,7 @@ static void encrypt_unpacked_6c0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_560(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7194,28 +6935,28 @@ static void encrypt_unpacked_6c0( PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( + sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_030(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_24(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_5a0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_e60( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_eb( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7240,7 +6981,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_330( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7267,7 +7008,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_5b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7277,7 +7018,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_840( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7298,19 +7039,13 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_f4(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_27(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7318,12 +7053,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7335,7 +7070,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7361,10 +7096,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0c0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( + deserialize_ring_elements_reduced_cc1( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7405,9 +7140,9 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + encrypt_unpacked_5b0(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -7421,7 +7156,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_f5(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_da(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7447,11 +7182,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_f4( + entropy_preprocess_af_27( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -7461,7 +7196,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( size_t); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7475,19 +7210,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_f5(shared_secret, shared_secret_array); + kdf_af_da(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7507,8 +7242,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_98(Eurydice_slice serialized) { - return deserialize_then_decompress_10_fc(serialized); +deserialize_then_decompress_ring_element_u_b2(Eurydice_slice serialized) { + return deserialize_then_decompress_10_21(serialized); } /** @@ -7517,23 +7252,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_7a( +static KRML_MUSTINLINE void ntt_vector_u_8f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_e0(&zeta_i, re); + poly_barrett_reduce_20_fd(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7542,12 +7273,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_e50( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7565,11 +7296,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_98(u_bytes); - ntt_vector_u_7a(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_b2(u_bytes); + ntt_vector_u_8f(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -7580,16 +7315,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_df(Eurydice_slice serialized) { - return deserialize_then_decompress_4_8f(serialized); +deserialize_then_decompress_ring_element_v_0a(Eurydice_slice serialized) { + return deserialize_then_decompress_4_02(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7597,44 +7326,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ff0( +compute_message_3e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_70(v, result); + ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_520(&result, &product);); + invert_ntt_montgomery_030(&result); + result = subtract_reduce_20_d0(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7645,19 +7350,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_5d0( +static void decrypt_unpacked_740( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_af0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_e50(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_df( + deserialize_then_decompress_ring_element_v_0a( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ff0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3e0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_c1(message, ret0); + compress_then_serialize_message_dd(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7697,11 +7402,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_5d0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_740(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -7730,7 +7435,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7741,11 +7446,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_5b0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7756,21 +7461,18 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_590( +static KRML_MUSTINLINE void deserialize_secret_key_380( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7782,11 +7484,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_590( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_53(secret_bytes); + deserialize_to_uncompressed_ring_element_43(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -7800,10 +7506,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_670(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_da0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_590(secret_key, secret_as_ntt); + deserialize_secret_key_380(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7814,9 +7520,9 @@ static void decrypt_670(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_5d0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_740(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -7841,7 +7547,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_e30( +void libcrux_ml_kem_ind_cca_decapsulate_110( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7859,7 +7565,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_670(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_da0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7881,7 +7587,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7891,17 +7597,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0c0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f5(Eurydice_array_to_slice((size_t)32U, + kdf_af_da(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_f5(shared_secret0, shared_secret1); + kdf_af_da(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_71(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7912,12 +7618,6 @@ void libcrux_ml_kem_ind_cca_decapsulate_e30( memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7925,12 +7625,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7942,7 +7642,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7950,9 +7650,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7960,7 +7657,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7978,16 +7675,15 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_62(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7996,21 +7692,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_c1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, (size_t)1152U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + uint8_t result[1184U]; + memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); } /** @@ -8021,15 +7719,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_b9(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_cc0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_f9( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -8074,7 +7772,7 @@ generics static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_20_39();); } /** @@ -8364,7 +8062,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_6b( + return from_i16_array_20_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8461,7 +8159,11 @@ static KRML_MUSTINLINE void sample_matrix_A_23( } ); - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; + memcpy(result, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + memcpy(ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } @@ -8509,10 +8211,6 @@ static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], PRFxN_1d(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8522,11 +8220,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_53( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_20_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8541,37 +8239,33 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( + re_as_ntt[i0] = sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b0 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_20_52( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8589,23 +8283,20 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8626,57 +8317,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_52(&result0[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8686,7 +8340,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_f6( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); @@ -8705,7 +8359,7 @@ static tuple_9b generate_keypair_unpacked_f4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8717,10 +8371,10 @@ static tuple_9b generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_53(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_97(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -8773,10 +8427,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_9d( +static void closure_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_20_39();); } /** @@ -8807,7 +8461,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8816,18 +8470,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f6(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_9d(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_95(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_1e(&ind_cpa_public_key.A[j][i1]); + clone_3a_c4(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8837,7 +8491,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_48( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_f9( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -8886,17 +8540,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_80( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f6(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_f9( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_c1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8905,12 +8559,12 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -8920,7 +8574,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_32( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8976,7 +8630,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8985,13 +8639,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_32( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -9000,18 +8654,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a70(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_780(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c90( - uu____2, libcrux_ml_kem_types_from_07_4c0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_980( + uu____2, libcrux_ml_kem_types_from_07_200(copy_of_public_key)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9022,10 +8673,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_56(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_20_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9041,7 +8692,7 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( + sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -9049,12 +8700,12 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b0 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -9078,37 +8729,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_a0(&zeta_i, re); + invert_ntt_at_layer_2_c5(&zeta_i, re); + invert_ntt_at_layer_3_a6(&zeta_i, re); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_fd(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -9128,20 +8776,21 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_20_64(a_element, &r_as_ntt[j]); + add_to_ring_element_20_52(&result0[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_03(&result0[i1]); + add_error_reduce_20_a1(&result0[i1], &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9149,24 +8798,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_52(&result, &product);); + invert_ntt_montgomery_03(&result); + result = add_message_error_reduce_20_41(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9176,7 +8822,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9192,53 +8838,12 @@ static void compress_then_serialize_u_24( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_21(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9257,7 +8862,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_5b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -9265,7 +8870,7 @@ static void encrypt_unpacked_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9275,7 +8880,7 @@ static void encrypt_unpacked_6c( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_56(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9286,28 +8891,28 @@ static void encrypt_unpacked_6c( PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( + sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_03(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_24(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_5a(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_e6( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_eb( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9332,7 +8937,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_33( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -9359,7 +8964,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_5b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -9369,7 +8974,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_84( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9390,19 +8995,13 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_56(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_48(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9410,12 +9009,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9427,7 +9026,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9453,10 +9052,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0c(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( + deserialize_ring_elements_reduced_cc( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -9497,9 +9096,9 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t result[1088U]; + encrypt_unpacked_5b(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -9513,7 +9112,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_27(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4f(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -9539,11 +9138,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_56( + entropy_preprocess_af_48( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -9553,7 +9152,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( size_t); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9567,19 +9166,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f20(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_27(shared_secret, shared_secret_array); + kdf_af_4f(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9592,10 +9191,6 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( return result; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9604,12 +9199,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_af( +static KRML_MUSTINLINE void deserialize_then_decompress_u_e5( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9627,20 +9222,18 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_af( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_98(u_bytes); - ntt_vector_u_7a(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_b2(u_bytes); + ntt_vector_u_8f(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9648,44 +9241,20 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_ff( +compute_message_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_70(v, result); + ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_52(&result, &product);); + invert_ntt_montgomery_03(&result); + result = subtract_reduce_20_d0(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9696,19 +9265,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_5d( +static void decrypt_unpacked_74( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_af(ciphertext, u_as_ntt); + deserialize_then_decompress_u_e5(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_df( + deserialize_then_decompress_ring_element_v_0a( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_ff(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_c1(message, ret0); + compress_then_serialize_message_dd(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9748,11 +9317,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_5d(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_74(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -9781,7 +9350,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9792,11 +9361,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_5b(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9807,21 +9376,18 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_5e( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_59( +static KRML_MUSTINLINE void deserialize_secret_key_38( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9833,11 +9399,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_59( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_53(secret_bytes); + deserialize_to_uncompressed_ring_element_43(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -9851,10 +9421,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_67(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_da(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_59(secret_key, secret_as_ntt); + deserialize_secret_key_38(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9865,9 +9435,9 @@ static void decrypt_67(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_5d(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_74(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -9892,7 +9462,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_e3( +void libcrux_ml_kem_ind_cca_decapsulate_11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9910,7 +9480,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_67(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_da(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9932,7 +9502,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9942,16 +9512,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_e3( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_0c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_27(Eurydice_array_to_slice((size_t)32U, + kdf_af_4f(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_27(shared_secret0, shared_secret1); + kdf_af_4f(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_710(ciphertext), + libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6cd386f96..16cbe510c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 0fe581b92..2bd853b1a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index fb35528f9..a2e17abf4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2f398d999..ed68d6fef 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 6a597aa5c..b911015cf 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index c40d397e5..985cbc98b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f399cf819..b8faad9b4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 8f2f9d27d..ad21f1c33 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 0576bfc67e99aae86c51930421072688138b672b Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a +Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 9b9fa652e..0b8e3ec85 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_63( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_94( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_4c(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_20(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -270,7 +270,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_98(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -286,7 +286,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_a7(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_78(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -316,7 +316,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_f5(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_25(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -333,7 +333,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_50( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -419,7 +419,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_9f( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_74( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index f9f0d6642..1f16e2f71 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 787bb8e41..87aa6911c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem768_avx2_H @@ -1344,17 +1344,17 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { +libcrux_ml_kem_polynomial_ZERO_20_d5(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1383,8 +1383,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_e1(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_52(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** @@ -1395,10 +1395,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1409,9 +1409,6 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1419,12 +1416,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_db( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1437,12 +1434,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_67( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2d( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1466,8 +1467,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_8d(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** @@ -1478,7 +1479,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1544,9 +1545,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b7( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f4( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c( vector); } @@ -1558,10 +1559,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_95( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); + LowStar_Ignore_ignore( + Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i), + size_t, void *); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -1570,7 +1576,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b7( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b( coefficient); } return re; @@ -1584,7 +1590,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f40( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c0( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1650,9 +1656,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b70( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b0( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f40( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c0( vector); } @@ -1664,10 +1670,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_07( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_f5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1676,7 +1682,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_07( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b70( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b0( coefficient); } return re; @@ -1690,9 +1696,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6b( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3f(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_95(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1708,7 +1714,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1721,11 +1727,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1739,7 +1745,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1752,7 +1758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -1770,7 +1776,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_45( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1789,7 +1795,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1811,7 +1817,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_83( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1832,16 +1838,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1858,27 +1864,23 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_45(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1889,12 +1891,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1914,12 +1916,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ba( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6b( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_41(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1931,7 +1937,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f41( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c1( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1997,9 +2003,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b71( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b1( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f41( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c1( vector); } @@ -2011,10 +2017,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_11( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2023,7 +2029,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b71( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b1( coefficient); } return re; @@ -2037,7 +2043,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f42( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c2( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2103,9 +2109,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b2( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_f42( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c2( vector); } @@ -2117,10 +2123,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_00( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -2128,7 +2134,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_62( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_b72( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b2( re.coefficients[i0]); } return re; @@ -2142,55 +2148,28 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_29( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ba(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_11(serialized); } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( +libcrux_ml_kem_polynomial_ntt_multiply_20_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2211,22 +2190,18 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_48( return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2248,7 +2223,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_62( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2275,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2298,7 +2273,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2319,14 +2294,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_75( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2339,7 +2314,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2354,7 +2329,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_75( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2372,37 +2347,37 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_62(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8e(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_8d( +libcrux_ml_kem_polynomial_subtract_reduce_20_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2418,12 +2393,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_8d( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2432,21 +2401,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_72( +libcrux_ml_kem_matrix_compute_message_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_8d(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_86(v, result); return result; } @@ -2457,7 +2426,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1a( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7a( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2474,9 +2443,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_eb( +libcrux_ml_kem_vector_avx2_shift_right_ea_3e( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1a(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7a(vector); } /** @@ -2487,10 +2456,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( +libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_eb(a); + libcrux_ml_kem_vector_avx2_shift_right_ea_3e(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2505,13 +2474,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_77( +libcrux_ml_kem_serialize_compress_then_serialize_message_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); @@ -2525,30 +2494,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_77( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2560,20 +2505,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ac(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_29( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_72(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_6d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_77(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2588,11 +2533,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_1d(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_fe(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_67(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_db(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2603,10 +2548,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_1d(Eurydice_slice secret_key, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b(&secret_key_unpacked, ciphertext, + result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -2663,17 +2608,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_00( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2682,10 +2621,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2699,12 +2638,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2714,12 +2647,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2732,7 +2665,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( ring_element); deserialized_pk[i0] = uu____0; } @@ -2750,7 +2683,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** @@ -2763,7 +2696,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } } @@ -3082,19 +3015,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_10(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3114,7 +3047,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( + return libcrux_ml_kem_polynomial_from_i16_array_20_10( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3221,7 +3154,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( } } } - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; + memcpy(result, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } @@ -3260,8 +3197,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_84(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** @@ -3372,7 +3309,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_25( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3407,7 +3344,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10( + return libcrux_ml_kem_polynomial_from_i16_array_20_10( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3419,7 +3356,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_92( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3453,7 +3390,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10( + return libcrux_ml_kem_polynomial_from_i16_array_20_10( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3465,9 +3402,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_25( randomness); } @@ -3478,7 +3415,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3501,26 +3438,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_48( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_64(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_45(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3531,11 +3464,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3554,21 +3487,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b00 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -3581,13 +3514,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_9a(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3598,11 +3528,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3621,7 +3551,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3630,12 +3560,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; + tuple_b00 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -3676,22 +3606,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_vector_u_closure_b9(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3706,9 +3636,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3716,14 +3643,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3744,13 +3671,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_41(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_44(&result0[i1], + &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -3764,7 +3696,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { +libcrux_ml_kem_vector_traits_decompress_1_0c(core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3779,10 +3711,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_bb( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3790,24 +3722,24 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_0c(coefficient_compressed); } return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3827,9 +3759,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3838,22 +3767,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( +libcrux_ml_kem_matrix_compute_ring_element_v_32( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_d5( error_2, message, result); return result; } @@ -3866,7 +3795,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3934,8 +3863,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_1d(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b( +libcrux_ml_kem_vector_avx2_compress_ea_c0(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( vector); } @@ -3947,15 +3876,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( +libcrux_ml_kem_serialize_compress_then_serialize_10_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_1d( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_c0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3975,7 +3904,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4043,8 +3972,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_1d0(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b0( +libcrux_ml_kem_vector_avx2_compress_ea_c00(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( vector); } @@ -4056,15 +3985,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( +libcrux_ml_kem_serialize_compress_then_serialize_11_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_1d0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_c00( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -4085,16 +4014,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_fd(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4105,7 +4031,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4121,7 +4047,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_71(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4136,7 +4062,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4204,8 +4130,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_1d1(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b1( +libcrux_ml_kem_vector_avx2_compress_ea_c01(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( vector); } @@ -4217,15 +4143,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( +libcrux_ml_kem_serialize_compress_then_serialize_4_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_1d1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_c01( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -4244,7 +4172,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4312,8 +4240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_1d2(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7b2( +libcrux_ml_kem_vector_avx2_compress_ea_c02(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( vector); } @@ -4325,15 +4253,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( +libcrux_ml_kem_serialize_compress_then_serialize_5_11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_1d2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_avx2_compress_ea_c02( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -4353,52 +4283,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f8(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4417,7 +4306,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4425,7 +4314,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4435,7 +4324,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4447,30 +4336,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_7b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_bb( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_matrix_compute_ring_element_v_32( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_7a( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_07( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4494,12 +4383,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_de(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4540,10 +4429,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t result[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a(uu____3, copy_of_message, + randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -4558,7 +4447,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_5a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -4589,7 +4478,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_01( +static inline void libcrux_ml_kem_ind_cca_decapsulate_c8( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4607,7 +4496,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_1d(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_fe(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4631,7 +4520,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -4642,18 +4531,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_01( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_de(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca( + libcrux_ml_kem_ind_cca_kdf_43_5a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_5a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + libcrux_ml_kem_types_as_ref_ba_74(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4685,10 +4574,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_c9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_01(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c8(private_key, ciphertext, ret); } /** @@ -4702,7 +4591,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_d8(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_c9(private_key, ciphertext, ret); } @@ -4762,11 +4651,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_c6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4796,7 +4685,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -4808,11 +4697,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + libcrux_ml_kem_types_as_ref_ba_74(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4849,10 +4738,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_c9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b6(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_c6(key_pair, ciphertext, ret); } @@ -4867,7 +4756,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_67( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_c9( private_key, ciphertext, ret); } @@ -4882,7 +4771,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_dd( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4924,11 +4813,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_a6( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_dd( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4939,7 +4828,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4954,20 +4843,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_de(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_5a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5000,14 +4889,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_3c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -5025,7 +4914,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_fa( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_3c( uu____0, copy_of_randomness); } @@ -5048,7 +4937,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_96( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5076,7 +4965,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5086,7 +4975,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5120,7 +5009,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_e7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5128,7 +5017,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a9( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_96( uu____0, copy_of_randomness); } @@ -5149,7 +5038,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_50( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_e7( uu____0, copy_of_randomness); } @@ -5174,8 +5063,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_1f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** @@ -5186,7 +5075,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( +libcrux_ml_kem_vector_traits_to_standard_domain_f0( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5194,24 +5083,24 @@ libcrux_ml_kem_vector_traits_to_standard_domain_42( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( + libcrux_ml_kem_vector_traits_to_standard_domain_f0( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -5219,9 +5108,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5229,14 +5115,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5258,60 +5144,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a5( + &result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5321,7 +5170,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); @@ -5340,7 +5189,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5353,12 +5202,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_bb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5406,14 +5255,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); @@ -5425,9 +5274,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5436,7 +5282,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5454,16 +5300,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_d7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5473,21 +5318,23 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_a8(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, (size_t)1152U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + uint8_t result[1184U]; + memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); } /** @@ -5503,17 +5350,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_54(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_a8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5523,12 +5370,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -5539,7 +5386,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_17( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5595,7 +5442,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_3f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5604,13 +5451,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_54(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_17( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5619,13 +5466,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_98( + uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); } /** @@ -5641,12 +5488,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c4( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_3f(copy_of_randomness); } /** @@ -5658,7 +5505,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_cb( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c4( copy_of_randomness); } @@ -5677,9 +5524,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_c6( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_35( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } /** @@ -5697,26 +5544,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b5( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_df( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_60( +libcrux_ml_kem_polynomial_clone_3a_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5742,7 +5589,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5751,7 +5598,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5759,7 +5606,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_b5(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_df(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5767,7 +5614,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_77(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5779,7 +5626,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5834,12 +5681,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_8f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_6e( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( copy_of_randomness); } @@ -5853,7 +5700,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_0b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_8f( copy_of_randomness); } @@ -5869,7 +5716,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_14( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_64( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5880,7 +5727,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_14( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_63(ciphertext), + libcrux_ml_kem_types_as_slice_a8_94(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5914,7 +5761,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_010( +static inline void libcrux_ml_kem_ind_cca_decapsulate_c80( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5932,7 +5779,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_1d(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_fe(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5956,7 +5803,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -5967,18 +5814,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_010( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_de(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_14( + libcrux_ml_kem_ind_cca_kdf_6c_64( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_64(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + libcrux_ml_kem_types_as_ref_ba_74(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6014,10 +5861,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_58( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_010(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c80(private_key, ciphertext, ret); } /** @@ -6031,7 +5878,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_80( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_58( private_key, ciphertext, ret); } @@ -6046,7 +5893,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); } @@ -6071,11 +5918,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_b6( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6086,7 +5933,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6101,20 +5948,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_de(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_14(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_64(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6150,14 +5997,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_17( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -6175,7 +6022,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e6( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_17( uu____0, copy_of_randomness); } @@ -6188,17 +6035,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_000( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_20_d5(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6208,12 +6049,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -6226,7 +6067,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( ring_element); deserialized_pk[i0] = uu____0; } @@ -6244,16 +6085,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_00( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_37( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6272,9 +6113,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_25( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key); } /** @@ -6287,7 +6128,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fe( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_25( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3a4cb9119..1ee9f6de1 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_mlkem768_portable_H @@ -2437,16 +2437,16 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_20_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2474,8 +2474,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_fc(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_00(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** @@ -2485,10 +2485,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2501,21 +2501,18 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2528,12 +2525,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_9c( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a7( secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2556,8 +2557,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ef(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_20(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** @@ -2605,10 +2606,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_e5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); + LowStar_Ignore_ignore( + Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)16U, re.coefficients, + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + size_t, void *); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -2669,10 +2677,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_98( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_a2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2695,9 +2703,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_8e( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ff(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_e5(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +2720,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +2734,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +2753,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +2766,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +2783,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,7 +2803,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2817,7 +2825,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2839,15 +2847,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2865,27 +2873,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2895,12 +2899,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_74( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2920,12 +2924,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d2( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_8e( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_de(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_7a(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2974,10 +2982,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_47( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_8b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3038,10 +3046,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_c0( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_a5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3064,54 +3072,27 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_3e( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_47(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_8b(serialized); } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_20_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3134,21 +3115,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_d5( return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_52( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3172,7 +3149,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3198,7 +3175,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3220,7 +3197,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3242,7 +3219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_2c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3250,7 +3227,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3263,7 +3240,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3278,7 +3255,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_2c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3295,36 +3272,36 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a0(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c5(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_78( +libcrux_ml_kem_polynomial_subtract_reduce_20_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3343,12 +3320,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_78( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3356,21 +3327,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_15( +libcrux_ml_kem_matrix_compute_message_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_78(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_17(v, result); return result; } @@ -3412,7 +3383,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_23( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); @@ -3429,13 +3400,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_66( +libcrux_ml_kem_serialize_compress_then_serialize_message_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_23( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3451,30 +3422,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_66( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3485,20 +3432,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_d3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_72(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_74(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_97( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_3e( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_15(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a6(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_66(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3512,11 +3459,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_06(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_28(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_7e(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_5d(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3527,10 +3474,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_06(Eurydice_slice secret_key, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_34(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + libcrux_ml_kem_ind_cpa_decrypt_unpacked_d3(&secret_key_unpacked, ciphertext, + result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -3583,17 +3530,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_df( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_20_39(); } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3601,10 +3542,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3619,12 +3560,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3633,12 +3568,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3651,7 +3586,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( ring_element); deserialized_pk[i0] = uu____0; } @@ -3669,7 +3604,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** @@ -3682,7 +3617,7 @@ generics static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } } @@ -3990,18 +3925,18 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_6b(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4023,7 +3958,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + return libcrux_ml_kem_polynomial_from_i16_array_20_6b( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4130,7 +4065,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( } } } - memcpy(ret, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; + memcpy(result, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + memcpy(ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } @@ -4169,8 +4108,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_fc(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** @@ -4262,7 +4201,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_76( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4297,7 +4236,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + return libcrux_ml_kem_polynomial_from_i16_array_20_6b( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4308,7 +4247,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_e7( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4342,7 +4281,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( + return libcrux_ml_kem_polynomial_from_i16_array_20_6b( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4353,9 +4292,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_76( randomness); } @@ -4365,7 +4304,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4388,26 +4327,22 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_62(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4418,11 +4353,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4441,21 +4376,21 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b0 result; memcpy( - lit.fst, copy_of_re_as_ntt, + result.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -4468,13 +4403,10 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_e6(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_39(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4485,11 +4417,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_56(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4508,7 +4440,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4517,12 +4449,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_b0 lit; + tuple_b0 result; memcpy( - lit.fst, copy_of_error_1, + result.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - lit.snd = domain_separator; - return lit; + result.snd = domain_separator; + return result; } /** @@ -4560,21 +4492,21 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_37(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4592,23 +4524,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4629,13 +4558,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_64(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_a1(&result0[i1], + &error_1[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4648,7 +4582,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_8a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4663,10 +4597,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_24( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4676,7 +4610,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_8a(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4684,16 +4618,16 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4716,9 +4650,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4726,22 +4657,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_20_39(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_41( error_2, message, result); return result; } @@ -4787,7 +4718,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4795,7 +4726,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_3b( size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_23( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4848,7 +4779,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4856,7 +4787,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_e1( size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_23( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4876,16 +4807,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_e8(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4895,7 +4823,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4911,7 +4839,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_21(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4959,15 +4887,17 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_23( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -5019,15 +4949,17 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_23( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -5046,52 +4978,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_8c(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5110,7 +5001,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5118,7 +5009,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5128,7 +5019,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_56( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5140,30 +5031,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_03(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_24( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_5a( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_eb( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5187,12 +5078,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_0c(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5233,10 +5124,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + uint8_t result[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b(uu____3, copy_of_message, + randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -5250,7 +5141,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_02( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -5280,7 +5171,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( +static inline void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5298,7 +5189,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_06(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_28(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5322,7 +5213,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -5333,18 +5224,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c4( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_02( + libcrux_ml_kem_ind_cca_kdf_43_0a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + libcrux_ml_kem_types_as_ref_ba_74(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5376,10 +5267,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_27( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); } /** @@ -5392,7 +5283,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_5b( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_27( private_key, ciphertext, ret); } @@ -5452,11 +5343,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_93( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_34( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_d3( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5486,7 +5377,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -5498,11 +5389,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + libcrux_ml_kem_types_as_ref_ba_74(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5538,10 +5429,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_b7( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ab(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_93(key_pair, ciphertext, ret); } @@ -5555,7 +5446,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_9d( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_b7( private_key, ciphertext, ret); } @@ -5569,7 +5460,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_41( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5609,11 +5500,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ac( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_41( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5624,7 +5515,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5639,20 +5530,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_02(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5684,14 +5575,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9f(uu____0, copy_of_randomness); } /** @@ -5708,7 +5599,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_4d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fa( uu____0, copy_of_randomness); } @@ -5731,7 +5622,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5759,7 +5650,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5769,7 +5660,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5802,7 +5693,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_e4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5810,7 +5701,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_15( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b9( uu____0, copy_of_randomness); } @@ -5830,7 +5721,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_84( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_e4( uu____0, copy_of_randomness); } @@ -5854,8 +5745,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_e9(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** @@ -5865,7 +5756,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5873,16 +5764,16 @@ libcrux_ml_kem_vector_traits_to_standard_domain_3e( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5890,7 +5781,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_0c( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5900,23 +5791,20 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5938,60 +5826,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( - &result[i1], &error_as_ntt[i1]); + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_46( + &result0[i1], &error_as_ntt[i1]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6001,7 +5852,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); @@ -6020,7 +5871,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -6033,12 +5884,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_97(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -6085,14 +5936,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_23( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -6104,9 +5955,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6114,7 +5962,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6132,16 +5980,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_62(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6150,21 +5997,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_c1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, (size_t)1152U, uint8_t, size_t), seed_for_a, uint8_t); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + uint8_t result[1184U]; + memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); } /** @@ -6180,17 +6029,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_80(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_f9( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_c1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6200,12 +6049,12 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } /** @@ -6215,7 +6064,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_32( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6271,7 +6120,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6280,13 +6129,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_32( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6295,13 +6144,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a7(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_c9( - uu____2, libcrux_ml_kem_types_from_07_4c(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_98( + uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); } /** @@ -6317,12 +6166,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ca( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_bb(copy_of_randomness); } /** @@ -6333,7 +6182,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ca( copy_of_randomness); } @@ -6352,9 +6201,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_ac( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_0a( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_20_39(); } /** @@ -6372,25 +6221,25 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_52( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_5f( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_f7( +libcrux_ml_kem_polynomial_clone_3a_10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6418,7 +6267,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6427,7 +6276,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6435,7 +6284,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_52(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_5f(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6443,7 +6292,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_f7(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_10(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6455,7 +6304,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_f9( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6509,12 +6358,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_e1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( copy_of_randomness); } @@ -6527,7 +6376,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_6a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_e1( copy_of_randomness); } @@ -6542,7 +6391,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6553,7 +6402,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d2( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_63(ciphertext), + libcrux_ml_kem_types_as_slice_a8_94(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6586,7 +6435,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( +static inline void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6604,7 +6453,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_06(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_28(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6628,7 +6477,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -6639,18 +6488,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c40( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d2( + libcrux_ml_kem_ind_cca_kdf_6c_da( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_9f(ciphertext), + libcrux_ml_kem_types_as_ref_ba_74(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6686,10 +6535,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_3e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); } /** @@ -6702,7 +6551,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_7f( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_3e( private_key, ciphertext, ret); } @@ -6716,7 +6565,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_3c( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } @@ -6740,11 +6589,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c1( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_3c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6755,7 +6604,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_f2(public_key), + libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6770,20 +6619,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_f2(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d2(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6819,14 +6668,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_9f0(uu____0, copy_of_randomness); } /** @@ -6843,7 +6692,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9f( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8c( uu____0, copy_of_randomness); } @@ -6855,17 +6704,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_df0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_20_39(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6874,12 +6717,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -6892,7 +6735,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( ring_element); deserialized_pk[i0] = uu____0; } @@ -6909,16 +6752,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_b9( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_f9( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6936,9 +6779,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_b9(public_key); } /** @@ -6950,7 +6793,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 426dd490c..c48fbcf48 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 01a592f8b..8a87bb185 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: ffaeafbdbb5598f4060b0f4e1cc8ad937feac00a + * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c */ #ifndef __libcrux_sha3_portable_H From 643d15566a7d4c29330aa56aa2a64d8f9d288b37 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 25 Aug 2024 20:58:43 +0000 Subject: [PATCH 134/348] fixed glue file --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/eurydice_glue.h | 3 +-- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 43 files changed, 43 insertions(+), 44 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index ad21f1c33..9e35e4618 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 0576bfc67e99aae86c51930421072688138b672b Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c +Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index acc002d93..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -88,8 +88,7 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError \ - uint8_t #define core_array_TryFromSliceError uint8_t +#define core_array_TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index a85a438d4..dcf6d1fea 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index d4700dfc1..6c1c693a6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7c7ce91c9..248e23c1f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e961da1eb..c5b1cdf8c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 1a8c84ed9..c199689dd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 5f266592c..ea724a772 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 8758a7e21..604cb3264 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 39b02ed44..118f8fef9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 7871f93e7..95f6720d6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 1345e0769..788cc4b86 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f6a609c25..72dca205e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index ba9729035..36abb28b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 3668c7624..9f2736b94 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 46b140e0e..b032f9e24 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index ac7835c79..16943bc53 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 5204186f1..b670c5fd0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index eaf92ba6a..2c71c29a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 96925018a..9fccf0150 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index bba3cba4a..9450a58db 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 3f3a9c040..fc17ed69b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index cd0a84200..8daca064a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 8e8518fb8..2f8c55a17 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d9b3d3699..27d90f7de 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 963c96aad..819e1806f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index d151aa78f..b316ed4b3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 6442f2b5f..46b9ebdb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 774d09a15..1c5d78d79 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 16cbe510c..41bd5cf3f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 2bd853b1a..c37e9b71f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index a2e17abf4..7ef3b171a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index ed68d6fef..9509fc57c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b911015cf..879d311df 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 985cbc98b..f6b989c7d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index b8faad9b4..0b2d02d50 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index ad21f1c33..9e35e4618 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 0576bfc67e99aae86c51930421072688138b672b Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c +Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 0b8e3ec85..60279cc30 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 1f16e2f71..92ba5de0b 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 87aa6911c..95df2b794 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 1ee9f6de1..2eb68823f 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index c48fbcf48..72126756e 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 8a87bb185..5b62d6191 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 19f1c40e6708780cc55b37fe457d97afffc7056c + * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 */ #ifndef __libcrux_sha3_portable_H From 9017fae9aefacb4293aabe397b6add220ac12acd Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 26 Aug 2024 01:46:49 +0000 Subject: [PATCH 135/348] ignore --- libcrux-ml-kem/cg/eurydice_glue.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index b9566a023..4e4690c1f 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -172,6 +172,8 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ Eurydice_into_iter +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + #if defined(__cplusplus) } #endif From fba75513e5958e779d855aae866507377c0469ba Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 08:03:43 -0400 Subject: [PATCH 136/348] more vec spec --- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 24 +++++++++++++ ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 34 +++++++++++++++---- .../Libcrux_ml_kem.Vector.Portable.fsti | 17 ++++++---- .../Libcrux_ml_kem.Vector.Traits.fsti | 29 ++++++++++++---- .../proofs/fstar/extraction/Makefile | 15 ++++---- libcrux-ml-kem/src/vector/avx2.rs | 8 +++++ libcrux-ml-kem/src/vector/portable.rs | 9 ++++- .../src/vector/portable/arithmetic.rs | 15 +++++++- libcrux-ml-kem/src/vector/traits.rs | 13 ++++++- 9 files changed, 133 insertions(+), 31 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index c7e8f4fdb..dd9b7f578 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -33,6 +33,8 @@ let montgomery_reduce_element (value: i32) = let montgomery_multiply_fe_by_fer (fe fer: i16) = montgomery_reduce_element ((cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) <: i32) +#push-options "--admit_smt_queries true" + let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -69,6 +71,8 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = in lhs +#pop-options + let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -106,6 +110,8 @@ let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVect in v +#push-options "--admit_smt_queries true" + let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) @@ -142,6 +148,10 @@ let bitwise_and_with_constant in v +#pop-options + +#push-options "--admit_smt_queries true" + let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -194,6 +204,8 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl in v +#pop-options + let montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) @@ -236,6 +248,8 @@ let montgomery_multiply_by_constant in v +#push-options "--admit_smt_queries true" + let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -269,6 +283,10 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab in v +#pop-options + +#push-options "--admit_smt_queries true" + let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -304,6 +322,10 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type in v +#pop-options + +#push-options "--admit_smt_queries true" + let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range @@ -339,3 +361,5 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in lhs + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 860b97328..d0d6aa1e1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -91,7 +91,10 @@ val montgomery_multiply_fe_by_fer (fe fer: i16) val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + result.f_elements == Spec.Utils.map2 ( +. ) (lhs.f_elements) (rhs.f_elements)) val barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -103,12 +106,19 @@ val bitwise_and_with_constant (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + result.f_elements == Spec.Utils.map_array (fun x -> x &. c) (v.f_elements)) val cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + result.f_elements == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (v.f_elements)) val montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -120,14 +130,24 @@ val montgomery_multiply_by_constant val multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + result.f_elements == Spec.Utils.map_array (fun x -> x *. c) (v.f_elements)) val shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + result.f_elements == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (v.f_elements)) val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + result.f_elements == Spec.Utils.map2 ( -. ) (lhs.f_elements) (rhs.f_elements)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index db88552b0..27a1c79ac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -81,7 +81,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_add = (fun @@ -103,7 +103,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_sub = (fun @@ -121,7 +121,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (c: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); f_multiply_by_constant = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> @@ -136,14 +136,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (c: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr v)); f_bitwise_and_with_constant = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> Libcrux_ml_kem.Vector.Portable.Arithmetic.bitwise_and_with_constant v c); f_shift_right_pre = - (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); f_shift_right_post = (fun @@ -151,7 +152,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr v)); f_shift_right = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -165,7 +167,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + impl.f_repr out == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr v)); f_cond_subtract_3329_ = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 8ca8440e1..937c7e07f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -38,33 +38,48 @@ class t_Operations (v_Self: Type0) = { f_repr result == Seq.create 16 0s) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; - f_add_post:v_Self -> v_Self -> v_Self -> Type0; + f_add_post:lhs: v_Self -> rhs: v_Self -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( +. ) (f_repr lhs) (f_repr rhs)}; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); f_sub_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; - f_sub_post:v_Self -> v_Self -> v_Self -> Type0; + f_sub_post:lhs: v_Self -> rhs: v_Self -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( -. ) (f_repr lhs) (f_repr rhs)}; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); f_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; - f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; + f_multiply_by_constant_post:v: v_Self -> c: i16 -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map_array (fun x -> x *. c) (f_repr v)}; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) (fun result -> f_multiply_by_constant_post x0 x1 result); f_bitwise_and_with_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; - f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> Type0; + f_bitwise_and_with_constant_post:v: v_Self -> c: i16 -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map_array (fun x -> x &. c) (f_repr v)}; f_bitwise_and_with_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); - f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self -> pred: Type0{true ==> pred}; - f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0; + f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self + -> pred: Type0{v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l ==> pred}; + f_shift_right_post:v_SHIFT_BY: i32 -> v: v_Self -> result: v_Self + -> pred: + Type0 + { pred ==> + (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + f_repr result == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (f_repr v) }; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); f_cond_subtract_3329_pre:v: v_Self -> pred: Type0{true ==> pred}; - f_cond_subtract_3329_post:v_Self -> v_Self -> Type0; + f_cond_subtract_3329_post:v: v_Self -> result: v_Self + -> pred: + Type0 + { pred ==> + f_repr result == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr v) }; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index adcc6529f..1eb6e5f2d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -11,24 +11,25 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Portable.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Neon.Compress.fst \ - Libcrux_ml_kem.Vector.Neon.fst \ - Libcrux_ml_kem.Vector.Neon.Ntt.fst \ - Libcrux_ml_kem.Vector.Neon.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ - Libcrux_ml_kem.Vector.Traits.fst + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fsti \ + Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.Ntt.fst \ + Libcrux_ml_kem.Vector.Neon.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 7611de912..2fecf11c7 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -68,36 +68,44 @@ impl Operations for SIMD256Vector { to_i16_array(x) } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::add(lhs.elements, rhs.elements), } } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::sub(lhs.elements, rhs.elements), } } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self { Self { elements: arithmetic::multiply_by_constant(v.elements, c), } } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] fn bitwise_and_with_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::bitwise_and_with_constant(vector.elements, constant), } } + #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] + #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] fn shift_right(vector: Self) -> Self { Self { elements: arithmetic::shift_right::<{ SHIFT_BY }>(vector.elements), } } + #[requires(true)] + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] fn cond_subtract_3329(vector: Self) -> Self { Self { elements: arithmetic::cond_subtract_3329(vector.elements), diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 3beb4f215..ff7374b57 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -40,27 +40,34 @@ impl Operations for PortableVector { from_i16_array(array) } - + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self { sub(lhs, rhs) } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self { multiply_by_constant(v, c) } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] fn bitwise_and_with_constant(v: Self, c: i16) -> Self { bitwise_and_with_constant(v, c) } + #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] + #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] fn shift_right(v: Self) -> Self { shift_right::<{ SHIFT_BY }>(v) } + #[requires(true)] + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index ec2a1cbe7..065f25cf9 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -31,6 +31,8 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (+.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { lhs.elements[i] += rhs.elements[i]; @@ -40,6 +42,8 @@ pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (-.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { lhs.elements[i] -= rhs.elements[i]; @@ -49,6 +53,8 @@ pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${v}.f_elements)"))] pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] *= c; @@ -58,6 +64,8 @@ pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${v}.f_elements)"))] pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] &= c; @@ -67,6 +75,9 @@ pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVecto } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] +#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${v}.f_elements)"))] pub fn shift_right(mut v: PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] = v.elements[i] >> SHIFT_BY; @@ -85,7 +96,9 @@ pub fn shift_right(mut v: PortableVector) -> PortableVector // } #[inline(always)] -pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (${v}.f_elements)"))] + pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { debug_assert!(v.elements[i] >= 0 && v.elements[i] < 4096); if v.elements[i] >= 3329 { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index d3341f64c..757dd8b96 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -25,24 +25,35 @@ pub trait Operations: Copy + Clone + Repr { // Basic arithmetic #[requires(true)] + #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map2 (+.) (f_repr $lhs) (f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self; + #[requires(true)] + #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map2 (-.) (f_repr $lhs) (f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self; + #[requires(true)] + #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> x *. c) (f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self; // Bitwise operations #[requires(true)] + #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> x &. c) (f_repr $v)"))] fn bitwise_and_with_constant(v: Self, c: i16) -> Self; - #[requires(true)] + + #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] + #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> f_repr $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (f_repr $v)"))] fn shift_right(v: Self) -> Self; // fn shift_left(v: Self) -> Self; // Modular operations #[requires(true)] + #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self; + #[requires(true)] fn barrett_reduce(v: Self) -> Self; + #[requires(true)] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; From 81d992e228fc789d43d218141a1583e1e5f99d69 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 08:46:35 -0400 Subject: [PATCH 137/348] avx2 --- Cargo.lock | 3 ++ libcrux-intrinsics/Cargo.toml | 1 + libcrux-intrinsics/src/arm64_extract.rs | 9 ++++++ libcrux-intrinsics/src/avx2_extract.rs | 4 +++ ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 11 ++++++- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 2 +- .../Libcrux_ml_kem.Vector.Avx2.fsti | 32 +++++++++++++++---- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/vector/avx2.rs | 8 ++--- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 2 ++ 10 files changed, 59 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 7d17f54ba..4261c3c1c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -970,6 +970,9 @@ dependencies = [ [[package]] name = "libcrux-intrinsics" version = "0.0.2-alpha.3" +dependencies = [ + "hax-lib", +] [[package]] name = "libcrux-kem" diff --git a/libcrux-intrinsics/Cargo.toml b/libcrux-intrinsics/Cargo.toml index cdc0acc2b..5cacc5bee 100644 --- a/libcrux-intrinsics/Cargo.toml +++ b/libcrux-intrinsics/Cargo.toml @@ -11,6 +11,7 @@ description = "Libcrux intrinsics crate" exclude = ["/proofs"] [dependencies] +hax-lib.workspace = true [features] simd128 = [] diff --git a/libcrux-intrinsics/src/arm64_extract.rs b/libcrux-intrinsics/src/arm64_extract.rs index e43abc8f4..d41241275 100644 --- a/libcrux-intrinsics/src/arm64_extract.rs +++ b/libcrux-intrinsics/src/arm64_extract.rs @@ -3,14 +3,23 @@ #![allow(non_camel_case_types, unsafe_code, unused_variables)] +#[hax_lib::opaque_type] pub type _uint16x4_t = u8; +#[hax_lib::opaque_type] pub type _int16x4_t = u8; +#[hax_lib::opaque_type] pub type _int16x8_t = u8; +#[hax_lib::opaque_type] pub type _uint8x16_t = u8; +#[hax_lib::opaque_type] pub type _uint16x8_t = u8; +#[hax_lib::opaque_type] pub type _uint32x4_t = u8; +#[hax_lib::opaque_type] pub type _int32x4_t = u8; +#[hax_lib::opaque_type] pub type _uint64x2_t = u8; +#[hax_lib::opaque_type] pub type _int64x2_t = u8; #[inline(always)] diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index f1d42e188..272839b46 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -3,7 +3,11 @@ #![allow(unused_variables, non_camel_case_types)] +#[hax_lib::opaque_type] +#[hax_lib::fstar::after(interface,"val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] pub type Vec256 = u8; +#[hax_lib::opaque_type] +#[hax_lib::fstar::after(interface,"val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] pub type Vec128 = u8; pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index ad8d448c9..e9adb321a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -5,7 +5,16 @@ open FStar.Mul let v_BARRETT_MULTIPLIER: i16 = 20159s -val add (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val add (lhs rhs: u8) + : Prims.Pure u8 + Prims.l_True + (ensures + fun result -> + let result:u8 = result in + Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 result == + Spec.Utils.map2 ( +. ) + (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 lhs) + (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 rhs)) val bitwise_and_with_constant (vector: u8) (constant: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index 5b4e78639..d1e41c603 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let repr (x:t_SIMD256Vector) = admit() +let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 x.elements let from_i16_array (array: t_Slice i16) = let result:t_SIMD256Vector = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index e03d573a9..c6ad00aae 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -71,7 +71,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> to_i16_array x); f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); - f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_add_post + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> + impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_add = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> @@ -79,7 +82,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = <: t_SIMD256Vector); f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); - f_sub_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_sub_post + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> + impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_sub = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> @@ -87,7 +93,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = <: t_SIMD256Vector); f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); - f_multiply_by_constant_post = (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> true); + f_multiply_by_constant_post + = + (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> + impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); f_multiply_by_constant = (fun (v: t_SIMD256Vector) (c: i16) -> @@ -97,7 +106,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); f_bitwise_and_with_constant_post = - (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> + impl.f_repr out == Spec.Utils.map_array (fun x -> x &. constant) (impl.f_repr vector)); f_bitwise_and_with_constant = (fun (vector: t_SIMD256Vector) (constant: i16) -> @@ -108,10 +118,14 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_shift_right_pre = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> true); + f_shift_right_pre + = + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); f_shift_right_post = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr vector)); f_shift_right = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> @@ -123,7 +137,11 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = <: t_SIMD256Vector); f_cond_subtract_3329_pre = (fun (vector: t_SIMD256Vector) -> true); - f_cond_subtract_3329_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_cond_subtract_3329_post + = + (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + impl.f_repr out == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector)); f_cond_subtract_3329_ = (fun (vector: t_SIMD256Vector) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 1eb6e5f2d..4bf8bc5e5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -22,7 +22,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Serialize.fst \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ Libcrux_ml_kem.Vector.Neon.fsti \ diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 2fecf11c7..0ef18453d 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -10,7 +10,7 @@ mod serialize; #[derive(Clone, Copy)] #[hax_lib::fstar::after(interface,"val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16)")] -#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = admit()")] +#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 x.elements")] pub struct SIMD256Vector { elements: Vec256, } @@ -89,7 +89,7 @@ impl Operations for SIMD256Vector { } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"))] fn bitwise_and_with_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::bitwise_and_with_constant(vector.elements, constant), @@ -97,7 +97,7 @@ impl Operations for SIMD256Vector { } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] + #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"))] fn shift_right(vector: Self) -> Self { Self { elements: arithmetic::shift_right::<{ SHIFT_BY }>(vector.elements), @@ -105,7 +105,7 @@ impl Operations for SIMD256Vector { } #[requires(true)] - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] fn cond_subtract_3329(vector: Self) -> Self { Self { elements: arithmetic::cond_subtract_3329(vector.elements), diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index a980eb75d..4800f98fb 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,6 +3,8 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] +#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 $result == + Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 $rhs)"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_add_epi16(lhs, rhs) } From be5f4bbeacb0440c248fd295672f300b05a6b104 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 26 Aug 2024 13:18:36 +0000 Subject: [PATCH 138/348] intrinsics extract --- .../Libcrux_intrinsics.Avx2_extract.fsti | 168 ++++++++++-------- libcrux-intrinsics/src/avx2_extract.rs | 4 +- 2 files changed, 96 insertions(+), 76 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 7af7f302a..83143b404 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -3,150 +3,170 @@ module Libcrux_intrinsics.Avx2_extract open Core open FStar.Mul -val mm256_add_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val t_Vec128:Type0 -val mm256_add_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) -val mm256_and_si256 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val t_Vec256:Type0 -val mm256_andnot_si256 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) -val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_castsi128_si256 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_castsi256_si128 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_and_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_cmpgt_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_cvtepi16_epi32 (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_extracti128_si256 (v_CONTROL: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_castsi128_si256 (vector: t_Vec128) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_inserti128_si256 (v_CONTROL: i32) (vector vector_i128: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_castsi256_si128 (vector: t_Vec256) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm256_loadu_si256_i16 (input: t_Slice i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cvtepi16_epi32 (vector: t_Vec128) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_madd_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_extracti128_si256 (v_CONTROL: i32) (vector: t_Vec256) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mul_epu32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mulhi_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_loadu_si256_i16 (input: t_Slice i16) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mullo_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_loadu_si256_u8 (input: t_Slice u8) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mullo_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_madd_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_packs_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_permute2x128_si256 (v_IMM8: i32) (a b: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mullo_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_permutevar8x32_epi32 (vector control: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set1_epi16 (constant: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_packs_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set1_epi32 (constant: i32) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_permute2x128_si256 (v_IMM8: i32) (a b: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set1_epi64x (a: i64) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_permutevar8x32_epi32 (vector control: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set_epi16 (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set_epi8 (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: i8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_setzero_si256: Prims.unit -> Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_shuffle_epi8 (vector control: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_shuffle_epi8 (vector control: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_slli_epi64 (v_LEFT: i32) (x: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_slli_epi64 (v_LEFT: i32) (x: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_sllv_epi32 (vector counts: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sllv_epi32 (vector counts: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: u8) +val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: t_Vec256) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) -val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: u8) +val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: t_Vec256) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val mm256_sub_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sub_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_unpackhi_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_unpackhi_epi32 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_unpackhi_epi64 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_unpackhi_epi64 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_unpacklo_epi32 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_unpacklo_epi32 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_unpacklo_epi64 (a b: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_unpacklo_epi64 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_xor_si256 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm256_xor_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm_add_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_movemask_epi8 (vector: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) +val mm_movemask_epi8 (vector: t_Vec128) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) -val mm_mulhi_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_mullo_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_packs_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_packs_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_set1_epi16 (constant: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) val mm_set_epi8 (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_shuffle_epi8 (vector control: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_shuffle_epi8 (vector control: t_Vec128) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: u8) +val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: t_Vec128) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val mm_storeu_si128 (output: t_Slice i16) (vector: u8) +val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) -val mm_sub_epi16 (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 272839b46..c8ddc363a 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -5,10 +5,10 @@ #[hax_lib::opaque_type] #[hax_lib::fstar::after(interface,"val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] -pub type Vec256 = u8; +pub struct Vec256(u8); #[hax_lib::opaque_type] #[hax_lib::fstar::after(interface,"val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] -pub type Vec128 = u8; +pub struct Vec128(u8); pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { debug_assert_eq!(output.len(), 16); From 81a7f7c256aa64bd9eaca90c651ccacd858c2509 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 26 Aug 2024 13:33:35 +0000 Subject: [PATCH 139/348] fix for avx2 model --- libcrux-intrinsics/src/avx2_extract.rs | 7 +- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 137 +++++++---- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 42 ++-- .../Libcrux_ml_kem.Vector.Avx2.Compress.fst | 146 +++++++---- .../Libcrux_ml_kem.Vector.Avx2.Compress.fsti | 18 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 228 ++++++++++++------ .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 31 ++- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 20 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 212 +++++++++------- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 33 ++- .../Libcrux_ml_kem.Vector.Avx2.fsti | 2 +- 11 files changed, 561 insertions(+), 315 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index c8ddc363a..709e0b501 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -3,11 +3,14 @@ #![allow(unused_variables, non_camel_case_types)] -#[hax_lib::opaque_type] +#[derive(Copy,Clone)] #[hax_lib::fstar::after(interface,"val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] -pub struct Vec256(u8); #[hax_lib::opaque_type] +pub struct Vec256(u8); + +#[derive(Copy,Clone)] #[hax_lib::fstar::after(interface,"val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] +#[hax_lib::opaque_type] pub struct Vec128(u8); pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 81d8b74e0..2c3910504 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -3,57 +3,78 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic open Core open FStar.Mul -let add (lhs rhs: u8) = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs +let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs -let bitwise_and_with_constant (vector: u8) (constant: i16) = +let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant <: u8) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) -let multiply_by_constant (vector: u8) (constant: i16) = +let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant <: u8) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) -let shift_right (v_SHIFT_BY: i32) (vector: u8) = +let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 v_SHIFT_BY vector -let sub (lhs rhs: u8) = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs +let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs -let barrett_reduce (vector: u8) = - let t:u8 = +let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: u8) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 v_BARRETT_MULTIPLIER + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let t:u8 = + let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s <: u8) + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let quotient:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t in - let quotient_times_field_modulus:u8 = + let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t + in + let quotient_times_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 quotient (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector quotient_times_field_modulus -let cond_subtract_3329_ (vector: u8) = - let field_modulus:u8 = +let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let vv_minus_field_modulus:u8 = + let vv_minus_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector field_modulus in - let sign_mask:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus in - let conditional_add_field_modulus:u8 = + let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus + in + let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus -let montgomery_multiply_by_constant (vector: u8) (constant: i16) = - let constant:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant in - let value_low:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector constant in - let k:u8 = +let montgomery_multiply_by_constant + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + (constant: i16) + = + let constant:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + in + let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector constant + in + let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 value_low (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: @@ -61,20 +82,24 @@ let montgomery_multiply_by_constant (vector: u8) (constant: i16) = <: i16) <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let k_times_modulus:u8 = + let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector constant in - let value_high:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector constant in Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus -let montgomery_multiply_by_constants (v c: u8) = - let value_low:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v c in - let k:u8 = +let montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v c + in + let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 value_low (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: @@ -82,20 +107,24 @@ let montgomery_multiply_by_constants (v c: u8) = <: i16) <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let k_times_modulus:u8 = + let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 v c in - let value_high:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 v c in Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus -let montgomery_multiply_m128i_by_constants (v c: u8) = - let value_low:u8 = Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 v c in - let k:u8 = +let montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec128) = + let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 v c + in + let k:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 value_low (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: @@ -103,19 +132,21 @@ let montgomery_multiply_m128i_by_constants (v c: u8) = <: i16) <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec128) in - let k_times_modulus:u8 = + let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 k (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 v c in - let value_high:u8 = Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 v c in Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 value_high k_times_modulus -let montgomery_reduce_i32s (v: u8) = - let k:u8 = +let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: @@ -123,9 +154,9 @@ let montgomery_reduce_i32s (v: u8) = <: i32) <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let k_times_modulus:u8 = + let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: @@ -133,9 +164,15 @@ let montgomery_reduce_i32s (v: u8) = <: i32) <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l v + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l result in - let value_high:u8 = Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l v in - let result:u8 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus in - let result:u8 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l result in Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index e9adb321a..cda958da6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -5,39 +5,47 @@ open FStar.Mul let v_BARRETT_MULTIPLIER: i16 = 20159s -val add (lhs rhs: u8) - : Prims.Pure u8 +val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (ensures fun result -> - let result:u8 = result in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 result == Spec.Utils.map2 ( +. ) (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 lhs) (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 rhs)) -val bitwise_and_with_constant (vector: u8) (constant: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val multiply_by_constant (vector: u8) (constant: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val shift_right (v_SHIFT_BY: i32) (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val sub (lhs rhs: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) /// See Section 3.2 of the implementation notes document for an explanation /// of this code. -val barrett_reduce (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val cond_subtract_3329_ (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val montgomery_multiply_by_constant (vector: u8) (constant: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_by_constant + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + (constant: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val montgomery_multiply_by_constants (v c: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val montgomery_multiply_m128i_by_constants (v c: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val montgomery_reduce_i32s (v: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst index d40f2d67a..f8d253a4c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -3,25 +3,34 @@ module Libcrux_ml_kem.Vector.Avx2.Compress open Core open FStar.Mul -let mulhi_mm256_epi32 (lhs rhs: u8) = - let prod02:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epu32 lhs rhs in - let prod13:u8 = +let mulhi_mm256_epi32 (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let prod02:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mul_epu32 lhs rhs + in + let prod13:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mul_epu32 (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l lhs <: - u8) - (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs <: u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + (Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l rhs + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi64 (Libcrux_intrinsics.Avx2_extract.mm256_unpacklo_epi32 prod02 prod13 <: - u8) - (Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi32 prod02 prod13 <: u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + (Libcrux_intrinsics.Avx2_extract.mm256_unpackhi_epi32 prod02 prod13 + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) -let compress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) = - let field_modulus_halved:u8 = +let compress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + = + let field_modulus_halved:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (((cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) @@ -34,47 +43,63 @@ let compress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) = <: i32) in - let compression_factor:u8 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 10321340l in - let coefficient_bits_mask:u8 = + let compression_factor:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 10321340l + in + let coefficient_bits_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 ((1l < Prims.l_True) +val mulhi_mm256_epi32 (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val compress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val compress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val compress_message_coefficient (vector: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: u8) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val decompress_ciphertext_coefficient + (v_COEFFICIENT_BITS: i32) + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index 68f788df8..26d37b945 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -3,74 +3,112 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt open Core open FStar.Mul -let inv_ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) = - let lhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 160l vector in - let rhs:u8 = +let inv_ntt_layer_1_step + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 160l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 rhs (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s (-1s) (-1s) 1s 1s <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let sum:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs in - let sum:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = + let sum_times_zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 zeta3 zeta3 0s 0s zeta2 zeta2 0s 0s zeta1 zeta1 0s 0s zeta0 zeta0 0s 0s <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let sum:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce sum in - let sum:u8 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce sum in Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 204l sum sum_times_zetas -let inv_ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) = - let lhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 245l vector in - let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 160l vector in - let rhs:u8 = +let inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = + let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 245l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 160l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 rhs (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s (-1s) (-1s) (-1s) (-1s) 1s 1s 1s 1s <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let sum:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs in - let sum_times_zetas:u8 = + let sum:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs + in + let sum_times_zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants sum (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 zeta1 zeta1 zeta1 zeta1 0s 0s 0s 0s zeta0 zeta0 zeta0 zeta0 0s 0s 0s 0s <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 240l sum sum_times_zetas -let inv_ntt_layer_3_step (vector: u8) (zeta: i16) = - let lhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l vector in - let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 lhs rhs in - let upper_coefficients:u8 = +let inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) = + let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 vector + in + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_add_epi16 lhs rhs + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 lhs rhs + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants upper_coefficients - (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 zeta <: u8) + (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 zeta + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi128_si256 lower_coefficients in - let combined:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi128_si256 lower_coefficients in Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 1l combined upper_coefficients -let ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) = - let zetas:u8 = +let ntt_layer_1_step + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + (zeta0 zeta1 zeta2 zeta3: i16) + = + let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta3 <: i16) (Core.Ops.Arith.Neg.neg zeta3 <: i16) zeta3 zeta3 (Core.Ops.Arith.Neg.neg zeta2 <: i16) (Core.Ops.Arith.Neg.neg zeta2 <: i16) zeta2 zeta2 (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 in - let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l vector in - let rhs:u8 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 160l vector in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 245l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas + in + let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 160l vector + in Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs -let ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) = - let zetas:u8 = +let ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = + let zetas:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) (Core.Ops.Arith.Neg.neg zeta1 <: i16) zeta1 zeta1 zeta1 zeta1 @@ -78,44 +116,92 @@ let ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) = (Core.Ops.Arith.Neg.neg zeta0 <: i16) (Core.Ops.Arith.Neg.neg zeta0 <: i16) zeta0 zeta0 zeta0 zeta0 in - let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 238l vector in - let rhs:u8 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas in - let lhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 68l vector in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 238l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_by_constants rhs zetas + in + let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi32 68l vector + in Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs -let ntt_layer_3_step (vector: u8) (zeta: i16) = - let rhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l vector in - let rhs:u8 = +let ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) = + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l vector + in + let rhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_multiply_m128i_by_constants rhs - (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 zeta <: u8) + (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 zeta + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 vector + in + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_add_epi16 lhs rhs + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 lhs rhs + in + let combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi128_si256 lower_coefficients in - let lhs:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 vector in - let lower_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm_add_epi16 lhs rhs in - let upper_coefficients:u8 = Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 lhs rhs in - let combined:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi128_si256 lower_coefficients in Libcrux_intrinsics.Avx2_extract.mm256_inserti128_si256 1l combined upper_coefficients -let ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) = - let shuffle_with:u8 = +let ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) = + let shuffle_with:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y 15y 14y 11y 10y 7y 6y 3y 2y 13y 12y 9y 8y 5y 4y 1y 0y in - let lhs_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 lhs shuffle_with in - let lhs_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 216l lhs_shuffled in - let lhs_evens:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 lhs_shuffled in - let lhs_evens:u8 = Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 lhs_evens in - let lhs_odds:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l lhs_shuffled in - let lhs_odds:u8 = Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 lhs_odds in - let rhs_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 rhs shuffle_with in - let rhs_shuffled:u8 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 216l rhs_shuffled in - let rhs_evens:u8 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 rhs_shuffled in - let rhs_evens:u8 = Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 rhs_evens in - let rhs_odds:u8 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l rhs_shuffled in - let rhs_odds:u8 = Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 rhs_odds in - let left:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 lhs_evens rhs_evens in - let right:u8 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 lhs_odds rhs_odds in - let right:u8 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s right in - let right:u8 = + let lhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 lhs shuffle_with + in + let lhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 216l lhs_shuffled + in + let lhs_evens:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 lhs_shuffled + in + let lhs_evens:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 lhs_evens + in + let lhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l lhs_shuffled + in + let lhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 lhs_odds + in + let rhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 rhs shuffle_with + in + let rhs_shuffled:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 216l rhs_shuffled + in + let rhs_evens:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 rhs_shuffled + in + let rhs_evens:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 rhs_evens + in + let rhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l rhs_shuffled + in + let rhs_odds:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_cvtepi16_epi32 rhs_odds + in + let left:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 lhs_evens rhs_evens + in + let right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 lhs_odds rhs_odds + in + let right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s right + in + let right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi32 right (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 (Core.Ops.Arith.Neg.neg (cast (zeta3 <: i16) <: @@ -130,24 +216,28 @@ let ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) = (Core.Ops.Arith.Neg.neg (cast (zeta0 <: i16) <: i32) <: i32) (cast (zeta0 <: i16) <: i32) <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let products_left:u8 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 left right in - let products_left:u8 = + let products_left:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi32 left right + in + let products_left:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_left in - let rhs_adjacent_swapped:u8 = + let rhs_adjacent_swapped:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 rhs (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y 13y 12y 15y 14y 9y 8y 11y 10y 5y 4y 7y 6y 1y 0y 3y 2y <: - u8) + Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let products_right:u8 = + let products_right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 lhs rhs_adjacent_swapped in - let products_right:u8 = + let products_right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_ml_kem.Vector.Avx2.Arithmetic.montgomery_reduce_i32s products_right in - let products_right:u8 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l products_right in + let products_right:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l products_right + in Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 170l products_left products_right diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index e86b8344d..7ce8dfe2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -5,22 +5,27 @@ open FStar.Mul let ntt_multiply__PERMUTE_WITH: i32 = 216l -val inv_ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val inv_ntt_layer_1_step + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val inv_ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val inv_ntt_layer_3_step (vector: u8) (zeta: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val ntt_layer_1_step (vector: u8) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val ntt_layer_1_step + (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val ntt_layer_2_step (vector: u8) (zeta0 zeta1: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val ntt_layer_3_step (vector: u8) (zeta: i16) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val ntt_multiply (lhs rhs: u8) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 33c894793..8579ddb8a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -4,11 +4,13 @@ open Core open FStar.Mul let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = - let field_modulus:u8 = + let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let potential_coefficients:u8 = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ input in - let compare_with_field_modulus:u8 = + let potential_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ input + in + let compare_with_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi16 field_modulus potential_coefficients in let good:t_Array u8 (sz 2) = @@ -21,13 +23,13 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = <: usize ] in - let lower_shuffles:u8 = + let lower_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in - let lower_coefficients:u8 = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients in - let lower_coefficients:u8 = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients lower_shuffles in let output:t_Slice i16 = @@ -43,13 +45,13 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = <: usize ] in - let upper_shuffles:u8 = + let upper_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in - let upper_coefficients:u8 = + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients in - let upper_coefficients:u8 = + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles in let output:t_Slice i16 = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index a7fa366a9..6d9f7f800 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -10,7 +10,7 @@ let _ = () let deserialize_1_ (bytes: t_Slice u8) = - let coefficients:u8 = + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) @@ -21,25 +21,25 @@ let deserialize_1_ (bytes: t_Slice u8) = (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) in - let shift_lsb_to_msb:u8 = + let shift_lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < Prims.l_True) +val deserialize_1_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val serialize_1_ (vector: u8) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) +val serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) -val serialize_10_ (vector: u8) +val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) -val serialize_12_ (vector: u8) +val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) -val serialize_5_ (vector: u8) : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) +val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) -val serialize_4_ (vector: u8) : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) +val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) -val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val serialize_11_ (vector: u8) +val serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index c6ad00aae..001b69b7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -type t_SIMD256Vector = { f_elements:u8 } +type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 } val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) From e82e57a4d3963798bb2a3474ebff87871c95fb2f Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 09:31:49 -0400 Subject: [PATCH 140/348] intrin --- libcrux-intrinsics/src/avx2_extract.rs | 4 ++-- libcrux-ml-kem/src/vector/avx2.rs | 2 +- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 709e0b501..c11639a64 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -3,9 +3,9 @@ #![allow(unused_variables, non_camel_case_types)] -#[derive(Copy,Clone)] -#[hax_lib::fstar::after(interface,"val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] +#[derive(Clone,Copy)] #[hax_lib::opaque_type] +#[hax_lib::fstar::after(interface,"val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] pub struct Vec256(u8); #[derive(Copy,Clone)] diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 0ef18453d..1c3509bd1 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -10,7 +10,7 @@ mod serialize; #[derive(Clone, Copy)] #[hax_lib::fstar::after(interface,"val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16)")] -#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 x.elements")] +#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.elements")] pub struct SIMD256Vector { elements: Vec256, } diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 4800f98fb..701d1d49a 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,8 +3,8 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 $result == - Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 $rhs)"))] +#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == + Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_add_epi16(lhs, rhs) } From 44e53d48fdf85e8d6bdf402891126b2a8e4025a4 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 09:51:12 -0400 Subject: [PATCH 141/348] verified --- .../extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 6 +++--- .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst | 2 +- .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti | 2 ++ libcrux-ml-kem/src/vector/avx2.rs | 3 ++- 4 files changed, 8 insertions(+), 5 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index cda958da6..49d1a0ccb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -11,10 +11,10 @@ val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 result == + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == Spec.Utils.map2 ( +. ) - (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 lhs) - (Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 rhs)) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index d1e41c603..c14e3ed32 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -9,7 +9,7 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_to_i16x16 x.elements +let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements let from_i16_array (array: t_Slice i16) = let result:t_SIMD256Vector = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 001b69b7d..8ffd3317a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -9,6 +9,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +noeq + type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 } val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 1c3509bd1..9e5b6c067 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -9,8 +9,9 @@ mod sampling; mod serialize; #[derive(Clone, Copy)] +#[hax_lib::fstar::before(interface,"noeq")] #[hax_lib::fstar::after(interface,"val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16)")] -#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.elements")] +#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] pub struct SIMD256Vector { elements: Vec256, } From 1628ec481c05d59f6d3686a37eac4bfe41bf1612 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 26 Aug 2024 16:02:02 +0000 Subject: [PATCH 142/348] Make avx2 arithmetic.rs compress.rs ntt.rs panic-free --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 5 +---- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 1 + libcrux-ml-kem/src/vector/avx2/compress.rs | 3 +++ libcrux-ml-kem/src/vector/avx2/ntt.rs | 6 ++++++ 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 4bf8bc5e5..90a48adbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -8,12 +8,9 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Portable.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 701d1d49a..272d5d387 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,6 +3,7 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { diff --git a/libcrux-ml-kem/src/vector/avx2/compress.rs b/libcrux-ml-kem/src/vector/avx2/compress.rs index fc5464957..9d02e9730 100644 --- a/libcrux-ml-kem/src/vector/avx2/compress.rs +++ b/libcrux-ml-kem/src/vector/avx2/compress.rs @@ -38,6 +38,8 @@ pub(crate) fn compress_message_coefficient(vector: Vec256) -> Vec256 { } #[inline(always)] +#[hax_lib::requires(fstar!("v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype /\\ + range (v (1l <( vector: Vec256, ) -> Vec256 { @@ -103,6 +105,7 @@ pub(crate) fn compress_ciphertext_coefficient( } #[inline(always)] +#[hax_lib::requires(fstar!("v $COEFFICIENT_BITS >= 0 /\\ v $COEFFICIENT_BITS < bits i32_inttype"))] pub(crate) fn decompress_ciphertext_coefficient( vector: Vec256, ) -> Vec256 { diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs index b571b0ee7..c51c4d5b5 100644 --- a/libcrux-ml-kem/src/vector/avx2/ntt.rs +++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs @@ -1,6 +1,10 @@ use super::*; #[inline(always)] +#[hax_lib::requires(fstar!("range (v #i16_inttype zero - v $zeta3) i16_inttype /\\ + range (v #i16_inttype zero - v $zeta2) i16_inttype /\\ + range (v #i16_inttype zero - v $zeta1) i16_inttype /\\ + range (v #i16_inttype zero - v $zeta0) i16_inttype"))] pub(crate) fn ntt_layer_1_step( vector: Vec256, zeta0: i16, @@ -22,6 +26,8 @@ pub(crate) fn ntt_layer_1_step( } #[inline(always)] +#[hax_lib::requires(fstar!("range (v #i16_inttype zero - v $zeta1) i16_inttype /\\ + range (v #i16_inttype zero - v $zeta0) i16_inttype"))] pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 { let zetas = mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, From e326838bc14451475be53ad07cf992ce112214c3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Mon, 26 Aug 2024 18:57:19 +0200 Subject: [PATCH 143/348] wip --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 634 +++++++++--------- .../fstar-bitvec/Tactics.MachineInts.fst | 244 +++++++ fstar-helpers/fstar-bitvec/Tactics.Pow2.fst | 54 ++ fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 49 ++ fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 67 ++ 5 files changed, 731 insertions(+), 317 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Pow2.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Seq.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Utils.fst diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index 21d64c63d..8d86baa9a 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -6,189 +6,13 @@ open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable open FStar.Mul +open FStar.Option -let rw_seq_index_list #t (l: list t) i - : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) - = () - -// START TEMPLATE -let rw_u8_mk_int x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = mk_int_equiv_lemma #u8_inttype x -let rw_u8_v_int_to x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () -let rw_u8_int_to_v x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () -let rw_u8_v x: Lemma (v #u8_inttype x == UInt8.v x) = () -// END TEMPLATE - -// START GENERATED -let rw_i8_mk_int x: Lemma (mk_int #i8_inttype x == Int8.int_to_t x) = mk_int_equiv_lemma #i8_inttype x -let rw_i8_v_int_to x: Lemma (Int8.v (Int8.int_to_t x) == x) = () -let rw_i8_int_to_v x: Lemma (Int8.int_to_t (Int8.v x) == x) = () -let rw_i8_v x: Lemma (v #i8_inttype x == Int8.v x) = () -let rw_u16_mk_int x: Lemma (mk_int #u16_inttype x == UInt16.uint_to_t x) = mk_int_equiv_lemma #u16_inttype x -let rw_u16_v_int_to x: Lemma (UInt16.v (UInt16.uint_to_t x) == x) = () -let rw_u16_int_to_v x: Lemma (UInt16.uint_to_t (UInt16.v x) == x) = () -let rw_u16_v x: Lemma (v #u16_inttype x == UInt16.v x) = () -let rw_i16_mk_int x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = mk_int_equiv_lemma #i16_inttype x -let rw_i16_v_int_to x: Lemma (Int16.v (Int16.int_to_t x) == x) = () -let rw_i16_int_to_v x: Lemma (Int16.int_to_t (Int16.v x) == x) = () -let rw_i16_v x: Lemma (v #i16_inttype x == Int16.v x) = () -let rw_u32_mk_int x: Lemma (mk_int #u32_inttype x == UInt32.uint_to_t x) = mk_int_equiv_lemma #u32_inttype x -let rw_u32_v_int_to x: Lemma (UInt32.v (UInt32.uint_to_t x) == x) = () -let rw_u32_int_to_v x: Lemma (UInt32.uint_to_t (UInt32.v x) == x) = () -let rw_u32_v x: Lemma (v #u32_inttype x == UInt32.v x) = () -let rw_i32_mk_int x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = mk_int_equiv_lemma #i32_inttype x -let rw_i32_v_int_to x: Lemma (Int32.v (Int32.int_to_t x) == x) = () -let rw_i32_int_to_v x: Lemma (Int32.int_to_t (Int32.v x) == x) = () -let rw_i32_v x: Lemma (v #i32_inttype x == Int32.v x) = () -let rw_u64_mk_int x: Lemma (mk_int #u64_inttype x == UInt64.uint_to_t x) = mk_int_equiv_lemma #u64_inttype x -let rw_u64_v_int_to x: Lemma (UInt64.v (UInt64.uint_to_t x) == x) = () -let rw_u64_int_to_v x: Lemma (UInt64.uint_to_t (UInt64.v x) == x) = () -let rw_u64_v x: Lemma (v #u64_inttype x == UInt64.v x) = () -let rw_i64_mk_int x: Lemma (mk_int #i64_inttype x == Int64.int_to_t x) = mk_int_equiv_lemma #i64_inttype x -let rw_i64_v_int_to x: Lemma (Int64.v (Int64.int_to_t x) == x) = () -let rw_i64_int_to_v x: Lemma (Int64.int_to_t (Int64.v x) == x) = () -let rw_i64_v x: Lemma (v #i64_inttype x == Int64.v x) = () -let rw_integers_list0 = [ - `rw_u8_mk_int;`rw_u8_v_int_to;`rw_u8_int_to_v;`rw_u8_v - // ;`rw_i8_mk_int;`rw_i8_v_int_to;`rw_i8_int_to_v;`rw_i8_v;`rw_u16_mk_int;`rw_u16_v_int_to;`rw_u16_int_to_v;`rw_u16_v - ;`rw_i16_mk_int;`rw_i16_v_int_to;`rw_i16_int_to_v;`rw_i16_v - // ;`rw_u32_mk_int;`rw_u32_v_int_to;`rw_u32_int_to_v;`rw_u32_v;`rw_i32_mk_int;`rw_i32_v_int_to;`rw_i32_int_to_v;`rw_i32_v;`rw_u64_mk_int;`rw_u64_v_int_to;`rw_u64_int_to_v;`rw_u64_v;`rw_i64_mk_int;`rw_i64_v_int_to;`rw_i64_int_to_v;`rw_i64_v - ] -// END GENERATED - -let rw_generic_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) - : Lemma (v (mk_int #t x) == x) - = () -let rw_usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () -let rw_v_mk_int_usize x: Lemma (mk_int #usize_inttype (v #usize_inttype x) == x) = () +open Tactics.Utils +open Tactics.Pow2 -let rw_integers_list = L.append rw_integers_list0 [ - `rw_generic_v_mk_int; - `rw_usize_v_mk_int; - `rw_v_mk_int_usize; -] -let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) - = match x with - | Some x -> f x - | None -> None - -let expect_int_literal (t: term): Tac (option int) = - match inspect_unascribe t with - | Tv_Const (C_Int n) -> Some n - | _ -> None -let expect_fvar (t: term): Tac (option string) = - match t with - | Tv_UInst fv _ - | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) - | _ -> None -let expect_free_var (t: term) (fv: string): Tac (option unit) = - let?# fv' = expect_fvar t in - if fv = fv' then Some () else None -let expect_cur_formula_comp () = - match FStar.Tactics.V2.Logic.cur_formula () with - | Comp _ lhs _ -> Some lhs - | _ -> None -let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = - let (head, args) = collect_app t in - if L.length args = n - then Some (head, args) - else None - -exception DoRefl -let fast_l_to_r_integers (): Tac unit = - pointwise (fun () -> - try - match let?# t = expect_cur_formula_comp () in - let (f, args) = collect_app t in - let?# _ = if Cons? args then Some () else None in - let?# fv = expect_fvar f in - let fv = explode_qn fv in - if Cons? fv then - (match L.last fv with - | "v" | "mk_int" | "int_to_t" | "uint_to_t" - -> fold_left (fun k l () -> (fun () -> apply_lemma_rw l) `or_else` k) - trefl rw_integers_list () - | _ -> raise DoRefl - ) else raise DoRefl; - Some () - with None -> raise DoRefl | _ -> () - with | DoRefl -> trefl () - | e -> raise e - ) - -#push-options "--compat_pre_core 0" - -let expect_pow2_literal t: Tac (option int) - = let?# (f, [x, _]) = expect_app_n t 1 in - let?# () = expect_free_var f (`%pow2) in - expect_int_literal x - -/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal -let norm_pow2 (): Tac unit = - pointwise (fun () -> - let _ = let?# t = expect_cur_formula_comp () in - let?# n = expect_pow2_literal t in - debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); - Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in - trefl ()) - -let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) - = if n = 0 then None - else if n = 1 then Some 0 - else if n % 2 <> 0 then None - else match log2 (n / 2) with - | Some n -> Some (1 + n) - | None -> None - -let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () - -let rewrite_pow2_minus_one () = - pointwise (fun () -> - match let?# t = expect_cur_formula_comp () in - let?# n = expect_int_literal t in - if n >= 0 then - match log2 (n + 1) with - | Some e -> - let rw_lemma (): Lemma (n == pow2 e - 1) = () in - apply_lemma_rw (quote rw_lemma); - Some () - | _ -> None - else None - with None -> trefl () | _ -> () - ) - -let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) - by (norm_pow2 (); trefl ()) - -private -let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) - : Lemma ( FStar.List.Tot.index #a l i - == Pervasives.norm [iota; primops] (let hd::tl = l in - if i = 0 then hd else List.Tot.index tl (i - 1))) - = () - - -let rec repeatWhile (f: unit -> Tac bool): Tac unit - = if f () then repeatWhile f - -exception StopNormIndex -let norm_index (): Tac unit = - let _ = repeat (fun _ -> - lset "found" false; - pointwise (fun _ -> - (fun () -> - match let?# t = expect_cur_formula_comp () in - let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%FStar.List.Tot.index) in - let?# n = expect_int_literal index in - apply_lemma_rw (`unfold_index_lemma); - lset "found" true; - Some () - with | Some () -> () | _ -> raise DoRefl - ) `or_else` trefl); - if lget "found" then () else raise StopNormIndex) in () - -let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_index(); trefl ()) +let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) #push-options "--z3rlimit 40" let deserialize_10_int (bytes: t_Array u8 (sz 10)) = @@ -260,18 +84,13 @@ let compute'' (): Tac unit dump "A"; norm [ iota; zeta; reify_ ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] - // ; delta_only [ - // `%( +! ); `%( -! ); `%( *! ); `%( /! ); - // `%add; `%mul; `%div; `%sub - // ] ; primops; unmeta]; dump "B"; norm_pow2 (); dump "C"; - l_to_r [`rw_seq_index_list]; - fast_l_to_r_integers (); - dump "D"; - norm_index (); + Tactics.Seq.norm_list_index (); + norm_machine_int (); + Tactics.Seq.simplify_index_seq_of_list (); dump "E"; let goal0 = lget "goal" in @@ -280,46 +99,326 @@ let compute'' (): Tac unit lset "goal" goal1 ) in () -// (((cast (bytes.[ sz 2 ] <: u8) <: i16) &. 15s <: i16) <>! 2l <: i16) -// let _ = assert ((4s +! 5s) < Some contents + | _ -> None + in + let?# y = expect_pow2_minus_one_literal y in + Some () -// let ( << ) (#t:inttype) (a:int_t t) (b:nat {b >= 0 /\ b < bits t}) = -// let x:range_t t = (v a * pow2 b) @%. t in -// mk_int #t x +let simplify_via_mask () + = rewrite_pow2_minus_one (); + pointwise (fun _ -> + match _simplify_via_mask () with + | Some () -> () + | _ -> trefl () + ) -// let rw_shift_left_to_nat -// #t #u (x: int_t t) (y: int_t u {v y >= 0 /\ v y < bits t}) -// : Lemma ((x < () + +// let _ = op_Bar_Dot + +noeq type bit_expr = + | Term: term -> bit_expr + | Int: int -> bit_expr + | And: x:bit_expr -> y:bit_expr -> bit_expr + | Or: x:bit_expr -> y:bit_expr -> bit_expr + | Shl: x:bit_expr -> shift:int -> bit_expr + | Shr: x:bit_expr -> shift:int -> bit_expr + | Cast: x:bit_expr -> bit_expr + +let rec bit_expr_eq a b = + match (a, b) with + | Term a, Term b -> term_eq a b + | Int a, Int b -> a = b + | And xa ya, And xb yb + | Or xa ya, Or xb yb -> bit_expr_eq xa xb && bit_expr_eq ya yb + | Shl a sa, Shl b sb + | Shr a sa, Shr b sb -> bit_expr_eq a b && sa = sb + | Cast a, Cast b -> bit_expr_eq a b + | _ -> false + +let rec bit_expr_contains needle haystack = + let recurse = bit_expr_contains needle in + bit_expr_eq needle haystack + || ( match haystack with + | And l r | Or l r -> recurse l || recurse r + | Cast x | Shl x _ | Shr x _ -> recurse x + | _ -> false) + +let expect_machine_int_lit t: Tac _ = + let open Tactics.MachineInts in + let?# expr = term_to_machine_int_term t in + match expr with + | Op {op = MkInt; contents = Lit n} -> Some n + | _ -> None + +let rec term_to_bit_expr' t: Tac _ + = match expect_machine_int_lit t with + | Some n -> Int n + | _ -> match let?# (f, args) = collect_app_hd t in + let?# (x, y) = match args with + | [_; x,_; y,_] | [_; _; x,_; y,_] + | [_; _; _; x,_; y,_] -> Some (x, y) | _ -> None in + match f with + | `%logand | `%( &. ) + -> Some (And (term_to_bit_expr' x) (term_to_bit_expr' y)) + | `%logor | `%( |. ) + -> Some (Or (term_to_bit_expr' x) (term_to_bit_expr' y)) + | `%shift_left | `%( < let?# y = expect_machine_int_lit y in + Some (Shl (term_to_bit_expr' x) y) + | `%shift_right | `%( >>! ) + -> let?# y = expect_machine_int_lit y in + Some (Shr (term_to_bit_expr' x) y) + | `%cast -> Some (Cast (term_to_bit_expr' y)) + | _ -> None + with + | Some t -> t + | None -> Term t + +let term_to_bit_expr t: Tac (option (x: bit_expr {~(Term? x)})) + = match term_to_bit_expr' t with + | Term _ -> None + | t -> Some t + +let expect_get_bit_expr t: Tac _ + = let?# (expr, index) = expect_get_bit t in + let?# index = expect_machine_int_lit index in + let expr = term_to_bit_expr' expr in + Some (expr, index) + +let fail' msg = dump msg; fail msg + +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> + dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + +let op_Bar_GreaterThan (x: 'a) (f: 'a -> Tac 'b): Tac 'b = f x + +let get_bit_shl_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t /\ v i < v y) + (ensures get_bit (x <= 0 /\ v y < bits t /\ v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true)) + (ensures get_bit (x >>! y) i == 0) + = get_bit_shr x y i + +let get_bit_shl_one #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t /\ v i >= v y) + (ensures get_bit (x < expect "a goal ` == ` (rewrite_lhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in + tcut (`squash (`#lhs == `#uvar)) + +/// Proves that `get_bit .. ..` is zero +let rec solve_get_bit_zero (): Tac _ = + let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (solve_get_bit_zero)" in + print ("solve_get_bit_zero: " ^ term_to_string lhs); + let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in + let rhs' = expect_int_literal rhs |> expect ("RHS to be a int literal, got " ^ term_to_string rhs) in + let _ = match rhs' with | 0 -> () | _ -> fail "RHS should be zero" in + match lhs with + | Term _ -> fail ("LHS is an arbitrary term, I cannot prove it is " ^ string_of_int rhs') + | Int _ -> (compute (); trefl ()) + | Shl _ _ -> + apply_lemma (`get_bit_shl_zero); + (fun _ -> + norm_machine_int (); compute (); norm [simplify]; + trivial () )`or_else` (fun _ -> fail' "Shl: tried to prove it was zero") + | Shr _ _ -> + apply_lemma (`get_bit_shr_zero); + focus (fun _ -> + let _ = repeat split in + iterAll (fun _ -> + match expect_lhs_eq_rhs () with + | Some _ -> print "solve_get_bit_zero: recurse"; + solve_get_bit_zero () + | _ -> (fun _ -> norm_machine_int (); + compute (); + norm [simplify]; + trivial ()) `or_else` (fun _ -> fail' "Shr: tried to prove it was zero") + ) + ) + | Cast _ -> + (try + if rhs' = 0 then apply_lemma (`get_bit_cast_extend) else (); + compute (); norm [simplify]; + trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero") + with | _ -> ( + apply_lemma (`get_bit_cast); + compute (); norm [simplify]; + trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero [second path]") + )) + | And x y -> fail "And: unsupported" + | _ -> fail "unsupported" + + +let rw_get_bit_and_one_right (x y: int_t 't) i + : Lemma (requires get_bit x i == 1) + (ensures get_bit (y &. x) i == get_bit y i) + = get_bit_and x y i + +let _solve_get_bit_equality lhs i rhs j: Tac _ = + match lhs with + | Term x -> trefl `or_else` (fun _ -> fail' "solve_get_bit_equality: expected terms to be equal at this point") + | And x y -> + let _ = rewrite_lhs () in + flip (); + apply_lemma_rw (`rw_get_bit_and_one_right); + fail "xxx"; + () + | Or x y -> + print ("We are looking at `x |. y`"); + print ("x=" ^ term_to_string (quote x)); + print ("y=" ^ term_to_string (quote y)); + print ("RHS=" ^ term_to_string (quote rhs)); + (match bit_expr_contains rhs x, bit_expr_contains rhs y with + | false, false -> + fail' "RHS was expected to be on the LHS or RHS of the logor!" + | true, true -> fail' "RHS was expected to be on the LHS or RHS of the logor, not both!" + | true, false -> + let rw = rewrite_lhs () in + flip (); + apply_lemma_rw (norm_term [] (`rw_get_bit_or_right)); + print "solve_get_bit_equality: LEFT"; + solve_get_bit_zero () + | false, true -> + let rw = rewrite_lhs () in + flip (); + print "solve_get_bit_equality: RIGHT"; + apply_lemma_rw (norm_term [] (`rw_get_bit_or_left)); + solve_get_bit_zero () + ) + | _ -> fail' "xxxpppppp" + +let solve_get_bit_equality (): Tac _ = + let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == `" in + print ("solve_get_bit_equality: (" ^ term_to_string lhs ^ ") == (" ^ term_to_string rhs ^ ")"); + let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in + let (rhs, j) = expect_get_bit_expr rhs |> expect "RHS to be `get_bit .. ..`" in + if bit_expr_contains rhs lhs |> not + then fail "was expected the bit expression on RHS to be included in the one of LHS"; + _solve_get_bit_equality lhs i rhs j; + () -// let _ = get_bit ( -// ( cast bytes.[ sz 3 ] &. 63s) <>! 4l -// ) (sz 3) == 0 +#push-options "--compat_pre_core 0" +let asdsd (bytes: t_Array u8 (sz 10)) + = let cast: u8 -> i16 = cast in + assert ( + get_bit ( + ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l + ) (sz 5) + == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) + ) by ( + Tactics.MachineInts.(transform norm_generic_machine_int_term); + solve_get_bit_equality (); + // dump "XXXX"; + // simplify_via_mask (); + // fail "-------"; + // pointwise' (fun _ -> + // let _ = let?# (t, _) = expect_lhs_eq_uvar () in + + // let?# (f, _) = expect_app_n t 3 in + // let?# () = expect_free_var f (`%get_bit) in + // // norm [ iota; zeta; reify_ + // // ; primops; unmeta]; + // dump' "xxxxx"; + // // apply_lemma_rw (`(rw_rhs_bit_or_no_mask #Lib.IntTypes.U8 #Lib.IntTypes.S16 #Lib.IntTypes.S32 ((`@cast) (`@bytes).[ sz 3 ] &. 63s <: i16))); + // // invert (); + // Some () + // in + // trefl () + // // let _ = repeat clear_top in + // // dump "X"; + // // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; + // // let _ = repeat clear_top in + // // dump "Y" + // ); + fail "done" + ) + + + +let fff bytes x: unit = + assert ( + get_bit (Seq.index (deserialize_10_int' bytes) 0) (sz 3) + == get_bit (Seq.index bytes 0) (sz 3) + ) by ( + compute'' (); + smt_sync (); + // l_to_r [`rewrite_to_zero]; + // compute'' (); + // apply_lemma_rw + // l_to_r [`rw_rhs_bit_or_no_mask]; + fail "DONE"; + focus (tadmit) + ); + () + -// let _ = -// get_bit ( ((cast bytes.[ sz 1 ] &. 3s ) < Lemma (a x == b x))) (x: t): Lemma (b x == a x) - = f x - -let r_to_l (lems:list term) : Tac unit = - let first_or_trefl () : Tac unit = - fold_left (fun k l () -> - (fun () -> apply_lemma_rw (`(invert (`#l)))) - `or_else` k) - trefl lems () in - pointwise first_or_trefl - -let make_integers_generic () = - pointwise (fun _ -> - dump "X"; - match let?# t = expect_cur_formula_comp () in - let?# n = expect_int_literal t in - // let is_int = - // try let x = tc (top_env ()) (`(3 + (`#t))) in - // print ("tc -> -> " ^ term_to_string x); - // true - // with | _ -> false - // in - let ty = tc (cur_env ()) t in - let ty = norm_term [iota; zeta; reify_; delta; primops; unmeta] ty in - let ty = inspect_unascribe ty in - let is_int = term_eq ty (`int) || term_eq ty (`nat) in - fail ("unify=" ^ string_of_bool is_int); - None - // fail ("ty=" ^ term_to_string ty); - // if unify ty `int - // then - // unify - // match?# expect_fvar ty with - // | "Prims.int" -> None - // | _ -> Some n - with - | Some n -> - let n = n + 1 in - trefl () - // fail (string_of_int n) - | _ -> trefl () - ) - - -// let _ = FStar.Int16.__int_to_t -let _ = fun x -> assert (2s == x) - by ( - norm [iota; primops]; make_integers_generic (); fail "x") - -#push-options "--compat_pre_core 0" -let asdsd (bytes: t_Array u8 (sz 10)) - = let cast: u8 -> i16 = cast in - assert ( - get_bit ((cast bytes.[ sz 3 ] &. 63s <: i16) <>! 4l) (sz 3) == 0 - ) by ( - r_to_l rw_integers_list; - fail "x"; - // l_to_r [`resugar_integer]; - // apply_lemma_rw (`rw_rhs_bit_or_no_mask); - // compute (); - // apply_lemma_rw (`rw_rhs_bit_or_no_mask); - pointwise' (fun _ -> - // let _ = let?# t = expect_cur_formula_comp () in - // let?# (f, _) = expect_app_n t 3 in - // let?# () = expect_free_var f (`%get_bit) in - // apply_lemma_rw (`rw_rhs_bit_or_no_mask); - // invert (); - // Some (dump "heey") - // in - trefl () - // let _ = repeat clear_top in - // dump "X"; - // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; - // let _ = repeat clear_top in - // dump "Y" - ); - fail "x" - ) - -let fff bytes x: unit = - assert ( - get_bit (Seq.index (deserialize_10_int' bytes) 2) (sz 3) == 0 - ) by ( - compute'' (); - // l_to_r [`rewrite_to_zero]; - // compute'' (); - // apply_lemma_rw - // l_to_r [`rw_rhs_bit_or_no_mask]; - fail "DONE"; - focus (tadmit) - ); - () - diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst new file mode 100644 index 000000000..8306cbf99 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst @@ -0,0 +1,244 @@ +module Tactics.MachineInts + +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Option + +open Tactics.Utils +module RI = Rust_primitives.Integers + +/// The size of a machine int. +type size = + | PtrSize + | Size of n:nat {match n with | 8 | 16 | 32 | 64 | 128 -> true | _ -> false} +type signedness = | Signed | Unsigned + +type machine_int_op = | MkInt | V + +noeq type machine_int_term = + | Op { op: machine_int_op; native: bool; size: size; signedness: signedness; contents: machine_int_term } + | Lit of int + | Term of term + +let x = `%FStar.UInt8.uint_to_t + +/// Expect `n` to be a definition in a machine int namespace +let expect_native_machine_int_ns (n: string): (option (signedness & size & string)) + = match explode_qn n with + | "FStar"::int_module::[def_name] -> + let? (sign, size) = match int_module with + | "Int8" -> Some (Signed, Size 8) + | "Int16" -> Some (Signed, Size 16) + | "Int32" -> Some (Signed, Size 32) + | "Int64" -> Some (Signed, Size 64) + | "Int128" -> Some (Signed, Size 128) + | "UInt8" -> Some (Unsigned, Size 8) + | "UInt16" -> Some (Unsigned, Size 16) + | "UInt32" -> Some (Unsigned, Size 32) + | "UInt64" -> Some (Unsigned, Size 64) + | "UInt18" -> Some (Unsigned, Size 128) + | _ -> None + in Some (sign, size, def_name) + | _ -> None + +let mk_native_machine_int_ns (sign: signedness) (size: size): option (list string) + = let sign = match sign with | Signed -> "" | Unsigned -> "U" in + let? size = match size with | PtrSize -> None | Size n -> Some (string_of_int n) in + Some ["FStar"; sign ^ "Int" ^ size] + +let expect_inttype t: Tac (option (signedness & size)) + = let t = norm_term [iota; reify_; delta_namespace ["Rust_primitives.Integers"; "Lib.IntTypes"]; primops; unmeta] t in + let?# t = expect_fvar t in + match t with + | `%RI.i8_inttype | `%Lib.IntTypes.S8 -> Some ( Signed, Size 8) + | `%RI.i16_inttype | `%Lib.IntTypes.S16 -> Some ( Signed, Size 16) + | `%RI.i32_inttype | `%Lib.IntTypes.S32 -> Some ( Signed, Size 32) + | `%RI.i64_inttype | `%Lib.IntTypes.S64 -> Some ( Signed, Size 64) + | `%RI.i128_inttype | `%Lib.IntTypes.S128 -> Some ( Signed, Size 128) + | `%RI.u8_inttype | `%Lib.IntTypes.U8 -> Some (Unsigned, Size 8) + | `%RI.u16_inttype | `%Lib.IntTypes.U16 -> Some (Unsigned, Size 16) + | `%RI.u32_inttype | `%Lib.IntTypes.U32 -> Some (Unsigned, Size 32) + | `%RI.u64_inttype | `%Lib.IntTypes.U64 -> Some (Unsigned, Size 64) + | `%RI.u128_inttype | `%Lib.IntTypes.U128 -> Some (Unsigned, Size 128) + | `%RI.isize_inttype -> Some (Signed, PtrSize) + | `%RI.usize_inttype -> Some (Unsigned, PtrSize) + | _ -> None + +let mk_inttype_name (sign: signedness) (size: size): name = + let sign = match sign with | Signed -> "i" | Unsigned -> "u" in + let size = match size with | PtrSize -> "size" | Size n -> string_of_int n in + ["Rust_primitives"; "Integers"; sign ^ size ^ "_inttype"] + +let mk_inttype (sign: signedness) (size: size): Tac term = + pack (Tv_FVar (pack_fv (mk_inttype_name sign size))) + +let rec term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = + let t = norm_term [delta_only [(`%RI.sz); (`%RI.isz)]] t in + match t with + | Tv_Const (C_Int n) -> Some (Lit n) + | _ -> + let?# (hd, args) = collect_app_hd t in + match expect_native_machine_int_ns hd, args with + | (Some (signedness, size, def_name), [arg, _]) -> begin + let native = true in + let contents = term_to_machine_int_term' arg in + let?# op = match def_name with + | "__uint_to_t" | "__int_to_t" | "uint_to_t" | "int_to_t" -> Some MkInt + | "v" -> Some V | _ -> None in + Some (Op {op; native; size; signedness; contents}) + end + | (None, [inttype, _; contents, _]) -> begin + let?# (signedness, size) = expect_inttype inttype in + let contents = term_to_machine_int_term' contents in + let?# op = match hd with | `%RI.mk_int -> Some MkInt + | `%RI.v -> Some V + | _ -> None in + Some (Op {op; native = false; size; signedness; contents}) + end + | _ -> None + +and term_to_machine_int_term' (t: term): Tac machine_int_term = + match term_to_machine_int_term'' t with | Some t -> t | None -> Term t + +let term_to_machine_int_term (t: term): Tac (option (t: machine_int_term {~(Term? t)})) + = match term_to_machine_int_term' t with + | Term _ -> None | t -> Some t + +let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = + match t with + | Term t -> Some t + | Op {native = false; op; size; signedness; contents} -> + let inttype = mk_inttype signedness size in + let?# contents = machine_int_term_to_term contents in + let op = match op with | V -> `RI.v + | MkInt -> `RI.mk_int in + Some (`((`#op) #(`#inttype) (`#contents))) + | Op {native = true; op; size; signedness; contents} -> + let?# ns = mk_native_machine_int_ns signedness size in + let f = FStar.List.Tot.append ns [ + match op with + | MkInt -> (match signedness with | Signed -> "" | Unsigned -> "u") ^ "int_to_t" + | V -> "v" + ] in + let f = pack (Tv_FVar (pack_fv f)) in + let?# contents = machine_int_term_to_term contents in + Some (mk_e_app f [contents]) + | Lit n -> Some (pack (Tv_Const (C_Int n))) + +type operation = machine_int_term -> option machine_int_term + +/// Removes `mk_int (v ...)` or `v (mk_int ...)` when it's the same type +let rec flatten_machine_int_term: operation = function + | Op x -> begin match x.contents with + | Op y -> if x.op <> y.op && x.size = y.size && x.signedness = y.signedness + then Some (match flatten_machine_int_term y.contents with + | Some result -> result + | None -> y.contents) + else let? y = flatten_machine_int_term (Op y) in + Some (Op {x with contents = y}) + | _ -> None + end + | _ -> None + +let rec change_native_machine_int_term (native: bool): operation = function + | Op x -> let contents = change_native_machine_int_term native x.contents in + if x.native = native + then None + else Some (Op { x with native + ; contents = match contents with + | Some contents -> contents + | None -> x.contents}) + | _ -> None + +let combine: operation -> operation -> operation = + fun f g t -> match f t with + | Some t -> (match g t with | Some t -> Some t | None -> Some t) + | None -> g t + +/// We call `x` a normal machine integer if `x` has no `mk_int (v +/// ...)` or `v (mk_int ...)` sequence and if all `mk_int` and `v` are +/// native (aka `FStar.[U]Int*.*`, not +/// `Rust_primitives.Integer.*`). Note `usize` is an exception, +/// `mk_int` and `v` alone one usizes (and isizes) cannot be reduced +/// further. +let norm_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term true) + +/// We call `x` a normal generic machine integer if `x` has no +/// `FStar.[U]Int*.[u]int_to_t/v`, and no `mk_int (v ...)` or `v +/// (mk_int ...)`. +let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) + +let rw_v_mk_int_usize x + : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () +let rw_mk_int_v_usize x + : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () + +/// Unfolds `mk_int` using `mk_int_equiv_lemma` +let norm_mk_int () = + let?# (lhs, _) = expect_lhs_eq_uvar () in + let lhs' = term_to_machine_int_term lhs in + match?# lhs' with + | Op {op = MkInt; native = false; size; signedness; contents} -> + let inttype = mk_inttype signedness size in + let lemma = `(RI.mk_int_equiv_lemma #(`#inttype)) in + let lemma = norm_term [primops; iota; delta; zeta] lemma in + focus (fun _ -> + apply_lemma_rw lemma + // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")) + ); + Some () + | _ -> None + +/// Rewrites `goal_lhs` into `machine_int`. This function expects the +/// goal to be of the shape ` == (?...)`, where `` +/// is a machine int. Do not call this function directly. +let _rewrite_to (goal_lhs: term) (eq_type: typ) (machine_int: machine_int_term): Tac (option unit) + = let?# t_term = machine_int_term_to_term machine_int in + Some (focus (fun _ -> + let rw = tcut (`squash (eq2 #(`#eq_type) (`#goal_lhs) (`#t_term))) in + // This tcut will generate simple verification conditions, we + // discharge them right away + // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")); + flip (); + pointwise' (fun () -> match norm_mk_int () with + | Some _ -> () + | None -> // special case for usize + (fun () -> (fun () -> apply_lemma_rw (`rw_v_mk_int_usize)) + `or_else` (fun () -> apply_lemma_rw (`rw_mk_int_v_usize))) + `or_else` trefl + ); + compute (); + trefl (); + apply_lemma_rw rw + )) + +let transform (f: machine_int_term -> option machine_int_term): Tac unit + = pointwise' (fun _ -> + match revert_if_none (fun _ -> + let?# (lhs, eq_type) = expect_lhs_eq_uvar () in + let?# machine_int = term_to_machine_int_term lhs in + let?# machine_int' = f machine_int in + let?# _ = _rewrite_to lhs eq_type machine_int' in + Some () + ) + with + | None -> trefl () + | _ -> () + ) + +open Rust_primitives.Integers +let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) + by (transform norm_machine_int_term; trefl ()) +let _ = assert (mk_int #u8_inttype 3 == 3uy) + by (transform norm_machine_int_term; trefl ()) +let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) + by (transform norm_machine_int_term) +let _ = assert (v (mk_int #usize_inttype 3) == 3) + by (transform norm_machine_int_term; trefl ()) +let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) + by (transform norm_machine_int_term; trefl ()) +let _ = assert (mk_int #u8_inttype 3 == 3uy) + by (transform norm_generic_machine_int_term; trefl ()) +let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) + by (transform norm_generic_machine_int_term; trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst new file mode 100644 index 000000000..0bd0c5918 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst @@ -0,0 +1,54 @@ +module Tactics.Pow2 + +open Core +open Tactics.Utils +open FStar.Tactics.V2 + +let expect_pow2_literal t: Tac (option int) + = let?# (f, [x, _]) = expect_app_n t 1 in + let?# () = expect_free_var f (`%pow2) in + expect_int_literal x + +let expect_pow2_minus_one_literal t: Tac (option int) + = let?# (f, [x, _; y, _]) = expect_app_n t 2 in + let?# () = expect_free_var f (`%op_Subtraction) in + let?# y = expect_int_literal y in + let?? () = y = 1 in + expect_pow2_literal x + +/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal +let norm_pow2 (): Tac unit = + pointwise (fun () -> + let _ = let?# (t, _) = expect_lhs_eq_uvar () in + let?# n = expect_pow2_literal t in + debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); + Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in + trefl ()) + +let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) + = if n = 0 then None + else if n = 1 then Some 0 + else if n % 2 <> 0 then None + else match log2 (n / 2) with + | Some n -> Some (1 + n) + | None -> None + +let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () + +let rewrite_pow2_minus_one () = + pointwise (fun () -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# n = expect_int_literal t in + if n >= 0 then + match log2 (n + 1) with + | Some e -> + let rw_lemma (): Lemma (n == pow2 e - 1) = () in + apply_lemma_rw (quote rw_lemma); + Some () + | _ -> None + else None + with None -> trefl () | _ -> () + ) + +let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) + by (norm_pow2 (); trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst new file mode 100644 index 000000000..36468f63d --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -0,0 +1,49 @@ +module Tactics.Seq + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Tactics.Utils +open Tactics.Pow2 + +let rw_seq_index_list #t (l: list t) i + : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) + = () + +private let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) + : Lemma ( FStar.List.Tot.index #a l i + == Pervasives.norm [iota; primops] (let hd::tl = l in + if i = 0 then hd else List.Tot.index tl (i - 1))) + = () + +private exception DoRefl +private exception StopNormIndex +let norm_list_index (): Tac unit = + let _ = repeat (fun _ -> + lset "found" false; + pointwise (fun _ -> + (fun () -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`unfold_index_lemma); + lset "found" true; + Some () + with | Some () -> () | _ -> raise DoRefl + ) `or_else` trefl); + if lget "found" then () else raise StopNormIndex) in () + +let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_list_index(); trefl ()) + +let simplify_index_seq_of_list () = l_to_r [`rw_seq_index_list] + +let norm_index (): Tac unit + = norm_list_index (); + simplify_index_seq_of_list () + diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst new file mode 100644 index 000000000..9cb52203c --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -0,0 +1,67 @@ +module Tactics.Utils + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + + +let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) + = match x with + | Some x -> f x + | None -> None + +let ( let?? ) (x: bool) (f: unit -> Tac (option 'a)): Tac (option 'a) + = if x then f () else None + +let expect_int_literal (t: term): Tac (option int) = + match inspect_unascribe t with + | Tv_Const (C_Int n) -> Some n + | _ -> None + +let expect_fvar (t: term): Tac (option string) = + match t with + | Tv_UInst fv _ + | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) + | _ -> None + +let expect_free_var (t: term) (fv: string): Tac (option unit) = + let?# fv' = expect_fvar t in + if fv = fv' then Some () else None + +let expect_lhs_eq_rhs () = + match FStar.Tactics.V2.Logic.cur_formula () with + | Comp (Eq typ) lhs rhs -> + let typ = match typ with | None -> `_ | Some typ -> typ in + Some (lhs, rhs, typ) + | _ -> None + +let expect_lhs_eq_uvar () = + match expect_lhs_eq_rhs () with + | Some (lhs, rhs, typ) -> + ( match rhs with | Tv_Uvar _ _ -> Some (lhs, typ) | _ -> None ) + | _ -> None + +let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = + let (head, args) = collect_app t in + if L.length args = n + then Some (head, args) + else None + +private exception ForceRevert +let revert_if_none (f: unit -> Tac (option 'a)): Tac (option 'a) + = try match f () with Some x -> Some x + | None -> raise ForceRevert + with | ForceRevert -> None | e -> raise e + +/// Collects an application whose head is a free variable +let collect_app_hd t: Tac (option (string & list argv)) + = let (hd, args) = collect_app t in + let?# fv = expect_fvar hd in + Some (fv, args) + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f From 2212e8c63d9249c203f1a34e6c72a9a5a757dca1 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 18:22:09 -0400 Subject: [PATCH 144/348] more specs --- Cargo.lock | 135 +++++----- fstar-helpers/Makefile.template | 2 +- .../Libcrux_ml_kem.Constant_time_ops.fst | 34 +-- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 34 +-- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 165 +++++------- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 81 +++--- .../extraction/Libcrux_ml_kem.Matrix.fst | 213 +++++---------- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 95 ++++--- .../extraction/Libcrux_ml_kem.Polynomial.fst | 117 ++++----- .../extraction/Libcrux_ml_kem.Sampling.fst | 126 ++++----- .../extraction/Libcrux_ml_kem.Serialize.fst | 244 +++++++----------- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 140 ++++------ ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 10 +- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 51 ++-- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 17 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 59 ++--- ...ux_ml_kem.Vector.Portable.Vector_type.fsti | 2 +- .../Libcrux_ml_kem.Vector.Traits.fst | 1 + .../Libcrux_ml_kem.Vector.Traits.fsti | 13 +- .../src/vector/portable/arithmetic.rs | 6 +- .../src/vector/portable/vector_type.rs | 1 + libcrux-ml-kem/src/vector/traits.rs | 7 +- 22 files changed, 622 insertions(+), 931 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4261c3c1c..aab24163c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.72", + "syn 2.0.76", "which", ] @@ -191,12 +191,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.8" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "504bdec147f2cc13c8b57ed9401fd8a147cc66b67ad5cb241394244f2c947549" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -289,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.13" +version = "4.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc" +checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" dependencies = [ "clap_builder", "clap_derive", @@ -299,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.13" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" dependencies = [ "anstream", "anstyle", @@ -318,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] @@ -362,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.12" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53fe5e26ff1b7aef8bca9c6080520cfb8d9333c7568e1829cef191a9723e5504" +checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" dependencies = [ "libc", ] @@ -482,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] @@ -701,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,20 +712,20 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#096f0eb5c5eeefd65ad48e37b824bf6f4661c843" +source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", @@ -741,9 +742,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.9" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" [[package]] name = "hex" @@ -798,9 +799,9 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ "hermit-abi", "libc", @@ -848,9 +849,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" +checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a" dependencies = [ "wasm-bindgen", ] @@ -888,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libcrux" @@ -1109,6 +1110,16 @@ version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" +[[package]] +name = "minicov" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c71e683cd655513b99affab7d317deb690528255a0d5f717f1024093c12b169" +dependencies = [ + "cc", + "walkdir", +] + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -1194,7 +1205,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] @@ -1356,12 +1367,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.20" +version = "0.2.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] @@ -1430,9 +1441,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1612,29 +1623,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.205" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.205" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] name = "serde_json" -version = "1.0.122" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", @@ -1726,9 +1737,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.72" +version = "2.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af" +checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" dependencies = [ "proc-macro2", "quote", @@ -1827,34 +1838,35 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] name = "wasm-bindgen" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" +checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5" dependencies = [ "cfg-if", + "once_cell", "wasm-bindgen-macro", ] [[package]] name = "wasm-bindgen-backend" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" +checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b" dependencies = [ "bumpalo", "log", "once_cell", "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-futures" -version = "0.4.42" +version = "0.4.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76bc14366121efc8dbb487ab05bcc9d346b3b5ec0eaa76e46594cabbe51762c0" +checksum = "61e9300f63a621e96ed275155c108eb6f843b6a26d053f122ab69724559dc8ed" dependencies = [ "cfg-if", "js-sys", @@ -1864,9 +1876,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" +checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -1874,31 +1886,32 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" +checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", "wasm-bindgen-backend", "wasm-bindgen-shared", ] [[package]] name = "wasm-bindgen-shared" -version = "0.2.92" +version = "0.2.93" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" +checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484" [[package]] name = "wasm-bindgen-test" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9bf62a58e0780af3e852044583deee40983e5886da43a271dd772379987667b" +checksum = "68497a05fb21143a08a7d24fc81763384a3072ee43c44e86aad1744d6adef9d9" dependencies = [ "console_error_panic_hook", "js-sys", + "minicov", "scoped-tls", "wasm-bindgen", "wasm-bindgen-futures", @@ -1907,20 +1920,20 @@ dependencies = [ [[package]] name = "wasm-bindgen-test-macro" -version = "0.3.42" +version = "0.3.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7f89739351a2e03cb94beb799d47fb2cac01759b40ec441f7de39b00cbf7ef0" +checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] name = "web-sys" -version = "0.3.69" +version = "0.3.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" +checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0" dependencies = [ "js-sys", "wasm-bindgen", @@ -2071,7 +2084,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] [[package]] @@ -2091,5 +2104,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.72", + "syn 2.0.76", ] diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template index 314101ac6..c42cc6480 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.template @@ -150,7 +150,7 @@ FINDLIBS.sh: include-dirs: $(Q)bash -c '${FINDLIBS}' -FSTAR_FLAGS = \ +FSTAR_FLAGS = --query_stats \ --warn_error -321-331-241-274-239-271 \ --cache_checked_modules --cache_dir $(CACHE_DIR) \ --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 92f263cc6..018593ecd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -16,17 +16,12 @@ let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) let compare (lhs rhs: t_Slice u8) = let (r: u8):u8 = 0uy in let r:u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Core.Slice.impl__len #u8 lhs <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #u8 lhs <: usize) + (fun r temp_1_ -> + let r:u8 = r in + let _:usize = temp_1_ in + true) r (fun r i -> let r:u8 = r in @@ -42,17 +37,12 @@ let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE + (fun out temp_1_ -> + let out:t_Array u8 (sz 32) = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_Array u8 (sz 32) = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index f1cbcbd50..f81e0bc75 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -229,14 +229,15 @@ let generate_keypair_unpacked t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A i -> let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) @@ -244,14 +245,15 @@ let generate_keypair_unpacked v_A in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A temp_1_ -> + let v_A:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A + in + let _:usize = temp_1_ in + true) v_A (fun v_A j -> let v_A:t_Array diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 0a72cdac9..459755197 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -33,14 +33,12 @@ let sample_ring_element_cbd in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -68,14 +66,14 @@ let sample_ring_element_cbd prf_inputs in let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun error_1_ temp_1_ -> + let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + error_1_ + in + let _:usize = temp_1_ in + true) error_1_ (fun error_1_ i -> let error_1_:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -119,14 +117,12 @@ let sample_vector_cbd_then_ntt in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (domain_separator, prf_inputs <: (u8 & t_Array (t_Array u8 (sz 33)) v_K)) (fun temp_0_ i -> let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = temp_0_ in @@ -154,14 +150,14 @@ let sample_vector_cbd_then_ntt prf_inputs in let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun re_as_ntt temp_1_ -> + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + re_as_ntt + in + let _:usize = temp_1_ in + true) re_as_ntt (fun re_as_ntt i -> let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -201,28 +197,11 @@ let compress_then_serialize_u (out: t_Slice u8) = let out:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - input - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K - )) + Rust_primitives.Hax.Folds.fold_enumerated_slice input + (fun out temp_1_ -> + let out:t_Slice u8 = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Slice u8 = out in @@ -279,26 +258,20 @@ let deserialize_then_decompress_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - (ciphertext <: t_Slice u8) - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! - v_U_COMPRESSION_FACTOR - <: - usize) /! - sz 8 - <: - usize) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! + v_U_COMPRESSION_FACTOR + <: + usize) /! + sz 8 <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + usize) + (ciphertext <: t_Slice u8) + (fun u_as_ntt temp_1_ -> + let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + u_as_ntt + in + let _:usize = temp_1_ in + true) u_as_ntt (fun u_as_ntt temp_1_ -> let u_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -345,20 +318,15 @@ let deserialize_secret_key Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - secret_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + secret_key + (fun secret_as_ntt temp_1_ -> + let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K + = + secret_as_ntt + in + let _:usize = temp_1_ in + true) secret_as_ntt (fun secret_as_ntt temp_1_ -> let secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K @@ -387,24 +355,11 @@ let serialize_secret_key = let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - key - <: - Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice key + (fun out temp_1_ -> + let out:t_Array u8 v_OUT_LEN = out in + let _:usize = temp_1_ in + true) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fe53b5ec3..c8c456676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -39,14 +39,14 @@ let invert_ntt_at_layer_1_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -100,14 +100,14 @@ let invert_ntt_at_layer_2_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -153,14 +153,14 @@ let invert_ntt_at_layer_3_ (v__layer: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -202,14 +202,14 @@ let invert_ntt_at_layer_4_plus = let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -223,17 +223,12 @@ let invert_ntt_at_layer_4_plus in let step_vec:usize = step /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 0dc329562..8c4fed099 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -31,30 +31,15 @@ let compute_As_plus_e Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (matrix_A - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -65,29 +50,16 @@ let compute_As_plus_e temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -144,14 +116,12 @@ let compute_ring_element_v Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -194,30 +164,15 @@ let compute_vector_u Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - (a_as_ntt - <: - t_Slice - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (a_as_ntt <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K))) + t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = @@ -228,29 +183,16 @@ let compute_vector_u temp_1_ in let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__iter #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement - v_Vector) - (row - <: - t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector))) + Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_Iter (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - )) + t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) + (fun result temp_1_ -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + result + in + let _:usize = temp_1_ in + true) result (fun result temp_1_ -> let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -317,14 +259,12 @@ let compute_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in @@ -377,14 +317,15 @@ let sample_matrix_A in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose i -> let v_A_transpose:t_Array @@ -394,14 +335,12 @@ let sample_matrix_A let i:usize = i in let seeds:t_Array (t_Array u8 (sz 34)) v_K = Rust_primitives.Hax.repeat seed v_K in let seeds:t_Array (t_Array u8 (sz 34)) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun seeds temp_1_ -> + let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in + let _:usize = temp_1_ in + true) seeds (fun seeds j -> let seeds:t_Array (t_Array u8 (sz 34)) v_K = seeds in @@ -433,28 +372,14 @@ let sample_matrix_A let sampled:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Libcrux_ml_kem.Sampling.sample_from_xof v_K #v_Vector #v_Hasher seeds in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Collect.f_into_iter #(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - #FStar.Tactics.Typeclasses.solve - sampled - <: - Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Array.Iter.t_IntoIter - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) + Rust_primitives.Hax.Folds.fold_enumerated_slice sampled + (fun v_A_transpose temp_1_ -> + let v_A_transpose:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose + in + let _:usize = temp_1_ in + true) v_A_transpose (fun v_A_transpose temp_1_ -> let v_A_transpose:t_Array diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 3eae8cab8..46dfb217a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -36,14 +36,14 @@ let ntt_at_layer_1_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -97,14 +97,14 @@ let ntt_at_layer_2_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -150,14 +150,14 @@ let ntt_at_layer_3_ (v__layer v__initial_coefficient_bound: usize) = let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -205,14 +205,14 @@ let ntt_at_layer_4_plus in let step:usize = sz 1 <>! layer <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 128 >>! layer <: usize) + (fun temp_0_ temp_1_ -> + let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = + temp_0_ + in + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -224,17 +224,12 @@ let ntt_at_layer_4_plus let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = offset_vec; - Core.Ops.Range.f_end = offset_vec +! step_vec <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range offset_vec + (offset_vec +! step_vec <: usize) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -289,14 +284,12 @@ let ntt_at_layer_7_ = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = step } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + step + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 9c6f28d5d..3cb84c2ef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -37,14 +37,12 @@ let impl__add_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -89,14 +87,12 @@ let impl__add_message_error_reduce (self message result: t_PolynomialRingElement v_Vector) = let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -147,14 +143,12 @@ let impl__add_standard_error_reduce (self error: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self j -> let self:t_PolynomialRingElement v_Vector = self in @@ -198,19 +192,12 @@ let impl__add_to_ring_element (self rhs: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end - = - Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -245,14 +232,12 @@ let impl__from_i16_array = let result:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun result temp_1_ -> + let result:t_PolynomialRingElement v_Vector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_PolynomialRingElement v_Vector = result in @@ -292,14 +277,12 @@ let impl__ntt_multiply = let out:t_PolynomialRingElement v_Vector = impl__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun out temp_1_ -> + let out:t_PolynomialRingElement v_Vector = out in + let _:usize = temp_1_ in + true) out (fun out i -> let out:t_PolynomialRingElement v_Vector = out in @@ -348,14 +331,12 @@ let impl__poly_barrett_reduce (self: t_PolynomialRingElement v_Vector) = let self:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun self temp_1_ -> + let self:t_PolynomialRingElement v_Vector = self in + let _:usize = temp_1_ in + true) self (fun self i -> let self:t_PolynomialRingElement v_Vector = self in @@ -388,14 +369,12 @@ let impl__subtract_reduce (self b: t_PolynomialRingElement v_Vector) = let b:t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_VECTORS_IN_RING_ELEMENT } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_VECTORS_IN_RING_ELEMENT + (fun b temp_1_ -> + let b:t_PolynomialRingElement v_Vector = b in + let _:usize = temp_1_ in + true) b (fun b i -> let b:t_PolynomialRingElement v_Vector = b in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 90288b226..a52b29042 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -21,28 +21,29 @@ let sample_from_uniform_distribution_next (out: t_Array (t_Array i16 (sz 272)) v_K) = let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ i -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K) = temp_0_ in let i:usize = i in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_N /! sz 24 <: usize } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (v_N /! sz 24 <: usize) + (fun temp_0_ temp_1_ -> + let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & + t_Array usize v_K) = + temp_0_ + in + let _:usize = temp_1_ in + true) (out, sampled_coefficients <: (t_Array (t_Array i16 (sz 272)) v_K & t_Array usize v_K)) (fun temp_0_ r -> let out, sampled_coefficients:(t_Array (t_Array i16 (sz 272)) v_K & @@ -114,14 +115,12 @@ let sample_from_uniform_distribution_next in let done:bool = true in let done, sampled_coefficients:(bool & t_Array usize v_K) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_K } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + v_K + (fun temp_0_ temp_1_ -> + let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in + let _:usize = temp_1_ in + true) (done, sampled_coefficients <: (bool & t_Array usize v_K)) (fun temp_0_ i -> let done, sampled_coefficients:(bool & t_Array usize v_K) = temp_0_ in @@ -154,18 +153,12 @@ let sample_from_binomial_distribution_2_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 4) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -183,22 +176,13 @@ let sample_from_binomial_distribution_2_ let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in let coin_toss_outcomes:u32 = even_bits +! odd_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range u32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range u32) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = 0ul; - Core.Ops.Range.f_end = Core.Num.impl__u32__BITS - } - <: - Core.Ops.Range.t_Range u32) - (sz 4) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range u32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0ul + Core.Num.impl__u32__BITS + (sz 4) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:u32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -230,18 +214,12 @@ let sample_from_binomial_distribution_3_ = let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 randomness (sz 3) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) + randomness + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:usize = temp_1_ in + true) sampled_i16s (fun sampled_i16s temp_1_ -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in @@ -257,19 +235,13 @@ let sample_from_binomial_distribution_3_ let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Step_by.t_StepBy - (Core.Ops.Range.t_Range i32)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_step_by #(Core.Ops.Range.t_Range i32) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = 0l; Core.Ops.Range.f_end = 24l } - <: - Core.Ops.Range.t_Range i32) - (sz 6) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) - <: - Core.Iter.Adapters.Step_by.t_StepBy (Core.Ops.Range.t_Range i32)) + Rust_primitives.Hax.Folds.fold_range_step_by 0l + 24l + (sz 6) + (fun sampled_i16s temp_1_ -> + let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in + let _:i32 = temp_1_ in + true) sampled_i16s (fun sampled_i16s outcome_set -> let sampled_i16s:t_Array i16 (sz 256) = sampled_i16s in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index a3991d73c..4f1553136 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -19,17 +19,12 @@ let compress_then_serialize_10_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -83,17 +78,12 @@ let compress_then_serialize_11_ = let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 v_OUT_LEN = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in @@ -146,17 +136,12 @@ let compress_then_serialize_4_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -210,17 +195,12 @@ let compress_then_serialize_5_ (serialized: t_Slice u8) = let serialized:t_Slice u8 = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Slice u8 = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -274,14 +254,12 @@ let compress_then_serialize_message = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 32) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in @@ -377,18 +355,12 @@ let deserialize_then_decompress_10_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 20) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 20) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -431,18 +403,12 @@ let deserialize_then_decompress_11_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 22) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -485,18 +451,12 @@ let deserialize_then_decompress_4_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 8) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -539,18 +499,12 @@ let deserialize_then_decompress_5_ Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 10) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -605,14 +559,12 @@ let deserialize_then_decompress_message Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 16) + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re i -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -693,18 +645,12 @@ let deserialize_to_reduced_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -753,20 +699,15 @@ let deserialize_ring_elements_reduced Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 - public_key - Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + public_key + (fun deserialized_pk temp_1_ -> + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + deserialized_pk + in + let _:usize = temp_1_ in + true) deserialized_pk (fun deserialized_pk temp_1_ -> let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) @@ -795,18 +736,12 @@ let deserialize_to_uncompressed_ring_element Libcrux_ml_kem.Polynomial.impl__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Iter.Adapters.Enumerate.t_Enumerate - (Core.Slice.Iter.t_ChunksExact u8)) - #FStar.Tactics.Typeclasses.solve - (Core.Iter.Traits.Iterator.f_enumerate #(Core.Slice.Iter.t_ChunksExact u8) - #FStar.Tactics.Typeclasses.solve - (Core.Slice.impl__chunks_exact #u8 serialized (sz 24) - <: - Core.Slice.Iter.t_ChunksExact u8) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) - <: - Core.Iter.Adapters.Enumerate.t_Enumerate (Core.Slice.Iter.t_ChunksExact u8)) + Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) + serialized + (fun re temp_1_ -> + let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:usize = temp_1_ in + true) re (fun re temp_1_ -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in @@ -840,17 +775,12 @@ let serialize_uncompressed_ring_element = let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT + (fun serialized temp_1_ -> + let serialized:t_Array u8 (sz 384) = serialized in + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index dd9b7f578..39f5490b4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -11,9 +11,9 @@ let barrett_reduce_element (value: i16) = v_BARRETT_MULTIPLIER <: i32) +! - (v_BARRETT_R >>! 1l <: i32) + (Libcrux_ml_kem.Vector.Traits.v_BARRETT_R >>! 1l <: i32) in - let quotient:i16 = cast (t >>! v_BARRETT_SHIFT <: i32) <: i16 in + let quotient:i16 = cast (t >>! Libcrux_ml_kem.Vector.Traits.v_BARRETT_SHIFT <: i32) <: i16 in value -! (quotient *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) let montgomery_reduce_element (value: i32) = @@ -37,17 +37,12 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in @@ -75,17 +70,12 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -117,17 +107,12 @@ let bitwise_and_with_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -154,17 +139,12 @@ let bitwise_and_with_constant let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -211,17 +191,12 @@ let montgomery_multiply_by_constant (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -252,17 +227,12 @@ let montgomery_multiply_by_constant let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -289,17 +259,12 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -328,17 +293,12 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun lhs temp_1_ -> + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:usize = temp_1_ in + true) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index d0d6aa1e1..897836967 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -6,10 +6,6 @@ open FStar.Mul /// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ let v_BARRETT_MULTIPLIER: i32 = 20159l -let v_BARRETT_SHIFT: i32 = 26l - -let v_BARRETT_R: i32 = 1l <. - (Core.Ops.Arith.Neg.neg v_BARRETT_R <: i32) && - (Core.Convert.f_from #i32 #i16 #FStar.Tactics.Typeclasses.solve value <: i32) <. v_BARRETT_R - ) + (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_BARRETT_R <: i32) && + (Core.Convert.f_from #i32 #i16 #FStar.Tactics.Typeclasses.solve value <: i32) <. + Libcrux_ml_kem.Vector.Traits.v_BARRETT_R) (ensures fun result -> let result:i16 = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index fc5eed14e..4a470d7d1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -27,17 +27,12 @@ let compress (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -65,17 +60,12 @@ let compress let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in @@ -110,17 +100,12 @@ let decompress_ciphertext_coefficient (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun v temp_1_ -> + let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:usize = temp_1_ in + true) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index 400e0026d..aec49a64f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -6,17 +6,12 @@ open FStar.Mul let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = (Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + ((Core.Slice.impl__len #u8 a <: usize) /! sz 3 <: usize) + (fun temp_0_ temp_1_ -> + let result, sampled:(t_Slice i16 & usize) = temp_0_ in + let _:usize = temp_1_ in + true) (result, sampled <: (t_Slice i16 & usize)) (fun temp_0_ i -> let result, sampled:(t_Slice i16 & usize) = temp_0_ in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1c580dafd..9a88facf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -247,14 +247,12 @@ let serialize_5_int (v: t_Slice i16) = let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -272,14 +270,12 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector t_Array u8 (sz 2)) in let result:t_Array u8 (sz 2) = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + (sz 16) + (fun result temp_1_ -> + let result:t_Array u8 (sz 2) = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:t_Array u8 (sz 2) = result in @@ -755,14 +751,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 0) + (sz 8) + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -782,17 +776,12 @@ let deserialize_1_ (v: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Core.Iter.Traits.Iterator.f_fold (Core.Iter.Traits.Collect.f_into_iter #(Core.Ops.Range.t_Range - usize) - #FStar.Tactics.Typeclasses.solve - ({ - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - } - <: - Core.Ops.Range.t_Range usize) - <: - Core.Ops.Range.t_Range usize) + Rust_primitives.Hax.Folds.fold_range (sz 8) + Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR + (fun result temp_1_ -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + let _:usize = temp_1_ in + true) result (fun result i -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index 66df77004..78ca7e60d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -7,7 +7,7 @@ type t_PortableVector = { f_elements:t_Array i16 (sz 16) } val from_i16_array (array: t_Slice i16) : Prims.Pure t_PortableVector - Prims.l_True + (requires (Core.Slice.impl__len #i16 array <: usize) =. sz 16) (ensures fun result -> let result:t_PortableVector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index e52e5813d..be631a15d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -8,6 +8,7 @@ let decompress_1_ (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) (v: v_T) = + let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre (i1.f_ZERO ()) 0s) in f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve (f_sub #v_T diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 937c7e07f..d65b5afcd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -29,7 +29,12 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0{pred ==> f_repr result == array}; f_from_i16_array:x0: t_Slice i16 -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); - f_ZERO_pre:Prims.unit -> Type0; + f_ZERO_pre:x: Prims.unit + -> pred: + Type0 + { (let _:Prims.unit = x in + true) ==> + pred }; f_ZERO_post:x: Prims.unit -> result: v_Self -> pred: Type0 @@ -84,7 +89,7 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:v: v_Self -> pred: Type0{true ==> pred}; + f_barrett_reduce_pre:vector: v_Self -> pred: Type0{true ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); @@ -240,6 +245,10 @@ class t_VectorType (v_Self: Type0) = { let impl (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) : t_VectorType v_T = { _super_14104493667227926613 = FStar.Tactics.Typeclasses.solve } +let v_BARRETT_SHIFT: i32 = 26l + +let v_BARRETT_R: i32 = 1l < [i16; 16] { } #[inline(always)] +#[hax_lib::requires(array.len() == 16)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == $array"))] pub fn from_i16_array(array: &[i16]) -> PortableVector { PortableVector { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 757dd8b96..f3d8db51d 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -2,6 +2,8 @@ pub const MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = 1353; pub const FIELD_MODULUS: i16 = 3329; pub const FIELD_ELEMENTS_IN_VECTOR: usize = 16; pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1} mod MONTGOMERY_R +pub const BARRETT_SHIFT: i32 = 26; +pub const BARRETT_R: i32 = 1 << BARRETT_SHIFT; #[hax_lib::attributes] pub trait Repr: Copy + Clone { @@ -9,6 +11,7 @@ pub trait Repr: Copy + Clone { fn repr(x: Self) -> [i16; 16]; } + #[hax_lib::attributes] pub trait Operations: Copy + Clone + Repr { #[requires(true)] @@ -20,6 +23,7 @@ pub trait Operations: Copy + Clone + Repr { fn from_i16_array(array: &[i16]) -> Self; #[allow(non_snake_case)] + #[requires(true)] #[ensures(|result| fstar!("f_repr $result == Seq.create 16 0s"))] fn ZERO() -> Self; @@ -52,7 +56,7 @@ pub trait Operations: Copy + Clone + Repr { fn cond_subtract_3329(v: Self) -> Self; #[requires(true)] - fn barrett_reduce(v: Self) -> Self; + fn barrett_reduce(vector: Self) -> Self; #[requires(true)] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; @@ -134,6 +138,7 @@ pub fn to_unsigned_representative(a: T) -> T { } pub fn decompress_1(v: T) -> T { + hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre (i1.f_ZERO ()) 0s)"); // No idea why, but this helps F* typeclass inference T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) } From 1655f6e4ae692efe2d0dd0f518efd9d2d989e802 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 18:24:19 -0400 Subject: [PATCH 145/348] merged --- libcrux-intrinsics/src/avx2_extract.rs | 8 ++++---- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 6 +++++- .../Libcrux_ml_kem.Vector.Avx2.Compress.fsti | 10 ++++++++-- .../extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 14 ++++++++++++-- 4 files changed, 29 insertions(+), 9 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index c11639a64..4faee409b 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -3,13 +3,13 @@ #![allow(unused_variables, non_camel_case_types)] -#[derive(Clone,Copy)] +#[derive(Clone, Copy)] #[hax_lib::opaque_type] -#[hax_lib::fstar::after(interface,"val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] +#[hax_lib::fstar::after(interface, "val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] pub struct Vec256(u8); -#[derive(Copy,Clone)] -#[hax_lib::fstar::after(interface,"val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] +#[derive(Copy, Clone)] +#[hax_lib::fstar::after(interface, "val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] #[hax_lib::opaque_type] pub struct Vec128(u8); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 2c3910504..bc1cc89f0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -4,7 +4,11 @@ open Core open FStar.Mul let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti index 5556daaa2..4a83ff83f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti @@ -9,7 +9,11 @@ val mulhi_mm256_epi32 (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) val compress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + v v_COEFFICIENT_BITS >= 0 /\ v v_COEFFICIENT_BITS < bits i32_inttype /\ + range (v (1l < Prims.l_True) val compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -17,4 +21,6 @@ val compress_message_coefficient (vector: Libcrux_intrinsics.Avx2_extract.t_Vec2 val decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires v v_COEFFICIENT_BITS >= 0 /\ v v_COEFFICIENT_BITS < bits i32_inttype) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index 7ce8dfe2a..ee801e0f8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -19,10 +19,20 @@ val inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zet val ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + range (v #i16_inttype zero - v zeta3) i16_inttype /\ + range (v #i16_inttype zero - v zeta2) i16_inttype /\ + range (v #i16_inttype zero - v zeta1) i16_inttype /\ + range (v #i16_inttype zero - v zeta0) i16_inttype) + (fun _ -> Prims.l_True) val ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + range (v #i16_inttype zero - v zeta1) i16_inttype /\ + range (v #i16_inttype zero - v zeta0) i16_inttype) + (fun _ -> Prims.l_True) val ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) From dad7a3759b41a08512be6a120206defaa2715b5d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 26 Aug 2024 21:33:17 -0400 Subject: [PATCH 146/348] fstar --- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 20 ++--- .../Libcrux_ml_kem.Vector.Traits.fsti | 75 ++++++++++++++----- 2 files changed, 67 insertions(+), 28 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 33c894793..8579ddb8a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -4,11 +4,13 @@ open Core open FStar.Mul let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = - let field_modulus:u8 = + let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let potential_coefficients:u8 = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ input in - let compare_with_field_modulus:u8 = + let potential_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ input + in + let compare_with_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_cmpgt_epi16 field_modulus potential_coefficients in let good:t_Array u8 (sz 2) = @@ -21,13 +23,13 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = <: usize ] in - let lower_shuffles:u8 = + let lower_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (lower_shuffles <: t_Slice u8) in - let lower_coefficients:u8 = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 potential_coefficients in - let lower_coefficients:u8 = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients lower_shuffles in let output:t_Slice i16 = @@ -43,13 +45,13 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = <: usize ] in - let upper_shuffles:u8 = + let upper_shuffles:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (upper_shuffles <: t_Slice u8) in - let upper_coefficients:u8 = + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l potential_coefficients in - let upper_coefficients:u8 = + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients upper_shuffles in let output:t_Slice i16 = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 6f7a08406..d65b5afcd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -3,60 +3,93 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul +class t_Repr (v_Self: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; + [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; + f_repr_pre:x: v_Self -> pred: Type0{true ==> pred}; + f_repr_post:v_Self -> t_Array i16 (sz 16) -> Type0; + f_repr:x0: v_Self + -> Prims.Pure (t_Array i16 (sz 16)) (f_repr_pre x0) (fun result -> f_repr_post x0 result) +} + class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; + [@@@ FStar.Tactics.Typeclasses.no_method]_super_8706949974463268012:t_Repr v_Self; + f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; + f_to_i16_array_post:x: v_Self -> result: t_Array i16 (sz 16) + -> pred: Type0{pred ==> f_repr x == result}; + f_to_i16_array:x0: v_Self + -> Prims.Pure (t_Array i16 (sz 16)) + (f_to_i16_array_pre x0) + (fun result -> f_to_i16_array_post x0 result); + f_from_i16_array_pre:array: t_Slice i16 + -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; + f_from_i16_array_post:array: t_Slice i16 -> result: v_Self + -> pred: Type0{pred ==> f_repr result == array}; + f_from_i16_array:x0: t_Slice i16 + -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); f_ZERO_pre:x: Prims.unit -> pred: Type0 { (let _:Prims.unit = x in true) ==> pred }; - f_ZERO_post:Prims.unit -> v_Self -> Type0; + f_ZERO_post:x: Prims.unit -> result: v_Self + -> pred: + Type0 + { pred ==> + (let _:Prims.unit = x in + f_repr result == Seq.create 16 0s) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); - f_from_i16_array_pre:array: t_Slice i16 -> pred: Type0{true ==> pred}; - f_from_i16_array_post:t_Slice i16 -> v_Self -> Type0; - f_from_i16_array:x0: t_Slice i16 - -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); - f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; - f_to_i16_array_post:v_Self -> t_Array i16 (sz 16) -> Type0; - f_to_i16_array:x0: v_Self - -> Prims.Pure (t_Array i16 (sz 16)) - (f_to_i16_array_pre x0) - (fun result -> f_to_i16_array_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; - f_add_post:v_Self -> v_Self -> v_Self -> Type0; + f_add_post:lhs: v_Self -> rhs: v_Self -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( +. ) (f_repr lhs) (f_repr rhs)}; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); f_sub_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; - f_sub_post:v_Self -> v_Self -> v_Self -> Type0; + f_sub_post:lhs: v_Self -> rhs: v_Self -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( -. ) (f_repr lhs) (f_repr rhs)}; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); f_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; - f_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; + f_multiply_by_constant_post:v: v_Self -> c: i16 -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map_array (fun x -> x *. c) (f_repr v)}; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) (fun result -> f_multiply_by_constant_post x0 x1 result); f_bitwise_and_with_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; - f_bitwise_and_with_constant_post:v_Self -> i16 -> v_Self -> Type0; + f_bitwise_and_with_constant_post:v: v_Self -> c: i16 -> result: v_Self + -> pred: Type0{pred ==> f_repr result == Spec.Utils.map_array (fun x -> x &. c) (f_repr v)}; f_bitwise_and_with_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_bitwise_and_with_constant_pre x0 x1) (fun result -> f_bitwise_and_with_constant_post x0 x1 result); - f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self -> pred: Type0{true ==> pred}; - f_shift_right_post:v_SHIFT_BY: i32 -> v_Self -> v_Self -> Type0; + f_shift_right_pre:v_SHIFT_BY: i32 -> v: v_Self + -> pred: Type0{v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l ==> pred}; + f_shift_right_post:v_SHIFT_BY: i32 -> v: v_Self -> result: v_Self + -> pred: + Type0 + { pred ==> + (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + f_repr result == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (f_repr v) }; f_shift_right:v_SHIFT_BY: i32 -> x0: v_Self -> Prims.Pure v_Self (f_shift_right_pre v_SHIFT_BY x0) (fun result -> f_shift_right_post v_SHIFT_BY x0 result); f_cond_subtract_3329_pre:v: v_Self -> pred: Type0{true ==> pred}; - f_cond_subtract_3329_post:v_Self -> v_Self -> Type0; + f_cond_subtract_3329_post:v: v_Self -> result: v_Self + -> pred: + Type0 + { pred ==> + f_repr result == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr v) }; f_cond_subtract_3329_:x0: v_Self -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:v: v_Self -> pred: Type0{true ==> pred}; + f_barrett_reduce_pre:vector: v_Self -> pred: Type0{true ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); @@ -212,6 +245,10 @@ class t_VectorType (v_Self: Type0) = { let impl (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) : t_VectorType v_T = { _super_14104493667227926613 = FStar.Tactics.Typeclasses.solve } +let v_BARRETT_SHIFT: i32 = 26l + +let v_BARRETT_R: i32 = 1l < Date: Mon, 26 Aug 2024 22:09:39 -0400 Subject: [PATCH 147/348] fixes --- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 44 ++++++++++++----- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 47 +++++++++++++++++-- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 2 - .../Libcrux_ml_kem.Vector.Avx2.fsti | 14 ++++-- .../Libcrux_ml_kem.Vector.Portable.fsti | 6 ++- .../Libcrux_ml_kem.Vector.Traits.fsti | 13 ++++- libcrux-ml-kem/src/vector/avx2.rs | 9 ++-- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 17 +++++++ libcrux-ml-kem/src/vector/portable.rs | 4 ++ libcrux-ml-kem/src/vector/traits.rs | 6 ++- 10 files changed, 130 insertions(+), 32 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index bc1cc89f0..0728445b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -11,22 +11,38 @@ let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = result let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = - Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 v_SHIFT_BY vector + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 v_SHIFT_BY vector + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -65,8 +81,12 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus - conditional_add_field_modulus + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus + conditional_add_field_modulus + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 49d1a0ccb..5d121123a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -17,16 +17,46 @@ val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> x &. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> x *. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == + Spec.Utils.map2 ( -. ) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) /// See Section 3.2 of the implementation notes document for an explanation /// of this code. @@ -34,7 +64,14 @@ val barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) val montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index c14e3ed32..900c4477d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -9,8 +9,6 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements - let from_i16_array (array: t_Slice i16) = let result:t_SIMD256Vector = { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 array } <: t_SIMD256Vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 8ffd3317a..5544f0eea 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -13,7 +13,7 @@ noeq type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 } -val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) +let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements val from_i16_array (array: t_Slice i16) : Prims.Pure t_SIMD256Vector @@ -47,7 +47,7 @@ val zero: Prims.unit (ensures fun result -> let result:t_SIMD256Vector = result in - to_i16_array result == Seq.create 16 0s) + repr result == Seq.create 16 0s) [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = @@ -185,7 +185,11 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); + f_compress_pre + = + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || + v_COEFFICIENT_BITS =. 11l); f_compress_post = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); @@ -202,7 +206,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_decompress_ciphertext_coefficient_pre = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> true); + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || + v_COEFFICIENT_BITS =. 11l); f_decompress_ciphertext_coefficient_post = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 27a1c79ac..65c11e4e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -222,7 +222,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || + v_COEFFICIENT_BITS =. 11l); f_compress_post = (fun @@ -244,7 +245,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (v_COEFFICIENT_BITS: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || + v_COEFFICIENT_BITS =. 11l); f_decompress_ciphertext_coefficient_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index d65b5afcd..bd1772c8c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -103,14 +103,23 @@ class t_Operations (v_Self: Type0) = { f_compress_1_post:v_Self -> v_Self -> Type0; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self -> pred: Type0{true ==> pred}; + f_compress_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self + -> pred: + Type0 + { v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || + v_COEFFICIENT_BITS =. 11l ==> + pred }; f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) (fun result -> f_compress_post v_COEFFICIENT_BITS x0 result); f_decompress_ciphertext_coefficient_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self - -> pred: Type0{true ==> pred}; + -> pred: + Type0 + { v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || + v_COEFFICIENT_BITS =. 11l ==> + pred }; f_decompress_ciphertext_coefficient_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; f_decompress_ciphertext_coefficient:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 9e5b6c067..f6ab97f40 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -10,15 +10,14 @@ mod serialize; #[derive(Clone, Copy)] #[hax_lib::fstar::before(interface,"noeq")] -#[hax_lib::fstar::after(interface,"val repr (x:t_SIMD256Vector) : t_Array i16 (sz 16)")] -#[hax_lib::fstar::after("let repr (x:t_SIMD256Vector) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] +#[hax_lib::fstar::after(interface,"let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] pub struct SIMD256Vector { elements: Vec256, } #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("to_i16_array ${result} == Seq.create 16 0s"))] +#[hax_lib::ensures(|result| fstar!("repr ${result} == Seq.create 16 0s"))] fn zero() -> SIMD256Vector { SIMD256Vector { elements: mm256_setzero_si256(), @@ -131,6 +130,8 @@ impl Operations for SIMD256Vector { } } + #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || + COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn compress(vector: Self) -> Self { Self { elements: compress::compress_ciphertext_coefficient::( @@ -139,6 +140,8 @@ impl Operations for SIMD256Vector { } } + #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || + COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn decompress_ciphertext_coefficient(vector: Self) -> Self { Self { elements: compress::decompress_ciphertext_coefficient::( diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 272d5d387..e080f5553 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -11,21 +11,35 @@ pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == + Spec.Utils.map2 (-.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_sub_epi16(lhs, rhs) } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == + Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { mm256_mullo_epi16(vector, mm256_set1_epi16(constant)) } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == + Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 { mm256_and_si256(vector, mm256_set1_epi16(constant)) } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] +#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> + Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == + Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { mm256_srai_epi16::<{ SHIFT_BY }>(vector) } @@ -36,6 +50,9 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { // } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index ff7374b57..c2a89d51b 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -84,10 +84,14 @@ impl Operations for PortableVector { compress_1(v) } + #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || + COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn compress(v: Self) -> Self { compress::(v) } + #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || + COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn decompress_ciphertext_coefficient(v: Self) -> Self { decompress_ciphertext_coefficient::(v) } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index f3d8db51d..916036964 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -64,9 +64,11 @@ pub trait Operations: Copy + Clone + Repr { // Compression #[requires(true)] fn compress_1(v: Self) -> Self; - #[requires(true)] + #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || + COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn compress(v: Self) -> Self; - #[requires(true)] + #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || + COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn decompress_ciphertext_coefficient(v: Self) -> Self; // NTT From 22a1ced03239d28794aa8f9c32340e861ae5f749 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 05:56:48 -0400 Subject: [PATCH 148/348] cleanup --- libcrux-ml-kem/c/code_gen.txt | 10 +++++----- .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst | 8 +++++--- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 6 +++--- .../extraction/Libcrux_ml_kem.Vector.Avx2.fsti | 14 +++++++------- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/vector/avx2.rs | 14 +++++++------- libcrux-ml-kem/src/vector/neon/vector_type.rs | 1 - 8 files changed, 29 insertions(+), 27 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 9e35e4618..4c0816dbf 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 0576bfc67e99aae86c51930421072688138b672b -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 +Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 +Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 +Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 +Libcrux: 73c17b3a13b5659aa90a324d8d0023587e50ec9f diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 3483966d4..6717aef6e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -261,6 +261,8 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out +#push-options "--admit_smt_queries true" + let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -319,9 +321,9 @@ let deserialize_then_decompress_u in u_as_ntt) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in - let _:Prims.unit = admit () (* Panic freedom *) in - result + u_as_ntt + +#pop-options let deserialize_secret_key (v_K: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index 900c4477d..6377b1311 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -9,14 +9,14 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let from_i16_array (array: t_Slice i16) = +let vec_from_i16_array (array: t_Slice i16) = let result:t_SIMD256Vector = { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 array } <: t_SIMD256Vector in let _:Prims.unit = admit () (* Panic freedom *) in result -let to_i16_array (v: t_SIMD256Vector) = +let vec_to_i16_array (v: t_SIMD256Vector) = let output:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in let output:t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.mm256_storeu_si256_i16 output v.f_elements @@ -25,7 +25,7 @@ let to_i16_array (v: t_SIMD256Vector) = let _:Prims.unit = admit () (* Panic freedom *) in result -let zero (_: Prims.unit) = +let vec_zero (_: Prims.unit) = let result:t_SIMD256Vector = { f_elements = Libcrux_intrinsics.Avx2_extract.mm256_setzero_si256 () } <: t_SIMD256Vector in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 5544f0eea..08c285c87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -15,7 +15,7 @@ type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 } let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements -val from_i16_array (array: t_Slice i16) +val vec_from_i16_array (array: t_Slice i16) : Prims.Pure t_SIMD256Vector Prims.l_True (ensures @@ -23,7 +23,7 @@ val from_i16_array (array: t_Slice i16) let result:t_SIMD256Vector = result in repr result == array) -val to_i16_array (v: t_SIMD256Vector) +val vec_to_i16_array (v: t_SIMD256Vector) : Prims.Pure (t_Array i16 (sz 16)) Prims.l_True (ensures @@ -38,10 +38,10 @@ let impl: Libcrux_ml_kem.Vector.Traits.t_Repr t_SIMD256Vector = _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; f_repr_pre = (fun (x: t_SIMD256Vector) -> true); f_repr_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> true); - f_repr = fun (x: t_SIMD256Vector) -> to_i16_array x + f_repr = fun (x: t_SIMD256Vector) -> vec_to_i16_array x } -val zero: Prims.unit +val vec_zero: Prims.unit -> Prims.Pure t_SIMD256Vector Prims.l_True (ensures @@ -59,19 +59,19 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ZERO_post = (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); - f_ZERO = (fun (_: Prims.unit) -> zero ()); + f_ZERO = (fun (_: Prims.unit) -> vec_zero ()); f_from_i16_array_pre = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array); - f_from_i16_array = (fun (array: t_Slice i16) -> from_i16_array array); + f_from_i16_array = (fun (array: t_Slice i16) -> vec_from_i16_array array); f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true); f_to_i16_array_post = (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); - f_to_i16_array = (fun (x: t_SIMD256Vector) -> to_i16_array x); + f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x); f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); f_add_post = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 82aca3f95..27436ce01 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -14,6 +14,7 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fsti \ Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index de449eea6..7770fe04f 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -529,7 +529,7 @@ pub(crate) fn encrypt< /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index f6ab97f40..f45dac222 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -18,7 +18,7 @@ pub struct SIMD256Vector { #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("repr ${result} == Seq.create 16 0s"))] -fn zero() -> SIMD256Vector { +fn vec_zero() -> SIMD256Vector { SIMD256Vector { elements: mm256_setzero_si256(), } @@ -28,7 +28,7 @@ fn zero() -> SIMD256Vector { #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result} == repr ${v}"))] -fn to_i16_array(v: SIMD256Vector) -> [i16; 16] { +fn vec_to_i16_array(v: SIMD256Vector) -> [i16; 16] { let mut output = [0i16; 16]; mm256_storeu_si256_i16(&mut output, v.elements); @@ -38,7 +38,7 @@ fn to_i16_array(v: SIMD256Vector) -> [i16; 16] { #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("repr ${result} == ${array}"))] -fn from_i16_array(array: &[i16]) -> SIMD256Vector { +fn vec_from_i16_array(array: &[i16]) -> SIMD256Vector { SIMD256Vector { elements: mm256_loadu_si256_i16(array), } @@ -46,7 +46,7 @@ fn from_i16_array(array: &[i16]) -> SIMD256Vector { impl Repr for SIMD256Vector { fn repr(x: Self) -> [i16; 16] { - to_i16_array(x) + vec_to_i16_array(x) } } @@ -54,18 +54,18 @@ impl Repr for SIMD256Vector { impl Operations for SIMD256Vector { #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { - zero() + vec_zero() } #[requires(array.len() == 16)] #[ensures(|result| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { - from_i16_array(array) + vec_from_i16_array(array) } #[ensures(|result| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { - to_i16_array(x) + vec_to_i16_array(x) } #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] diff --git a/libcrux-ml-kem/src/vector/neon/vector_type.rs b/libcrux-ml-kem/src/vector/neon/vector_type.rs index 434f82756..d711e7d6e 100644 --- a/libcrux-ml-kem/src/vector/neon/vector_type.rs +++ b/libcrux-ml-kem/src/vector/neon/vector_type.rs @@ -21,7 +21,6 @@ pub(crate) fn to_i16_array(v: SIMD128Vector) -> [i16; 16] { #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("repr ${result} == $array"))] pub(crate) fn from_i16_array(array: &[i16]) -> SIMD128Vector { - let _dummy = to_i16_array(ZERO()); // This is because hax unnecessarily reorders this SIMD128Vector { low: _vld1q_s16(&array[0..8]), high: _vld1q_s16(&array[8..16]), From b702c3f544a550ea5f436877e2bc10c834335db9 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 06:17:11 -0400 Subject: [PATCH 149/348] verification is back --- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 253 +- .../c/internal/libcrux_mlkem_neon.h | 40 +- .../c/internal/libcrux_mlkem_portable.h | 52 +- .../c/internal/libcrux_sha3_internal.h | 78 +- libcrux-ml-kem/c/libcrux_core.c | 429 +- libcrux-ml-kem/c/libcrux_core.h | 126 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 146 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 144 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 140 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8849 +---------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 540 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8808 +++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 581 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 5735 +++++------ libcrux-ml-kem/c/libcrux_mlkem_portable.h | 272 +- libcrux-ml-kem/c/libcrux_sha3.h | 93 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2469 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 70 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 1311 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3569 ++++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 60 +- libcrux-ml-kem/cg/code_gen.txt | 10 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 14 +- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 61 +- ...ibcrux_ml_kem.Vector.Neon.Vector_type.fsti | 16 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/vector/avx2/ntt.rs | 6 - 41 files changed, 16970 insertions(+), 17289 deletions(-) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..7fee796ff 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t, _) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t, _ret_t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t) \ +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ ERROR "should've been desugared" -#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,26 +90,25 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ - sz, a1, a2, t, _, _ret_t) \ - Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ + Eurydice_array_eq -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index dcf6d1fea..c06489844 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __internal_libcrux_core_H @@ -23,8 +23,6 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -73,10 +71,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_201( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_cf1( + uint8_t value[800U]); /** This function found in impl @@ -85,12 +83,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_981( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_d51( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -99,10 +97,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_781( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e51( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -111,10 +109,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_251( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_481( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -122,10 +120,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_501( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_9c1( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -134,21 +132,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c01( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_411( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]); /** This function found in impl {(core::convert::From<@Array> for @@ -157,10 +152,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_200( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_cf0( + uint8_t value[1568U]); /** This function found in impl @@ -169,12 +164,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_980( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_d50( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -183,10 +178,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_780( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e50( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -195,10 +190,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_250( - uint8_t value[1088U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_480( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -206,10 +201,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_500( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_9c0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -218,21 +213,18 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c00( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_410( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -241,10 +233,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_20( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_cf( + uint8_t value[1184U]); /** This function found in impl @@ -253,12 +245,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_98( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_d5( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -267,10 +259,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_78( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e5( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -279,10 +271,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_25( - uint8_t value[768U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_48( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -290,20 +282,17 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_50( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_9c( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -329,15 +318,12 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -347,101 +333,36 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c0( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_41( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; /** A monomorphic instance of core.result.Result @@ -466,10 +387,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 8aaaa97ef..acd737e8c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -31,7 +31,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key); /** A monomorphic instance of @@ -47,7 +47,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51( uint8_t randomness[64U]); /** @@ -83,7 +83,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); @@ -106,7 +106,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_711( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -131,7 +131,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -157,7 +157,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_5b1( +void libcrux_ml_kem_ind_cca_decapsulate_281( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -169,7 +169,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key); /** A monomorphic instance of @@ -185,7 +185,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50( uint8_t randomness[64U]); /** @@ -221,7 +221,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); @@ -244,7 +244,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_710( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -295,7 +295,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_5b0( +void libcrux_ml_kem_ind_cca_decapsulate_280( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -307,7 +307,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key); /** A monomorphic instance of @@ -323,7 +323,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5( uint8_t randomness[64U]); /** @@ -359,7 +359,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); @@ -382,7 +382,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_71( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -407,7 +407,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -433,7 +433,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_5b( +void libcrux_ml_kem_ind_cca_decapsulate_28( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 248e23c1f..f9ac7cde9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b91(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_ad1(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_bb1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_4a1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_331( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9f1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_831( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_111( +void libcrux_ml_kem_ind_cca_decapsulate_0b1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b90(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_ad0(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_bb0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_4a0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_330( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9f0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_830( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_110( +void libcrux_ml_kem_ind_cca_decapsulate_0b0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b9(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_ad(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_4a(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_33( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_83( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_11( +void libcrux_ml_kem_ind_cca_decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c199689dd..2733c1990 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,22 +24,16 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_25(s, buf); } /** @@ -50,7 +44,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -58,35 +52,29 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); } #define libcrux_sha3_Sha224 0 @@ -96,9 +84,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -149,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,77 +142,62 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index ea724a772..1e5a8e86f 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "internal/libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -28,17 +25,14 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } @@ -49,10 +43,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -60,10 +50,11 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & - (uint32_t)~mask); + out[i0] = + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -94,15 +85,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_201( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_cf1( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -113,14 +103,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_981( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_d51( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -130,15 +119,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_781( - uint8_t value[3168U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[3168U]; - memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e51( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -149,15 +137,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_251( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_481( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -167,10 +154,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_501( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_9c1( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -181,30 +168,30 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c01( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_411( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -214,15 +201,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_200( - uint8_t value[1184U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_cf0( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -233,14 +219,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_980( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_d50( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -250,15 +236,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_780( - uint8_t value[2400U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e50( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -269,15 +254,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_250( - uint8_t value[1088U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_480( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -287,10 +271,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_500( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_9c0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -301,30 +285,30 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c00( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_410( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -334,15 +318,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_20( - uint8_t value[800U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_cf( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -353,13 +336,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_98( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_d5( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -369,15 +353,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_78( - uint8_t value[1632U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e5( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -388,15 +371,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_25( - uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_48( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -406,29 +388,28 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_50( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_9c( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -452,22 +433,21 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -478,111 +458,50 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_c0( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_41( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 604cb3264..52af01b81 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_core_H @@ -49,6 +49,64 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -145,64 +203,6 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 118f8fef9..48a568eef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index f6efd0915..be3c93087 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_mlkem1024_neon.h" @@ -35,18 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_b0( +static void decapsulate_69( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_28(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b0(private_key, ciphertext, ret); + decapsulate_69(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_54( +static void decapsulate_unpacked_92( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a3(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_54(private_key, ciphertext, ret); + decapsulate_unpacked_92(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_24( +static tuple_21 encapsulate_5b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_71(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_24(uu____0, uu____1); + return encapsulate_5b(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ed( +static tuple_21 encapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ed(uu____0, uu____1); + return encapsulate_unpacked_c2(uu____0, uu____1); } /** @@ -170,7 +170,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_62( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_36( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -181,7 +181,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_62(uu____0); + return generate_keypair_36(uu____0); } /** @@ -197,10 +197,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -generate_keypair_unpacked_bc(uint8_t randomness[64U]) { +generate_keypair_unpacked_6c(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_20(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c @@ -208,7 +208,7 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_bc(uu____0); + return generate_keypair_unpacked_6c(uu____0); } /** @@ -219,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_ef(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); +static bool validate_public_key_15(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_8c(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_ef(public_key.value)) { + if (validate_public_key_15(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 038fa0d89..348e25057 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 72dca205e..29ddb070b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_mlkem1024_portable.h" @@ -35,30 +35,20 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_2a( +static void decapsulate_6b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_111(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_0b1(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_2a(private_key, ciphertext, ret); + decapsulate_6b(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -80,26 +70,19 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_64( +static void decapsulate_unpacked_14( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_64(private_key, ciphertext, ret); + decapsulate_unpacked_14(private_key, ciphertext, ret); } /** @@ -119,36 +102,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_4f( +static tuple_21 encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9f1(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_831(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4f(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_13(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -167,37 +138,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_26( +static tuple_21 encapsulate_unpacked_f8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_331( - uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1(uu____0, + uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_26(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_f8(uu____0, uu____1); } /** @@ -212,28 +171,20 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_59( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e7( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_bb1(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_4a1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_59(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_e7(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -247,24 +198,18 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_76(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( - copy_of_randomness); +generate_keypair_unpacked_88(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_76(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_88(uu____0); } /** @@ -275,19 +220,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_341(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b91(public_key); +static bool validate_public_key_a21(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_ad1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_341(public_key.value)) { + if (validate_public_key_a21(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 36abb28b4..1d208c01a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 9f2736b94..f4088ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index d55b146b4..fd3604caa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_mlkem512_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_29(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d0(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5b1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_281(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_29(private_key, ciphertext, ret); + decapsulate_d0(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_50( +static void decapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a31(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_50(private_key, ciphertext, ret); + decapsulate_unpacked_25(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_7d( +static tuple_ec encapsulate_c8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_711(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d(uu____0, uu____1); + return encapsulate_c8(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_f2( +static tuple_ec encapsulate_unpacked_92( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad1(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f2(uu____0, uu____1); + return encapsulate_unpacked_92(uu____0, uu____1); } /** @@ -166,7 +166,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_da( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c3( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -177,7 +177,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_da(uu____0); + return generate_keypair_c3(uu____0); } /** @@ -193,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -generate_keypair_unpacked_c3(uint8_t randomness[64U]) { +generate_keypair_unpacked_96(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_201(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c3(uu____0); + return generate_keypair_unpacked_96(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_ef1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); +static bool validate_public_key_151(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_8c1(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_ef1(public_key.value)) { + if (validate_public_key_151(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 2aaedd672..fcd8f9311 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index b670c5fd0..06b687a9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_mlkem512_portable.h" @@ -35,28 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f5(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f9(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_110(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_0b0(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f5(private_key, ciphertext, ret); + decapsulate_f9(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -78,24 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4b( +static void decapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4b(private_key, ciphertext, ret); + decapsulate_unpacked_f2(private_key, ciphertext, ret); } /** @@ -115,36 +98,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_31( +static tuple_ec encapsulate_33( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9f0(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_830(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_31(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_33(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -163,35 +134,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_f8( +static tuple_ec encapsulate_unpacked_7b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_330( - uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0(uu____0, + uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f8(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_7b(uu____0, uu____1); } /** @@ -206,28 +167,20 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f7( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_71( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_bb0(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_4a0(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f7(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_71(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -241,24 +194,18 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_88(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( - copy_of_randomness); +generate_keypair_unpacked_aa(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_88(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_aa(uu____0); } /** @@ -269,19 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_340(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b90(public_key); +static bool validate_public_key_a20(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_ad0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_340(public_key.value)) { + if (validate_public_key_a20(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 2c71c29a5..b847772f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9fccf0150..38e59c74a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 1881c272a..b867971df 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_mlkem768_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_e4( +static void decapsulate_ea( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_280(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e4(private_key, ciphertext, ret); + decapsulate_ea(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_27( +static void decapsulate_unpacked_7d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a30(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_27(private_key, ciphertext, ret); + decapsulate_unpacked_7d(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_f5( +static tuple_3c encapsulate_5a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_710(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f5(uu____0, uu____1); + return encapsulate_5a(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_cd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_ad0(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, uu____1); + return encapsulate_unpacked_cd(uu____0, uu____1); } /** @@ -166,7 +166,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c4( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_f3( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); @@ -177,7 +177,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c4(uu____0); + return generate_keypair_f3(uu____0); } /** @@ -193,10 +193,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -generate_keypair_unpacked_1e(uint8_t randomness[64U]) { +generate_keypair_unpacked_5f(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_200(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_1e(uu____0); + return generate_keypair_unpacked_5f(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_ef0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); +static bool validate_public_key_150(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_8c0(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_ef0(public_key.value)) { + if (validate_public_key_150(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 1eb060b82..e2f5a0bce 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -7,8 +7,8 @@ * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: c3d49544236797e54bfa10f65e4c2b17b543fd30 - * Libcrux: 60b28afb7bf09eeff64f7bd63b12a821496645f2 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 8daca064a..38a63cb24 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_mlkem768_portable.h" @@ -38,25 +38,15 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics static void decapsulate_b5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_11(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_0b(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_b5(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -78,24 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_70( +static void decapsulate_unpacked_7f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_70(private_key, ciphertext, ret); + decapsulate_unpacked_7f(private_key, ciphertext, ret); } /** @@ -115,36 +98,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_73( +static tuple_3c encapsulate_df( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9f(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_83(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_73(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_df(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -163,35 +134,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_82( +static tuple_3c encapsulate_unpacked_66( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_33( - uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d(uu____0, + uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_82(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_66(uu____0, uu____1); } /** @@ -206,28 +167,20 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ca( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_41( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_bb(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_4a(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ca(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_41(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -241,24 +194,18 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_d9(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( - copy_of_randomness); +generate_keypair_unpacked_4e(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_4e(uu____0); } /** @@ -269,19 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_34(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b9(public_key); +static bool validate_public_key_a2(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_ad(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_34(public_key.value)) { + if (validate_public_key_a2(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2f8c55a17..fe831192b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 27d90f7de..780167980 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,24 +4,21 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_mlkem_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8833 +26,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), - Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), - lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, - uint8_t), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), - Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, - uint8_t), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), - Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_b4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd4( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b4(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_f8(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -static core_core_arch_x86___m256i shift_right_ea_5e( - core_core_arch_x86___m256i vector) { - return shift_right_f8(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static core_core_arch_x86___m256i to_unsigned_representative_d4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_5e(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d4(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_a81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_d7(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); - } - uint8_t result[1152U]; - memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_371( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_a81(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); - uint8_t result[1184U]; - memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_001(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_bd4( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_371( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_6b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_1b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( - int16_t s[272U]) { - return from_i16_array_20_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_b01( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a21( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); -} - -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_25(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_20_10( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_92(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_20_10( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_920(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_25(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_64( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i montgomery_multiply_fe_55( - core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_55(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_88( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_45( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_10( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_83( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_20_94( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_64(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_45(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_83(&zeta_i, re); - poly_barrett_reduce_20_94(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_701( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 result; - memcpy( - result.fst, copy_of_re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_41(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_20_871( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i to_standard_domain_f0( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_20_a5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain_f0(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_bb1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_d5();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_871(&result0[i1], &product); - } - add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_751( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_701(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_bb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_ce1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_d5();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_47( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_061( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_751(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_ce1(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_47(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_371( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_541( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_751(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_371( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_a81(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_171( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3f1(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_541(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_171( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_780(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_980( - uu____2, libcrux_ml_kem_types_from_07_200(copy_of_public_key)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_991(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; - memcpy( - copy_of_error_1, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 result; - memcpy( - result.fst, copy_of_error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - result.snd = domain_separator; - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_62( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_8e( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_75(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_55(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f8( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_75( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_8e1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_62(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_8e(&zeta_i, re); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_94(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_20_44( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_7b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_d5();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(a_element, &r_as_ntt[j]); - add_to_ring_element_20_871(&result0[i1], &product); - } - invert_ntt_montgomery_8e1(&result0[i1]); - add_error_reduce_20_44(&result0[i1], &error_1[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static core_core_arch_x86___m256i decompress_1_0c( - core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_bb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, - uint8_t)); - re.coefficients[i0] = decompress_1_0c(coefficient_compressed);); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_d5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_321( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_871(&result, &product);); - invert_ntt_montgomery_8e1(&result); - result = add_message_error_reduce_20_d5(error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bc(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i compress_ea_2e( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bc(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_fd( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_2e(to_unsigned_representative_d4(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bc0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i compress_ea_2e0( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bc0(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_fd(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_7a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_71(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bc1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i compress_ea_2e1( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bc1(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_f8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_2e1(to_unsigned_representative_d4(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - Eurydice_slice_copy( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bc2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i compress_ea_2e2( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bc2(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_11( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_ea_2e2(to_unsigned_representative_d4(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - Eurydice_slice_copy( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_07( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_f8(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_5a1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_991(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7b1(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_bb(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_321(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_7a1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_07( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_981( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_5a1(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_021(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd3( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b4(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_de1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_bd3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - encrypt_unpacked_5a1(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_401(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_231( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_021( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_de1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_401(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_de(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d9( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_de(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_6c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - LowStar_Ignore_ignore( - Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i), - size_t, void *); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d9(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_de0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d90( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_de0(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_25(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d90(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_4c(Eurydice_slice serialized) { - return deserialize_then_decompress_10_6c(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_45(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_83(&zeta_i, re); - poly_barrett_reduce_20_94(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_331( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), - uint8_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_4c(u_bytes); - ntt_vector_u_21(&u_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_de1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d91( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_de1(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d91(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_de2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_d92( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_de2(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_08(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d92(re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5e(Eurydice_slice serialized) { - return deserialize_then_decompress_4_f5(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_90(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c11( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_871(&result, &product);); - invert_ntt_montgomery_8e1(&result); - result = subtract_reduce_20_90(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d4(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), - uint8_t);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_991( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_331(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5e( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c11(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_5d(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f41( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_991(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_5a1(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_7d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_6b1( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_7d(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_a61(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_6b1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_991(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_4c1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_a61(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_de1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_401(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_401(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd2( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b4(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_a80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_d7(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); - } - uint8_t result[1536U]; - memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_370( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_a80(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); - uint8_t result[1568U]; - memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_000(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_bd2( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_370( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_6b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_1b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( - int16_t s[272U]) { - return from_i16_array_20_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_b00( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a20( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U][4U]; - memcpy(result, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ret, result, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_700( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 result; - memcpy( - result.fst, copy_of_re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_20_870( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_bb0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_d5();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_870(&result0[i1], &product); - } - add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_750( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_700(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_bb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_ce0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_060( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_54 uu____0 = generate_keypair_unpacked_750(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_ce0(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_47(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_370( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_540( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_750(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_370( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_a80(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_170( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3f0(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_540(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_170( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_781(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_981( - uu____2, libcrux_ml_kem_types_from_07_201(copy_of_public_key)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_990(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; - memcpy( - copy_of_error_1, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 result; - memcpy( - result.fst, copy_of_error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_8e0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_62(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_8e(&zeta_i, re); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_94(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_7b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_d5();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(a_element, &r_as_ntt[j]); - add_to_ring_element_20_870(&result0[i1], &product); - } - invert_ntt_montgomery_8e0(&result0[i1]); - add_error_reduce_20_44(&result0[i1], &error_1[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_320( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_870(&result, &product);); - invert_ntt_montgomery_8e0(&result); - result = add_message_error_reduce_20_d5(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_e60( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_2e0(to_unsigned_representative_d4(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_710( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_e60(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_7a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_710(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_070( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_11(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_5a0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_990(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7b0(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_bb(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_320(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_7a0( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_070( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_980( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_5a0(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_020(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b4(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_de0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_bd1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1568U]; - encrypt_unpacked_5a0(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_400(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_230( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_020( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_de0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_400(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_4c0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_25(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_210( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_45(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_83(&zeta_i, re); - poly_barrett_reduce_20_94(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_330( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), - uint8_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_4c0(u_bytes); - ntt_vector_u_210(&u_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5e0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_08(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c10( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_870(&result, &product);); - invert_ntt_montgomery_8e0(&result); - result = subtract_reduce_20_90(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_990( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_330(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5e0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c10(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_5d(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f40( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_990(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_5a0(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_6b0( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_7d(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_a60(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_6b0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_990(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_4c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_a60(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_de0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_400(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_400(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b4(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_a8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_d7(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); - } - uint8_t result[768U]; - memcpy(result, out, (size_t)768U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_37( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_a8(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); - uint8_t result[800U]; - memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_bd0( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_37( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_6b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_1b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( - int16_t s[272U]) { - return from_i16_array_20_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_b0( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_5a(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U][2U]; - memcpy(result, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ret, result, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - uint8_t out3[192U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_92(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_92(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_70( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_92( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 result; - memcpy( - result.fst, copy_of_re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_20_87( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_bb( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_d5();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_87(&result0[i1], &product); - } - add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c generate_keypair_unpacked_75( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_70(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_bb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_ce( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_06( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c uu____0 = generate_keypair_unpacked_75(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_ce(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_47(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_37( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_54( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_75(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_37( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_a8(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_17( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); - uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - Eurydice_slice_copy( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_3f( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_54(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_17( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_98( - uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_99(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; - memcpy( - copy_of_error_1, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 result; - memcpy( - result.fst, copy_of_error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_8e( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_62(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_8e(&zeta_i, re); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_94(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_7b( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_d5();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(a_element, &r_as_ntt[j]); - add_to_ring_element_20_87(&result0[i1], &product); - } - invert_ntt_montgomery_8e(&result0[i1]); - add_error_reduce_20_44(&result0[i1], &error_1[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_32( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_87(&result, &product);); - invert_ntt_montgomery_8e(&result); - result = add_message_error_reduce_20_d5(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_7a( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_71(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_5a( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_99(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_920( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7b(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_bb(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_32(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_7a( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_07( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_5a(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_02(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bd( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b4(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_de(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_bd( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[768U]; - encrypt_unpacked_5a(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_40(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_23( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_02( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_de(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_40(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_33( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), - uint8_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_4c(u_bytes); - ntt_vector_u_21(&u_as_ntt[i0]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_87(&result, &product);); - invert_ntt_montgomery_8e(&result); - result = subtract_reduce_20_90(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_99( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_33(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5e( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_5d(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f4( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_99(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_5a(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_6b( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_d5();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_7d(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_a6(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_6b(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_99(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_4c( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_a6(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_de(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_40(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_40(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 819e1806f..921961814 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,9 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -30,534 +28,6 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); - -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); - -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index b316ed4b3..de345f3eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,20 +4,24 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ -#include "libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -25,6 +29,8794 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + core_core_arch_arm_shared_neon_uint16x8_t m0 = + libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + core_core_arch_arm_shared_neon_uint16x8_t m1 = + libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + core_core_arch_arm_shared_neon_int16x8_t c0 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + core_core_arch_arm_shared_neon_int16x8_t c1 = + libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v) { + core_core_arch_arm_shared_neon_int16x8_t adder = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + core_core_arch_arm_shared_neon_int16x8_t vec = + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + core_core_arch_arm_shared_neon_int16x8_t vec0 = + libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + core_core_arch_arm_shared_neon_int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t sub = + libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high) { + core_core_arch_arm_shared_neon_int16x8_t k = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_arm_shared_neon_int16x8_t c = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t half = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + core_core_arch_arm_shared_neon_int16x8_t quarter = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + core_core_arch_arm_shared_neon_int16x8_t shifted = + libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + core_core_arch_arm_shared_neon_int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + core_core_arch_arm_shared_neon_uint16x8_t)); + core_core_arch_arm_shared_neon_int16x8_t shifted0 = + libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); + core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + core_core_arch_arm_shared_neon_uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c) { + core_core_arch_arm_shared_neon_int16x8_t v_low = + libcrux_intrinsics_arm64__vmulq_s16(v, c); + core_core_arch_arm_shared_neon_int16x8_t v_high = + libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), + core_core_arch_arm_shared_neon_int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t dup_a = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t dup_b = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + core_core_arch_arm_shared_neon_int16x8_t a = + libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + core_core_arch_arm_shared_neon_int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + core_core_arch_arm_shared_neon_int16x8_t zeta0 = + libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + core_core_arch_arm_shared_neon_int16x8_t b_minus_a = + libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + core_core_arch_arm_shared_neon_int16x8_t zeta = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t a0 = + libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1 = + libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + core_core_arch_arm_shared_neon_int16x8_t b0 = + libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t b1 = + libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + core_core_arch_arm_shared_neon_int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + core_core_arch_arm_shared_neon_int32x4_t a1b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + core_core_arch_arm_shared_neon_int32x4_t a1b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + core_core_arch_arm_shared_neon_int16x8_t fst_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t fst_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_low = + libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + core_core_arch_arm_shared_neon_int32x4_t a0b1_high = + libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + core_core_arch_arm_shared_neon_int16x8_t snd_low = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + core_core_arch_arm_shared_neon_int16x8_t snd_high = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + core_core_arch_arm_shared_neon_int16x8_t fst_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + core_core_arch_arm_shared_neon_int16x8_t snd_low16 = + libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + core_core_arch_arm_shared_neon_int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + core_core_arch_arm_shared_neon_int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + core_core_arch_arm_shared_neon_int32x4_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int32x4_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + core_core_arch_arm_shared_neon_int16x8_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + core_core_arch_arm_shared_neon_int16x8_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + core_core_arch_arm_shared_neon_uint8x16_t index = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + core_core_arch_arm_shared_neon_int16x8_t high2 = + libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + core_core_arch_arm_shared_neon_int16x8_t one = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + core_core_arch_arm_shared_neon_int16x8_t low0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_arm_shared_neon_int16x8_t high0 = + libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + core_core_arch_arm_shared_neon_int16x8_t shift = + libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( + (size_t)8U, shifter, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t lowt = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + core_core_arch_arm_shared_neon_uint16x8_t hight = + libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)10, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + core_core_arch_arm_shared_neon_int32x4_t low00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t low10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + core_core_arch_arm_shared_neon_int32x4_t mixt = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t low0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + core_core_arch_arm_shared_neon_int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); + core_core_arch_arm_shared_neon_int32x4_t high00 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t high10 = + libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + core_core_arch_arm_shared_neon_int32x4_t mixt0 = + libcrux_intrinsics_arm64__vsliq_n_s32( + (int32_t)12, high00, high10, + core_core_arch_arm_shared_neon_int32x4_t); + core_core_arch_arm_shared_neon_int64x2_t high0 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high1 = + libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + core_core_arch_arm_shared_neon_int64x2_t high_mix = + libcrux_intrinsics_arm64__vsliq_n_s64( + (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + core_core_arch_arm_shared_neon_uint8x16_t index_vec = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + core_core_arch_arm_shared_neon_int16x8_t shift_vec = + libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t mask12 = + libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = + libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( + (size_t)16U, input1, uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint16x8_t moved0 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted0 = + libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + core_core_arch_arm_shared_neon_uint16x8_t moved1 = + libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + core_core_arch_arm_shared_neon_uint16x8_t shifted1 = + libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_20_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_reduced_ring_element_f8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_384( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_f8(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right_5f(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); + v.high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_38( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right_5f(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative_88( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_38(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_25( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_88(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_dc1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_25(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_691( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_dc1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + uint8_t result[800U]; + memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + deserialize_ring_elements_reduced_384( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_691( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] + +*/ +typedef struct tuple_4c0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; +} tuple_4c0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static void closure_de1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_20_06();); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; +} Simd128Hash; + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( + Simd128Hash *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( + Simd128Hash *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_b71(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( + Simd128Hash *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( + Simd128Hash *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_7d1(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +from_i16_array_20_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( + int16_t s[272U]) { + return from_i16_array_20_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_c01( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e63( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_48_ad1(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e64( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_d51(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_481( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_de1(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; + sample_from_xof_c01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U][2U]; + memcpy(result, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ret, result, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_891(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2_68(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_20_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_20_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_e90(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_a6(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe_4d( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +ntt_layer_int_vec_step_c5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe_4d(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c8( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + ntt_layer_int_vec_step_c5( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_2e( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_81( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_5f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_20_47( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + ntt_at_layer_7_b2(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_2e(&zeta_i, re); + ntt_at_layer_2_81(&zeta_i, re); + ntt_at_layer_1_5f(&zeta_i, re); + poly_barrett_reduce_20_47(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_c01( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_20_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_48_a91(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_e90(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_24(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 result; + memcpy( + result.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +ntt_multiply_20_ee(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_20_fe1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain_90(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_20_6b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = to_standard_domain_90(self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_4c1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result0[i] = ZERO_20_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fe1(&result0[i1], &product); + } + add_standard_error_reduce_20_6b(&result0[i1], &error_as_ntt[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c0 generate_keypair_unpacked_b71( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_771(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_481(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_c01(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_c01(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + compute_As_plus_e_4c1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_851( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_20_06();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_3a_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_b71(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_851(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_3a_55(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_691( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bd1( + Eurydice_slice key_generation_seed) { + tuple_4c0 uu____0 = generate_keypair_unpacked_b71(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_691(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_dc1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 result; + memcpy(result.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(result.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_7f1( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_851(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_bd1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_7f1( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_e7_e51(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_d51( + uu____2, libcrux_ml_kem_types_from_07_cf1(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_892(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_e9(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_68(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_831(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_20_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_48_a92(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 result; + memcpy( + result.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + result.snd = domain_separator; + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_30( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_56( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_ce( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +inv_ntt_layer_int_vec_step_reduce_98( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = montgomery_multiply_fe_4d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_10( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_98( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_9e1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_30(&zeta_i, re); + invert_ntt_at_layer_2_56(&zeta_i, re); + invert_ntt_at_layer_3_ce(&zeta_i, re); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_47(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_20_3c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_b11( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result0[i] = ZERO_20_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fe1(&result0[i1], &product); + } + invert_ntt_montgomery_9e1(&result0[i1]); + add_error_reduce_20_3c(&result0[i1], &error_1[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_22( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_message_3c(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1_22(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +add_message_error_reduce_20_14( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_cc1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fe1(&result, &product);); + invert_ntt_montgomery_9e1(&result); + result = add_message_error_reduce_20_14(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_8a(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_11(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_8a(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_8a(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_8a(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_8a(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a8( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_11(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_c40( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_a8(to_unsigned_representative_88(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_8a0(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_110(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_8a0(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_8a0(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_8a0(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_8a0(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a80( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_110(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_c20( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_c40(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d11( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_c20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_8a1(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_111(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_8a1(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_8a1(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_8a1(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_8a1(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a81( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_111(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_65( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), + size_t, void *); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_a81(to_unsigned_representative_88(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +compress_int32x4_t_8a2(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t half = + libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + core_core_arch_arm_shared_neon_uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32( + (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + core_core_arch_arm_shared_neon_uint32x4_t compressed1 = + libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_112(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_int16x8_t mask = + libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + compress_int32x4_t_8a2(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + compress_int32x4_t_8a2(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + compress_int32x4_t_8a2(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + compress_int32x4_t_8a2(high10); + core_core_arch_arm_shared_neon_int16x8_t low = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + core_core_arch_arm_shared_neon_int16x8_t high = + libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a82( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_112(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_8b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), + size_t, void *); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress_20_a82(to_unsigned_representative_88(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_760( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_4_65(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_9b1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_c01(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_831(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; + compute_vector_u_b11(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_3c(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_cc1(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d11( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_760( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_9b1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_15_481(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_d01(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_383( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_f8(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_0a1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + deserialize_ring_elements_reduced_383( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_481(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[768U]; + encrypt_unpacked_9b1(uu____3, uu____4, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_331(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_711( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_d01( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_851(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_0a1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_15_481(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_331(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_48(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_15( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_48(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_48(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_48(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_48(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_06( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_15(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_10_05(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + LowStar_Ignore_ignore( + core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, re.coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t), + size_t, void *); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_06(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_480(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_150( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_480(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_480(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_480(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_480(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_060( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_150(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_11_c8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_060(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_510(Eurydice_slice serialized) { + return deserialize_then_decompress_10_05(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_2e(&zeta_i, re); + ntt_at_layer_2_81(&zeta_i, re); + ntt_at_layer_1_5f(&zeta_i, re); + poly_barrett_reduce_20_47(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b91( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_510(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_de0(&u_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + memcpy( + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_481(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_151( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_481(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_481(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_481(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_481(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_061( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_151(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_4_eb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_061(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t +decompress_uint32x4_t_482(core_core_arch_arm_shared_neon_uint32x4_t v) { + core_core_arch_arm_shared_neon_uint32x4_t coeff = + libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + core_core_arch_arm_shared_neon_uint32x4_t decompressed = + libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_152( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + core_core_arch_arm_shared_neon_uint32x4_t mask16 = + libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + core_core_arch_arm_shared_neon_uint32x4_t low00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + core_core_arch_arm_shared_neon_uint32x4_t low10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t high00 = + libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + core_core_arch_arm_shared_neon_uint32x4_t high10 = + libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + core_core_arch_arm_shared_neon_uint32x4_t); + core_core_arch_arm_shared_neon_uint32x4_t low0 = + decompress_uint32x4_t_482(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = + decompress_uint32x4_t_482(low10); + core_core_arch_arm_shared_neon_uint32x4_t high0 = + decompress_uint32x4_t_482(high00); + core_core_arch_arm_shared_neon_uint32x4_t high1 = + decompress_uint32x4_t_482(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_062( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_152(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_5_77(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + re.coefficients[i0] = uu____0; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient_20_062(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_000(Eurydice_slice serialized) { + return deserialize_then_decompress_4_eb(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +subtract_reduce_20_b6(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_591( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fe1(&result, &product);); + invert_ntt_montgomery_9e1(&result); + result = subtract_reduce_20_b6(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_88(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + deserialize_then_decompress_u_b91(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_000( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_591(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_71(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_881(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_9b1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_uncompressed_ring_element_fc(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_0a1( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_fc(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + memcpy( + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_0b1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + deserialize_secret_key_0a1(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t result[32U]; + decrypt_unpacked_881(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_281( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_0b1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_0a1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_331( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_331(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_382( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_f8(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_dc0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_25(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_690( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_dc0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + uint8_t result[1184U]; + memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + deserialize_ring_elements_reduced_382( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_690( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static void closure_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_20_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( + Simd128Hash *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( + Simd128Hash *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_b70(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( + Simd128Hash *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( + Simd128Hash *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_7d0(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( + int16_t s[272U]) { + return from_i16_array_20_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_c00( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e61( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_48_ad0(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e62( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_d50(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_480( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_de0(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + sample_from_xof_c00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U][3U]; + memcpy(result, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ret, result, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_890(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_c00( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_20_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_24(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 result; + memcpy( + result.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_20_fe0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_4c0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result0[i] = ZERO_20_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fe0(&result0[i1], &product); + } + add_standard_error_reduce_20_6b(&result0[i1], &error_as_ntt[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_b70( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_770(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_480(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_c00(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_c00(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + compute_As_plus_e_4c0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_850( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_20_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_b70(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_850(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_3a_55(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_690( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bd0( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_b70(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_690(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_dc0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(result.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_7f0( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_850(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_bd0(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_7f0( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_e5(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_d5( + uu____2, libcrux_ml_kem_types_from_07_cf(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_830(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_20_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 result; + memcpy( + result.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_9e0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_30(&zeta_i, re); + invert_ntt_at_layer_2_56(&zeta_i, re); + invert_ntt_at_layer_3_ce(&zeta_i, re); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_47(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_b10( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result0[i] = ZERO_20_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fe0(&result0[i1], &product); + } + invert_ntt_montgomery_9e0(&result0[i1]); + add_error_reduce_20_3c(&result0[i1], &error_1[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_cc0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fe0(&result, &product);); + invert_ntt_montgomery_9e0(&result); + result = add_message_error_reduce_20_14(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_c20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_9b0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_c00(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_830(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + compute_vector_u_b10(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_3c(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_cc0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d10( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_760( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_9b0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_48(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_d00(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_381( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_f8(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_0a0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + deserialize_ring_elements_reduced_381( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_480(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1088U]; + encrypt_unpacked_9b0(uu____3, uu____4, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_330(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_710( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_d00( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_850(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_0a0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_48(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_330(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b90( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_510(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_de0(&u_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + memcpy( + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_590( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fe0(&result, &product);); + invert_ntt_montgomery_9e0(&result); + result = subtract_reduce_20_b6(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + deserialize_then_decompress_u_b90(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_000( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_590(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_71(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_880(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_9b0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_0a0( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_fc(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + memcpy( + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_0b0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + deserialize_secret_key_0a0(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t result[32U]; + decrypt_unpacked_880(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_280( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_0b0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_0a0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_330( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_330(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_380( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_f8(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_dc( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_25(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_69( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_dc(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + uint8_t result[1568U]; + memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + deserialize_ring_elements_reduced_380( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_69( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static void closure_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_20_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_6b(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( + Simd128Hash *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( + Simd128Hash *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_b7(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( + Simd128Hash *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( + Simd128Hash *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_7d(self, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( + int16_t s[272U]) { + return from_i16_array_20_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_c0( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_48_ad(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_d5(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_de(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; + sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U][4U]; + memcpy(result, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ret, result, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_89(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_c0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_20_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_24(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 result; + memcpy( + result.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_20_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_4c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result0[i] = ZERO_20_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fe(&result0[i1], &product); + } + add_standard_error_reduce_20_6b(&result0[i1], &error_as_ntt[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_b7( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_c0(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_c0(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + compute_As_plus_e_4c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_85( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_20_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_b7(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_85(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_3a_55(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_69( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bd( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_b7(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_69(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_dc(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; + memcpy(result.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(result.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_7f( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_85(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_bd(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_7f( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_e7_e50(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_d50( + uu____2, libcrux_ml_kem_types_from_07_cf0(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_83(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_20_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 result; + memcpy( + result.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_9e( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_30(&zeta_i, re); + invert_ntt_at_layer_2_56(&zeta_i, re); + invert_ntt_at_layer_3_ce(&zeta_i, re); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_47(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result0[i] = ZERO_20_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fe(&result0[i1], &product); + } + invert_ntt_montgomery_9e(&result0[i1]); + add_error_reduce_20_3c(&result0[i1], &error_1[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_cc( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fe(&result, &product);); + invert_ntt_montgomery_9e(&result); + result = add_message_error_reduce_20_14(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_c6( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_a80(to_unsigned_representative_88(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_c2( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_c6(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_c2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_76( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_5_8b(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_9b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_c0(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_83(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_e9(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; + compute_vector_u_b1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_3c(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_cc(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d1( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_76( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_9b(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_480(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_d0(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_38( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_f8(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_0a(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + deserialize_ring_elements_reduced_38( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_9b(uu____3, uu____4, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_33(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_71( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_d0( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_85(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_0a(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_480(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_33(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_51(Eurydice_slice serialized) { + return deserialize_then_decompress_11_c8(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_2e(&zeta_i, re); + ntt_at_layer_2_81(&zeta_i, re); + ntt_at_layer_1_5f(&zeta_i, re); + poly_barrett_reduce_20_47(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b9( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_then_decompress_ring_element_u_51(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_de(&u_as_ntt[i0]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + memcpy( + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_00(Eurydice_slice serialized) { + return deserialize_then_decompress_5_77(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_59( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fe(&result, &product);); + invert_ntt_montgomery_9e(&result); + result = subtract_reduce_20_b6(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + deserialize_then_decompress_u_b9(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_00( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_59(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_71(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_88(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_9b(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_0a( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_20_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_fc(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + memcpy( + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_0b(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + deserialize_secret_key_0a(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t result[32U]; + decrypt_unpacked_88(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_28( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_0b(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_0a(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_33( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_33(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 46b9ebdb1..8bab021c2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem_neon_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -28,6 +29,576 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + core_core_arch_arm_shared_neon_int16x8_t low; + core_core_arch_arm_shared_neon_int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t low, + core_core_arch_arm_shared_neon_int16x8_t high); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +core_core_arch_arm_shared_neon_int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + core_core_arch_arm_shared_neon_int16x8_t v, + core_core_arch_arm_shared_neon_int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 1c5d78d79..e4bb7818a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "internal/libcrux_mlkem_portable.h" @@ -20,7 +20,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -28,7 +29,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -66,6 +68,123 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -73,8 +192,10 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), - Eurydice_slice, int16_t[16U]); + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -89,66 +210,340 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 5U); - uint8_t r3 = - (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & - (int16_t)255); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 4U); - uint8_t r7 = - (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & - (int16_t)255); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 6U); - uint8_t r10 = - (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -166,11 +561,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -210,56 +606,66 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 3U; - int16_t r2 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 6U; - int16_t r3 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> - 1U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> - 4U; - int16_t r5 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 7U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 2U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> - 5U; + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -270,35 +676,15 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -329,537 +715,6 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -997,19 +852,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1045,20 +887,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1077,17 +905,6 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1119,28 +936,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1413,28 +1208,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1526,17 +1299,19 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1549,320 +1324,99 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } - -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *); - uint8_t result1 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *); - uint8_t result2 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *); - uint8_t result3 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 4U & (int16_t)63); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & - (int16_t)255); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1871,15 +1425,17 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1914,115 +1470,22 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 2U; - int16_t r2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 4U; - int16_t r3 = - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> - 6U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r5 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 2U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> - 4U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); -} - KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); - uint8_t r1 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & - (int16_t)15) - << 4U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & - (int16_t)255); + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) >> + 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U); + uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2030,25 +1493,29 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, + Eurydice_slice)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, + Eurydice_slice)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, + Eurydice_slice)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, + Eurydice_slice)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, + Eurydice_slice)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, + Eurydice_slice)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2090,12 +1557,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t byte1 = - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); - int16_t byte2 = - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2104,24 +1571,32 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2155,15 +1630,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; - i++) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2175,7 +1650,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2186,7 +1661,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; sampled++; continue; } @@ -2203,7 +1679,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; sampled++; continue; } @@ -2241,7 +1718,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2269,13 +1746,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2292,14 +1772,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_654( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2307,9 +1787,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d4(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2323,7 +1803,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2342,8 +1822,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_83(v); } /** @@ -2353,10 +1833,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_23( +to_unsigned_representative_6c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2369,20 +1849,23 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_62( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_23(re->coefficients[i0]); + to_unsigned_representative_6c(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -2394,27 +1877,30 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_c11( +static KRML_MUSTINLINE void serialize_secret_key_491( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_62(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_9c(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } uint8_t result[1536U]; memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); @@ -2429,20 +1915,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_f91( +static KRML_MUSTINLINE void serialize_public_key_1a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_c11(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_491(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -2456,18 +1946,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b91(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_ad1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_cc4( + deserialize_ring_elements_reduced_654( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_f91( + serialize_public_key_1a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2495,7 +1985,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2506,10 +1996,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_02();); } /** @@ -2528,22 +2018,21 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_411(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; + memcpy(uu____0, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2559,11 +2048,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(copy_of_input); +shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_411(uu____0); } /** @@ -2572,14 +2060,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2593,52 +2082,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_101(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_first_three_blocks_541(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2646,7 +2094,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2657,11 +2105,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2684,14 +2133,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_881( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2705,52 +2154,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ed1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_next_block_881(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2758,7 +2166,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2769,11 +2177,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2801,15 +2210,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); +from_i16_array_20_48(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t)); + (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); result.coefficients[i0] = uu____0; } return result; @@ -2822,10 +2232,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( int16_t s[272U]) { - return from_i16_array_20_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_20_48(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -2835,42 +2245,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_f61( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_023( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_c11(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_next_block_f1_681(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_024( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(copy_of_out[i]);); + ret0[i] = closure_131(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2883,33 +2288,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(copy_of_seeds, sampled); + sample_from_xof_f61(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2918,9 +2322,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( } else { A_transpose[i1][j] = sample; } - } - - ); + }); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U][4U]; memcpy(result, A_transpose, (size_t)4U * @@ -2947,14 +2349,15 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2968,60 +2371,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_632(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3029,25 +2383,27 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_76(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_d7(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3063,8 +2419,8 @@ sample_from_binomial_distribution_2_76(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_6b( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_20_48(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -3074,22 +2430,24 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_e7(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_49(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3107,8 +2465,8 @@ sample_from_binomial_distribution_3_e7(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_6b( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_20_48(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -3118,8 +2476,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_91(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_76(randomness); +sample_from_binomial_distribution_48(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_d7(randomness); } /** @@ -3128,7 +2486,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_62( +static KRML_MUSTINLINE void ntt_at_layer_7_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3136,8 +2494,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_62( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3156,7 +2515,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_99( +montgomery_multiply_fe_18( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3170,12 +2529,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_9f( + ntt_layer_int_vec_step_6b( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_99(b, zeta_r); + montgomery_multiply_fe_18(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3189,7 +2548,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_e5( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_08( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3202,7 +2561,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_e5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_9f( + ntt_layer_int_vec_step_6b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3219,7 +2578,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_db( +static KRML_MUSTINLINE void ntt_at_layer_3_41( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3237,18 +2596,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_cf( +static KRML_MUSTINLINE void ntt_at_layer_2_ac( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3257,12 +2616,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_e0( +static KRML_MUSTINLINE void ntt_at_layer_1_d6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3272,7 +2631,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_e0( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3285,7 +2644,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_fd( +static KRML_MUSTINLINE void poly_barrett_reduce_20_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3303,17 +2662,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f7( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_62(re); + ntt_at_layer_7_9e(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_e0(&zeta_i, re); - poly_barrett_reduce_20_fd(re); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_41(&zeta_i, re); + ntt_at_layer_2_ac(&zeta_i, re); + ntt_at_layer_1_d6(&zeta_i, re); + poly_barrett_reduce_20_98(re); } /** @@ -3325,36 +2684,36 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_531( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_781( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_20_02();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( - result.fst, copy_of_re_as_ntt, + result.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -3371,9 +2730,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_64(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_db(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3406,15 +2765,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_521( +static KRML_MUSTINLINE void add_to_ring_element_20_981( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3431,7 +2792,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_0c( +to_standard_domain_25( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3447,14 +2808,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_46( +static KRML_MUSTINLINE void add_standard_error_reduce_20_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_0c(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_25(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3469,38 +2830,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_971( +static KRML_MUSTINLINE void compute_As_plus_e_021( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_02();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_521(&result0[i1], &product); + ntt_multiply_20_db(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_981(&result0[i1], &product); } - add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_b9(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3520,75 +2883,69 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f61( +static tuple_540 generate_keypair_unpacked_6c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_111(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_551(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_781(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_531(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_781(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_971(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_021(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3607,10 +2964,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_951( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_02();); } /** @@ -3623,7 +2980,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_c4( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3645,7 +3002,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3664,27 +3021,28 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_540 uu____0 = generate_keypair_unpacked_f61(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_540 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_951(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e81(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_c4(&ind_cpa_public_key.A[j][i1]); + clone_3a_b3(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3694,39 +3052,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_f91( + serialize_public_key_1a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3743,30 +3098,25 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_801( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_101( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f61(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_f91( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_1a1(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_c11(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_491(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + memcpy(result.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(result.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return result; } @@ -3777,7 +3127,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_e8( +static KRML_MUSTINLINE void serialize_kem_secret_key_df( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3785,37 +3135,43 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_e8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_af1(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -3833,37 +3189,37 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_bb1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_4a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_801(ind_cpa_keypair_randomness); + generate_keypair_101(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_e8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), + serialize_kem_secret_key_df( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_781(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_e50(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_981( - uu____2, libcrux_ml_kem_types_from_07_201(copy_of_public_key)); + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_d50( + uu____2, libcrux_ml_kem_types_from_07_cf0(uu____3)); } /** @@ -3876,36 +3232,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_561(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_641(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_20_02();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( - result.fst, copy_of_error_1, + result.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -3916,10 +3270,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3933,9 +3288,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -3944,12 +3299,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_a0( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_4b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3959,7 +3314,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_a0( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3968,18 +3323,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_c5( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3988,7 +3343,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_29( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4008,7 +3363,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_2c( + inv_ntt_layer_int_vec_step_reduce_50( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4016,7 +3371,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_99(a_minus_b, zeta_r); + b = montgomery_multiply_fe_18(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4028,7 +3383,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dc( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4043,7 +3398,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_2c( + inv_ntt_layer_int_vec_step_reduce_50( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4060,18 +3415,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_031( +static KRML_MUSTINLINE void invert_ntt_montgomery_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a0(&zeta_i, re); - invert_ntt_at_layer_2_c5(&zeta_i, re); - invert_ntt_at_layer_3_a6(&zeta_i, re); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_fd(re); + invert_ntt_at_layer_1_4b(&zeta_i, re); + invert_ntt_at_layer_2_0d(&zeta_i, re); + invert_ntt_at_layer_3_29(&zeta_i, re); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_98(re); } /** @@ -4084,7 +3439,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_a1( +static KRML_MUSTINLINE void add_error_reduce_20_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4108,38 +3463,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_031( +static KRML_MUSTINLINE void compute_vector_u_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_02();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(a_element, &r_as_ntt[j]); - add_to_ring_element_20_521(&result0[i1], &product); + ntt_multiply_20_db(a_element, &r_as_ntt[j]); + add_to_ring_element_20_981(&result0[i1], &product); } - invert_ntt_montgomery_031(&result0[i1]); - add_error_reduce_20_a1(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_1f1(&result0[i1]); + add_error_reduce_20_59(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4157,7 +3514,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_8a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_36(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4171,8 +3528,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_24(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_message_b7(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4180,9 +3537,9 @@ deserialize_then_decompress_message_24(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_8a(coefficient_compressed); + decompress_1_36(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4198,7 +3555,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_41( +add_message_error_reduce_20_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4228,18 +3585,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_5a1( +compute_ring_element_v_c41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_521(&result, &product);); - invert_ntt_montgomery_031(&result); - result = add_message_error_reduce_20_41(error_2, message, result); + ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_981(&result, &product);); + invert_ntt_montgomery_1f1(&result); + result = add_message_error_reduce_20_5e(error_2, message, result); return result; } @@ -4249,7 +3606,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4270,9 +3627,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_94(v); } /** @@ -4281,7 +3638,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4303,8 +3660,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_940(v); } /** @@ -4313,20 +3670,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_420( +static KRML_MUSTINLINE void compress_then_serialize_11_ef0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_23(re->coefficients[i0])); + compress_0d_9b0(to_unsigned_representative_6c(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4338,10 +3698,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_210( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_420(re, uu____0); + compress_then_serialize_11_ef0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4354,25 +3714,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_e61( +static void compress_then_serialize_u_411( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_210(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_da0(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4382,7 +3746,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4404,8 +3768,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_941(v); } /** @@ -4414,22 +3778,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_8c( +static KRML_MUSTINLINE void compress_then_serialize_4_75( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); + LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), + size_t, void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_23(re.coefficients[i0])); + compress_0d_9b1(to_unsigned_representative_6c(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4439,7 +3805,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4461,8 +3827,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_942(v); } /** @@ -4471,22 +3837,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_7e( +static KRML_MUSTINLINE void compress_then_serialize_5_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); + LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), + size_t, void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_23(re.coefficients[i0])); + compress_0d_9b2(to_unsigned_representative_6c(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4497,9 +3865,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_eb0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ef0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_7e(re, out); + compress_then_serialize_5_0f(re, out); } /** @@ -4520,25 +3888,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_5b1( +static void encrypt_unpacked_cf1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_781(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = - sample_ring_element_cbd_561(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = sample_ring_element_cbd_641(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4546,33 +3911,35 @@ static void encrypt_unpacked_5b1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_6f4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_031(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_0f1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_24(copy_of_message); + deserialize_then_decompress_message_b7(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_5a1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c41(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e61( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); + compress_then_serialize_u_411( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_eb0( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_ef0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4595,51 +3962,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_331( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_111( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_5b1(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_cf1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_480(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4653,10 +4020,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_62(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_d5(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, ret); } @@ -4667,14 +4035,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_653( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4682,9 +4050,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d4(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4710,52 +4078,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0c1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_cc3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + deserialize_ring_elements_reduced_653( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_551(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; + memcpy(uu____1, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_5b1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_cf1(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4770,10 +4135,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_cf(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, ret); } @@ -4796,56 +4162,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9f1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_831( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_62( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_d5( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), - uint8_t), + H_f1_af1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_111( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_501(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_bd1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_251(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_480(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c6(shared_secret, shared_secret_array); + kdf_af_cf(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 result; result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return result; } @@ -4856,7 +4225,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4881,9 +4250,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_41(v); } /** @@ -4893,24 +4262,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_21(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_10_75(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); LowStar_Ignore_ignore( - Eurydice_slice_len( + core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, re.coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t), size_t, void *); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_cc(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4923,7 +4296,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4948,9 +4321,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_410(v); } /** @@ -4960,17 +4333,20 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_94(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_11_b9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_cc0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4983,8 +4359,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_b20(Eurydice_slice serialized) { - return deserialize_then_decompress_11_94(serialized); +deserialize_then_decompress_ring_element_u_9d0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_b9(serialized); } /** @@ -4993,17 +4369,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_8f0( +static KRML_MUSTINLINE void ntt_vector_u_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_e0(&zeta_i, re); - poly_barrett_reduce_20_fd(re); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_41(&zeta_i, re); + ntt_at_layer_2_ac(&zeta_i, re); + ntt_at_layer_1_d6(&zeta_i, re); + poly_barrett_reduce_20_98(re); } /** @@ -5014,16 +4390,17 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_e51( +static KRML_MUSTINLINE void deserialize_then_decompress_u_121( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_39();); + u_as_ntt[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5036,9 +4413,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_e51( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_b20(u_bytes); - ntt_vector_u_8f0(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_9d0(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_6c0(&u_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -5056,7 +4435,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5081,9 +4460,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_411(v); } /** @@ -5093,17 +4472,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_02(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_4_68(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_cc1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5116,7 +4497,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5141,9 +4522,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_412(v); } /** @@ -5153,17 +4534,21 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_d8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_5_c1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); - re.coefficients[i0] = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5176,8 +4561,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0a0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_d8(serialized); +deserialize_then_decompress_ring_element_v_450(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c1(serialized); } /** @@ -5191,7 +4576,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_d0(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_e9(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5216,17 +4601,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_3e1( +compute_message_2c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_521(&result, &product);); - invert_ntt_montgomery_031(&result); - result = subtract_reduce_20_d0(v, result); + ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_981(&result, &product);); + invert_ntt_montgomery_1f1(&result); + result = subtract_reduce_20_e9(v, result); return result; } @@ -5236,23 +4621,25 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_dd( +static KRML_MUSTINLINE void compress_then_serialize_message_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_23(re.coefficients[i0]); + to_unsigned_representative_6c(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), - uint8_t);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -5266,19 +4653,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_741( +static void decrypt_unpacked_be1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_e51(ciphertext, u_as_ntt); + deserialize_then_decompress_u_121(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0a0( + deserialize_then_decompress_ring_element_v_450( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3e1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_4e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5287,10 +4675,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5304,8 +4693,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -5330,62 +4719,66 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_741(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_be1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_111( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_6f3( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_5b1(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_cf1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5397,13 +4790,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_43(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_to_uncompressed_ring_element_ee(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5417,14 +4813,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_381( +static KRML_MUSTINLINE void deserialize_secret_key_5e1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_39();); + secret_as_ntt[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5432,9 +4828,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_381( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_43(secret_bytes); + deserialize_to_uncompressed_ring_element_ee(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5456,22 +4852,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_da1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_bc1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_381(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + deserialize_secret_key_5e1(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_741(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_be1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5497,72 +4892,78 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_111( +void libcrux_ml_kem_ind_cca_decapsulate_0b1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_da1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_bc1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_111( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_6f3( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0c1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_bd1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c6(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_cf( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_c6(shared_secret0, shared_secret1); + kdf_af_cf(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c01(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), + libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -5576,14 +4977,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_652( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5591,9 +4992,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d4(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5608,27 +5009,30 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_c10( +static KRML_MUSTINLINE void serialize_secret_key_490( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_62(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_9c(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } uint8_t result[768U]; memcpy(result, out, (size_t)768U * sizeof(uint8_t)); @@ -5643,20 +5047,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_f90( +static KRML_MUSTINLINE void serialize_public_key_1a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_c10(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_490(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -5670,18 +5077,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b90(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_ad0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_cc2( + deserialize_ring_elements_reduced_652( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_f90( + serialize_public_key_1a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5695,10 +5102,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c0_s { +typedef struct tuple_4c_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; +} tuple_4c; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5709,7 +5116,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5720,10 +5127,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_02();); } /** @@ -5742,22 +5149,21 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_410(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; + memcpy(uu____0, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5773,11 +5179,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(copy_of_input); +shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_410(uu____0); } /** @@ -5786,14 +5191,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5807,52 +5213,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_100(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_first_three_blocks_540(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5860,7 +5225,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5871,11 +5236,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5898,14 +5264,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_880( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -5919,52 +5285,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ed0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_next_block_880(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5972,7 +5297,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5983,11 +5308,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6011,10 +5337,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( int16_t s[272U]) { - return from_i16_array_20_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_20_48(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -6024,42 +5350,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_f60( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_021( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_c10(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_next_block_f1_680(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_022( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(copy_of_out[i]);); + ret0[i] = closure_130(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6072,33 +5393,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(copy_of_seeds, sampled); + sample_from_xof_f60(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -6107,9 +5427,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( } else { A_transpose[i1][j] = sample; } - } - - ); + }); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U][2U]; memcpy(result, A_transpose, (size_t)2U * @@ -6125,10 +5443,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { +typedef struct tuple_74_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_740; +} tuple_74; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -6136,14 +5454,15 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6157,9 +5476,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_630(input, ret); } /** @@ -6169,8 +5488,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_910(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_e7(randomness); +sample_from_binomial_distribution_480(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_49(randomness); } /** @@ -6182,36 +5501,36 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_530( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_780( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_20_02();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_770(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_910( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_480(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 result; + tuple_74 result; memcpy( - result.fst, copy_of_re_as_ntt, + result.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -6227,15 +5546,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_520( +static KRML_MUSTINLINE void add_to_ring_element_20_980( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6251,38 +5572,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_970( +static KRML_MUSTINLINE void compute_As_plus_e_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_02();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_520(&result0[i1], &product); + ntt_multiply_20_db(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_980(&result0[i1], &product); } - add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_b9(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6302,77 +5625,71 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f60( +static tuple_4c generate_keypair_unpacked_6c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_110(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_550(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_780(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_530(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_780(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_970(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_020(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } /** @@ -6389,10 +5706,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_950( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_02();); } /** @@ -6404,7 +5721,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6423,27 +5740,28 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_f60(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_950(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e80(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_c4(&ind_cpa_public_key.A[j][i1]); + clone_3a_b3(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6453,39 +5771,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_f90( + serialize_public_key_1a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6502,30 +5817,25 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_800( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_100( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f60(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_f90( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_1a0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_c10(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_490(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + memcpy(result.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(result.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return result; } @@ -6536,7 +5846,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_59( +static KRML_MUSTINLINE void serialize_kem_secret_key_c1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6544,37 +5854,43 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_59( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_af0(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -6592,37 +5908,37 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_bb0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_4a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_800(ind_cpa_keypair_randomness); + generate_keypair_100(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_59( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), + serialize_kem_secret_key_c1( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_e51(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_98( - uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_d51( + uu____2, libcrux_ml_kem_types_from_07_cf1(uu____3)); } /** @@ -6631,14 +5947,15 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6652,9 +5969,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_631(input, ret); } /** @@ -6666,37 +5983,35 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_560(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_640(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_20_02();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_771(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 result; + tuple_74 result; memcpy( - result.fst, copy_of_error_1, + result.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -6712,9 +6027,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -6723,18 +6038,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_030( +static KRML_MUSTINLINE void invert_ntt_montgomery_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a0(&zeta_i, re); - invert_ntt_at_layer_2_c5(&zeta_i, re); - invert_ntt_at_layer_3_a6(&zeta_i, re); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_fd(re); + invert_ntt_at_layer_1_4b(&zeta_i, re); + invert_ntt_at_layer_2_0d(&zeta_i, re); + invert_ntt_at_layer_3_29(&zeta_i, re); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_98(re); } /** @@ -6743,38 +6058,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_030( +static KRML_MUSTINLINE void compute_vector_u_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_02();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(a_element, &r_as_ntt[j]); - add_to_ring_element_20_520(&result0[i1], &product); + ntt_multiply_20_db(a_element, &r_as_ntt[j]); + add_to_ring_element_20_980(&result0[i1], &product); } - invert_ntt_montgomery_030(&result0[i1]); - add_error_reduce_20_a1(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_1f0(&result0[i1]); + add_error_reduce_20_59(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6792,18 +6109,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_5a0( +compute_ring_element_v_c40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_520(&result, &product);); - invert_ntt_montgomery_030(&result); - result = add_message_error_reduce_20_41(error_2, message, result); + ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_980(&result, &product);); + invert_ntt_montgomery_1f0(&result); + result = add_message_error_reduce_20_5e(error_2, message, result); return result; } @@ -6813,20 +6130,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_e8( +static KRML_MUSTINLINE void compress_then_serialize_10_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_23(re->coefficients[i0])); + compress_0d_9b(to_unsigned_representative_6c(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -6838,10 +6158,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_21( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_e8(re, uu____0); + compress_then_serialize_10_bb(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6854,25 +6174,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e60( +static void compress_then_serialize_u_410( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_21(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_da(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -6883,9 +6207,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_eb( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_8c(re, out); + compress_then_serialize_4_75(re, out); } /** @@ -6906,25 +6230,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_5b0( +static void encrypt_unpacked_cf0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_780(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_560(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_640(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6932,33 +6253,34 @@ static void encrypt_unpacked_5b0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_6f2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_030(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_0f0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_24(copy_of_message); + deserialize_then_decompress_message_b7(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_5a0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c40(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e60( + compress_then_serialize_u_410( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_eb( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_ef( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -6981,51 +6303,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_330( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_110( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_5b0(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_cf0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_481(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7039,10 +6361,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_27(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_b3(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, ret); } @@ -7053,14 +6376,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_651( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7068,9 +6391,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d4(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7096,52 +6419,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0c0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_cc1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + deserialize_ring_elements_reduced_651( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_550(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; + memcpy(uu____1, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_5b0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_cf0(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7156,10 +6476,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_da(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_a2(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, ret); } @@ -7182,56 +6503,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9f0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_830( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_27( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_b3( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), - uint8_t), + H_f1_af0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_110( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_bd0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_481(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_da(shared_secret, shared_secret_array); + kdf_af_a2(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec result; result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return result; } @@ -7242,8 +6566,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_b2(Eurydice_slice serialized) { - return deserialize_then_decompress_10_21(serialized); +deserialize_then_decompress_ring_element_u_9d(Eurydice_slice serialized) { + return deserialize_then_decompress_10_75(serialized); } /** @@ -7252,17 +6576,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_8f( +static KRML_MUSTINLINE void ntt_vector_u_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_e0(&zeta_i, re); - poly_barrett_reduce_20_fd(re); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_41(&zeta_i, re); + ntt_at_layer_2_ac(&zeta_i, re); + ntt_at_layer_1_d6(&zeta_i, re); + poly_barrett_reduce_20_98(re); } /** @@ -7273,16 +6597,17 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_e50( +static KRML_MUSTINLINE void deserialize_then_decompress_u_120( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_39();); + u_as_ntt[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7295,9 +6620,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_e50( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_b2(u_bytes); - ntt_vector_u_8f(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_9d(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_6c(&u_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -7315,8 +6642,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_0a(Eurydice_slice serialized) { - return deserialize_then_decompress_4_02(serialized); +deserialize_then_decompress_ring_element_v_45(Eurydice_slice serialized) { + return deserialize_then_decompress_4_68(serialized); } /** @@ -7326,17 +6653,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_3e0( +compute_message_2c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_520(&result, &product);); - invert_ntt_montgomery_030(&result); - result = subtract_reduce_20_d0(v, result); + ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_980(&result, &product);); + invert_ntt_montgomery_1f0(&result); + result = subtract_reduce_20_e9(v, result); return result; } @@ -7350,19 +6677,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_740( +static void decrypt_unpacked_be0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_e50(ciphertext, u_as_ntt); + deserialize_then_decompress_u_120(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0a( + deserialize_then_decompress_ring_element_v_45( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3e0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2c0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_4e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7376,8 +6704,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -7402,61 +6730,65 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_740(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_be0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_110( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_6f1( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_5b0(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_cf0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7467,14 +6799,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_380( +static KRML_MUSTINLINE void deserialize_secret_key_5e0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_39();); + secret_as_ntt[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7482,9 +6814,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_380( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_43(secret_bytes); + deserialize_to_uncompressed_ring_element_ee(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7506,22 +6838,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_da0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_bc0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_380(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + deserialize_secret_key_5e0(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_740(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_be0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7547,71 +6878,77 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_110( +void libcrux_ml_kem_ind_cca_decapsulate_0b0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_da0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_bc0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_110( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_6f1( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0c0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_bd0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_da(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_a2( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_da(shared_secret0, shared_secret1); + kdf_af_a2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), + libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -7625,14 +6962,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_650( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7640,9 +6977,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d4(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7657,27 +6994,30 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_c1( +static KRML_MUSTINLINE void serialize_secret_key_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_62(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_9c(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } uint8_t result[1152U]; memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); @@ -7692,20 +7032,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_f9( +static KRML_MUSTINLINE void serialize_public_key_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_c1(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_49(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -7719,18 +7063,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_b9(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_ad(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_cc0( + deserialize_ring_elements_reduced_650( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_f9( + serialize_public_key_1a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7758,7 +7102,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7769,10 +7113,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_02();); } /** @@ -7791,22 +7135,21 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; + memcpy(uu____0, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7822,11 +7165,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(copy_of_input); +shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_41(uu____0); } /** @@ -7835,14 +7177,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -7856,52 +7199,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_10(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_first_three_blocks_54(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7909,7 +7211,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7920,11 +7222,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7947,14 +7250,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( +static KRML_MUSTINLINE void shake128_squeeze_next_block_88( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -7968,52 +7271,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ed(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_next_block_88(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8021,7 +7283,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8032,11 +7294,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8060,10 +7323,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( int16_t s[272U]) { - return from_i16_array_20_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_20_48(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -8073,42 +7336,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_02( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_c1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_next_block_f1_68(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_020( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(copy_of_out[i]);); + ret0[i] = closure_13(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8121,33 +7379,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(copy_of_seeds, sampled); + sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -8156,9 +7413,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( } else { A_transpose[i1][j] = sample; } - } - - ); + }); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; memcpy(result, A_transpose, (size_t)3U * @@ -8185,14 +7440,15 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -8206,9 +7462,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_63(input, ret); } /** @@ -8220,36 +7476,36 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_53( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_78( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_20_02();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( - result.fst, copy_of_re_as_ntt, + result.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -8265,15 +7521,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_52( +static KRML_MUSTINLINE void add_to_ring_element_20_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -8289,38 +7547,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_97( +static KRML_MUSTINLINE void compute_As_plus_e_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_02();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_52(&result0[i1], &product); + ntt_multiply_20_db(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_98(&result0[i1], &product); } - add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_b9(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8340,75 +7600,69 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f6( +static tuple_9b generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_11(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_78(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_53(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_78(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_97(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_02(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8427,10 +7681,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_95( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_02();); } /** @@ -8442,7 +7696,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8461,27 +7715,28 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = generate_keypair_unpacked_f6(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_9b uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_95(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e8(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_c4(&ind_cpa_public_key.A[j][i1]); + clone_3a_b3(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8491,39 +7746,36 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_aa( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_f9( + serialize_public_key_1a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8540,30 +7792,25 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_80( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_10( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f6(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_6c(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_f9( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_1a(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_c1(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_49(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + memcpy(result.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(result.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return result; } @@ -8574,7 +7821,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_32( +static KRML_MUSTINLINE void serialize_kem_secret_key_3a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8582,37 +7829,43 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_32( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_af(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -8630,37 +7883,37 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_4a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_80(ind_cpa_keypair_randomness); + generate_keypair_10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_32( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + serialize_kem_secret_key_3a( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_780(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_e5(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_980( - uu____2, libcrux_ml_kem_types_from_07_200(copy_of_public_key)); + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_d5( + uu____2, libcrux_ml_kem_types_from_07_cf(uu____3)); } /** @@ -8673,36 +7926,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_56(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_64(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_20_02();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( - result.fst, copy_of_error_1, + result.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -8718,9 +7969,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -8729,18 +7980,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_03( +static KRML_MUSTINLINE void invert_ntt_montgomery_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a0(&zeta_i, re); - invert_ntt_at_layer_2_c5(&zeta_i, re); - invert_ntt_at_layer_3_a6(&zeta_i, re); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_dc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_fd(re); + invert_ntt_at_layer_1_4b(&zeta_i, re); + invert_ntt_at_layer_2_0d(&zeta_i, re); + invert_ntt_at_layer_3_29(&zeta_i, re); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_98(re); } /** @@ -8749,38 +8000,40 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_03( +static KRML_MUSTINLINE void compute_vector_u_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_02();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(a_element, &r_as_ntt[j]); - add_to_ring_element_20_52(&result0[i1], &product); + ntt_multiply_20_db(a_element, &r_as_ntt[j]); + add_to_ring_element_20_98(&result0[i1], &product); } - invert_ntt_montgomery_03(&result0[i1]); - add_error_reduce_20_a1(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_1f(&result0[i1]); + add_error_reduce_20_59(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8798,18 +8051,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_5a( +compute_ring_element_v_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_52(&result, &product);); - invert_ntt_montgomery_03(&result); - result = add_message_error_reduce_20_41(error_2, message, result); + ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_98(&result, &product);); + invert_ntt_montgomery_1f(&result); + result = add_message_error_reduce_20_5e(error_2, message, result); return result; } @@ -8822,25 +8075,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e6( +static void compress_then_serialize_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_21(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_da(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -8862,25 +8119,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_5b( +static void encrypt_unpacked_cf( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_78(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_56(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = sample_ring_element_cbd_64(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8888,33 +8142,34 @@ static void encrypt_unpacked_5b( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_6f0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_91( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_48(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_03(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_0f(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_24(copy_of_message); + deserialize_then_decompress_message_b7(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_5a(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c4(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e6( + compress_then_serialize_u_41( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_eb( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_ef( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -8937,51 +8192,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_33( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_11( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_5b(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_cf(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_48(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8995,10 +8250,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_48(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_2d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, ret); } @@ -9009,14 +8265,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_65( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9024,9 +8280,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_cc( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d4(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9052,52 +8308,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0c(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_cc( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + deserialize_ring_elements_reduced_65( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; + memcpy(uu____1, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_5b(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_cf(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -9112,10 +8365,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_4f(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c8(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, ret); } @@ -9138,56 +8392,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_83( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_48( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), - uint8_t), + H_f1_af(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_11( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_500(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_bd(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_250(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_48(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4f(shared_secret, shared_secret_array); + kdf_af_c8(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return result; } @@ -9199,16 +8456,17 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_e5( +static KRML_MUSTINLINE void deserialize_then_decompress_u_12( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_39();); + u_as_ntt[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -9221,9 +8479,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_e5( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_b2(u_bytes); - ntt_vector_u_8f(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_9d(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_6c(&u_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -9241,17 +8501,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_3e( +compute_message_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_52(&result, &product);); - invert_ntt_montgomery_03(&result); - result = subtract_reduce_20_d0(v, result); + ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_98(&result, &product);); + invert_ntt_montgomery_1f(&result); + result = subtract_reduce_20_e9(v, result); return result; } @@ -9265,19 +8525,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_74( +static void decrypt_unpacked_be( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_e5(ciphertext, u_as_ntt); + deserialize_then_decompress_u_12(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_0a( + deserialize_then_decompress_ring_element_v_45( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3e(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2c(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_4e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9291,8 +8552,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -9317,61 +8578,65 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_74(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_be(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_11( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_6f( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_5b(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_cf(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9382,14 +8647,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_38( +static KRML_MUSTINLINE void deserialize_secret_key_5e( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_39();); + secret_as_ntt[i] = ZERO_20_02();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9397,9 +8662,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_38( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_43(secret_bytes); + deserialize_to_uncompressed_ring_element_ee(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9421,22 +8686,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_da(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_bc(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_38(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + deserialize_secret_key_5e(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_74(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_be(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9462,70 +8726,77 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_11( +void libcrux_ml_kem_ind_cca_decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_da(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_bc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_11( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_6f( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0c(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_bd(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4f(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_c8( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_4f(shared_secret0, shared_secret1); + kdf_af_c8(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_c00(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), + libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 41bd5cf3f..0ff167edb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_mlkem_portable_H @@ -39,10 +39,49 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -53,6 +92,55 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -82,23 +170,9 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -109,22 +183,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -205,19 +263,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -239,34 +284,9 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -282,28 +302,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -413,28 +411,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -501,55 +477,6 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -565,19 +492,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index c37e9b71f..cbeb093c6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_sha3_H @@ -22,160 +22,105 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), - data); + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - data); + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), - data); + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), - data); + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 7ef3b171a..e17f0055e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,2457 +4,88 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_sha3_avx2.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[4U]; - memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(copy_of_a, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -/** - Create a new Shake128 x4 state. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = zero_ef(); - lit.st[0U][1U] = zero_ef(); - lit.st[0U][2U] = zero_ef(); - lit.st[0U][3U] = zero_ef(); - lit.st[0U][4U] = zero_ef(); - lit.st[1U][0U] = zero_ef(); - lit.st[1U][1U] = zero_ef(); - lit.st[1U][2U] = zero_ef(); - lit.st[1U][3U] = zero_ef(); - lit.st[1U][4U] = zero_ef(); - lit.st[2U][0U] = zero_ef(); - lit.st[2U][1U] = zero_ef(); - lit.st[2U][2U] = zero_ef(); - lit.st[2U][3U] = zero_ef(); - lit.st[2U][4U] = zero_ef(); - lit.st[3U][0U] = zero_ef(); - lit.st[3U][1U] = zero_ef(); - lit.st[3U][2U] = zero_ef(); - lit.st[3U][3U] = zero_ef(); - lit.st[3U][4U] = zero_ef(); - lit.st[4U][0U] = zero_ef(); - lit.st[4U][1U] = zero_ef(); - lit.st[4U][2U] = zero_ef(); - lit.st[4U][3U] = zero_ef(); - lit.st[4U][4U] = zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), - uint8_t); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy(uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy(uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy(uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy(uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[4U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[4U][200U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); - Eurydice_slice uu____4 = Eurydice_slice_subslice2( - out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = Eurydice_slice_subslice2( - out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = Eurydice_slice_subslice2( - out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = Eurydice_slice_subslice2( - out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_e9(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out1[200U]; - memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out2[200U]; - memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); - uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[4U]; - memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); - } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[4U]; - memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_77(s, o1); - } - } -} - -/** - Perform 4 SHAKE256 operations in parallel -*/ -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); -} - -/** - Initialise the [`KeccakState`]. -*/ -libcrux_sha3_generic_keccak_KeccakState_29 +KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), - uint8_t); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy(uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy(uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy(uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy(uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[4U][200U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** - Absorb -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); - Eurydice_slice uu____4 = Eurydice_slice_subslice2( - out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = Eurydice_slice_subslice2( - out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = Eurydice_slice_subslice2( - out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = Eurydice_slice_subslice2( - out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); -} - -/** - Squeeze three blocks -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** - Squeeze another block -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** - Squeeze five blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** - Squeeze block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } -/** - Squeeze next block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9509fc57c..86c8925f7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_sha3_avx2_H @@ -20,80 +20,46 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" +#include "libcrux_sha3_neon.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; - -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Initialise the [`KeccakState`]. -*/ -libcrux_sha3_generic_keccak_KeccakState_29 +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; + +libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze five blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze next block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 879d311df..0fc1cf623 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -137,7 +137,8 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); } /** @@ -146,18 +147,17 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[1U]; - memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,9 +187,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -201,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -245,8 +242,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -276,13 +274,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -292,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -319,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -330,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -357,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -368,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -395,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -406,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -433,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -444,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -460,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -471,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -498,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -509,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -536,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -547,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -574,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -585,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -612,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -623,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -650,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -661,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -688,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -699,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -726,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -737,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -764,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -775,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -802,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -813,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -840,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -851,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -878,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -889,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -916,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -927,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -954,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -965,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -992,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -1003,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1030,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1041,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1068,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1079,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1106,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1117,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1144,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1155,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1182,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1192,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1227,54 +1224,77 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + uint64_t uu____4 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + uint64_t uu____5 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + uint64_t uu____6 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + uint64_t uu____7 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + uint64_t uu____8 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + uint64_t uu____9 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + uint64_t uu____10 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + uint64_t uu____11 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + uint64_t uu____12 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + uint64_t uu____13 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + uint64_t uu____14 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + uint64_t uu____15 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + uint64_t uu____16 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + uint64_t uu____17 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + uint64_t uu____18 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + uint64_t uu____19 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + uint64_t uu____20 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + uint64_t uu____21 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + uint64_t uu____22 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + uint64_t uu____23 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + uint64_t uu____24 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + uint64_t uu____25 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + uint64_t uu____26 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1369,16 +1389,16 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1388,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1397,16 +1417,19 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1419,9 +1442,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1431,9 +1454,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1443,10 +1466,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1454,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1463,8 +1486,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1478,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1494,13 +1518,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1511,16 +1534,16 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1530,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1539,16 +1562,19 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1561,9 +1587,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1573,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1585,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1600,13 +1626,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -1616,13 +1641,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1630,16 +1655,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_39(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -1652,9 +1676,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -1665,22 +1689,22 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -1691,23 +1715,23 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -1719,36 +1743,37 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1774,12 +1799,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -1790,12 +1815,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } /** @@ -1803,7 +1827,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1812,8 +1836,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1831,13 +1856,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -1847,13 +1871,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1861,11 +1885,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -1877,13 +1901,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -1894,16 +1917,16 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1913,8 +1936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1922,16 +1945,19 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1940,16 +1966,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_393(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -1962,9 +1987,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -1975,22 +2000,22 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2003,9 +2028,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2015,9 +2040,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2027,10 +2052,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2040,23 +2065,23 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2068,36 +2093,37 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,7 +2131,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2123,12 +2149,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } } @@ -2139,12 +2165,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** @@ -2152,7 +2177,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2161,8 +2186,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2180,13 +2206,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); } /** @@ -2196,13 +2221,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2210,11 +2235,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de2(s, buf); } /** @@ -2226,13 +2251,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); } /** @@ -2243,16 +2267,16 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2262,8 +2286,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2271,16 +2295,19 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -2289,16 +2316,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_392(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2311,9 +2337,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); } /** @@ -2324,22 +2350,22 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2352,9 +2378,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_392(a, b); } /** @@ -2364,9 +2390,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2376,10 +2402,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2389,23 +2415,23 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2417,36 +2443,37 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,7 +2481,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2472,12 +2499,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } } @@ -2488,12 +2515,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } /** @@ -2505,13 +2531,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -2521,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2535,16 +2560,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_390(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2557,9 +2581,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -2570,22 +2594,22 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2596,23 +2620,23 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2624,36 +2648,37 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2695,12 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } /** @@ -2711,16 +2735,16 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2730,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2742,36 +2766,37 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2813,12 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } /** @@ -2826,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2835,8 +2859,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2854,13 +2879,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** @@ -2870,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2884,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_de1(s, buf); } /** @@ -2900,13 +2924,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); } /** @@ -2917,16 +2940,16 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2936,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2945,16 +2968,19 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -2963,16 +2989,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_store_block_391(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2984,9 +3009,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -2997,22 +3022,22 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -3025,9 +3050,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_391(a, b); } /** @@ -3037,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3049,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3062,23 +3087,23 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -3090,36 +3115,37 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -3161,12 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index f6b989c7d..e565df5af 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,110 +4,3563 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #include "libcrux_sha3_neon.h" +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + core_core_arch_arm_shared_neon_uint64x2_t cd = + libcrux_intrinsics_arm64__veorq_u64(c, d); + core_core_arch_arm_shared_neon_uint64x2_t abcd = + libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c, + core_core_arch_arm_shared_neon_uint64x2_t d, + core_core_arch_arm_shared_neon_uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b, + core_core_arch_arm_shared_neon_uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + core_core_arch_arm_shared_neon_uint64x2_t c0 = + libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = zero_fa(); + lit.st[0U][1U] = zero_fa(); + lit.st[0U][2U] = zero_fa(); + lit.st[0U][3U] = zero_fa(); + lit.st[0U][4U] = zero_fa(); + lit.st[1U][0U] = zero_fa(); + lit.st[1U][1U] = zero_fa(); + lit.st[1U][2U] = zero_fa(); + lit.st[1U][3U] = zero_fa(); + lit.st[1U][4U] = zero_fa(); + lit.st[2U][0U] = zero_fa(); + lit.st[2U][1U] = zero_fa(); + lit.st[2U][2U] = zero_fa(); + lit.st[2U][3U] = zero_fa(); + lit.st[2U][4U] = zero_fa(); + lit.st[3U][0U] = zero_fa(); + lit.st[3U][1U] = zero_fa(); + lit.st[3U][2U] = zero_fa(); + lit.st[3U][3U] = zero_fa(); + lit.st[3U][4U] = zero_fa(); + lit.st[4U][0U] = zero_fa(); + lit.st[4U][1U] = zero_fa(); + lit.st[4U][2U] = zero_fa(); + lit.st[4U][3U] = zero_fa(); + lit.st[4U][4U] = zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_3c( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_fa_0f( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64( + (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64( + (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + core_core_arch_arm_shared_neon_uint64x2_t ab = + libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t +xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, + core_core_arch_arm_shared_neon_uint64x2_t b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { + xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_arm_shared_neon_uint64x2_t uu____0 = + rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____1 = + rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____2 = + rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____3 = + rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); + core_core_arch_arm_shared_neon_uint64x2_t uu____4 = + xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_arm_shared_neon_uint64x2_t uu____5 = + xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_arm_shared_neon_uint64x2_t uu____6 = + xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_arm_shared_neon_uint64x2_t uu____7 = + xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_arm_shared_neon_uint64x2_t uu____8 = + xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_arm_shared_neon_uint64x2_t uu____9 = + xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_arm_shared_neon_uint64x2_t uu____10 = + xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_arm_shared_neon_uint64x2_t uu____11 = + xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_arm_shared_neon_uint64x2_t uu____12 = + xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_arm_shared_neon_uint64x2_t uu____13 = + xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_arm_shared_neon_uint64x2_t uu____14 = + xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_arm_shared_neon_uint64x2_t uu____15 = + xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_arm_shared_neon_uint64x2_t uu____16 = + xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_arm_shared_neon_uint64x2_t uu____17 = + xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_arm_shared_neon_uint64x2_t uu____18 = + xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_arm_shared_neon_uint64x2_t uu____19 = + xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_arm_shared_neon_uint64x2_t uu____20 = + xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_arm_shared_neon_uint64x2_t uu____21 = + xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_arm_shared_neon_uint64x2_t uu____22 = + xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_arm_shared_neon_uint64x2_t uu____23 = + xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_arm_shared_neon_uint64x2_t uu____24 = + xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_arm_shared_neon_uint64x2_t uu____25 = + xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_arm_shared_neon_uint64x2_t uu____26 = + xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_arm_shared_neon_uint64x2_t uu____27 = + xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; + memcpy(old, s->st, + (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_eb(s); + pi_a0(s); + chi_b0(s); + iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_3e( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_fa_07( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_07(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_2f( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_9a( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a5( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a5(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_fa_90( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a5(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_70(s, o1); + } + } +} + /** - A portable SHA3 512 implementation. +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 */ +static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(uu____0, out); +} + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_3c0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_fa_0f0( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f0(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_3e0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_fa_070( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_2f0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_9a0( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a50( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a50(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_fa_900( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a50(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } } /** - A portable SHA3 256 implementation. +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 */ +static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(uu____0, out); +} + void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e0(uu____0, buf); } /** - Run SHAKE256 on both inputs in parallel. +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} - Writes the two results into `out0` and `out1` +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 */ -KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } } /** - Initialise the `KeccakState2`. +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 */ -KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(uu____0, out); +} + +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2_6e1(buf0, buf); +} + +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_12(); } /** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 */ -KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, +static KRML_MUSTINLINE void load_block_3c1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_3e1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_fa_071( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_071(uu____3, uu____4); + keccakf1600_3e(s); +} + +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final_fe2(s, buf); } /** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 */ -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void store_block_2f1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_fa_901( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_901(s->st, out); } /** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 */ -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d1(s, o1); + squeeze_next_block_5d1(s, o2); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + Eurydice_slice out1) { + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks_2e(s, buf); +} + +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block_5d1(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_3c2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_fa_0f1( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f1(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_3e2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_fa_072( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_072(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_2f2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_9a1( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f2(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a51( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a1(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a51(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_fa_902( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f2(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_902(s->st, out); } /** - A portable SHA3 224 implementation. +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 */ +static KRML_MUSTINLINE void squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a51(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block_451(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe3(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e71(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f2(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_701(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(uu____0, out); +} + KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e2(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_3c3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + core_core_arch_arm_shared_neon_uint64x2_t uvec = + libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_fa_0f2( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f2(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_3e3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_fa_073( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { + core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_073(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_2f3( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + core_core_arch_arm_shared_neon_uint64x2_t v0 = + libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + core_core_arch_arm_shared_neon_uint64x2_t v1 = + libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_9a2( + core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f3(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a52( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { + store_block_full_9a2(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a52(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_fa_903( + core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { + store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a52(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block_452(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe4(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e72(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f3(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_702(s, o1); + } + } } /** - A portable SHA3 384 implementation. +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 104 +- DELIM= 6 */ +static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(uu____0, out); +} + KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e3(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 0b2d02d50..342c9779c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 + * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 */ #ifndef __libcrux_sha3_neon_H @@ -20,67 +20,43 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" +#include "libcrux_core.h" #include "libcrux_sha3_internal.h" /** - A portable SHA3 512 implementation. +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- $2size_t */ +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -/** - Initialise the `KeccakState2`. -*/ -libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); -/** - A portable SHA3 224 implementation. -*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 384 implementation. -*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 9e35e4618..614fdb4fe 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 0576bfc67e99aae86c51930421072688138b672b -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 -Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 +Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 +Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 +Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 +Libcrux: 22a1ced03239d28794aa8f9c32340e861ae5f749 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 6717aef6e..ebfda623c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -374,6 +374,8 @@ let deserialize_secret_key let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--admit_smt_queries true" + let serialize_secret_key (v_K v_OUT_LEN: usize) (#v_Vector: Type0) @@ -429,9 +431,9 @@ let serialize_secret_key <: t_Array u8 v_OUT_LEN) in - let result:t_Array u8 v_OUT_LEN = out in - let _:Prims.unit = admit () (* Panic freedom *) in - result + out + +#pop-options let serialize_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index ee801e0f8..7ce8dfe2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -19,20 +19,10 @@ val inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zet val ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires - range (v #i16_inttype zero - v zeta3) i16_inttype /\ - range (v #i16_inttype zero - v zeta2) i16_inttype /\ - range (v #i16_inttype zero - v zeta1) i16_inttype /\ - range (v #i16_inttype zero - v zeta0) i16_inttype) - (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires - range (v #i16_inttype zero - v zeta1) i16_inttype /\ - range (v #i16_inttype zero - v zeta0) i16_inttype) - (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst index 405550dc1..9df16f186 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst @@ -17,6 +17,36 @@ let v_ZERO (_: Prims.unit) = let _:Prims.unit = admit () (* Panic freedom *) in result +let from_i16_array (array: t_Slice i16) = + let result:t_SIMD128Vector = + { + f_low + = + Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16); + f_high + = + Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + } + <: + t_SIMD128Vector + in + let _:Prims.unit = admit () (* Panic freedom *) in + result + let to_i16_array (v: t_SIMD128Vector) = let out:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in let out:t_Array i16 (sz 16) = @@ -56,34 +86,3 @@ let to_i16_array (v: t_SIMD128Vector) = let result:t_Array i16 (sz 16) = out in let _:Prims.unit = admit () (* Panic freedom *) in result - -let from_i16_array (array: t_Slice i16) = - let v__dummy:t_Array i16 (sz 16) = to_i16_array (v_ZERO () <: t_SIMD128Vector) in - let result:t_SIMD128Vector = - { - f_low - = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16); - f_high - = - Libcrux_intrinsics.Arm64_extract.v__vld1q_s16 (array.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - } - <: - t_SIMD128Vector - in - let _:Prims.unit = admit () (* Panic freedom *) in - result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti index 144742531..a665f64ac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti @@ -18,14 +18,6 @@ val v_ZERO: Prims.unit let result:t_SIMD128Vector = result in repr result == Seq.create 16 0s) -val to_i16_array (v: t_SIMD128Vector) - : Prims.Pure (t_Array i16 (sz 16)) - Prims.l_True - (ensures - fun result -> - let result:t_Array i16 (sz 16) = result in - result == repr v) - val from_i16_array (array: t_Slice i16) : Prims.Pure t_SIMD128Vector Prims.l_True @@ -33,3 +25,11 @@ val from_i16_array (array: t_Slice i16) fun result -> let result:t_SIMD128Vector = result in repr result == array) + +val to_i16_array (v: t_SIMD128Vector) + : Prims.Pure (t_Array i16 (sz 16)) + Prims.l_True + (ensures + fun result -> + let result:t_Array i16 (sz 16) = result in + result == repr v) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 7770fe04f..f94e91db2 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -68,7 +68,7 @@ pub(crate) fn serialize_public_key< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs index c51c4d5b5..b571b0ee7 100644 --- a/libcrux-ml-kem/src/vector/avx2/ntt.rs +++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs @@ -1,10 +1,6 @@ use super::*; #[inline(always)] -#[hax_lib::requires(fstar!("range (v #i16_inttype zero - v $zeta3) i16_inttype /\\ - range (v #i16_inttype zero - v $zeta2) i16_inttype /\\ - range (v #i16_inttype zero - v $zeta1) i16_inttype /\\ - range (v #i16_inttype zero - v $zeta0) i16_inttype"))] pub(crate) fn ntt_layer_1_step( vector: Vec256, zeta0: i16, @@ -26,8 +22,6 @@ pub(crate) fn ntt_layer_1_step( } #[inline(always)] -#[hax_lib::requires(fstar!("range (v #i16_inttype zero - v $zeta1) i16_inttype /\\ - range (v #i16_inttype zero - v $zeta0) i16_inttype"))] pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 { let zetas = mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, From 1012a58921d46b18d3a88e4e134b57425d9bc249 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 06:55:31 -0400 Subject: [PATCH 150/348] attempts to restore c extraction --- libcrux-intrinsics/src/avx2_extract.rs | 7 +++++++ libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/src/vector/avx2.rs | 1 + libcrux-ml-kem/src/vector/portable/vector_type.rs | 3 +-- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 4faee409b..9159df5b1 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -3,16 +3,23 @@ #![allow(unused_variables, non_camel_case_types)] +#[cfg(hax)] #[derive(Clone, Copy)] #[hax_lib::opaque_type] #[hax_lib::fstar::after(interface, "val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] pub struct Vec256(u8); +#[cfg(hax)] #[derive(Copy, Clone)] #[hax_lib::fstar::after(interface, "val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] #[hax_lib::opaque_type] pub struct Vec128(u8); +#[cfg(not(hax))] +pub type Vec256 = u8; +#[cfg(not(hax))] +pub type Vec128 = u8; + pub fn mm256_storeu_si256_i16(output: &mut [i16], vector: Vec256) { debug_assert_eq!(output.len(), 16); unimplemented!() diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 4c0816dbf..0640609ea 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 73c17b3a13b5659aa90a324d8d0023587e50ec9f +Libcrux: b702c3f544a550ea5f436877e2bc10c834335db9 diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index f45dac222..83941c46b 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -52,6 +52,7 @@ impl Repr for SIMD256Vector { #[hax_lib::attributes] impl Operations for SIMD256Vector { + #[inline(always)] #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { vec_zero() diff --git a/libcrux-ml-kem/src/vector/portable/vector_type.rs b/libcrux-ml-kem/src/vector/portable/vector_type.rs index 1612be824..94dde4e71 100644 --- a/libcrux-ml-kem/src/vector/portable/vector_type.rs +++ b/libcrux-ml-kem/src/vector/portable/vector_type.rs @@ -9,9 +9,8 @@ pub struct PortableVector { pub(crate) elements: [FieldElement; FIELD_ELEMENTS_IN_VECTOR], } -#[allow(non_snake_case)] #[inline(always)] -#[hax_lib::ensures(|result| fstar!("to_i16_array $result == Seq.create 16 0s"))] +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Seq.create 16 0s"))] pub fn zero() -> PortableVector { PortableVector { elements: [0i16; FIELD_ELEMENTS_IN_VECTOR], From 31e44179aa6403af119991754757611f97e74297 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 27 Aug 2024 11:26:29 +0000 Subject: [PATCH 151/348] Make avx2 sampling.rs panic-free --- .../extraction/Libcrux_intrinsics.Avx2_extract.fsti | 8 +++++++- libcrux-intrinsics/src/avx2_extract.rs | 2 ++ .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 13 +++++++++++++ libcrux-ml-kem/src/vector/avx2/sampling.rs | 8 ++++++++ 4 files changed, 30 insertions(+), 1 deletion(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 83143b404..a0ad69cd5 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -167,6 +167,12 @@ val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: t_Vec128) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) - : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16) + Prims.l_True + (ensures + fun output_future -> + let output_future:t_Slice i16 = output_future in + (Core.Slice.impl__len #i16 output_future <: usize) =. + (Core.Slice.impl__len #i16 output <: usize)) val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 9159df5b1..68ab46bf5 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -29,6 +29,8 @@ pub fn mm256_storeu_si256_u8(output: &mut [u8], vector: Vec256) { debug_assert_eq!(output.len(), 32); unimplemented!() } + +#[hax_lib::ensures(|()| future(output).len() == output.len())] pub fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { // debug_assert_eq!(output.len(), 8); unimplemented!() diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 8579ddb8a..a85e363da 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -16,6 +16,19 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let good:t_Array u8 (sz 2) = Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ compare_with_field_modulus in + let _:Prims.unit = + assert (v (cast (good.[ sz 0 ] <: u8) <: usize) < 256); + assert (v (cast (good.[ sz 1 ] <: u8) <: usize) < 256); + assume (v (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) <= 8); + assume (v (cast (Core.Num.impl__u8__count_ones good.[ sz 1 ]) <: usize) <= 8); + assume (Core.Ops.Index.f_index_pre output + ({ + Core.Ops.Range.f_start = cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize; + Core.Ops.Range.f_end + = + (cast (Core.Num.impl__u8__count_ones good.[ sz 0 ]) <: usize) +! sz 8 + })) + in let lower_shuffles:t_Array u8 (sz 16) = Libcrux_ml_kem.Vector.Rej_sample_table.v_REJECTION_SAMPLE_SHUFFLE_TABLE.[ cast (good.[ sz 0 ] <: diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index 9ce5c20f8..2fd73a55b 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -26,6 +26,14 @@ pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { // each lane in the register to tell us what coefficients to keep and what // to throw-away. Combine all the bits (there are 16) into two bytes. let good = serialize_1(compare_with_field_modulus); + hax_lib::fstar!("assert (v (cast (${good}.[ sz 0 ] <: u8) <: usize) < 256); + assert (v (cast (${good}.[ sz 1 ] <: u8) <: usize) < 256); + // We need to provide a definition or post-condition for Core.Num.impl__u8__count_ones + assume (v (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) <= 8); + assume (v (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 1 ]) <: usize) <= 8); + assume (Core.Ops.Index.f_index_pre output ({ + Core.Ops.Range.f_start = cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize; + Core.Ops.Range.f_end = (cast (Core.Num.impl__u8__count_ones ${good}.[ sz 0 ]) <: usize) +! sz 8 }))"); // Each bit (and its corresponding position) represents an element we // want to sample. We'd like all such elements to be next to each other starting From 57b2977a85588a5cd5e8993e8a4b5b053d6e8a27 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 27 Aug 2024 13:49:13 +0200 Subject: [PATCH 152/348] wip --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 206 ++++++++++++++----- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 77 ++++++- 2 files changed, 229 insertions(+), 54 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index 8d86baa9a..178ed4cd7 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -11,6 +11,7 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 +open BitVecEq {} let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) @@ -64,7 +65,7 @@ let split_forall_nat // #push-options "--z3rlimit 60" let rw_bit_or (b1 b2: bit) result: - Lemma + Lemma (requires ( (b1 = 0 ==> b2 = 0 ==> result = 0) /\ (b1 = 0 ==> b2 = 1 ==> result = 1) @@ -108,10 +109,12 @@ let rw_get_bit_and (x y: int_t 't) i let rw_get_bit_and_left (x y: int_t 't) i : Lemma (requires get_bit x i == 0) (ensures get_bit (x &. y) i == 0) + [SMTPat (get_bit (x &. y) i)] = get_bit_and x y i let rw_get_bit_and_right (x y: int_t 't) i : Lemma (requires get_bit x i == 0) (ensures get_bit (y &. x) i == 0) + [SMTPat (get_bit (y &. x) i)] = get_bit_and x y i let rw_get_bit_or_left (x y: int_t 't) i : Lemma (requires get_bit x i == 0) @@ -162,10 +165,6 @@ let pow2_in_range t (n: nat {n < bits t - (if unsigned t then 0 else 1)}) [SMTPat (Rust_primitives.Integers.range (pow2 n - 1) t)] = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n -exception Restore -let dump' (msg: string): Tac unit - = try let _ = repeat clear_top in set_smt_goals []; dump msg with | _ -> () - // let _ = op_Bar_Dot noeq type bit_expr = @@ -177,9 +176,61 @@ noeq type bit_expr = | Shr: x:bit_expr -> shift:int -> bit_expr | Cast: x:bit_expr -> bit_expr +let rec term_eq'' a b (n: nat): Tot _ (decreases n) = + let open FStar.Stubs.Reflection.V2.Data in + if n = 0 then term_eq a b else + match (inspect_ln a, inspect_ln b) with + | (Tv_FVar a, Tv_FVar b) + | (Tv_FVar a, Tv_UInst b _) + | (Tv_UInst a _, Tv_FVar b) + | (Tv_UInst a _, Tv_UInst b _) -> inspect_fv a = inspect_fv b + | (Tv_Var _, Tv_Var _) -> term_eq a b + | (Tv_App _ _, Tv_App _ _) -> + let a, a_args = collect_app_ln a in + let b, b_args = collect_app_ln b in + let a_args = L.filter (fun (_, x) -> Q_Explicit? x) a_args in + let b_args = L.filter (fun (_, x) -> Q_Explicit? x) b_args in + L.length a_args = L.length b_args + && ( + let rec h a_args (b_args: _ {L.length a_args == L.length b_args}) = + match a_args, b_args with + | ((ahd,_)::atl), ((bhd,_)::btl) -> + term_eq'' ahd bhd (n - 1) && h atl btl + | [], [] -> true + in h a_args b_args + ) + | (Tv_AscribedT a _ _ _, _) + | (Tv_AscribedC a _ _ _, _) -> term_eq'' a b (n-1) + | (_, Tv_AscribedT b _ _ _) + | (_, Tv_AscribedC b _ _ _) -> term_eq'' a b (n-1) + | (Tv_Type _, Tv_Type _) -> true + | (Tv_Refine _ a, _) -> term_eq'' a b (n - 1) + | (_, Tv_Refine _ b) -> term_eq'' a b (n - 1) + // && term_eq' a b && L.fold_left (fun i a -> L.index b_args i `term_eq'` a) + // | Tv_Var : v:namedv -> named_term_view + // | Tv_BVar : v:bv -> named_term_view + // | Tv_FVar : v:fv -> named_term_view + // | Tv_UInst : v:fv -> us:universes -> named_term_view + // | Tv_App : hd:term -> a:argv -> named_term_view + // | Tv_Abs : b:binder -> body:term -> named_term_view + // | Tv_Arrow : b:binder -> c:comp -> named_term_view + // | Tv_Type : universe -> named_term_view + // | Tv_Refine : b:simple_binder -> ref:term -> named_term_view + // | Tv_Const : vconst -> named_term_view + // | Tv_Uvar : nat -> ctx_uvar_and_subst -> named_term_view + // | Tv_Let : recf:bool -> attrs:(list term) -> b:simple_binder -> def:term -> body:term -> named_term_view + // | Tv_Match : scrutinee:term -> ret:option match_returns_ascription -> brs:(list branch) -> named_term_view + // | Tv_AscribedT : e:term -> t:term -> tac:option term -> use_eq:bool -> named_term_view + // | Tv_AscribedC : e:term -> c:comp -> tac:option term -> use_eq:bool -> named_term_view + // | Tv_Unknown : named_term_view // An underscore: _ + // | Tv_Unsupp : named_term_view // failed to inspect, not supported + | _ -> term_eq a b + +let term_eq' a b = term_eq'' a b 99999 + let rec bit_expr_eq a b = match (a, b) with - | Term a, Term b -> term_eq a b + | Term a, Term b -> term_eq' a b | Int a, Int b -> a = b | And xa ya, And xb yb | Or xa ya, Or xb yb -> bit_expr_eq xa xb && bit_expr_eq ya yb @@ -238,14 +289,6 @@ let expect_get_bit_expr t: Tac _ let expr = term_to_bit_expr' expr in Some (expr, index) -let fail' msg = dump msg; fail msg - -let expect (msg: string) (x: option 'a): Tac 'a - = match x with - | None -> - dump' ("Expected " ^ msg); - fail ("Expected " ^ msg) - | Some x -> x let op_Bar_GreaterThan (x: 'a) (f: 'a -> Tac 'b): Tac 'b = f x @@ -255,7 +298,7 @@ let get_bit_shl_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) = get_bit_shl x y i let get_bit_shr_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t /\ v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true)) + : Lemma (requires v y >= 0 /\ v y < bits t /\ (v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true))) (ensures get_bit (x >>! y) i == 0) = get_bit_shr x y i @@ -264,10 +307,22 @@ let get_bit_shl_one #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) (ensures get_bit (x < expect "a goal ` == ` (rewrite_lhs)" in - let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in - tcut (`squash (`#lhs == `#uvar)) +let get_bit_shr #t #u (x: int_t t) (y: int_t u {v y >= 0 /\ v y < bits t}) (i: usize {v i < bits t}) + : Lemma (ensures get_bit (shift_right x y) i + == 1) + // == (if v i < bits t - v y + // then get_bit x (mk_int (v i + v y)) + // else if signed t + // then get_bit x (mk_int (bits t - 1)) + // else 0)) + // (ensures get_bit (x >>! y) i + // == (if v i < bits t - v y + // then get_bit x (mk_int (v i + v y)) + // else if signed t + // then get_bit x (mk_int (bits t - 1)) + // else 0)) + [SMTPat (get_bit (x >>! y) i)] + = admit () /// Proves that `get_bit .. ..` is zero let rec solve_get_bit_zero (): Tac _ = @@ -280,12 +335,16 @@ let rec solve_get_bit_zero (): Tac _ = | Term _ -> fail ("LHS is an arbitrary term, I cannot prove it is " ^ string_of_int rhs') | Int _ -> (compute (); trefl ()) | Shl _ _ -> - apply_lemma (`get_bit_shl_zero); + let _ = rewrite_lhs () in + flip (); + apply_lemma_rw (`get_bit_shl); (fun _ -> norm_machine_int (); compute (); norm [simplify]; trivial () )`or_else` (fun _ -> fail' "Shl: tried to prove it was zero") | Shr _ _ -> - apply_lemma (`get_bit_shr_zero); + let _ = rewrite_lhs () in + flip (); + apply_lemma_rw_eqtype (`get_bit_shr); focus (fun _ -> let _ = repeat split in iterAll (fun _ -> @@ -338,7 +397,9 @@ let _solve_get_bit_equality lhs i rhs j: Tac _ = | true, false -> let rw = rewrite_lhs () in flip (); + dump' "solve_get_bit_equality: LEFT (BEFORE)"; apply_lemma_rw (norm_term [] (`rw_get_bit_or_right)); + dump' "solve_get_bit_equality: LEFT (AFTE RLEMMA)"; print "solve_get_bit_equality: LEFT"; solve_get_bit_zero () | false, true -> @@ -350,56 +411,97 @@ let _solve_get_bit_equality lhs i rhs j: Tac _ = ) | _ -> fail' "xxxpppppp" -let solve_get_bit_equality (): Tac _ = +let swap_eq2_goal p q: Lemma (requires eq2 p q) (ensures eq2 q p) = () + +let rec solve_get_bit_equality' can_invert: Tac _ = let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == `" in print ("solve_get_bit_equality: (" ^ term_to_string lhs ^ ") == (" ^ term_to_string rhs ^ ")"); let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in let (rhs, j) = expect_get_bit_expr rhs |> expect "RHS to be `get_bit .. ..`" in if bit_expr_contains rhs lhs |> not - then fail "was expected the bit expression on RHS to be included in the one of LHS"; - _solve_get_bit_equality lhs i rhs j; - () + then if can_invert + then (apply_lemma (`swap_eq2_goal); solve_get_bit_equality' false) + else fail "was expected the bit expression on RHS to be included in the one of LHS" + else _solve_get_bit_equality lhs i rhs j +let solve_get_bit_equality (): Tac _ = + solve_get_bit_equality' true + +let rec term_to_string'' (t: term): Tac string + = match t with + | Tv_App f (x, Q_Meta _) -> term_to_string'' f + | Tv_App f (x, aqualv) -> + let qual = match aqualv with | Q_Implicit -> "#" | Q_Explicit -> "" in + term_to_string' f ^ " " ^ qual ^ "(" ^ term_to_string' x ^ ")" + | Tv_UInst v _ | Tv_FVar v -> + let v = implode_qn (inspect_fv v) in + (match v with + | `%get_bit -> "get_bit" + | `%bit -> "bit" + | `%eq2 -> "eq2" + | `%u8 -> "u8" + | `%u16 -> "u16" + | `%i16 -> "i16" + | `%i32 -> "i32" + | `%sz -> "sz" + | `%usize -> "usize" + | _ -> v + ) + | _ -> term_to_string t +and term_to_string' t: Tac _ = term_to_string'' t + +// get_bit (Seq.Base.index bytes 2) (sz 1) == +// get_bit ((cast bytes.[ sz 2 ] &. 15s) <>! 2l) (sz 7) +let opts = "--using_facts_from '-* +Rust_primitives.BitVectors ++Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend'" + +#push-options "--z3rlimit 80" +let fff_ bytes x: unit = + let bv1 = bit_vec_of_int_t_array bytes 8 in + let out = deserialize_10_int' bytes in + let bv2 = bit_vec_of_int_t_array out 10 in + let i = 77 in + if false then + assert (bv1 i == bv2 i) by ( + norm [ + iota; primops; + delta_only [`%bit_vec_of_int_t_array; `%FunctionalExtensionality.on]; + ]; + compute'' (); + set_options opts; + dump "SMT NOW"; + smt_sync (); + // squash_intro (); + // print (term_to_string' (cur_goal())); + fail "DONE" + ) +#pop-options #push-options "--compat_pre_core 0" +#push-options "--z3rlimit 80" +#push-options "--print_implicits" let asdsd (bytes: t_Array u8 (sz 10)) = let cast: u8 -> i16 = cast in assert ( - get_bit ( - ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l - ) (sz 5) - == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) + eq2 #(bit) (get_bit #(Lib.IntTypes.U8) (FStar.Seq.Base.index #(Rust_primitives.Integers.int_t (Lib.IntTypes.U8)) (bytes) (2)) (sz (1))) (get_bit #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Bar_Dot #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Less_Less_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.Integers.op_Amp_Dot #(Lib.IntTypes.S16) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (2)))) (FStar.Int16.int_to_t (15))) (FStar.Int32.int_to_t (6))) (Rust_primitives.Integers.op_Greater_Greater_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (1)))) (FStar.Int32.int_to_t (2)))) (sz (7))) + // get_bit ( + // ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l + // ) (sz 5) + // == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) ) by ( + norm [iota; delta_only [`%( .[] ); `%Core.Ops.Index.Mkt_Index; `%Rust_primitives.Hax.impl__index; `%Core.Ops.Index.f_index]]; Tactics.MachineInts.(transform norm_generic_machine_int_term); solve_get_bit_equality (); - // dump "XXXX"; - // simplify_via_mask (); - // fail "-------"; - // pointwise' (fun _ -> - // let _ = let?# (t, _) = expect_lhs_eq_uvar () in - - // let?# (f, _) = expect_app_n t 3 in - // let?# () = expect_free_var f (`%get_bit) in - // // norm [ iota; zeta; reify_ - // // ; primops; unmeta]; - // dump' "xxxxx"; - // // apply_lemma_rw (`(rw_rhs_bit_or_no_mask #Lib.IntTypes.U8 #Lib.IntTypes.S16 #Lib.IntTypes.S32 ((`@cast) (`@bytes).[ sz 3 ] &. 63s <: i16))); - // // invert (); - // Some () - // in - // trefl () - // // let _ = repeat clear_top in - // // dump "X"; - // // (fun _ -> apply_lemma_rw (`rw_rhs_bit_or_no_mask)) `or_else` trefl; - // // let _ = repeat clear_top in - // // dump "Y" - // ); + // print (term_to_string' (cur_goal())); + // smt_sync (); fail "done" ) + + let fff bytes x: unit = assert ( get_bit (Seq.index (deserialize_10_int' bytes) 0) (sz 3) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 9cb52203c..1ef093426 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -32,13 +32,16 @@ let expect_free_var (t: term) (fv: string): Tac (option unit) = let?# fv' = expect_fvar t in if fv = fv' then Some () else None -let expect_lhs_eq_rhs () = - match FStar.Tactics.V2.Logic.cur_formula () with +let expect_lhs_eq_rhs_term t = + match term_as_formula t with | Comp (Eq typ) lhs rhs -> let typ = match typ with | None -> `_ | Some typ -> typ in Some (lhs, rhs, typ) | _ -> None +let expect_lhs_eq_rhs () = + expect_lhs_eq_rhs_term (cur_goal ()) + let expect_lhs_eq_uvar () = match expect_lhs_eq_rhs () with | Some (lhs, rhs, typ) -> @@ -65,3 +68,73 @@ let collect_app_hd t: Tac (option (string & list argv)) let rec repeatWhile (f: unit -> Tac bool): Tac unit = if f () then repeatWhile f + + +let fail' msg = dump msg; fail msg + +exception Restore +let dump' (msg: string): Tac unit + = try set_smt_goals []; + iterAll (fun _ -> let _ = repeat clear_top in ()); + dump msg; + raise Restore + with | _ -> () + +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> + dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + + +let statement_of_lemma (lemma: term) = + let _, comp = collect_arr (tc (cur_env ()) lemma) in + match inspect_comp comp with + | C_Total x + | C_Lemma _ x _ -> ( + match x with + | Tv_Abs _ x -> `(squash (`#x)) + | _ -> `(squash (`#x)) + ) + | _ -> fail "statement_of_lemma: supports only Tot and Lemma" + +let weaken_eq2_lemma (u: Type) (t: Type {subtype_of t u}) (p q: t) () + : Lemma (requires ( == ) #u p q) + (ensures ( == ) #t p q) + = () + +let apply_lemma_rw_eqtype (lemma: term): Tac unit + = try + apply_lemma_rw lemma + with + | e -> match + let stmt = statement_of_lemma lemma in + let?# (lemma_lhs, lemma_rhs, type_lemma') = expect_lhs_eq_rhs_term stmt in + let?# (goal_lhs, goal_rhs, type_goal') = expect_lhs_eq_rhs () in + let type_lemma = norm_term [delta; iota; primops] type_lemma' in + let type_goal = norm_term [delta; iota; primops] type_goal' in + if term_eq type_lemma type_goal + then None + else + ( print "######## Warning: apply_lemma_rw, rewrite equalities with different type"; + print ("######## Your lemma has eq over type " ^ term_to_string type_lemma); + print ("######## Your goal has eq over type " ^ term_to_string type_goal); + print ("######## Trying to weaken the type of the goal."); + apply_lemma ( + `weaken_eq2_lemma + (`#type_lemma') (`#type_goal') + (`#goal_lhs) (`#goal_rhs) + ); + apply_lemma_rw lemma; + Some () + ) + with | None -> raise e + | Some () -> () + + +let rewrite_lhs (): Tac _ = + let (lhs, _, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_lhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in + tcut (`squash (`#lhs == `#uvar)) + From 2a5a84eba41ba7704e30b26699f93a2f05f4f0a0 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 27 Aug 2024 16:52:05 +0200 Subject: [PATCH 153/348] wip, working tactic --- fstar-helpers/fstar-bitvec/RwLemmas.fst | 484 ++++--------------- fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 20 +- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 7 + 3 files changed, 107 insertions(+), 404 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index 178ed4cd7..a623c1a22 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -53,427 +53,111 @@ let deserialize_10_int (bytes: t_Array u8 (sz 10)) = r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) in result -let split_forall_nat - (#upper_bound: pos) - (p: (i:nat{i <= upper_bound}) -> Type0) - : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) - /\ p upper_bound - ) - (ensures forall (i:nat{i <= upper_bound}). p i) - = () #pop-options -// #push-options "--z3rlimit 60" -let rw_bit_or (b1 b2: bit) result: - Lemma - (requires ( - (b1 = 0 ==> b2 = 0 ==> result = 0) - /\ (b1 = 0 ==> b2 = 1 ==> result = 1) - /\ (b1 = 1 ==> b2 = 0 ==> result = 1) - /\ (b1 = 1 ==> b2 = 1 ==> result = 0) - )) - (ensures (bit_or b1 b2 == result)) - = () - let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) = MkSeq.create8 (deserialize_10_int bytes) -exception StopCompute -let compute'' (): Tac unit - = lset "goal" (cur_goal ()); - let _ = repeat (fun () -> - dump "A"; - norm [ iota; zeta; reify_ - ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] - ; primops; unmeta]; - dump "B"; - norm_pow2 (); - dump "C"; - Tactics.Seq.norm_list_index (); - norm_machine_int (); - Tactics.Seq.simplify_index_seq_of_list (); - dump "E"; - - let goal0 = lget "goal" in +let compute_one_round (): Tac _ = + norm [ iota; zeta; reify_ + ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] + ; primops; unmeta]; + print "compute_one_round: light norm done"; + norm_pow2 (); + print "compute_one_round: norm_pow2 done"; + Tactics.Seq.simplify_index_seq_of_list (); + print "compute_one_round: simplify_index_seq_of_list done"; + norm_machine_int (); + print "compute_one_round: norm_machine_int done"; + Tactics.Seq.norm_list_index (); + print "compute_one_round: norm_list_index done" + +let compute' (): Tac unit + = + let rec fixpoint (): Tac _ = + dump' "compute"; + let goal0 = cur_goal () in + compute_one_round (); let goal1 = cur_goal () in - if term_eq goal0 goal1 then raise StopCompute; - lset "goal" goal1 - ) in () - - -let rw_get_bit_and (x y: int_t 't) i - : Lemma (get_bit (x &. y) i == (if get_bit x i = 0 then 0 else get_bit y i)) - [SMTPat (get_bit (x &. y) i)] - = get_bit_and x y i - -let rw_get_bit_and_left (x y: int_t 't) i - : Lemma (requires get_bit x i == 0) - (ensures get_bit (x &. y) i == 0) - [SMTPat (get_bit (x &. y) i)] - = get_bit_and x y i -let rw_get_bit_and_right (x y: int_t 't) i - : Lemma (requires get_bit x i == 0) - (ensures get_bit (y &. x) i == 0) - [SMTPat (get_bit (y &. x) i)] - = get_bit_and x y i -let rw_get_bit_or_left (x y: int_t 't) i + if not (term_eq goal0 goal1) then fixpoint () + in + print "compute': start"; + fixpoint (); + print "compute': done" + +let opts = "--using_facts_from '-* +Rust_primitives.BitVectors ++Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend' --fuel 0 --ifuel 0" + +let _split_forall_nat + (upper_bound: pos) + ($p: (i:nat{i < upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True + else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) + (ensures forall (i:nat{i < upper_bound}). p i) + = () + +let rec prove_forall_pointwise (tactic: unit -> Tac unit): Tac unit + = print ("prove_forall_pointwise: " ^ term_to_string (cur_goal ())); + apply_lemma (`_split_forall_nat); + trivial `or_else` (fun _ -> + if try norm [primops]; + split (); + true + with | e -> false + then ( + tactic (); + prove_forall_pointwise tactic + ) + ) + +// #push-options "--using_facts_from '+ -FStar.Seq +Rust_primitives -Core -Lib +Rust_primitives.BitVectors +Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers +Lib.IntTypes +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend +FStar'" +#restart-solver + + +let get_bit_or_zero_left #t (x y: int_t t) (i: nat) : Lemma (requires get_bit x i == 0) - (ensures get_bit (x |. y) i == get_bit y i) + (ensures get_bit (x |. y) i == get_bit y i) [SMTPat (get_bit (x |. y) i)] = get_bit_or x y i -let rw_get_bit_or_right (x y: int_t 't) i +let get_bit_or_zero_right #t (x y: int_t t) (i: nat) : Lemma (requires get_bit y i == 0) - (ensures get_bit (x |. y) i == get_bit x i) + (ensures get_bit (x |. y) i == get_bit x i) [SMTPat (get_bit (x |. y) i)] = get_bit_or x y i -let expect_get_bit t: Tac (option (term & term)) = - let?# (f, [_typ; bit_value, _; i, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%get_bit) in - Some (bit_value, i) - -let expect_logand t: Tac (option (term & term)) = - let?# (f, [_typ; x, _; y, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%logand) in - Some (x, y) - -let _simplify_via_mask () = - let?# (t, _) = expect_lhs_eq_uvar () in - let?# (bit_expr, i) = expect_get_bit t in - let?# (x, y) = expect_logand bit_expr in - let?# y = Tactics.MachineInts.term_to_machine_int_term y in - let?# y = - let open Tactics.MachineInts in - match y with - | Op {op = MkInt; contents = Term contents} -> Some contents - | _ -> None - in - let?# y = expect_pow2_minus_one_literal y in - Some () - -let simplify_via_mask () - = rewrite_pow2_minus_one (); - pointwise (fun _ -> - match _simplify_via_mask () with - | Some () -> () - | _ -> trefl () - ) - - -let pow2_in_range t (n: nat {n < bits t - (if unsigned t then 0 else 1)}) - : Lemma (Rust_primitives.Integers.range (pow2 n - 1) t) - [SMTPat (Rust_primitives.Integers.range (pow2 n - 1) t)] - = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n - -// let _ = op_Bar_Dot - -noeq type bit_expr = - | Term: term -> bit_expr - | Int: int -> bit_expr - | And: x:bit_expr -> y:bit_expr -> bit_expr - | Or: x:bit_expr -> y:bit_expr -> bit_expr - | Shl: x:bit_expr -> shift:int -> bit_expr - | Shr: x:bit_expr -> shift:int -> bit_expr - | Cast: x:bit_expr -> bit_expr - -let rec term_eq'' a b (n: nat): Tot _ (decreases n) = - let open FStar.Stubs.Reflection.V2.Data in - if n = 0 then term_eq a b else - match (inspect_ln a, inspect_ln b) with - | (Tv_FVar a, Tv_FVar b) - | (Tv_FVar a, Tv_UInst b _) - | (Tv_UInst a _, Tv_FVar b) - | (Tv_UInst a _, Tv_UInst b _) -> inspect_fv a = inspect_fv b - | (Tv_Var _, Tv_Var _) -> term_eq a b - | (Tv_App _ _, Tv_App _ _) -> - let a, a_args = collect_app_ln a in - let b, b_args = collect_app_ln b in - let a_args = L.filter (fun (_, x) -> Q_Explicit? x) a_args in - let b_args = L.filter (fun (_, x) -> Q_Explicit? x) b_args in - L.length a_args = L.length b_args - && ( - let rec h a_args (b_args: _ {L.length a_args == L.length b_args}) = - match a_args, b_args with - | ((ahd,_)::atl), ((bhd,_)::btl) -> - term_eq'' ahd bhd (n - 1) && h atl btl - | [], [] -> true - in h a_args b_args - ) - | (Tv_AscribedT a _ _ _, _) - | (Tv_AscribedC a _ _ _, _) -> term_eq'' a b (n-1) - | (_, Tv_AscribedT b _ _ _) - | (_, Tv_AscribedC b _ _ _) -> term_eq'' a b (n-1) - | (Tv_Type _, Tv_Type _) -> true - | (Tv_Refine _ a, _) -> term_eq'' a b (n - 1) - | (_, Tv_Refine _ b) -> term_eq'' a b (n - 1) - // && term_eq' a b && L.fold_left (fun i a -> L.index b_args i `term_eq'` a) - // | Tv_Var : v:namedv -> named_term_view - // | Tv_BVar : v:bv -> named_term_view - // | Tv_FVar : v:fv -> named_term_view - // | Tv_UInst : v:fv -> us:universes -> named_term_view - // | Tv_App : hd:term -> a:argv -> named_term_view - // | Tv_Abs : b:binder -> body:term -> named_term_view - // | Tv_Arrow : b:binder -> c:comp -> named_term_view - // | Tv_Type : universe -> named_term_view - // | Tv_Refine : b:simple_binder -> ref:term -> named_term_view - // | Tv_Const : vconst -> named_term_view - // | Tv_Uvar : nat -> ctx_uvar_and_subst -> named_term_view - // | Tv_Let : recf:bool -> attrs:(list term) -> b:simple_binder -> def:term -> body:term -> named_term_view - // | Tv_Match : scrutinee:term -> ret:option match_returns_ascription -> brs:(list branch) -> named_term_view - // | Tv_AscribedT : e:term -> t:term -> tac:option term -> use_eq:bool -> named_term_view - // | Tv_AscribedC : e:term -> c:comp -> tac:option term -> use_eq:bool -> named_term_view - // | Tv_Unknown : named_term_view // An underscore: _ - // | Tv_Unsupp : named_term_view // failed to inspect, not supported - | _ -> term_eq a b - -let term_eq' a b = term_eq'' a b 99999 - -let rec bit_expr_eq a b = - match (a, b) with - | Term a, Term b -> term_eq' a b - | Int a, Int b -> a = b - | And xa ya, And xb yb - | Or xa ya, Or xb yb -> bit_expr_eq xa xb && bit_expr_eq ya yb - | Shl a sa, Shl b sb - | Shr a sa, Shr b sb -> bit_expr_eq a b && sa = sb - | Cast a, Cast b -> bit_expr_eq a b - | _ -> false - -let rec bit_expr_contains needle haystack = - let recurse = bit_expr_contains needle in - bit_expr_eq needle haystack - || ( match haystack with - | And l r | Or l r -> recurse l || recurse r - | Cast x | Shl x _ | Shr x _ -> recurse x - | _ -> false) - -let expect_machine_int_lit t: Tac _ = - let open Tactics.MachineInts in - let?# expr = term_to_machine_int_term t in - match expr with - | Op {op = MkInt; contents = Lit n} -> Some n - | _ -> None - -let rec term_to_bit_expr' t: Tac _ - = match expect_machine_int_lit t with - | Some n -> Int n - | _ -> match let?# (f, args) = collect_app_hd t in - let?# (x, y) = match args with - | [_; x,_; y,_] | [_; _; x,_; y,_] - | [_; _; _; x,_; y,_] -> Some (x, y) | _ -> None in - match f with - | `%logand | `%( &. ) - -> Some (And (term_to_bit_expr' x) (term_to_bit_expr' y)) - | `%logor | `%( |. ) - -> Some (Or (term_to_bit_expr' x) (term_to_bit_expr' y)) - | `%shift_left | `%( < let?# y = expect_machine_int_lit y in - Some (Shl (term_to_bit_expr' x) y) - | `%shift_right | `%( >>! ) - -> let?# y = expect_machine_int_lit y in - Some (Shr (term_to_bit_expr' x) y) - | `%cast -> Some (Cast (term_to_bit_expr' y)) - | _ -> None - with - | Some t -> t - | None -> Term t - -let term_to_bit_expr t: Tac (option (x: bit_expr {~(Term? x)})) - = match term_to_bit_expr' t with - | Term _ -> None - | t -> Some t - -let expect_get_bit_expr t: Tac _ - = let?# (expr, index) = expect_get_bit t in - let?# index = expect_machine_int_lit index in - let expr = term_to_bit_expr' expr in - Some (expr, index) - - -let op_Bar_GreaterThan (x: 'a) (f: 'a -> Tac 'b): Tac 'b = f x - -let get_bit_shl_zero #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t /\ v i < v y) - (ensures get_bit (x <= 0 /\ v y < bits t /\ (v i >= bits t - v y /\ (if signed t then (get_bit x (mk_int (bits t - 1)) == 0) else true))) - (ensures get_bit (x >>! y) i == 0) - = get_bit_shr x y i - -let get_bit_shl_one #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t /\ v i >= v y) - (ensures get_bit (x <= 0 /\ v y < bits t}) (i: usize {v i < bits t}) - : Lemma (ensures get_bit (shift_right x y) i - == 1) - // == (if v i < bits t - v y - // then get_bit x (mk_int (v i + v y)) - // else if signed t - // then get_bit x (mk_int (bits t - 1)) - // else 0)) - // (ensures get_bit (x >>! y) i - // == (if v i < bits t - v y - // then get_bit x (mk_int (v i + v y)) - // else if signed t - // then get_bit x (mk_int (bits t - 1)) - // else 0)) - [SMTPat (get_bit (x >>! y) i)] - = admit () - -/// Proves that `get_bit .. ..` is zero -let rec solve_get_bit_zero (): Tac _ = - let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (solve_get_bit_zero)" in - print ("solve_get_bit_zero: " ^ term_to_string lhs); - let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in - let rhs' = expect_int_literal rhs |> expect ("RHS to be a int literal, got " ^ term_to_string rhs) in - let _ = match rhs' with | 0 -> () | _ -> fail "RHS should be zero" in - match lhs with - | Term _ -> fail ("LHS is an arbitrary term, I cannot prove it is " ^ string_of_int rhs') - | Int _ -> (compute (); trefl ()) - | Shl _ _ -> - let _ = rewrite_lhs () in - flip (); - apply_lemma_rw (`get_bit_shl); - (fun _ -> - norm_machine_int (); compute (); norm [simplify]; - trivial () )`or_else` (fun _ -> fail' "Shl: tried to prove it was zero") - | Shr _ _ -> - let _ = rewrite_lhs () in - flip (); - apply_lemma_rw_eqtype (`get_bit_shr); - focus (fun _ -> - let _ = repeat split in - iterAll (fun _ -> - match expect_lhs_eq_rhs () with - | Some _ -> print "solve_get_bit_zero: recurse"; - solve_get_bit_zero () - | _ -> (fun _ -> norm_machine_int (); - compute (); - norm [simplify]; - trivial ()) `or_else` (fun _ -> fail' "Shr: tried to prove it was zero") - ) - ) - | Cast _ -> - (try - if rhs' = 0 then apply_lemma (`get_bit_cast_extend) else (); - compute (); norm [simplify]; - trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero") - with | _ -> ( - apply_lemma (`get_bit_cast); - compute (); norm [simplify]; - trivial `or_else` (fun _ -> fail' "Cast: tried to prove it was zero [second path]") - )) - | And x y -> fail "And: unsupported" - | _ -> fail "unsupported" - - -let rw_get_bit_and_one_right (x y: int_t 't) i - : Lemma (requires get_bit x i == 1) - (ensures get_bit (y &. x) i == get_bit y i) - = get_bit_and x y i - -let _solve_get_bit_equality lhs i rhs j: Tac _ = - match lhs with - | Term x -> trefl `or_else` (fun _ -> fail' "solve_get_bit_equality: expected terms to be equal at this point") - | And x y -> - let _ = rewrite_lhs () in - flip (); - apply_lemma_rw (`rw_get_bit_and_one_right); - fail "xxx"; - () - | Or x y -> - print ("We are looking at `x |. y`"); - print ("x=" ^ term_to_string (quote x)); - print ("y=" ^ term_to_string (quote y)); - print ("RHS=" ^ term_to_string (quote rhs)); - (match bit_expr_contains rhs x, bit_expr_contains rhs y with - | false, false -> - fail' "RHS was expected to be on the LHS or RHS of the logor!" - | true, true -> fail' "RHS was expected to be on the LHS or RHS of the logor, not both!" - | true, false -> - let rw = rewrite_lhs () in - flip (); - dump' "solve_get_bit_equality: LEFT (BEFORE)"; - apply_lemma_rw (norm_term [] (`rw_get_bit_or_right)); - dump' "solve_get_bit_equality: LEFT (AFTE RLEMMA)"; - print "solve_get_bit_equality: LEFT"; - solve_get_bit_zero () - | false, true -> - let rw = rewrite_lhs () in - flip (); - print "solve_get_bit_equality: RIGHT"; - apply_lemma_rw (norm_term [] (`rw_get_bit_or_left)); - solve_get_bit_zero () - ) - | _ -> fail' "xxxpppppp" - -let swap_eq2_goal p q: Lemma (requires eq2 p q) (ensures eq2 q p) = () - -let rec solve_get_bit_equality' can_invert: Tac _ = - let (lhs, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == `" in - print ("solve_get_bit_equality: (" ^ term_to_string lhs ^ ") == (" ^ term_to_string rhs ^ ")"); - let (lhs, i) = expect_get_bit_expr lhs |> expect "LHS to be `get_bit .. ..`" in - let (rhs, j) = expect_get_bit_expr rhs |> expect "RHS to be `get_bit .. ..`" in - if bit_expr_contains rhs lhs |> not - then if can_invert - then (apply_lemma (`swap_eq2_goal); solve_get_bit_equality' false) - else fail "was expected the bit expression on RHS to be included in the one of LHS" - else _solve_get_bit_equality lhs i rhs j -let solve_get_bit_equality (): Tac _ = - solve_get_bit_equality' true - -let rec term_to_string'' (t: term): Tac string - = match t with - | Tv_App f (x, Q_Meta _) -> term_to_string'' f - | Tv_App f (x, aqualv) -> - let qual = match aqualv with | Q_Implicit -> "#" | Q_Explicit -> "" in - term_to_string' f ^ " " ^ qual ^ "(" ^ term_to_string' x ^ ")" - | Tv_UInst v _ | Tv_FVar v -> - let v = implode_qn (inspect_fv v) in - (match v with - | `%get_bit -> "get_bit" - | `%bit -> "bit" - | `%eq2 -> "eq2" - | `%u8 -> "u8" - | `%u16 -> "u16" - | `%i16 -> "i16" - | `%i32 -> "i32" - | `%sz -> "sz" - | `%usize -> "usize" - | _ -> v - ) - | _ -> term_to_string t -and term_to_string' t: Tac _ = term_to_string'' t - -// get_bit (Seq.Base.index bytes 2) (sz 1) == -// get_bit ((cast bytes.[ sz 2 ] &. 15s) <>! 2l) (sz 7) - -let opts = "--using_facts_from '-* +Rust_primitives.BitVectors -+Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend'" +#push-options "--compat_pre_core 0" +// #push-options "--z3rlimit 100 --fuel 0 --ifuel 0" #push-options "--z3rlimit 80" -let fff_ bytes x: unit = +let fff_ (bytes: t_Array u8 (sz 10)) x: unit = let bv1 = bit_vec_of_int_t_array bytes 8 in let out = deserialize_10_int' bytes in let bv2 = bit_vec_of_int_t_array out 10 in - let i = 77 in - if false then - assert (bv1 i == bv2 i) by ( + // let lhs = ((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) < + Tactics.Seq.norm_list_index (); + dump' "Send to SMT"; + set_rlimit 80; + let _ = repeat clear_top in + focus smt_sync; + dump' "solved!"; + () + ) ) #pop-options diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 36468f63d..5e6b9f66e 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -41,9 +41,21 @@ let norm_list_index (): Tac unit = let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_list_index(); trefl ()) -let simplify_index_seq_of_list () = l_to_r [`rw_seq_index_list] +let expect_seq_of_list t + = let?# (f, [_; _]) = expect_app_n t 2 in + expect_free_var f (`%Seq.Base.seq_of_list) + +let simplify_index_seq_of_list () = + pointwise (fun _ -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%Seq.Base.index) in + let?# _ = expect_seq_of_list l in + (fun _ -> apply_lemma_rw (`rw_seq_index_list)) `or_else` trefl; + Some () + with | None -> trefl () | _ -> () + ) let norm_index (): Tac unit - = norm_list_index (); - simplify_index_seq_of_list () - + = simplify_index_seq_of_list (); + norm_list_index () diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 1ef093426..12f8e5383 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -38,6 +38,13 @@ let expect_lhs_eq_rhs_term t = let typ = match typ with | None -> `_ | Some typ -> typ in Some (lhs, rhs, typ) | _ -> None + +// let expect_forall t = +// match term_as_formula t with +// | Comp (Eq typ) lhs rhs -> +// let typ = match typ with | None -> `_ | Some typ -> typ in +// Some (lhs, rhs, typ) +// | _ -> None let expect_lhs_eq_rhs () = expect_lhs_eq_rhs_term (cur_goal ()) From 3e71e6848191284e61616cd62c3b86b3fc4c7432 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 11:22:28 -0400 Subject: [PATCH 154/348] cca --- .../extraction/Libcrux_ml_kem.Serialize.fsti | 82 ++++--------------- ...ux_ml_kem.Vector.Portable.Vector_type.fsti | 2 +- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/serialize.rs | 29 +++---- 4 files changed, 30 insertions(+), 84 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 58669a1c8..e96591ef7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -14,28 +14,14 @@ val compress_then_serialize_10_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) - (requires - ((sz 20 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! - sz 20 - <: - usize) <=. - v_OUT_LEN) - (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) (requires v_OUT_LEN =. sz 320) (fun _ -> Prims.l_True) val compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) - (requires - ((sz 22 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! - sz 22 - <: - usize) <=. - v_OUT_LEN) - (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) (requires v_OUT_LEN =. sz 352) (fun _ -> Prims.l_True) val compress_then_serialize_4_ (#v_Vector: Type0) @@ -43,12 +29,7 @@ val compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires - ((sz 8 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! - sz 8 - <: - usize) <=. - (Core.Slice.impl__len #u8 serialized <: usize)) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 128) (fun _ -> Prims.l_True) val compress_then_serialize_5_ @@ -57,12 +38,7 @@ val compress_then_serialize_5_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires - ((sz 10 *! (Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT -! sz 1 <: usize) <: usize) +! - sz 10 - <: - usize) <=. - (Core.Slice.impl__len #u8 serialized <: usize)) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) (fun _ -> Prims.l_True) val compress_then_serialize_message @@ -79,11 +55,7 @@ val compress_then_serialize_ring_element_u : Prims.Pure (t_Array u8 v_OUT_LEN) (requires (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! - sz 8 - <: - usize) =. - v_OUT_LEN) + v_OUT_LEN =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v @@ -95,11 +67,7 @@ val compress_then_serialize_ring_element_v : Prims.Pure (t_Slice u8) (requires (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) && - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! - sz 8 - <: - usize) =. - v_OUT_LEN && + v_OUT_LEN =. (sz 32 *! v_COMPRESSION_FACTOR <: usize) && (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN) (ensures fun out_future -> @@ -111,11 +79,7 @@ val deserialize_then_decompress_10_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires - (Core.Slice.impl__len #u8 serialized <: usize) =. - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10 <: usize) /! sz 8 - <: - usize)) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 320) (fun _ -> Prims.l_True) val deserialize_then_decompress_11_ @@ -123,11 +87,7 @@ val deserialize_then_decompress_11_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires - (Core.Slice.impl__len #u8 serialized <: usize) =. - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11 <: usize) /! sz 8 - <: - usize)) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 352) (fun _ -> Prims.l_True) val deserialize_then_decompress_4_ @@ -135,10 +95,7 @@ val deserialize_then_decompress_4_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires - (Core.Slice.impl__len #u8 serialized <: usize) =. - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4 <: usize) /! sz 8 <: usize - )) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 128) (fun _ -> Prims.l_True) val deserialize_then_decompress_5_ @@ -146,10 +103,7 @@ val deserialize_then_decompress_5_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (serialized: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires - (Core.Slice.impl__len #u8 serialized <: usize) =. - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5 <: usize) /! sz 8 <: usize - )) + (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) (fun _ -> Prims.l_True) val deserialize_then_decompress_message @@ -168,11 +122,7 @@ val deserialize_then_decompress_ring_element_u : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && - (Core.Slice.impl__len #u8 serialized <: usize) =. - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! - sz 8 - <: - usize)) + (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) (fun _ -> Prims.l_True) val deserialize_then_decompress_ring_element_v @@ -183,11 +133,7 @@ val deserialize_then_decompress_ring_element_v : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (requires (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) && - (Core.Slice.impl__len #u8 serialized <: usize) =. - ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_COMPRESSION_FACTOR <: usize) /! - sz 8 - <: - usize)) + (Core.Slice.impl__len #u8 serialized <: usize) =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) (fun _ -> Prims.l_True) /// Only use with public values. @@ -212,8 +158,8 @@ val deserialize_ring_elements_reduced (public_key: t_Slice u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (requires - (Core.Slice.impl__len #u8 public_key <: usize) =. v_PUBLIC_KEY_SIZE && - (v_PUBLIC_KEY_SIZE /! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize) <=. v_K) + Spec.MLKEM.is_rank v_K /\ Seq.length public_key == v v_PUBLIC_KEY_SIZE /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K) (fun _ -> Prims.l_True) val deserialize_to_uncompressed_ring_element diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index 78ca7e60d..fcbb04325 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -27,4 +27,4 @@ val zero: Prims.unit (ensures fun result -> let result:t_PortableVector = result in - to_i16_array result == Seq.create 16 0s) + result.f_elements == Seq.create 16 0s) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 27436ce01..d493ba7e5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,7 +1,6 @@ # This is the list of modules that are fully admitted. # All other modules have individual annotations on their functions indicating verification status ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Sampling.fst \ diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index d41afe276..826161f81 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -93,8 +93,9 @@ fn deserialize_to_reduced_ring_element( /// This function MUST NOT be used on secret inputs. #[inline(always)] #[hax_lib::requires( - public_key.len() == PUBLIC_KEY_SIZE && - PUBLIC_KEY_SIZE / BYTES_PER_RING_ELEMENT <= K + fstar!("Spec.MLKEM.is_rank v_K /\\ + Seq.length public_key == v v_PUBLIC_KEY_SIZE /\\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K") )] pub(super) fn deserialize_ring_elements_reduced< const PUBLIC_KEY_SIZE: usize, @@ -117,7 +118,7 @@ pub(super) fn deserialize_ring_elements_reduced< #[inline(always)] #[hax_lib::requires( - 20 * (VECTORS_IN_RING_ELEMENT - 1) + 20 <= OUT_LEN + OUT_LEN == 320 )] fn compress_then_serialize_10( re: &PolynomialRingElement, @@ -135,7 +136,7 @@ fn compress_then_serialize_10( #[inline(always)] #[hax_lib::requires( - 22 * (VECTORS_IN_RING_ELEMENT - 1) + 22 <= OUT_LEN + OUT_LEN == 352 )] fn compress_then_serialize_11( re: &PolynomialRingElement, @@ -154,7 +155,7 @@ fn compress_then_serialize_11( #[inline(always)] #[hax_lib::requires( (COMPRESSION_FACTOR == 10 || COMPRESSION_FACTOR == 11) && - (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN + OUT_LEN == 32 * COMPRESSION_FACTOR )] pub(super) fn compress_then_serialize_ring_element_u< const COMPRESSION_FACTOR: usize, @@ -175,7 +176,7 @@ pub(super) fn compress_then_serialize_ring_element_u< #[inline(always)] #[hax_lib::requires( - 8 * (VECTORS_IN_RING_ELEMENT - 1) + 8 <= serialized.len() + serialized.len() == 128 )] fn compress_then_serialize_4( re: PolynomialRingElement, @@ -197,7 +198,7 @@ fn compress_then_serialize_4( #[inline(always)] #[hax_lib::requires( - 10 * (VECTORS_IN_RING_ELEMENT - 1) + 10 <= serialized.len() + serialized.len() == 160 )] fn compress_then_serialize_5( re: PolynomialRingElement, @@ -220,7 +221,7 @@ fn compress_then_serialize_5( #[inline(always)] #[hax_lib::requires( (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) && - (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 == OUT_LEN && + OUT_LEN == 32 * COMPRESSION_FACTOR && out.len() == OUT_LEN )] #[hax_lib::ensures(|_| @@ -246,7 +247,7 @@ pub(super) fn compress_then_serialize_ring_element_v< #[inline(always)] #[hax_lib::requires( - serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 10) / 8 + serialized.len() == 320 )] fn deserialize_then_decompress_10( serialized: &[u8], @@ -266,7 +267,7 @@ fn deserialize_then_decompress_10( #[inline(always)] #[hax_lib::requires( - serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 11) / 8 + serialized.len() == 352 )] fn deserialize_then_decompress_11( serialized: &[u8], @@ -287,7 +288,7 @@ fn deserialize_then_decompress_11( #[inline(always)] #[hax_lib::requires( (COMPRESSION_FACTOR == 10 || COMPRESSION_FACTOR == 11) && - serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 + serialized.len() == 32 * COMPRESSION_FACTOR )] pub(super) fn deserialize_then_decompress_ring_element_u< const COMPRESSION_FACTOR: usize, @@ -307,7 +308,7 @@ pub(super) fn deserialize_then_decompress_ring_element_u< #[inline(always)] #[hax_lib::requires( - serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 4) / 8 + serialized.len() == 128 )] fn deserialize_then_decompress_4( serialized: &[u8], @@ -326,7 +327,7 @@ fn deserialize_then_decompress_4( #[inline(always)] #[hax_lib::requires( - serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * 5) / 8 + serialized.len() == 160 )] fn deserialize_then_decompress_5( serialized: &[u8], @@ -346,7 +347,7 @@ fn deserialize_then_decompress_5( #[inline(always)] #[hax_lib::requires( (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) && - serialized.len() == (COEFFICIENTS_IN_RING_ELEMENT * COMPRESSION_FACTOR) / 8 + serialized.len() == 32 * COMPRESSION_FACTOR )] pub(super) fn deserialize_then_decompress_ring_element_v< const COMPRESSION_FACTOR: usize, From b03baf1de72cad9d9c94bb8da45bd8bb7c70cb58 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 12:07:54 -0400 Subject: [PATCH 155/348] decap to lax --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 32 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 3 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 2 +- .../extraction/Libcrux_ml_kem.Serialize.fsti | 6 ++-- libcrux-ml-kem/src/ind_cca.rs | 4 +-- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/serialize.rs | 4 +-- 7 files changed, 24 insertions(+), 29 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 9ab226abf..d586c9074 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -166,8 +166,7 @@ let validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_PUBLIC_KEY_SIZE - v_K + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: @@ -189,6 +188,8 @@ let validate_public_key in public_key =. public_key_serialized +#push-options "--admit_smt_queries true" + #push-options "--z3rlimit 500" let decapsulate @@ -311,21 +312,18 @@ let decapsulate shared_secret ciphertext in - let shared_secret:t_Array u8 (sz 32) = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (expected_ciphertext <: t_Slice u8) - (shared_secret <: t_Slice u8) - (implicit_rejection_shared_secret <: t_Slice u8) - in - let result:t_Array u8 (sz 32) = shared_secret in - let _:Prims.unit = admit () (* Panic freedom *) in - result + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) + +#pop-options #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index ebfda623c..eb79bb57f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -672,8 +672,7 @@ let encrypt (randomness: t_Slice u8) = let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_T_AS_NTT_ENCODED_SIZE - v_K + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 62d74574d..01d461dd8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -716,7 +716,7 @@ let deserialize_to_reduced_ring_element re let deserialize_ring_elements_reduced - (v_PUBLIC_KEY_SIZE v_K: usize) + (v_K: usize) (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index e96591ef7..c5c20e382 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -152,14 +152,14 @@ val deserialize_to_reduced_ring_element /// modulus. /// This function MUST NOT be used on secret inputs. val deserialize_ring_elements_reduced - (v_PUBLIC_KEY_SIZE v_K: usize) + (v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (public_key: t_Slice u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (requires - Spec.MLKEM.is_rank v_K /\ Seq.length public_key == v v_PUBLIC_KEY_SIZE /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K) + Spec.MLKEM.is_rank v_K /\ + Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)) (fun _ -> Prims.l_True) val deserialize_to_uncompressed_ring_element diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index e617ee712..74bf171c3 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -97,7 +97,7 @@ fn validate_public_key< >( public_key: &[u8; PUBLIC_KEY_SIZE], ) -> bool { - let deserialized_pk = deserialize_ring_elements_reduced::( + let deserialized_pk = deserialize_ring_elements_reduced::( &public_key[..RANKED_BYTES_PER_RING_ELEMENT], ); let public_key_serialized = @@ -231,7 +231,7 @@ fn encapsulate< } #[hax_lib::fstar::options("--z3rlimit 500")] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index f94e91db2..fe0749390 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -490,7 +490,7 @@ pub(crate) fn encrypt< randomness: &[u8], ) -> [u8; CIPHERTEXT_SIZE] { // tˆ := Decode_12(pk) - let t_as_ntt = deserialize_ring_elements_reduced::( + let t_as_ntt = deserialize_ring_elements_reduced::( &public_key[..T_AS_NTT_ENCODED_SIZE], ); diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 826161f81..57f05368a 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -94,11 +94,9 @@ fn deserialize_to_reduced_ring_element( #[inline(always)] #[hax_lib::requires( fstar!("Spec.MLKEM.is_rank v_K /\\ - Seq.length public_key == v v_PUBLIC_KEY_SIZE /\\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K") + Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)") )] pub(super) fn deserialize_ring_elements_reduced< - const PUBLIC_KEY_SIZE: usize, const K: usize, Vector: Operations, >( From 1ecfc745f64e318b06fd59a787d07818640c56cc Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 12:29:56 -0400 Subject: [PATCH 156/348] decap panic free --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 31 ++++++++++--------- libcrux-ml-kem/src/ind_cca.rs | 4 ++- 2 files changed, 20 insertions(+), 15 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index d586c9074..a037dd8e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -188,8 +188,6 @@ let validate_public_key in public_key =. public_key_serialized -#push-options "--admit_smt_queries true" - #push-options "--z3rlimit 500" let decapsulate @@ -281,6 +279,8 @@ let decapsulate <: t_Slice u8) in + let _:Prims.unit = assert (v (sz 32) < pow2 32) in + let _:Prims.unit = assert (i4.f_PRF_pre (sz 32) to_hash) in let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K @@ -312,18 +312,21 @@ let decapsulate shared_secret ciphertext in - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (expected_ciphertext <: t_Slice u8) - (shared_secret <: t_Slice u8) - (implicit_rejection_shared_secret <: t_Slice u8) - -#pop-options + let shared_secret:t_Array u8 (sz 32) = + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) + in + let result:t_Array u8 (sz 32) = shared_secret in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 74bf171c3..dae6d21b5 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -231,7 +231,7 @@ fn encapsulate< } #[hax_lib::fstar::options("--z3rlimit 500")] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -296,6 +296,8 @@ pub(crate) fn decapsulate< let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = into_padded_array(implicit_rejection_value); to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); + hax_lib::fstar!("assert (v (sz 32) < pow2 32)"); + hax_lib::fstar!("assert (i4.f_PRF_pre (sz 32) to_hash)"); let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); let expected_ciphertext = crate::ind_cpa::encrypt::< From 293f3b52093c13f3043781d878990c5be6fc4e23 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 27 Aug 2024 13:10:37 -0400 Subject: [PATCH 157/348] c code --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 38 +- .../c/internal/libcrux_mlkem_neon.h | 38 +- .../c/internal/libcrux_mlkem_portable.h | 44 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 42 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 42 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 42 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 887 ++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 745 ++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 9 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/src/vector/avx2.rs | 5 +- libcrux-ml-kem/src/vector/neon.rs | 4 +- libcrux-ml-kem/src/vector/portable.rs | 15 +- libcrux-ml-kem/src/vector/traits.rs | 57 +- 38 files changed, 994 insertions(+), 1186 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 0640609ea..b8da2d7dd 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: b702c3f544a550ea5f436877e2bc10c834335db9 +Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index c06489844..4ada0d5ed 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __internal_libcrux_core_H @@ -73,7 +73,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_cf1( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_8b1( uint8_t value[800U]); /** @@ -86,7 +86,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_d51( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_dc1( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -99,7 +99,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e51( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_b31( uint8_t value[1632U]); /** @@ -111,7 +111,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_481( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_551( uint8_t value[768U]); /** @@ -122,7 +122,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_9c1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_b21( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -134,7 +134,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_411( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da1( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -154,7 +154,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_cf0( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_8b0( uint8_t value[1568U]); /** @@ -167,7 +167,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_d50( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_dc0( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -180,7 +180,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e50( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_b30( uint8_t value[3168U]); /** @@ -192,7 +192,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_480( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_550( uint8_t value[1568U]); /** @@ -203,7 +203,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_9c0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_b20( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -215,7 +215,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_410( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da0( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -235,7 +235,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_cf( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_8b( uint8_t value[1184U]); /** @@ -248,7 +248,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_d5( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_dc( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -261,7 +261,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e5( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_b3( uint8_t value[2400U]); /** @@ -273,7 +273,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_48( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_55( uint8_t value[1088U]); /** @@ -284,7 +284,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_9c( +uint8_t *libcrux_ml_kem_types_as_slice_f6_b2( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -335,7 +335,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_41( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index acd737e8c..f7e4ad461 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __internal_libcrux_mlkem_neon_H @@ -31,7 +31,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); /** A monomorphic instance of @@ -63,7 +63,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ec1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -83,7 +83,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); @@ -106,7 +106,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_711( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ff1( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -131,7 +131,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -157,7 +157,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_281( +void libcrux_ml_kem_ind_cca_decapsulate_9c1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -169,7 +169,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); /** A monomorphic instance of @@ -201,7 +201,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ec0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -221,7 +221,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); @@ -244,7 +244,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_710( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ff0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -295,7 +295,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_280( +void libcrux_ml_kem_ind_cca_decapsulate_9c0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -307,7 +307,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); /** A monomorphic instance of @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ec(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -359,7 +359,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); @@ -382,7 +382,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_71( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ff( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -407,7 +407,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -433,7 +433,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_28( +void libcrux_ml_kem_ind_cca_decapsulate_9c( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f9ac7cde9..364aaa025 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_ad1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_251(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_4a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_3c1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_831( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b1( +void libcrux_ml_kem_ind_cca_decapsulate_6b1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_ad0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_250(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_4a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_3c0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e00( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_830( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b0( +void libcrux_ml_kem_ind_cca_decapsulate_6b0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_ad(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_25(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_4a(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_3c(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_83( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b( +void libcrux_ml_kem_ind_cca_decapsulate_6b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2733c1990..7ff8328b6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 1e5a8e86f..c42e9b5cd 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "internal/libcrux_core.h" @@ -87,7 +87,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_cf1( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_8b1( uint8_t value[800U]) { uint8_t uu____0[800U]; memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); @@ -106,7 +106,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_d51( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_dc1( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -121,7 +121,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_e51( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_b31( uint8_t value[1632U]) { uint8_t uu____0[1632U]; memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); @@ -139,7 +139,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_481( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_551( uint8_t value[768U]) { uint8_t uu____0[768U]; memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); @@ -156,7 +156,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_9c1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_b21( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -170,7 +170,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_411( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da1( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); @@ -203,7 +203,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_cf0( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_8b0( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); @@ -222,7 +222,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_d50( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_dc0( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -238,7 +238,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_e50( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_b30( uint8_t value[3168U]) { uint8_t uu____0[3168U]; memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); @@ -256,7 +256,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_480( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_550( uint8_t value[1568U]) { uint8_t uu____0[1568U]; memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); @@ -273,7 +273,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_9c0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_b20( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -287,7 +287,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_410( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da0( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); @@ -320,7 +320,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_cf( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_8b( uint8_t value[1184U]) { uint8_t uu____0[1184U]; memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); @@ -339,7 +339,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_d5( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_dc( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -355,7 +355,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_e5( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_b3( uint8_t value[2400U]) { uint8_t uu____0[2400U]; memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); @@ -373,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_48( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_55( uint8_t value[1088U]) { uint8_t uu____0[1088U]; memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_9c( +uint8_t *libcrux_ml_kem_types_as_slice_f6_b2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -460,7 +460,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_41( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 52af01b81..b1e4be169 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 48a568eef..d87f6dfc5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index be3c93087..156d5c0c5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem1024_neon.h" @@ -35,18 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_69( +static void decapsulate_fa( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_28(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_9c(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_69(private_key, ciphertext, ret); + decapsulate_fa(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_92( +static void decapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_92(private_key, ciphertext, ret); + decapsulate_unpacked_ed(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_5b( +static tuple_21 encapsulate_2b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_71(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_ff(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_5b(uu____0, uu____1); + return encapsulate_2b(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_c2( +static tuple_21 encapsulate_unpacked_c6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c2(uu____0, uu____1); + return encapsulate_unpacked_c6(uu____0, uu____1); } /** @@ -170,18 +170,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_36( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_ec(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_36(uu____0); + return generate_keypair_1a(uu____0); } /** @@ -197,7 +197,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -generate_keypair_unpacked_6c(uint8_t randomness[64U]) { +generate_keypair_unpacked_0f(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5(uu____0); @@ -208,7 +208,7 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_6c(uu____0); + return generate_keypair_unpacked_0f(uu____0); } /** @@ -219,14 +219,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_15(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_8c(public_key); +static bool validate_public_key_2c(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_15(public_key.value)) { + if (validate_public_key_2c(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 348e25057..dee1fdfa6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 29ddb070b..74e71d05c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem1024_portable.h" @@ -35,18 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_6b( +static void decapsulate_8b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_0b1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6b1(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_6b(private_key, ciphertext, ret); + decapsulate_8b(private_key, ciphertext, ret); } /** @@ -70,11 +70,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_14( +static void decapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_311(key_pair, ciphertext, ret); } @@ -82,7 +82,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_14(private_key, ciphertext, ret); + decapsulate_unpacked_87(private_key, ciphertext, ret); } /** @@ -102,13 +102,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_13( +static tuple_21 encapsulate_c4( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_831(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_e11(uu____0, uu____1); } tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( @@ -117,7 +117,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, uu____1); + return encapsulate_c4(uu____0, uu____1); } /** @@ -138,14 +138,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_f8( +static tuple_21 encapsulate_unpacked_7c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e01(uu____0, uu____1); } @@ -156,7 +156,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f8(uu____0, uu____1); + return encapsulate_unpacked_7c(uu____0, uu____1); } /** @@ -171,18 +171,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e7( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_43( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_4a1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_3c1(uu____0); } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e7(uu____0); + return generate_keypair_43(uu____0); } /** @@ -198,10 +198,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_88(uint8_t randomness[64U]) { +generate_keypair_unpacked_84(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 @@ -209,7 +209,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_88(uu____0); + return generate_keypair_unpacked_84(uu____0); } /** @@ -220,14 +220,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_a21(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_ad1(public_key); +static bool validate_public_key_c81(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_251(public_key); } core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_a21(public_key.value)) { + if (validate_public_key_c81(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1d208c01a..38a8acefa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index f4088ad47..f9eca7330 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index fd3604caa..b51d6f18a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem512_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_d0(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_b6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_281(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_9c1(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_d0(private_key, ciphertext, ret); + decapsulate_b6(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_25( +static void decapsulate_unpacked_ee( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc1(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_25(private_key, ciphertext, ret); + decapsulate_unpacked_ee(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_c8( +static tuple_ec encapsulate_e7( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_711(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_ff1(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c8(uu____0, uu____1); + return encapsulate_e7(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_92( +static tuple_ec encapsulate_unpacked_ec( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf1(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_92(uu____0, uu____1); + return encapsulate_unpacked_ec(uu____0, uu____1); } /** @@ -166,18 +166,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c3( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_ec1(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c3(uu____0); + return generate_keypair_25(uu____0); } /** @@ -193,7 +193,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -generate_keypair_unpacked_96(uint8_t randomness[64U]) { +generate_keypair_unpacked_29(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51(uu____0); @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_96(uu____0); + return generate_keypair_unpacked_29(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_151(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_8c1(public_key); +static bool validate_public_key_2c1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_151(public_key.value)) { + if (validate_public_key_2c1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index fcd8f9311..dabbfa34f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 06b687a9c..133e3978f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem512_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f9(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_0b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6b0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f9(private_key, ciphertext, ret); + decapsulate_15(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_f2( +static void decapsulate_unpacked_76( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_310(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_f2(private_key, ciphertext, ret); + decapsulate_unpacked_76(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_33( +static tuple_ec encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_830(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_e10(uu____0, uu____1); } tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_33(uu____0, uu____1); + return encapsulate_44(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_7b( +static tuple_ec encapsulate_unpacked_4a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e00(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_7b(uu____0, uu____1); + return encapsulate_unpacked_4a(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_71( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f4( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_4a0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_3c0(uu____0); } libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_71(uu____0); + return generate_keypair_f4(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_aa(uint8_t randomness[64U]) { +generate_keypair_unpacked_dc(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_aa(uu____0); + return generate_keypair_unpacked_dc(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_a20(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_ad0(public_key); +static bool validate_public_key_c80(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_250(public_key); } core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_a20(public_key.value)) { + if (validate_public_key_c80(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index b847772f1..aa3deab25 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 38e59c74a..2df61cd4f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index b867971df..9b61a27fe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem768_neon.h" @@ -35,16 +35,16 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ea( +static void decapsulate_35( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_280(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_9c0(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ea(private_key, ciphertext, ret); + decapsulate_35(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_7d( +static void decapsulate_unpacked_eb( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc0(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_7d(private_key, ciphertext, ret); + decapsulate_unpacked_eb(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_5a( +static tuple_3c encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_710(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_ff0(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_5a(uu____0, uu____1); + return encapsulate_b1(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_cd( +static tuple_3c encapsulate_unpacked_24( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf0(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_cd(uu____0, uu____1); + return encapsulate_unpacked_24(uu____0, uu____1); } /** @@ -166,18 +166,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_f3( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_ec0(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f3(uu____0); + return generate_keypair_4e(uu____0); } /** @@ -193,7 +193,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -generate_keypair_unpacked_5f(uint8_t randomness[64U]) { +generate_keypair_unpacked_4a(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50(uu____0); @@ -204,7 +204,7 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5f(uu____0); + return generate_keypair_unpacked_4a(uu____0); } /** @@ -215,14 +215,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_150(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_8c0(public_key); +static bool validate_public_key_2c0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_150(public_key.value)) { + if (validate_public_key_2c0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index e2f5a0bce..1e0389b1a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 38a63cb24..7b80778b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem768_portable.h" @@ -35,16 +35,16 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_b5( +static void decapsulate_04( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_0b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6b(private_key, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b5(private_key, ciphertext, ret); + decapsulate_04(private_key, ciphertext, ret); } /** @@ -68,17 +68,17 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_7f( +static void decapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_31(key_pair, ciphertext, ret); } void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_7f(private_key, ciphertext, ret); + decapsulate_unpacked_de(private_key, ciphertext, ret); } /** @@ -98,13 +98,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_df( +static tuple_3c encapsulate_12( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_83(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_e1(uu____0, uu____1); } tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( @@ -113,7 +113,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_df(uu____0, uu____1); + return encapsulate_12(uu____0, uu____1); } /** @@ -134,14 +134,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_66( +static tuple_3c encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e0(uu____0, uu____1); } @@ -152,7 +152,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_66(uu____0, uu____1); + return encapsulate_unpacked_9e(uu____0, uu____1); } /** @@ -167,18 +167,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_41( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6f( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_4a(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_3c(uu____0); } libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_41(uu____0); + return generate_keypair_6f(uu____0); } /** @@ -194,10 +194,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_4e(uint8_t randomness[64U]) { +generate_keypair_unpacked_f6(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b(uu____0); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6(uu____0); } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 @@ -205,7 +205,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4e(uu____0); + return generate_keypair_unpacked_f6(uu____0); } /** @@ -216,14 +216,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_a2(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_ad(public_key); +static bool validate_public_key_c8(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_25(public_key); } core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_a2(public_key.value)) { + if (validate_public_key_c8(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index fe831192b..0e71b3e45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 780167980..65d32cb30 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 921961814..b6a41fc85 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index de345f3eb..ac3d6f7d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "internal/libcrux_mlkem_neon.h" @@ -79,7 +79,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice), v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); + int16_t result[16U]; + memcpy(result, out, (size_t)16U * sizeof(int16_t)); + memcpy(ret, result, (size_t)16U * sizeof(int16_t)); } /** @@ -1331,7 +1333,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_f8(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); for (size_t i = (size_t)0U; i < @@ -1354,10 +1356,9 @@ deserialize_to_reduced_ring_element_f8(Eurydice_slice serialized) { A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_384( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_621( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; @@ -1374,7 +1375,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_384( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_f8(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1388,7 +1389,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_5f(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { +shift_right_dd(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { v.low = libcrux_intrinsics_arm64__vshrq_n_s16( (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); v.high = libcrux_intrinsics_arm64__vshrq_n_s16( @@ -1405,9 +1406,9 @@ A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 with const generics - SHIFT_BY= 15 */ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_38( +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_4e( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_5f(v); + return shift_right_dd(v); } /** @@ -1419,7 +1420,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector to_unsigned_representative_88( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_38(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_4e(a); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1485,9 +1486,7 @@ static KRML_MUSTINLINE void serialize_secret_key_dc1( Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - uint8_t result[768U]; - memcpy(result, out, (size_t)768U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } /** @@ -1498,7 +1497,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_691( +static KRML_MUSTINLINE void serialize_public_key_261( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; @@ -1528,15 +1527,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_8c1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_384( + deserialize_ring_elements_reduced_621( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_691( + serialize_public_key_261( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -2553,7 +2552,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_851( +static void closure_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_20_06();); @@ -2569,7 +2568,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_3a_55( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_3a_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; @@ -2625,12 +2624,12 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_851(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_2b1(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_3a_55(&ind_cpa_public_key.A[j][i1]); + clone_3a_f8(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; memcpy(uu____2, A, @@ -2640,7 +2639,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_691( + serialize_public_key_261( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -2685,13 +2684,13 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_bd1( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_b81( Eurydice_slice key_generation_seed) { tuple_4c0 uu____0 = generate_keypair_unpacked_b71(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_691(pk.t_as_ntt, + serialize_public_key_261(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); @@ -2714,7 +2713,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7f1( +static KRML_MUSTINLINE void serialize_kem_secret_key_021( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -2775,7 +2774,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ec1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -2785,13 +2784,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_bd1(ind_cpa_keypair_randomness); + generate_keypair_b81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_7f1( + serialize_kem_secret_key_021( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -2800,12 +2799,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_e51(uu____1); + libcrux_ml_kem_types_from_e7_b31(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_d51( - uu____2, libcrux_ml_kem_types_from_07_cf1(uu____3)); + return libcrux_ml_kem_types_from_64_dc1( + uu____2, libcrux_ml_kem_types_from_07_8b1(uu____3)); } /** @@ -2872,7 +2871,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_831(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_921(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_20_06();); @@ -2941,7 +2940,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_30( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2965,7 +2964,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_56( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ce( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2985,7 +2984,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_ce( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_8b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3004,7 +3003,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_98( +inv_ntt_layer_int_vec_step_reduce_d3( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = @@ -3022,7 +3021,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_10( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3037,7 +3036,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_10( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_98( + inv_ntt_layer_int_vec_step_reduce_d3( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; @@ -3054,17 +3053,17 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_9e1( +static KRML_MUSTINLINE void invert_ntt_montgomery_3f1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_30(&zeta_i, re); - invert_ntt_at_layer_2_56(&zeta_i, re); - invert_ntt_at_layer_3_ce(&zeta_i, re); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_1d(&zeta_i, re); + invert_ntt_at_layer_2_ce(&zeta_i, re); + invert_ntt_at_layer_3_8b(&zeta_i, re); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)7U); poly_barrett_reduce_20_47(re); } @@ -3078,7 +3077,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_3c( +static KRML_MUSTINLINE void add_error_reduce_20_20( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { for (size_t i = (size_t)0U; @@ -3102,7 +3101,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_b11( +static KRML_MUSTINLINE void compute_vector_u_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, @@ -3134,8 +3133,8 @@ static KRML_MUSTINLINE void compute_vector_u_b11( ntt_multiply_20_ee(a_element, &r_as_ntt[j]); add_to_ring_element_20_fe1(&result0[i1], &product); } - invert_ntt_montgomery_9e1(&result0[i1]); - add_error_reduce_20_3c(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_3f1(&result0[i1]); + add_error_reduce_20_20(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; memcpy( @@ -3152,7 +3151,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_22( +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_2f( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), @@ -3167,7 +3166,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_3c(uint8_t serialized[32U]) { +deserialize_then_decompress_message_ab(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -3177,7 +3176,7 @@ deserialize_then_decompress_message_3c(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_22(coefficient_compressed); + decompress_1_2f(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3193,7 +3192,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_20_14( +add_message_error_reduce_20_04( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { @@ -3223,7 +3222,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_cc1( +compute_ring_element_v_4f1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, @@ -3233,8 +3232,8 @@ compute_ring_element_v_cc1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_20_fe1(&result, &product);); - invert_ntt_montgomery_9e1(&result); - result = add_message_error_reduce_20_14(error_2, message, result); + invert_ntt_montgomery_3f1(&result); + result = add_message_error_reduce_20_04(error_2, message, result); return result; } @@ -3244,7 +3243,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_8a(core_core_arch_arm_shared_neon_uint32x4_t v) { +compress_int32x4_t_2e(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); core_core_arch_arm_shared_neon_uint32x4_t compressed = @@ -3267,7 +3266,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_11(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { +compress_19(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( @@ -3288,12 +3287,12 @@ compress_11(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { libcrux_intrinsics_arm64__vshrq_n_u32( (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_8a(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_8a(low10); + core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_2e(low00); + core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_2e(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_8a(high00); + compress_int32x4_t_2e(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_8a(high10); + compress_int32x4_t_2e(high10); core_core_arch_arm_shared_neon_int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), @@ -3316,9 +3315,9 @@ A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a8( +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_54( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_11(v); + return compress_19(v); } /** @@ -3327,14 +3326,14 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_c40( +static KRML_MUSTINLINE void compress_then_serialize_10_f70( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_a8(to_unsigned_representative_88(re->coefficients[i0])); + compress_20_54(to_unsigned_representative_88(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3354,7 +3353,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_8a0(core_core_arch_arm_shared_neon_uint32x4_t v) { +compress_int32x4_t_2e0(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); core_core_arch_arm_shared_neon_uint32x4_t compressed = @@ -3377,7 +3376,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_110(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { +compress_190(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( @@ -3399,13 +3398,13 @@ compress_110(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_8a0(low00); + compress_int32x4_t_2e0(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_8a0(low10); + compress_int32x4_t_2e0(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_8a0(high00); + compress_int32x4_t_2e0(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_8a0(high10); + compress_int32x4_t_2e0(high10); core_core_arch_arm_shared_neon_int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), @@ -3428,9 +3427,9 @@ A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 with const generics - COEFFICIENT_BITS= 11 */ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a80( +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_540( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_110(v); + return compress_190(v); } /** @@ -3440,10 +3439,10 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_c20( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_170( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_c40(re, uu____0); + compress_then_serialize_10_f70(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3456,7 +3455,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_d11( +static void compress_then_serialize_u_511( libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3474,7 +3473,7 @@ static void compress_then_serialize_u_d11( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_c20(&re, ret); + compress_then_serialize_ring_element_u_170(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -3488,7 +3487,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_8a1(core_core_arch_arm_shared_neon_uint32x4_t v) { +compress_int32x4_t_2e1(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); core_core_arch_arm_shared_neon_uint32x4_t compressed = @@ -3511,7 +3510,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_111(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { +compress_191(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( @@ -3533,13 +3532,13 @@ compress_111(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_8a1(low00); + compress_int32x4_t_2e1(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_8a1(low10); + compress_int32x4_t_2e1(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_8a1(high00); + compress_int32x4_t_2e1(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_8a1(high10); + compress_int32x4_t_2e1(high10); core_core_arch_arm_shared_neon_int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), @@ -3562,9 +3561,9 @@ A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 with const generics - COEFFICIENT_BITS= 4 */ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a81( +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_541( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_111(v); + return compress_191(v); } /** @@ -3573,7 +3572,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_65( +static KRML_MUSTINLINE void compress_then_serialize_4_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice serialized) { LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), @@ -3582,7 +3581,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_65( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_a81(to_unsigned_representative_88(re.coefficients[i0])); + compress_20_541(to_unsigned_representative_88(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -3600,7 +3599,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_8a2(core_core_arch_arm_shared_neon_uint32x4_t v) { +compress_int32x4_t_2e2(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); core_core_arch_arm_shared_neon_uint32x4_t compressed = @@ -3623,7 +3622,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_112(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { +compress_192(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( @@ -3645,13 +3644,13 @@ compress_112(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_8a2(low00); + compress_int32x4_t_2e2(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_8a2(low10); + compress_int32x4_t_2e2(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_8a2(high00); + compress_int32x4_t_2e2(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_8a2(high10); + compress_int32x4_t_2e2(high10); core_core_arch_arm_shared_neon_int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), @@ -3674,9 +3673,9 @@ A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 with const generics - COEFFICIENT_BITS= 5 */ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_a82( +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_542( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_112(v); + return compress_192(v); } /** @@ -3685,7 +3684,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8b( +static KRML_MUSTINLINE void compress_then_serialize_5_46( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice serialized) { LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), @@ -3694,7 +3693,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8b( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_a82(to_unsigned_representative_88(re.coefficients[i0])); + compress_20_542(to_unsigned_representative_88(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -3713,9 +3712,9 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_760( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_350( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_65(re, out); + compress_then_serialize_4_f0(re, out); } /** @@ -3735,7 +3734,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_9b1( +static void encrypt_unpacked_b81( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -3750,7 +3749,7 @@ static void encrypt_unpacked_9b1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_831(uu____2, domain_separator0); + tuple_740 uu____3 = sample_ring_element_cbd_921(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; memcpy( error_1, uu____3.fst, @@ -3765,24 +3764,24 @@ static void encrypt_unpacked_9b1( sample_from_binomial_distribution_e9(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_b11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e71(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_3c(uu____4); + deserialize_then_decompress_message_ab(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_cc1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_4f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d11( + compress_then_serialize_u_511( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_760( + compress_then_serialize_ring_element_v_350( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -3807,7 +3806,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3837,7 +3836,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_9b1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_b81(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -3846,7 +3845,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_851( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_481(uu____4); + libcrux_ml_kem_types_from_15_551(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -3865,7 +3864,7 @@ with types libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d01(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_511(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -3873,38 +3872,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_d01(Eurydice_slice randomness, core_result_unwrap_41_83(dst, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_383( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_f8(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -3922,10 +3889,10 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0a1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_581(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_383( + deserialize_ring_elements_reduced_621( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -3964,7 +3931,7 @@ static void encrypt_0a1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_9b1(uu____3, uu____4, randomness, result); + encrypt_unpacked_b81(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -3979,7 +3946,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_331(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_921(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -4006,11 +3973,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_711( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ff1( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d01( + entropy_preprocess_af_511( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -4023,7 +3990,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_711( size_t, Eurydice_slice); uint8_t ret[32U]; H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4041,18 +4008,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_711( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0a1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_581(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_481(uu____4); + libcrux_ml_kem_types_from_15_551(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_331(shared_secret, shared_secret_array); + kdf_af_921(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4068,7 +4035,7 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_48(core_core_arch_arm_shared_neon_uint32x4_t v) { +decompress_uint32x4_t_40(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( 1U << (uint32_t)((int32_t)10 - (int32_t)1)); @@ -4088,7 +4055,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_15( +decompress_ciphertext_coefficient_4a( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); @@ -4107,13 +4074,13 @@ decompress_ciphertext_coefficient_15( (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_48(low00); + decompress_uint32x4_t_40(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_48(low10); + decompress_uint32x4_t_40(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_48(high00); + decompress_uint32x4_t_40(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_48(high10); + decompress_uint32x4_t_40(high10); v.low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); @@ -4134,9 +4101,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_06( +decompress_ciphertext_coefficient_20_f0( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_15(v); + return decompress_ciphertext_coefficient_4a(v); } /** @@ -4146,7 +4113,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_05(Eurydice_slice serialized) { +deserialize_then_decompress_10_b1(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); LowStar_Ignore_ignore( core_slice___Slice_T___len( @@ -4167,7 +4134,7 @@ deserialize_then_decompress_10_05(Eurydice_slice serialized) { libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_06(coefficient); + decompress_ciphertext_coefficient_20_f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4179,7 +4146,7 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_480(core_core_arch_arm_shared_neon_uint32x4_t v) { +decompress_uint32x4_t_400(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( 1U << (uint32_t)((int32_t)11 - (int32_t)1)); @@ -4199,7 +4166,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_150( +decompress_ciphertext_coefficient_4a0( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); @@ -4218,13 +4185,13 @@ decompress_ciphertext_coefficient_150( (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_480(low00); + decompress_uint32x4_t_400(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_480(low10); + decompress_uint32x4_t_400(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_480(high00); + decompress_uint32x4_t_400(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_480(high10); + decompress_uint32x4_t_400(high10); v.low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); @@ -4245,9 +4212,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_060( +decompress_ciphertext_coefficient_20_f00( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_150(v); + return decompress_ciphertext_coefficient_4a0(v); } /** @@ -4257,7 +4224,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_c8(Eurydice_slice serialized) { +deserialize_then_decompress_11_d5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); for (size_t i = (size_t)0U; i < @@ -4270,7 +4237,7 @@ deserialize_then_decompress_11_c8(Eurydice_slice serialized) { libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_060(coefficient); + decompress_ciphertext_coefficient_20_f00(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4283,8 +4250,8 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_510(Eurydice_slice serialized) { - return deserialize_then_decompress_10_05(serialized); +deserialize_then_decompress_ring_element_u_d80(Eurydice_slice serialized) { + return deserialize_then_decompress_10_b1(serialized); } /** @@ -4293,7 +4260,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_de0( +static KRML_MUSTINLINE void ntt_vector_u_890( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)7U); @@ -4314,7 +4281,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b91( +static KRML_MUSTINLINE void deserialize_then_decompress_u_2c1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; @@ -4339,16 +4306,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b91( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_510(u_bytes); + deserialize_then_decompress_ring_element_u_d80(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_de0(&u_as_ntt[i0]); + ntt_vector_u_890(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; memcpy( - result, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } @@ -4358,7 +4321,7 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_481(core_core_arch_arm_shared_neon_uint32x4_t v) { +decompress_uint32x4_t_401(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( 1U << (uint32_t)((int32_t)4 - (int32_t)1)); @@ -4378,7 +4341,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_151( +decompress_ciphertext_coefficient_4a1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); @@ -4397,13 +4360,13 @@ decompress_ciphertext_coefficient_151( (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_481(low00); + decompress_uint32x4_t_401(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_481(low10); + decompress_uint32x4_t_401(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_481(high00); + decompress_uint32x4_t_401(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_481(high10); + decompress_uint32x4_t_401(high10); v.low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); @@ -4424,9 +4387,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_061( +decompress_ciphertext_coefficient_20_f01( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_151(v); + return decompress_ciphertext_coefficient_4a1(v); } /** @@ -4436,7 +4399,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_eb(Eurydice_slice serialized) { +deserialize_then_decompress_4_b9(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; @@ -4448,7 +4411,7 @@ deserialize_then_decompress_4_eb(Eurydice_slice serialized) { libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_061(coefficient); + decompress_ciphertext_coefficient_20_f01(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4460,7 +4423,7 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_482(core_core_arch_arm_shared_neon_uint32x4_t v) { +decompress_uint32x4_t_402(core_core_arch_arm_shared_neon_uint32x4_t v) { core_core_arch_arm_shared_neon_uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( 1U << (uint32_t)((int32_t)5 - (int32_t)1)); @@ -4480,7 +4443,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_152( +decompress_ciphertext_coefficient_4a2( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { core_core_arch_arm_shared_neon_uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); @@ -4499,13 +4462,13 @@ decompress_ciphertext_coefficient_152( (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), core_core_arch_arm_shared_neon_uint32x4_t); core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_482(low00); + decompress_uint32x4_t_402(low00); core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_482(low10); + decompress_uint32x4_t_402(low10); core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_482(high00); + decompress_uint32x4_t_402(high00); core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_482(high10); + decompress_uint32x4_t_402(high10); v.low = libcrux_intrinsics_arm64__vtrn1q_s16( libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); @@ -4526,9 +4489,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_062( +decompress_ciphertext_coefficient_20_f02( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_152(v); + return decompress_ciphertext_coefficient_4a2(v); } /** @@ -4538,7 +4501,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_77(Eurydice_slice serialized) { +deserialize_then_decompress_5_26(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); for (size_t i = (size_t)0U; i < @@ -4552,7 +4515,7 @@ deserialize_then_decompress_5_77(Eurydice_slice serialized) { libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_062(re.coefficients[i0]); + decompress_ciphertext_coefficient_20_f02(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4565,8 +4528,8 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_000(Eurydice_slice serialized) { - return deserialize_then_decompress_4_eb(serialized); +deserialize_then_decompress_ring_element_v_b30(Eurydice_slice serialized) { + return deserialize_then_decompress_4_b9(serialized); } /** @@ -4580,7 +4543,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_20_b6(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, +subtract_reduce_20_a0(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4605,7 +4568,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_591( +compute_message_601( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { @@ -4614,8 +4577,8 @@ compute_message_591( libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_20_fe1(&result, &product);); - invert_ntt_montgomery_9e1(&result); - result = subtract_reduce_20_b6(v, result); + invert_ntt_montgomery_3f1(&result); + result = subtract_reduce_20_a0(v, result); return result; } @@ -4625,7 +4588,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_71( +static KRML_MUSTINLINE void compress_then_serialize_message_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4657,20 +4620,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_881( +static void decrypt_unpacked_a41( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_b91(ciphertext, u_as_ntt); + deserialize_then_decompress_u_2c1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_000( + deserialize_then_decompress_ring_element_v_b30( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_591(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_601(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_71(message, ret0); + compress_then_serialize_message_f2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4724,11 +4687,11 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_881(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a41(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( @@ -4762,7 +4725,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_48_6e3( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -4772,10 +4735,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d1( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_9b1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_b81(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4794,7 +4757,7 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_fc(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_cd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); for (size_t i = (size_t)0U; i < @@ -4817,7 +4780,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_0a1( +static KRML_MUSTINLINE void deserialize_secret_key_601( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; @@ -4834,7 +4797,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_0a1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_fc(secret_bytes); + deserialize_to_uncompressed_ring_element_cd(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; @@ -4856,10 +4819,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_0b1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_571(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_0a1(secret_key, secret_as_ntt); + deserialize_secret_key_601(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -4870,7 +4833,7 @@ static void decrypt_0b1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t result[32U]; - decrypt_unpacked_881(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_a41(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4896,7 +4859,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_281( +void libcrux_ml_kem_ind_cca_decapsulate_9c1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -4915,7 +4878,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_281( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_0b1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_571(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -4941,7 +4904,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_281( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_48_6e3( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -4950,17 +4913,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_281( uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0a1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_581(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_331( + kdf_af_921( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_331(shared_secret0, shared_secret1); + kdf_af_921(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -4977,10 +4940,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_281( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_382( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_620( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; @@ -4997,7 +4959,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_382( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_f8(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5037,9 +4999,7 @@ static KRML_MUSTINLINE void serialize_secret_key_dc0( Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - uint8_t result[1152U]; - memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } /** @@ -5050,7 +5010,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_690( +static KRML_MUSTINLINE void serialize_public_key_260( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5081,15 +5041,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_8c0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_382( + deserialize_ring_elements_reduced_620( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_690( + serialize_public_key_260( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -5730,7 +5690,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_850( +static void closure_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_20_06();); @@ -5779,12 +5739,12 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_850(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_2b0(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_3a_55(&ind_cpa_public_key.A[j][i1]); + clone_3a_f8(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; memcpy(uu____2, A, @@ -5794,7 +5754,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_690( + serialize_public_key_260( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -5839,13 +5799,13 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_bd0( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b80( Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = generate_keypair_unpacked_b70(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_690(pk.t_as_ntt, + serialize_public_key_260(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); @@ -5868,7 +5828,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7f0( +static KRML_MUSTINLINE void serialize_kem_secret_key_020( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5929,7 +5889,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ec0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5939,13 +5899,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_bd0(ind_cpa_keypair_randomness); + generate_keypair_b80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_7f0( + serialize_kem_secret_key_020( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -5954,12 +5914,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e5(uu____1); + libcrux_ml_kem_types_from_e7_b3(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_d5( - uu____2, libcrux_ml_kem_types_from_07_cf(uu____3)); + return libcrux_ml_kem_types_from_64_dc( + uu____2, libcrux_ml_kem_types_from_07_8b(uu____3)); } /** @@ -5971,7 +5931,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_830(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_920(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_20_06();); @@ -6025,17 +5985,17 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_9e0( +static KRML_MUSTINLINE void invert_ntt_montgomery_3f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_30(&zeta_i, re); - invert_ntt_at_layer_2_56(&zeta_i, re); - invert_ntt_at_layer_3_ce(&zeta_i, re); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_1d(&zeta_i, re); + invert_ntt_at_layer_2_ce(&zeta_i, re); + invert_ntt_at_layer_3_8b(&zeta_i, re); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)7U); poly_barrett_reduce_20_47(re); } @@ -6045,7 +6005,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_b10( +static KRML_MUSTINLINE void compute_vector_u_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, @@ -6077,8 +6037,8 @@ static KRML_MUSTINLINE void compute_vector_u_b10( ntt_multiply_20_ee(a_element, &r_as_ntt[j]); add_to_ring_element_20_fe0(&result0[i1], &product); } - invert_ntt_montgomery_9e0(&result0[i1]); - add_error_reduce_20_3c(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_3f0(&result0[i1]); + add_error_reduce_20_20(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; memcpy( @@ -6096,7 +6056,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_cc0( +compute_ring_element_v_4f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, @@ -6106,8 +6066,8 @@ compute_ring_element_v_cc0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_20_fe0(&result, &product);); - invert_ntt_montgomery_9e0(&result); - result = add_message_error_reduce_20_14(error_2, message, result); + invert_ntt_montgomery_3f0(&result); + result = add_message_error_reduce_20_04(error_2, message, result); return result; } @@ -6120,7 +6080,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_d10( +static void compress_then_serialize_u_510( libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6138,7 +6098,7 @@ static void compress_then_serialize_u_d10( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_c20(&re, ret); + compress_then_serialize_ring_element_u_170(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6163,7 +6123,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_9b0( +static void encrypt_unpacked_b80( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -6178,7 +6138,7 @@ static void encrypt_unpacked_9b0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_830(uu____2, domain_separator0); + tuple_b00 uu____3 = sample_ring_element_cbd_920(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; memcpy( error_1, uu____3.fst, @@ -6193,24 +6153,24 @@ static void encrypt_unpacked_9b0( sample_from_binomial_distribution_e9(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_b10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e70(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_3c(uu____4); + deserialize_then_decompress_message_ab(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_cc0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_4f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d10( + compress_then_serialize_u_510( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_760( + compress_then_serialize_ring_element_v_350( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -6235,7 +6195,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6265,7 +6225,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_9b0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_b80(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6274,7 +6234,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_850( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_48(uu____4); + libcrux_ml_kem_types_from_15_55(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -6293,7 +6253,7 @@ with types libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d00(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_510(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -6301,38 +6261,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_d00(Eurydice_slice randomness, core_result_unwrap_41_83(dst, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_381( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_f8(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -6350,10 +6278,10 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0a0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_580(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_381( + deserialize_ring_elements_reduced_620( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6392,7 +6320,7 @@ static void encrypt_0a0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_9b0(uu____3, uu____4, randomness, result); + encrypt_unpacked_b80(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -6407,7 +6335,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_330(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_920(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -6434,11 +6362,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_710( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ff0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d00( + entropy_preprocess_af_510( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -6451,7 +6379,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_710( size_t, Eurydice_slice); uint8_t ret[32U]; H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6469,18 +6397,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_710( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0a0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_580(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_48(uu____4); + libcrux_ml_kem_types_from_15_55(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_330(shared_secret, shared_secret_array); + kdf_af_920(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6498,7 +6426,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b90( +static KRML_MUSTINLINE void deserialize_then_decompress_u_2c0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; @@ -6523,16 +6451,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b90( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_510(u_bytes); + deserialize_then_decompress_ring_element_u_d80(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_de0(&u_as_ntt[i0]); + ntt_vector_u_890(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; memcpy( - result, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } @@ -6543,7 +6467,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_590( +compute_message_600( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { @@ -6552,8 +6476,8 @@ compute_message_590( libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_20_fe0(&result, &product);); - invert_ntt_montgomery_9e0(&result); - result = subtract_reduce_20_b6(v, result); + invert_ntt_montgomery_3f0(&result); + result = subtract_reduce_20_a0(v, result); return result; } @@ -6567,20 +6491,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_880( +static void decrypt_unpacked_a40( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_b90(ciphertext, u_as_ntt); + deserialize_then_decompress_u_2c0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_000( + deserialize_then_decompress_ring_element_v_b30( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_590(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_600(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_71(message, ret0); + compress_then_serialize_message_f2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6619,11 +6543,11 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_880(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a40(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( @@ -6657,7 +6581,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_48_6e1( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -6667,10 +6591,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d0( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_9b0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_b80(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6688,7 +6612,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_0a0( +static KRML_MUSTINLINE void deserialize_secret_key_600( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; @@ -6705,7 +6629,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_0a0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_fc(secret_bytes); + deserialize_to_uncompressed_ring_element_cd(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; @@ -6727,10 +6651,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_0b0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_570(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_0a0(secret_key, secret_as_ntt); + deserialize_secret_key_600(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -6741,7 +6665,7 @@ static void decrypt_0b0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t result[32U]; - decrypt_unpacked_880(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_a40(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6767,7 +6691,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_280( +void libcrux_ml_kem_ind_cca_decapsulate_9c0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6786,7 +6710,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_280( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_0b0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_570(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -6812,7 +6736,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_280( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_48_6e1( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -6821,17 +6745,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_280( uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0a0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_580(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_330( + kdf_af_920( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_330(shared_secret0, shared_secret1); + kdf_af_920(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -6848,10 +6772,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_280( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_380( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_62( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; @@ -6868,7 +6791,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_380( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_f8(ring_element); + deserialize_to_reduced_ring_element_1b(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6908,9 +6831,7 @@ static KRML_MUSTINLINE void serialize_secret_key_dc( Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - uint8_t result[1536U]; - memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } /** @@ -6921,7 +6842,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_69( +static KRML_MUSTINLINE void serialize_public_key_26( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -6952,15 +6873,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_8c(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_380( + deserialize_ring_elements_reduced_62( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_69( + serialize_public_key_26( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -7610,7 +7531,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_85( +static void closure_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_20_06();); @@ -7659,12 +7580,12 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_85(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_2b(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_3a_55(&ind_cpa_public_key.A[j][i1]); + clone_3a_f8(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; memcpy(uu____2, A, @@ -7674,7 +7595,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_69( + serialize_public_key_26( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -7719,13 +7640,13 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_bd( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_b8( Eurydice_slice key_generation_seed) { tuple_54 uu____0 = generate_keypair_unpacked_b7(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_69(pk.t_as_ntt, + serialize_public_key_26(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); @@ -7748,7 +7669,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7f( +static KRML_MUSTINLINE void serialize_kem_secret_key_02( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -7809,7 +7730,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ec(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7819,13 +7740,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_bd(ind_cpa_keypair_randomness); + generate_keypair_b8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_7f( + serialize_kem_secret_key_02( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -7834,12 +7755,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_e50(uu____1); + libcrux_ml_kem_types_from_e7_b30(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_d50( - uu____2, libcrux_ml_kem_types_from_07_cf0(uu____3)); + return libcrux_ml_kem_types_from_64_dc0( + uu____2, libcrux_ml_kem_types_from_07_8b0(uu____3)); } /** @@ -7851,7 +7772,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_83(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_92(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_20_06();); @@ -7905,17 +7826,17 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_9e( +static KRML_MUSTINLINE void invert_ntt_montgomery_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_30(&zeta_i, re); - invert_ntt_at_layer_2_56(&zeta_i, re); - invert_ntt_at_layer_3_ce(&zeta_i, re); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_10(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_1d(&zeta_i, re); + invert_ntt_at_layer_2_ce(&zeta_i, re); + invert_ntt_at_layer_3_8b(&zeta_i, re); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)7U); poly_barrett_reduce_20_47(re); } @@ -7925,7 +7846,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_b1( +static KRML_MUSTINLINE void compute_vector_u_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, @@ -7957,8 +7878,8 @@ static KRML_MUSTINLINE void compute_vector_u_b1( ntt_multiply_20_ee(a_element, &r_as_ntt[j]); add_to_ring_element_20_fe(&result0[i1], &product); } - invert_ntt_montgomery_9e(&result0[i1]); - add_error_reduce_20_3c(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_3f(&result0[i1]); + add_error_reduce_20_20(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; memcpy( @@ -7976,7 +7897,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_cc( +compute_ring_element_v_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, @@ -7986,8 +7907,8 @@ compute_ring_element_v_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_20_fe(&result, &product);); - invert_ntt_montgomery_9e(&result); - result = add_message_error_reduce_20_14(error_2, message, result); + invert_ntt_montgomery_3f(&result); + result = add_message_error_reduce_20_04(error_2, message, result); return result; } @@ -7997,14 +7918,14 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_c6( +static KRML_MUSTINLINE void compress_then_serialize_11_70( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_a80(to_unsigned_representative_88(re->coefficients[i0])); + compress_20_540(to_unsigned_representative_88(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -8025,10 +7946,10 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_c2( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_17( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_c6(re, uu____0); + compress_then_serialize_11_70(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -8041,7 +7962,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_d1( +static void compress_then_serialize_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8059,7 +7980,7 @@ static void compress_then_serialize_u_d1( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_c2(&re, ret); + compress_then_serialize_ring_element_u_17(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -8074,9 +7995,9 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_76( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_35( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_8b(re, out); + compress_then_serialize_5_46(re, out); } /** @@ -8096,7 +8017,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_9b( +static void encrypt_unpacked_b8( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -8111,7 +8032,7 @@ static void encrypt_unpacked_9b( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_83(uu____2, domain_separator0); + tuple_71 uu____3 = sample_ring_element_cbd_92(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; memcpy( error_1, uu____3.fst, @@ -8126,25 +8047,25 @@ static void encrypt_unpacked_9b( sample_from_binomial_distribution_e9(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_b1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e7(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_3c(uu____4); + deserialize_then_decompress_message_ab(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_cc(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_4f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d1( + compress_then_serialize_u_51( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_76( + compress_then_serialize_ring_element_v_35( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -8169,7 +8090,7 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8199,7 +8120,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_9b(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_b8(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8208,7 +8129,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_85( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_480(uu____4); + libcrux_ml_kem_types_from_15_550(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -8227,7 +8148,7 @@ with types libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_51(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -8235,38 +8156,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_d0(Eurydice_slice randomness, core_result_unwrap_41_83(dst, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_38( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_f8(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -8284,10 +8173,10 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0a(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_58(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_38( + deserialize_ring_elements_reduced_62( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8326,7 +8215,7 @@ static void encrypt_0a(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_9b(uu____3, uu____4, randomness, result); + encrypt_unpacked_b8(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -8341,7 +8230,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_33(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_92(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -8368,11 +8257,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_71( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ff( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d0( + entropy_preprocess_af_51( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -8385,7 +8274,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_71( size_t, Eurydice_slice); uint8_t ret[32U]; H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8403,18 +8292,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_71( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0a(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_58(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_480(uu____4); + libcrux_ml_kem_types_from_15_550(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_33(shared_secret, shared_secret_array); + kdf_af_92(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8431,8 +8320,8 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_51(Eurydice_slice serialized) { - return deserialize_then_decompress_11_c8(serialized); +deserialize_then_decompress_ring_element_u_d8(Eurydice_slice serialized) { + return deserialize_then_decompress_11_d5(serialized); } /** @@ -8441,7 +8330,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_de( +static KRML_MUSTINLINE void ntt_vector_u_89( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)7U); @@ -8462,7 +8351,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b9( +static KRML_MUSTINLINE void deserialize_then_decompress_u_2c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; @@ -8487,16 +8376,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b9( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_51(u_bytes); + deserialize_then_decompress_ring_element_u_d8(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_de(&u_as_ntt[i0]); + ntt_vector_u_89(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; memcpy( - result, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); } @@ -8507,8 +8392,8 @@ libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_00(Eurydice_slice serialized) { - return deserialize_then_decompress_5_77(serialized); +deserialize_then_decompress_ring_element_v_b3(Eurydice_slice serialized) { + return deserialize_then_decompress_5_26(serialized); } /** @@ -8518,7 +8403,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_59( +compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { @@ -8527,8 +8412,8 @@ compute_message_59( libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_20_fe(&result, &product);); - invert_ntt_montgomery_9e(&result); - result = subtract_reduce_20_b6(v, result); + invert_ntt_montgomery_3f(&result); + result = subtract_reduce_20_a0(v, result); return result; } @@ -8542,20 +8427,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_88( +static void decrypt_unpacked_a4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_b9(ciphertext, u_as_ntt); + deserialize_then_decompress_u_2c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_00( + deserialize_then_decompress_ring_element_v_b3( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_59(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_71(message, ret0); + compress_then_serialize_message_f2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8594,12 +8479,12 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_88(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a4(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( @@ -8633,7 +8518,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_48_6e( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -8643,10 +8528,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_1d( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_9b(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_b8(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8664,7 +8549,7 @@ with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_0a( +static KRML_MUSTINLINE void deserialize_secret_key_60( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; @@ -8681,7 +8566,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_0a( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_fc(secret_bytes); + deserialize_to_uncompressed_ring_element_cd(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; @@ -8703,10 +8588,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_0b(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_57(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_0a(secret_key, secret_as_ntt); + deserialize_secret_key_60(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -8717,7 +8602,7 @@ static void decrypt_0b(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t result[32U]; - decrypt_unpacked_88(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_a4(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8743,7 +8628,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_28( +void libcrux_ml_kem_ind_cca_decapsulate_9c( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -8763,7 +8648,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_28( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_0b(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_57(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -8789,7 +8674,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_28( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_48_6e( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -8798,17 +8683,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_28( uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0a(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_58(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_33( + kdf_af_92( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_33(shared_secret0, shared_secret1); + kdf_af_92(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 8bab021c2..0ee36ef1f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index e4bb7818a..58bbb62ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "internal/libcrux_mlkem_portable.h" @@ -856,11 +856,9 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + (LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R >> 1U); int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } @@ -1746,7 +1744,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_27(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; i < @@ -1769,10 +1767,9 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_654( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; @@ -1789,7 +1786,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_654( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_27(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1902,9 +1899,7 @@ static KRML_MUSTINLINE void serialize_secret_key_491( Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - uint8_t result[1536U]; - memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } /** @@ -1915,7 +1910,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_1a1( +static KRML_MUSTINLINE void serialize_public_key_7c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -1946,15 +1941,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_ad1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_251(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_654( + deserialize_ring_elements_reduced_2a1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_1a1( + serialize_public_key_7c1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2964,7 +2959,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e81( +static void closure_fb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_20_02();); @@ -2980,7 +2975,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_b3( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3021,7 +3016,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3037,12 +3032,12 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e81(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_fb1(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + clone_3a_10(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3052,7 +3047,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_1a1( + serialize_public_key_7c1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -3098,13 +3093,13 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_101( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e51( Eurydice_slice key_generation_seed) { tuple_540 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_1a1(pk.t_as_ntt, + serialize_public_key_7c1(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); @@ -3127,7 +3122,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_df( +static KRML_MUSTINLINE void serialize_kem_secret_key_2f( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3189,7 +3184,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_4a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_3c1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3199,13 +3194,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_4a1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_101(ind_cpa_keypair_randomness); + generate_keypair_e51(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_df( + serialize_kem_secret_key_2f( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3214,12 +3209,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_4a1(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_e50(uu____1); + libcrux_ml_kem_types_from_e7_b30(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_d50( - uu____2, libcrux_ml_kem_types_from_07_cf0(uu____3)); + return libcrux_ml_kem_types_from_64_dc0( + uu____2, libcrux_ml_kem_types_from_07_8b0(uu____3)); } /** @@ -3232,7 +3227,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_641(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_791(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_20_02();); @@ -3299,7 +3294,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_4b( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_67( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3323,7 +3318,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_0d( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_57( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3343,7 +3338,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_29( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3363,7 +3358,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_50( + inv_ntt_layer_int_vec_step_reduce_6d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3383,7 +3378,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_09( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ac( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3398,7 +3393,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_09( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_50( + inv_ntt_layer_int_vec_step_reduce_6d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3415,17 +3410,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_1f1( +static KRML_MUSTINLINE void invert_ntt_montgomery_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_4b(&zeta_i, re); - invert_ntt_at_layer_2_0d(&zeta_i, re); - invert_ntt_at_layer_3_29(&zeta_i, re); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_67(&zeta_i, re); + invert_ntt_at_layer_2_57(&zeta_i, re); + invert_ntt_at_layer_3_13(&zeta_i, re); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)7U); poly_barrett_reduce_20_98(re); } @@ -3439,7 +3434,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_59( +static KRML_MUSTINLINE void add_error_reduce_20_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3463,7 +3458,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_0f1( +static KRML_MUSTINLINE void compute_vector_u_ff1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -3495,8 +3490,8 @@ static KRML_MUSTINLINE void compute_vector_u_0f1( ntt_multiply_20_db(a_element, &r_as_ntt[j]); add_to_ring_element_20_981(&result0[i1], &product); } - invert_ntt_montgomery_1f1(&result0[i1]); - add_error_reduce_20_59(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_ba1(&result0[i1]); + add_error_reduce_20_4a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3514,7 +3509,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_36(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_f7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3528,7 +3523,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_b7(uint8_t serialized[32U]) { +deserialize_then_decompress_message_aa(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -3539,7 +3534,7 @@ deserialize_then_decompress_message_b7(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_36(coefficient_compressed); + decompress_1_f7(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3555,7 +3550,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_5e( +add_message_error_reduce_20_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3585,7 +3580,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c41( +compute_ring_element_v_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -3595,8 +3590,8 @@ compute_ring_element_v_c41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_20_981(&result, &product);); - invert_ntt_montgomery_1f1(&result); - result = add_message_error_reduce_20_5e(error_2, message, result); + invert_ntt_montgomery_ba1(&result); + result = add_message_error_reduce_20_79(error_2, message, result); return result; } @@ -3670,7 +3665,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_ef0( +static KRML_MUSTINLINE void compress_then_serialize_11_5e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -3698,10 +3693,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_da0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_ef0(re, uu____0); + compress_then_serialize_11_5e0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -3714,7 +3709,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_411( +static void compress_then_serialize_u_f51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3732,7 +3727,7 @@ static void compress_then_serialize_u_411( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_da0(&re, ret); + compress_then_serialize_ring_element_u_080(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -3778,7 +3773,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_75( +static KRML_MUSTINLINE void compress_then_serialize_4_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), @@ -3837,7 +3832,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_0f( +static KRML_MUSTINLINE void compress_then_serialize_5_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), @@ -3865,9 +3860,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ef0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_0f(re, out); + compress_then_serialize_5_0c(re, out); } /** @@ -3888,7 +3883,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_cf1( +static void encrypt_unpacked_ba1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -3903,7 +3898,7 @@ static void encrypt_unpacked_cf1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_641(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_791(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -3918,25 +3913,25 @@ static void encrypt_unpacked_cf1( sample_from_binomial_distribution_48(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_0f1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_ff1(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_b7(uu____4); + deserialize_then_decompress_message_aa(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c41(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_0f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_411( + compress_then_serialize_u_f51( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_ef0( + compress_then_serialize_ring_element_v_0e0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -3962,7 +3957,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3992,7 +3987,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_cf1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_ba1(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -4001,7 +3996,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d1( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_480(uu____4); + libcrux_ml_kem_types_from_15_550(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4020,46 +4015,14 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d5(Eurydice_slice randomness, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void entropy_preprocess_af_a00(Eurydice_slice randomness, + uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_653( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_02();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4078,10 +4041,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d71(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_653( + deserialize_ring_elements_reduced_2a1( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4120,7 +4083,7 @@ static void encrypt_bd1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_cf1(uu____3, uu____4, randomness, result); + encrypt_unpacked_ba1(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4135,7 +4098,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_cf(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_71(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -4162,11 +4125,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_831( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e11( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d5( + entropy_preprocess_af_a00( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -4179,7 +4142,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_831( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4197,18 +4160,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_831( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_9c0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_bd1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_d71(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_480(uu____4); + libcrux_ml_kem_types_from_15_550(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_cf(shared_secret, shared_secret_array); + kdf_af_71(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4262,7 +4225,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_75(Eurydice_slice serialized) { +deserialize_then_decompress_10_67(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); LowStar_Ignore_ignore( core_slice___Slice_T___len( @@ -4333,7 +4296,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_b9(Eurydice_slice serialized) { +deserialize_then_decompress_11_2d(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; i < @@ -4359,8 +4322,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_9d0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_b9(serialized); +deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { + return deserialize_then_decompress_11_2d(serialized); } /** @@ -4369,7 +4332,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_6c0( +static KRML_MUSTINLINE void ntt_vector_u_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)7U); @@ -4390,7 +4353,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_121( +static KRML_MUSTINLINE void deserialize_then_decompress_u_051( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -4415,16 +4378,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_121( (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_9d0(u_bytes); + deserialize_then_decompress_ring_element_u_f90(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_6c0(&u_as_ntt[i0]); + ntt_vector_u_3a0(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - result, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -4472,7 +4431,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_68(Eurydice_slice serialized) { +deserialize_then_decompress_4_e7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; @@ -4534,7 +4493,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_c1(Eurydice_slice serialized) { +deserialize_then_decompress_5_e2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; i < @@ -4561,8 +4520,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_450(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c1(serialized); +deserialize_then_decompress_ring_element_v_510(Eurydice_slice serialized) { + return deserialize_then_decompress_5_e2(serialized); } /** @@ -4576,7 +4535,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_e9(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_ae(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4601,7 +4560,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2c1( +compute_message_061( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -4610,8 +4569,8 @@ compute_message_2c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_20_981(&result, &product);); - invert_ntt_montgomery_1f1(&result); - result = subtract_reduce_20_e9(v, result); + invert_ntt_montgomery_ba1(&result); + result = subtract_reduce_20_ae(v, result); return result; } @@ -4621,7 +4580,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_4e( +static KRML_MUSTINLINE void compress_then_serialize_message_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4653,20 +4612,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_be1( +static void decrypt_unpacked_401( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_121(ciphertext, u_as_ntt); + deserialize_then_decompress_u_051(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_450( + deserialize_then_decompress_ring_element_v_510( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_061(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_4e(message, ret0); + compress_then_serialize_message_d3(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4719,12 +4678,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_be1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_401(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( @@ -4758,7 +4717,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -4768,10 +4727,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b91( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_cf1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_ba1(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4790,7 +4749,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_ee(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); for (size_t i = (size_t)0U; i < @@ -4813,7 +4772,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_5e1( +static KRML_MUSTINLINE void deserialize_secret_key_a31( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4830,7 +4789,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_5e1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ee(secret_bytes); + deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -4852,10 +4811,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_bc1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_121(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_5e1(secret_key, secret_as_ntt); + deserialize_secret_key_a31(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -4866,7 +4825,7 @@ static void decrypt_bc1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_be1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_401(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4892,7 +4851,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b1( +void libcrux_ml_kem_ind_cca_decapsulate_6b1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -4912,7 +4871,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_bc1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_121(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -4938,7 +4897,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_410(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -4947,17 +4906,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_bd1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_d71(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_cf( + kdf_af_71( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_cf(shared_secret0, shared_secret1); + kdf_af_71(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_410(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -4974,10 +4933,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_652( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; @@ -4994,7 +4952,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_652( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_27(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5034,9 +4992,7 @@ static KRML_MUSTINLINE void serialize_secret_key_490( Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - uint8_t result[768U]; - memcpy(result, out, (size_t)768U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } /** @@ -5047,7 +5003,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_1a0( +static KRML_MUSTINLINE void serialize_public_key_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; @@ -5077,15 +5033,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_ad0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_250(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_652( + deserialize_ring_elements_reduced_2a0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_1a0( + serialize_public_key_7c0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5706,7 +5662,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_e80( +static void closure_fb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_20_02();); @@ -5740,7 +5696,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5756,12 +5712,12 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e80(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_fb0(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + clone_3a_10(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -5771,7 +5727,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_1a0( + serialize_public_key_7c0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -5817,13 +5773,13 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_100( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e50( Eurydice_slice key_generation_seed) { tuple_4c uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_1a0(pk.t_as_ntt, + serialize_public_key_7c0(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); @@ -5846,7 +5802,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c1( +static KRML_MUSTINLINE void serialize_kem_secret_key_58( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -5908,7 +5864,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_4a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_3c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5918,13 +5874,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_4a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_100(ind_cpa_keypair_randomness); + generate_keypair_e50(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_c1( + serialize_kem_secret_key_58( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -5933,12 +5889,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_4a0(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_e51(uu____1); + libcrux_ml_kem_types_from_e7_b31(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_d51( - uu____2, libcrux_ml_kem_types_from_07_cf1(uu____3)); + return libcrux_ml_kem_types_from_64_dc1( + uu____2, libcrux_ml_kem_types_from_07_8b1(uu____3)); } /** @@ -5984,7 +5940,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_640(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_790(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_20_02();); @@ -6038,17 +5994,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_1f0( +static KRML_MUSTINLINE void invert_ntt_montgomery_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_4b(&zeta_i, re); - invert_ntt_at_layer_2_0d(&zeta_i, re); - invert_ntt_at_layer_3_29(&zeta_i, re); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_67(&zeta_i, re); + invert_ntt_at_layer_2_57(&zeta_i, re); + invert_ntt_at_layer_3_13(&zeta_i, re); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)7U); poly_barrett_reduce_20_98(re); } @@ -6058,7 +6014,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_0f0( +static KRML_MUSTINLINE void compute_vector_u_ff0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6090,8 +6046,8 @@ static KRML_MUSTINLINE void compute_vector_u_0f0( ntt_multiply_20_db(a_element, &r_as_ntt[j]); add_to_ring_element_20_980(&result0[i1], &product); } - invert_ntt_montgomery_1f0(&result0[i1]); - add_error_reduce_20_59(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_ba0(&result0[i1]); + add_error_reduce_20_4a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6109,7 +6065,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c40( +compute_ring_element_v_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6119,8 +6075,8 @@ compute_ring_element_v_c40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_20_980(&result, &product);); - invert_ntt_montgomery_1f0(&result); - result = add_message_error_reduce_20_5e(error_2, message, result); + invert_ntt_montgomery_ba0(&result); + result = add_message_error_reduce_20_79(error_2, message, result); return result; } @@ -6130,7 +6086,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_bb( +static KRML_MUSTINLINE void compress_then_serialize_10_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -6158,10 +6114,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_da( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_bb(re, uu____0); + compress_then_serialize_10_56(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6174,7 +6130,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_410( +static void compress_then_serialize_u_f50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6192,7 +6148,7 @@ static void compress_then_serialize_u_410( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_da(&re, ret); + compress_then_serialize_ring_element_u_08(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6207,9 +6163,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ef( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_75(re, out); + compress_then_serialize_4_16(re, out); } /** @@ -6230,7 +6186,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_cf0( +static void encrypt_unpacked_ba0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6245,7 +6201,7 @@ static void encrypt_unpacked_cf0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_640(uu____2, domain_separator0); + tuple_74 uu____3 = sample_ring_element_cbd_790(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6260,24 +6216,24 @@ static void encrypt_unpacked_cf0( sample_from_binomial_distribution_48(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_0f0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_ff0(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_b7(uu____4); + deserialize_then_decompress_message_aa(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c40(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_0f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_410( + compress_then_serialize_u_f50( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_ef( + compress_then_serialize_ring_element_v_0e( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6303,7 +6259,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e00( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6333,7 +6289,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_cf0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_ba0(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -6342,7 +6298,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d0( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_481(uu____4); + libcrux_ml_kem_types_from_15_551(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -6361,7 +6317,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_b3(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c5(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -6369,38 +6325,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_b3(Eurydice_slice randomness, core_result_unwrap_41_83(dst, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_651( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_02();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6419,10 +6343,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d70(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_651( + deserialize_ring_elements_reduced_2a0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -6461,7 +6385,7 @@ static void encrypt_bd0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_cf0(uu____3, uu____4, randomness, result); + encrypt_unpacked_ba0(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -6476,7 +6400,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_a2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_29(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -6503,11 +6427,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_830( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_b3( + entropy_preprocess_af_c5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -6520,7 +6444,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_830( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -6538,18 +6462,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_830( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_9c1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_bd0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_d70(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_481(uu____4); + libcrux_ml_kem_types_from_15_551(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_a2(shared_secret, shared_secret_array); + kdf_af_29(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6566,8 +6490,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_9d(Eurydice_slice serialized) { - return deserialize_then_decompress_10_75(serialized); +deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { + return deserialize_then_decompress_10_67(serialized); } /** @@ -6576,7 +6500,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_6c( +static KRML_MUSTINLINE void ntt_vector_u_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)7U); @@ -6597,7 +6521,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_120( +static KRML_MUSTINLINE void deserialize_then_decompress_u_050( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -6622,16 +6546,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_120( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_9d(u_bytes); + deserialize_then_decompress_ring_element_u_f9(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_6c(&u_as_ntt[i0]); + ntt_vector_u_3a(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( - result, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6642,8 +6562,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_45(Eurydice_slice serialized) { - return deserialize_then_decompress_4_68(serialized); +deserialize_then_decompress_ring_element_v_51(Eurydice_slice serialized) { + return deserialize_then_decompress_4_e7(serialized); } /** @@ -6653,7 +6573,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2c0( +compute_message_060( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -6662,8 +6582,8 @@ compute_message_2c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_20_980(&result, &product);); - invert_ntt_montgomery_1f0(&result); - result = subtract_reduce_20_e9(v, result); + invert_ntt_montgomery_ba0(&result); + result = subtract_reduce_20_ae(v, result); return result; } @@ -6677,20 +6597,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_be0( +static void decrypt_unpacked_400( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_120(ciphertext, u_as_ntt); + deserialize_then_decompress_u_050(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_45( + deserialize_then_decompress_ring_element_v_51( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_060(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_4e(message, ret0); + compress_then_serialize_message_d3(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6730,11 +6650,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_be0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_400(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( @@ -6768,7 +6688,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -6778,10 +6698,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b90( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_cf0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_ba0(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -6799,7 +6719,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_5e0( +static KRML_MUSTINLINE void deserialize_secret_key_a30( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -6816,7 +6736,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_5e0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ee(secret_bytes); + deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -6838,10 +6758,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_bc0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_120(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_5e0(secret_key, secret_as_ntt); + deserialize_secret_key_a30(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -6852,7 +6772,7 @@ static void decrypt_bc0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_be0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_400(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6878,7 +6798,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b0( +void libcrux_ml_kem_ind_cca_decapsulate_6b0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -6897,7 +6817,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_bc0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_120(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -6923,7 +6843,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_411(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -6932,17 +6852,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_bd0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_d70(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_a2( + kdf_af_29( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_a2(shared_secret0, shared_secret1); + kdf_af_29(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_411(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, @@ -6959,10 +6879,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_650( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -6979,7 +6898,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_650( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_27(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7019,9 +6938,7 @@ static KRML_MUSTINLINE void serialize_secret_key_49( Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); } - uint8_t result[1152U]; - memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } /** @@ -7032,7 +6949,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_1a( +static KRML_MUSTINLINE void serialize_public_key_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -7063,15 +6980,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_ad(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_25(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_650( + deserialize_ring_elements_reduced_2a( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_1a( + serialize_public_key_7c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7681,7 +7598,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e8( +static void closure_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_20_02();); @@ -7715,7 +7632,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7731,12 +7648,12 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e8(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_fb(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + clone_3a_10(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -7746,7 +7663,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_5b( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_1a( + serialize_public_key_7c( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), @@ -7792,13 +7709,13 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_10( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e5( Eurydice_slice key_generation_seed) { tuple_9b uu____0 = generate_keypair_unpacked_6c(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_1a(pk.t_as_ntt, + serialize_public_key_7c(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); @@ -7821,7 +7738,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_3a( +static KRML_MUSTINLINE void serialize_kem_secret_key_75( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7883,7 +7800,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_4a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_3c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -7893,13 +7810,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_4a(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_10(ind_cpa_keypair_randomness); + generate_keypair_e5(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_3a( + serialize_kem_secret_key_75( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -7908,12 +7825,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_4a(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_e5(uu____1); + libcrux_ml_kem_types_from_e7_b3(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_d5( - uu____2, libcrux_ml_kem_types_from_07_cf(uu____3)); + return libcrux_ml_kem_types_from_64_dc( + uu____2, libcrux_ml_kem_types_from_07_8b(uu____3)); } /** @@ -7926,7 +7843,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_64(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_79(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_20_02();); @@ -7980,17 +7897,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_1f( +static KRML_MUSTINLINE void invert_ntt_montgomery_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_4b(&zeta_i, re); - invert_ntt_at_layer_2_0d(&zeta_i, re); - invert_ntt_at_layer_3_29(&zeta_i, re); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_09(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_67(&zeta_i, re); + invert_ntt_at_layer_2_57(&zeta_i, re); + invert_ntt_at_layer_3_13(&zeta_i, re); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)7U); poly_barrett_reduce_20_98(re); } @@ -8000,7 +7917,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_0f( +static KRML_MUSTINLINE void compute_vector_u_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8032,8 +7949,8 @@ static KRML_MUSTINLINE void compute_vector_u_0f( ntt_multiply_20_db(a_element, &r_as_ntt[j]); add_to_ring_element_20_98(&result0[i1], &product); } - invert_ntt_montgomery_1f(&result0[i1]); - add_error_reduce_20_59(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_ba(&result0[i1]); + add_error_reduce_20_4a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8051,7 +7968,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c4( +compute_ring_element_v_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8061,8 +7978,8 @@ compute_ring_element_v_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_20_98(&result, &product);); - invert_ntt_montgomery_1f(&result); - result = add_message_error_reduce_20_5e(error_2, message, result); + invert_ntt_montgomery_ba(&result); + result = add_message_error_reduce_20_79(error_2, message, result); return result; } @@ -8075,7 +7992,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_41( +static void compress_then_serialize_u_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8093,7 +8010,7 @@ static void compress_then_serialize_u_41( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_da(&re, ret); + compress_then_serialize_ring_element_u_08(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -8119,7 +8036,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_cf( +static void encrypt_unpacked_ba( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -8134,7 +8051,7 @@ static void encrypt_unpacked_cf( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_64(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_79(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8149,24 +8066,24 @@ static void encrypt_unpacked_cf( sample_from_binomial_distribution_48(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_0f(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_ff(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_b7(uu____4); + deserialize_then_decompress_message_aa(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c4(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_0f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_41( + compress_then_serialize_u_f5( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_ef( + compress_then_serialize_ring_element_v_0e( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -8192,7 +8109,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8222,7 +8139,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_cf(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_ba(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -8231,7 +8148,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_2d( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_48(uu____4); + libcrux_ml_kem_types_from_15_55(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -8250,7 +8167,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_2d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a0(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], @@ -8258,38 +8175,6 @@ static KRML_MUSTINLINE void entropy_preprocess_af_2d(Eurydice_slice randomness, core_result_unwrap_41_83(dst, ret); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_65( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_02();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8308,10 +8193,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_65( + deserialize_ring_elements_reduced_2a( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -8350,7 +8235,7 @@ static void encrypt_bd(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_cf(uu____3, uu____4, randomness, result); + encrypt_unpacked_ba(uu____3, uu____4, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8365,7 +8250,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_c8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_79(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], @@ -8392,11 +8277,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_83( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_2d( + entropy_preprocess_af_a0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -8409,7 +8294,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_83( size_t, Eurydice_slice); uint8_t ret[32U]; H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -8427,18 +8312,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_83( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_9c(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_bd(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_d7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_48(uu____4); + libcrux_ml_kem_types_from_15_55(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c8(shared_secret, shared_secret_array); + kdf_af_79(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8456,7 +8341,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_12( +static KRML_MUSTINLINE void deserialize_then_decompress_u_05( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -8481,16 +8366,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_12( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_9d(u_bytes); + deserialize_then_decompress_ring_element_u_f9(u_bytes); u_as_ntt[i0] = uu____0; - ntt_vector_u_6c(&u_as_ntt[i0]); + ntt_vector_u_3a(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - result, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -8501,7 +8382,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2c( +compute_message_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -8510,8 +8391,8 @@ compute_message_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_20_98(&result, &product);); - invert_ntt_montgomery_1f(&result); - result = subtract_reduce_20_e9(v, result); + invert_ntt_montgomery_ba(&result); + result = subtract_reduce_20_ae(v, result); return result; } @@ -8525,20 +8406,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_be( +static void decrypt_unpacked_40( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_12(ciphertext, u_as_ntt); + deserialize_then_decompress_u_05(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_45( + deserialize_then_decompress_ring_element_v_51( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_06(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_4e(message, ret0); + compress_then_serialize_message_d3(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8578,11 +8459,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_be(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_40(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( @@ -8616,7 +8497,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -8626,10 +8507,10 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_b9( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_cf(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_ba(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -8647,7 +8528,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_5e( +static KRML_MUSTINLINE void deserialize_secret_key_a3( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -8664,7 +8545,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_5e( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ee(secret_bytes); + deserialize_to_uncompressed_ring_element_c7(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -8686,10 +8567,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_bc(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_12(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_5e(secret_key, secret_as_ntt); + deserialize_secret_key_a3(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -8700,7 +8581,7 @@ static void decrypt_bc(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_be(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_40(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8726,7 +8607,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b( +void libcrux_ml_kem_ind_cca_decapsulate_6b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8745,7 +8626,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_bc(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_12(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), @@ -8771,7 +8652,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_41(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -8780,17 +8661,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b( uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_bd(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_d7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c8( + kdf_af_79( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_c8(shared_secret0, shared_secret1); + kdf_af_79(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_da(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 0ff167edb..f221b9507 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_mlkem_portable_H @@ -257,11 +257,10 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ ((int32_t)20159) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \ + ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT) int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index cbeb093c6..45aed6f61 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e17f0055e..46869b9a3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 86c8925f7..89133123f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 0fc1cf623..5301f3c98 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e565df5af..8e379321b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 342c9779c..ee848eab4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: a6e4d55c8fe834886fcbfcdc09dbc3db0122f563 + * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 83941c46b..db290ea88 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -1,5 +1,4 @@ use super::traits::Operations; -use crate::vector::traits::Repr; pub(crate) use libcrux_intrinsics::avx2::*; mod arithmetic; @@ -44,7 +43,8 @@ fn vec_from_i16_array(array: &[i16]) -> SIMD256Vector { } } -impl Repr for SIMD256Vector { +#[cfg(hax)] +impl crate::vector::traits::Repr for SIMD256Vector { fn repr(x: Self) -> [i16; 16] { vec_to_i16_array(x) } @@ -151,6 +151,7 @@ impl Operations for SIMD256Vector { } } + #[ensures(|result| fstar!("f_repr $result == Spec.MLKEM.Math.ntt_layer_step $a $zeta0..."))] fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 058f4a90a..394434cc7 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -1,7 +1,6 @@ //! Vectors for libcrux using aarch64 (neon) intrinsics use super::{Operations, FIELD_MODULUS}; -use crate::vector::traits::Repr; // mod sampling; mod arithmetic; @@ -17,7 +16,8 @@ use serialize::*; pub(crate) use vector_type::SIMD128Vector; use vector_type::*; -impl Repr for SIMD128Vector { +#[cfg(hax)] +impl crate::vector::traits::Repr for SIMD128Vector { fn repr(x: Self) -> [i16; 16] { to_i16_array(x) } diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index c2a89d51b..986543086 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -1,5 +1,4 @@ use super::Operations; -use crate::vector::traits::Repr; mod arithmetic; mod compress; mod ntt; @@ -16,7 +15,8 @@ use vector_type::*; pub(crate) use vector_type::PortableVector; -impl Repr for PortableVector { +#[cfg(hax)] +impl crate::vector::traits::Repr for PortableVector { fn repr(x: Self) -> [i16; 16] { to_i16_array(x) } @@ -24,11 +24,6 @@ impl Repr for PortableVector { #[hax_lib::attributes] impl Operations for PortableVector { - #[ensures(|result| fstar!("out == impl.f_repr $x"))] - fn to_i16_array(x: Self) -> [i16; 16] { - to_i16_array(x) - } - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { zero() @@ -40,6 +35,11 @@ impl Operations for PortableVector { from_i16_array(array) } + #[ensures(|result| fstar!("out == impl.f_repr $x"))] + fn to_i16_array(x: Self) -> [i16; 16] { + to_i16_array(x) + } + #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) @@ -96,6 +96,7 @@ impl Operations for PortableVector { decompress_ciphertext_coefficient::(v) } + #[ensures(|result| fstar!("f_repr $result == Spec.MLKEM.Math.ntt_layer_step $a $zeta0..."))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 916036964..56ff9cf27 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -5,27 +5,28 @@ pub const INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209; // FIELD_MODULUS^{-1 pub const BARRETT_SHIFT: i32 = 26; pub const BARRETT_R: i32 = 1 << BARRETT_SHIFT; +#[cfg(hax)] #[hax_lib::attributes] pub trait Repr: Copy + Clone { #[requires(true)] fn repr(x: Self) -> [i16; 16]; } - +#[cfg(hax)] #[hax_lib::attributes] pub trait Operations: Copy + Clone + Repr { + #[allow(non_snake_case)] #[requires(true)] - #[ensures(|result| fstar!("f_repr $x == $result"))] - fn to_i16_array(x: Self) -> [i16; 16]; - + #[ensures(|result| fstar!("f_repr $result == Seq.create 16 0s"))] + fn ZERO() -> Self; + #[requires(array.len() == 16)] #[ensures(|result| fstar!("f_repr $result == $array"))] fn from_i16_array(array: &[i16]) -> Self; - - #[allow(non_snake_case)] + #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Seq.create 16 0s"))] - fn ZERO() -> Self; + #[ensures(|result| fstar!("f_repr $x == $result"))] + fn to_i16_array(x: Self) -> [i16; 16]; // Basic arithmetic #[requires(true)] @@ -125,6 +126,46 @@ pub trait Operations: Copy + Clone + Repr { fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } +#[cfg(not(hax))] +pub trait Operations: Copy + Clone { + #[allow(non_snake_case)] + fn ZERO() -> Self; + fn from_i16_array(array: &[i16]) -> Self; + fn to_i16_array(x: Self) -> [i16; 16]; + fn add(lhs: Self, rhs: &Self) -> Self; + fn sub(lhs: Self, rhs: &Self) -> Self; + fn multiply_by_constant(v: Self, c: i16) -> Self; + fn bitwise_and_with_constant(v: Self, c: i16) -> Self; + fn shift_right(v: Self) -> Self; + fn cond_subtract_3329(v: Self) -> Self; + fn barrett_reduce(vector: Self) -> Self; + fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; + fn compress_1(v: Self) -> Self; + fn compress(v: Self) -> Self; + fn decompress_ciphertext_coefficient(v: Self) -> Self; + fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; + fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; + fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; + fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; + fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; + fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; + fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) + -> Self; + fn serialize_1(a: Self) -> [u8; 2]; + fn deserialize_1(a: &[u8]) -> Self; + fn serialize_4(a: Self) -> [u8; 8]; + fn deserialize_4(a: &[u8]) -> Self; + fn serialize_5(a: Self) -> [u8; 10]; + fn deserialize_5(a: &[u8]) -> Self; + fn serialize_10(a: Self) -> [u8; 20]; + fn deserialize_10(a: &[u8]) -> Self; + fn serialize_11(a: Self) -> [u8; 22]; + fn deserialize_11(a: &[u8]) -> Self; + fn serialize_12(a: Self) -> [u8; 24]; + fn deserialize_12(a: &[u8]) -> Self; + fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; +} + // hax does not support trait with default implementations, so we use the following pattern pub fn montgomery_multiply_fe(v: T, fer: i16) -> T { T::montgomery_multiply_by_constant(v, fer) From 9201ec6e53031e8ff80151cd92d856719149bef0 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 27 Aug 2024 17:15:10 +0000 Subject: [PATCH 158/348] refreshed c and fstar --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 251 +- .../c/internal/libcrux_mlkem_avx2.h | 46 +- .../c/internal/libcrux_mlkem_portable.h | 50 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 76 +- libcrux-ml-kem/c/libcrux_core.c | 427 +- libcrux-ml-kem/c/libcrux_core.h | 124 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 144 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 142 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 46 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 142 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8733 ++++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 538 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8691 +--------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 579 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 5695 ++++++----- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 270 +- libcrux-ml-kem/c/libcrux_sha3.h | 91 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2467 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 68 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 1309 ++- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3567 +------ libcrux-ml-kem/c/libcrux_sha3_neon.h | 58 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 18 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 796 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 417 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +- .../Libcrux_ml_kem.Vector.Portable.fsti | 28 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 26 +- libcrux-ml-kem/src/vector/avx2.rs | 1 - libcrux-ml-kem/src/vector/portable.rs | 1 - 47 files changed, 17673 insertions(+), 17485 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index b8da2d7dd..3ae4c6980 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 0576bfc67e99aae86c51930421072688138b672b +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc +Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,25 +90,26 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 4ada0d5ed..5bf5efe81 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_8b1( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_0e1( + uint8_t value[1568U]); /** This function found in impl @@ -83,12 +85,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_dc1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_671( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -97,10 +99,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_b31( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_ea1( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -109,10 +111,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_551( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_581( + uint8_t value[1568U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -120,10 +122,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_b21( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_fe1( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -132,18 +134,21 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da1( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_381( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -152,10 +157,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_8b0( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_0e0( + uint8_t value[1184U]); /** This function found in impl @@ -164,12 +169,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_dc0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_670( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -178,10 +183,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_b30( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_ea0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +195,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_550( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_580( + uint8_t value[1088U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -201,10 +206,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_b20( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_fe0( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -213,18 +218,21 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da0( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_380( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -233,10 +241,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_8b( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_0e( + uint8_t value[800U]); /** This function found in impl @@ -245,12 +253,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_dc( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_67( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -259,10 +267,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_b3( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_ea( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -271,10 +279,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_55( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_58( + uint8_t value[768U]); /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} @@ -282,17 +290,20 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_b2( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_f6_fe( + libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -318,12 +329,15 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -333,36 +347,101 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_38( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -387,10 +466,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 6c1c693a6..fdb8dc318 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_001(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_151(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_061( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_111(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_981( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f41( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4c1( +void libcrux_ml_kem_ind_cca_decapsulate_4a1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_000(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_150(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_060( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_110(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_980( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6d0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f40( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4c0( +void libcrux_ml_kem_ind_cca_decapsulate_4a0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_00(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_15(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_06( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_3f( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_11( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f4( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4c( +void libcrux_ml_kem_ind_cca_decapsulate_4a( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 364aaa025..749f9cbbb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_251(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c91(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3c1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_9a1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e11( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_be1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_311( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_6b1( +void libcrux_ml_kem_ind_cca_decapsulate_5f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_250(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c90(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_3c0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_9a0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_be0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_310( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_6b0( +void libcrux_ml_kem_ind_cca_decapsulate_5f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_25(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c9(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3c(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_31( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_6b( +void libcrux_ml_kem_ind_cca_decapsulate_5f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index c5b1cdf8c..d83ea9c17 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 7ff8328b6..3fc73c214 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,16 +24,22 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -44,7 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -52,29 +58,35 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } #define libcrux_sha3_Sha224 0 @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_next_block( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -134,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -142,62 +157,77 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index c42e9b5cd..ff8e04abd 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,14 +28,17 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -43,6 +49,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -50,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -85,14 +94,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_8b1( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_0e1( + uint8_t value[1568U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -103,13 +113,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_dc1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_671( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -119,14 +130,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_b31( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_ea1( + uint8_t value[3168U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -137,14 +149,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_551( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_581( + uint8_t value[1568U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -154,10 +167,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_b21( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_fe1( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -168,30 +181,30 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da1( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_381( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -201,14 +214,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_8b0( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_0e0( + uint8_t value[1184U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -219,14 +233,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_dc0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_670( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -236,14 +250,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_b30( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_ea0( + uint8_t value[2400U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -254,14 +269,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_550( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_580( + uint8_t value[1088U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -271,10 +287,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_b20( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_fe0( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -285,30 +301,30 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da0( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_380( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -318,14 +334,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#13} /** A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_8b( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_0e( + uint8_t value[800U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -336,14 +353,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_64 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_dc( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_67( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -353,14 +369,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#7} /** A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_b3( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_ea( + uint8_t value[1632U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -371,14 +388,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_55( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_58( + uint8_t value[768U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -388,28 +406,29 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_b2( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_f6_fe( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -433,21 +452,22 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -458,50 +478,111 @@ libcrux_ml_kem::types::MlKemCiphertext)} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_da( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_38( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b1e4be169..00ebb74d5 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index d87f6dfc5..218453fb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 95f6720d6..888425745 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_24( +static void decapsulate_f3( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4a0(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_24(private_key, ciphertext, ret); + decapsulate_f3(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_90( +static void decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f40(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_90(private_key, ciphertext, ret); + decapsulate_unpacked_d1(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_4f( +static tuple_21 encapsulate_6c( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6d0(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4f(uu____0, copy_of_randomness); + return encapsulate_6c(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_4e( +static tuple_21 encapsulate_unpacked_e9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_4e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_980( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_4e(uu____0, copy_of_randomness); + return encapsulate_unpacked_e9(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b3( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_110(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b3(copy_of_randomness); + return generate_keypair_a3(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_96(uint8_t randomness[64U]) { +generate_keypair_unpacked_3e(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_060( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_96(copy_of_randomness); + return generate_keypair_unpacked_3e(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_ff0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_000(public_key); +static bool validate_public_key_ea0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_150(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_ff0(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_ff0(public_key.value)) { + if (validate_public_key_ea0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 788cc4b86..7e589711f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 74e71d05c..a94309e46 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_mlkem1024_portable.h" @@ -35,20 +35,30 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_8b( +static void decapsulate_23( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6b1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5f1(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_8b(private_key, ciphertext, ret); + decapsulate_23(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -70,19 +80,26 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_87( +static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_311(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_87(private_key, ciphertext, ret); + decapsulate_unpacked_70(private_key, ciphertext, ret); } /** @@ -102,24 +119,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_c4( +static tuple_21 encapsulate_cb( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e11(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_be1(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c4(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_cb(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -138,25 +167,37 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_7c( +static tuple_21 encapsulate_unpacked_d5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e01(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_7c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_d5(uu____0, copy_of_randomness); } /** @@ -171,20 +212,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_43( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_18( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3c1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_9a1(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_43(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_18(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -198,18 +247,24 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_84(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61(uu____0); +generate_keypair_unpacked_8d(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_84(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_8d(copy_of_randomness); } /** @@ -220,14 +275,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_c81(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_251(public_key); +static bool validate_public_key_0f1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c91(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_c81(public_key.value)) { + if (validate_public_key_0f1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 38a8acefa..2dfabc1a8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index f9eca7330..1722c1f14 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index b032f9e24..4f5cd8c74 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_44(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4a(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_44(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_44(private_key, ciphertext, ret); + decapsulate_1c(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_5a( +static void decapsulate_unpacked_36( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f4(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_5a( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_5a(private_key, ciphertext, ret); + decapsulate_unpacked_36(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_10( +static tuple_ec encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6d(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, copy_of_randomness); + return encapsulate_93(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_b5( +static tuple_ec encapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_b5( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b5(uu____0, copy_of_randomness); + return encapsulate_unpacked_ff(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9b( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c6( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_11(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9b(copy_of_randomness); + return generate_keypair_c6(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_20(uint8_t randomness[64U]) { +generate_keypair_unpacked_7a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_06( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_20(copy_of_randomness); + return generate_keypair_unpacked_7a(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_ff(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key); +static bool validate_public_key_ea(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_15(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ff(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_ff(public_key.value)) { + if (validate_public_key_ea(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 16943bc53..c08174811 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 133e3978f..8717edd85 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_mlkem512_portable.h" @@ -35,18 +35,28 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_ed(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5f0(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_ed(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,17 +78,24 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_76( +static void decapsulate_unpacked_b0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_310(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_76(private_key, ciphertext, ret); + decapsulate_unpacked_b0(private_key, ciphertext, ret); } /** @@ -98,24 +115,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_44( +static tuple_ec encapsulate_5b( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e10(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_be0(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_5b(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -134,25 +163,35 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_4a( +static tuple_ec encapsulate_unpacked_3a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e00(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_4a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_3a(uu____0, copy_of_randomness); } /** @@ -167,20 +206,28 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f4( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3c0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_9a0(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_7b(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -194,18 +241,24 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_dc(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60(uu____0); +generate_keypair_unpacked_88(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_dc(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_88(copy_of_randomness); } /** @@ -216,14 +269,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_c80(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_250(public_key); +static bool validate_public_key_0f0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c90(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_c80(public_key.value)) { + if (validate_public_key_0f0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index aa3deab25..5a52535ce 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 2df61cd4f..f3e6953da 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 9450a58db..b7f16106e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_68( +static void decapsulate_10( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4c1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4a1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_68( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_68(private_key, ciphertext, ret); + decapsulate_10(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_cb( +static void decapsulate_unpacked_1f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f41(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_cb( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_cb(private_key, ciphertext, ret); + decapsulate_unpacked_1f(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_85( +static tuple_3c encapsulate_6f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6d1(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_85(uu____0, copy_of_randomness); + return encapsulate_6f(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_f3( +static tuple_3c encapsulate_unpacked_b8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_f3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_981( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f3(uu____0, copy_of_randomness); + return encapsulate_unpacked_b8(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_da( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_75( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3f1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_111(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_da(copy_of_randomness); + return generate_keypair_75(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_e3(uint8_t randomness[64U]) { +generate_keypair_unpacked_4c(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_061( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_e3(copy_of_randomness); + return generate_keypair_unpacked_4c(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_ff1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_001(public_key); +static bool validate_public_key_ea1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_151(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ff1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_ff1(public_key.value)) { + if (validate_public_key_ea1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index fc17ed69b..decd40742 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7b80778b7..3b992c994 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_mlkem768_portable.h" @@ -35,18 +35,28 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_04( +static void decapsulate_6b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5f(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_04(private_key, ciphertext, ret); + decapsulate_6b(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,17 +78,24 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_de( +static void decapsulate_unpacked_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_31(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_de(private_key, ciphertext, ret); + decapsulate_unpacked_c8(private_key, ciphertext, ret); } /** @@ -98,24 +115,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_12( +static tuple_3c encapsulate_e5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_be(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_12(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_e5(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -134,25 +163,35 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_9e( +static tuple_3c encapsulate_unpacked_1f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e0(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( + uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1f(uu____0, copy_of_randomness); } /** @@ -167,20 +206,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6f( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_99( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3c(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_9a(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6f(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_99(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -194,18 +241,24 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_f6(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6(uu____0); +generate_keypair_unpacked_2f(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f6(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_2f(copy_of_randomness); } /** @@ -216,14 +269,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_c8(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_25(public_key); +static bool validate_public_key_0f(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_c8(public_key.value)) { + if (validate_public_key_0f(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0e71b3e45..3b7b27bd9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 65d32cb30..f9830bc7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,21 +4,24 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +29,8719 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_vec_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ZERO_09(void) { + return libcrux_ml_kem_vector_avx2_vec_zero(); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( + Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); + int16_t result[16U]; + memcpy(result, output, (size_t)16U * sizeof(int16_t)); + memcpy(ret, result, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_09(core_core_arch_x86___m256i x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_09( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_09( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( + core_core_arch_x86___m256i v, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_09( + core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( + core_core_arch_x86___m256i vector, int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_09( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_09( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_09( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + lower_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_09( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_09( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_09( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( + Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_78( + core_core_arch_x86___m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_3b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_3b(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_79(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 +with const generics +- SHIFT_BY= 15 +*/ +static core_core_arch_x86___m256i shift_right_09_fb( + core_core_arch_x86___m256i vector) { + return shift_right_79(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static core_core_arch_x86___m256i to_unsigned_representative_d4( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_09_fb(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_09(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_d4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_a81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_d7(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_fb1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); + uint8_t ret0[1152U]; + serialize_secret_key_a81(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); + uint8_t result[1184U]; + memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_151(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_e71( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_fb1( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_20_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d1(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_first_three_blocks_6b1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_next_block_1b1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_20_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_20_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca1(copy_of_seeds); + uint8_t randomness0[3U][504U]; + shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; + memcpy(result, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ret, result, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_25(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_20_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_92(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_20_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_920(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_25(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_64( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_09( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_09(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i montgomery_multiply_fe_55( + core_core_arch_x86___m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_55(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); + a = libcrux_ml_kem_vector_avx2_add_09(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_88( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_45( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_10( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_83( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_20_94( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_64(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_45(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_83(&zeta_i, re); + poly_barrett_reduce_20_94(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_701( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_20_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 result; + memcpy( + result.fst, copy_of_re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_20_41(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_20_871( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i to_standard_domain_f0( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_20_a5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_f0(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_bb1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result0[i] = ZERO_20_d5();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_871(&result0[i1], &product); + } + add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_751( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_701(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_bb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_fc1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_20_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_b3( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + core_core_arch_x86___m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + tuple_9b0 uu____0 = generate_keypair_unpacked_751(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_fc1(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_fb1( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U]); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_4f1( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_751(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_fb1( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_a81(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_9a1( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_111(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_4f1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_9a1( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_e7_ea0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_670( + uu____2, libcrux_ml_kem_types_from_07_0e0(copy_of_public_key)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_4f1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_20_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; + memcpy( + copy_of_error_1, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 result; + memcpy( + result.fst, copy_of_error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + result.snd = domain_separator; + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_29( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_9c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_bc( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_8c(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_09(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_add_09(a, &b)); + b = montgomery_multiply_fe_55(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_e6( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_8c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_401( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_9c(&zeta_i, re); + invert_ntt_at_layer_3_bc(&zeta_i, re); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_94(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_20_b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_4f1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result0[i] = ZERO_20_d5();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(a_element, &r_as_ntt[j]); + add_to_ring_element_20_871(&result0[i1], &product); + } + invert_ntt_montgomery_401(&result0[i1]); + add_error_reduce_20_b1(&result0[i1], &error_1[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, result0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static core_core_arch_x86___m256i decompress_1_14( + core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_48(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_09( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, + uint8_t)); + re.coefficients[i0] = decompress_1_14(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_20_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + result.coefficients[i0], (int16_t)1441); + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_09( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_411( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_871(&result, &product);); + invert_ntt_montgomery_401(&result); + result = add_message_error_reduce_20_24(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_bd(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i compress_09_de( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_bd(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_43( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_09_de(to_unsigned_representative_d4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_bd0(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i compress_09_de0( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_bd0(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_61( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_43(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_3a1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_61(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_bd1(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i compress_09_de1( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_bd1(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_f8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_09_de1(to_unsigned_representative_d4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); + Eurydice_slice_copy( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_bd2(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i compress_09_de2( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_bd2(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_e0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficients = + compress_09_de2(to_unsigned_representative_d4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); + Eurydice_slice_copy( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_f8(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_cb1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_4f1(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_4f1(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_48(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_411(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_3a1( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_ba( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_cb1(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_571(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_e71( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1088U]; + encrypt_unpacked_cb1(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_671(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d1( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_571( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + uint8_t hashed[64U]; + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_dd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_671(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c result; + result.fst = uu____5; + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_b5(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_52( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_b5(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_9c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + LowStar_Ignore_ignore( + Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i), + size_t, void *); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_52(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_b50(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_520( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_b50(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_ab(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_520(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_91(Eurydice_slice serialized) { + return deserialize_then_decompress_10_9c(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_45(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_83(&zeta_i, re); + poly_barrett_reduce_20_94(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b61( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_91(u_bytes); + ntt_vector_u_a0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_b51(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_521( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_b51(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_ef(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_521(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_b52(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_522( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_b52(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_11(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_09_522(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_79(Eurydice_slice serialized) { + return deserialize_then_decompress_4_ef(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_20_bf(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_e61( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_871(&result, &product);); + invert_ntt_montgomery_401(&result); + result = subtract_reduce_20_bf(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_3b( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_d4(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_e11( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_b61(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_79( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_e61(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_3b(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_e11(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_cb1(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); + } + return re; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b31( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_d1(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_da1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_b31(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t result[32U]; + decrypt_unpacked_e11(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_4a1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_da1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); + uint8_t hashed[64U]; + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_dd1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_671(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_671(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_3b(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_a80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_d7(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_fb0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); + uint8_t ret0[1536U]; + serialize_secret_key_a80(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); + uint8_t result[1568U]; + memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_150(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_e70( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_fb0( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_20_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d0(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_first_three_blocks_6b0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_next_block_1b0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_20_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca0(copy_of_seeds); + uint8_t randomness0[4U][504U]; + shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U][4U]; + memcpy(result, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ret, result, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_700( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_20_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 result; + memcpy( + result.fst, copy_of_re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_20_870( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_bb0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result0[i] = ZERO_20_d5();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_870(&result0[i1], &product); + } + add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_750( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_700(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_bb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_fc0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_20_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + tuple_54 uu____0 = generate_keypair_unpacked_750(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_fc0(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_fb0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U]); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_4f0( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_750(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_fb0( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_a80(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_9a0( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_110(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_4f0(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_9a0( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_e7_ea1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_671( + uu____2, libcrux_ml_kem_types_from_07_0e1(copy_of_public_key)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_4f0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_20_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; + memcpy( + copy_of_error_1, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 result; + memcpy( + result.fst, copy_of_error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_400( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_9c(&zeta_i, re); + invert_ntt_at_layer_3_bc(&zeta_i, re); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_94(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_4f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result0[i] = ZERO_20_d5();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(a_element, &r_as_ntt[j]); + add_to_ring_element_20_870(&result0[i1], &product); + } + invert_ntt_montgomery_400(&result0[i1]); + add_error_reduce_20_b1(&result0[i1], &error_1[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, result0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_410( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_870(&result, &product);); + invert_ntt_montgomery_400(&result); + result = add_message_error_reduce_20_24(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_b60( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + core_core_arch_x86___m256i coefficient = + compress_09_de0(to_unsigned_representative_d4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_611( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_b60(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_3a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_611(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_e0(re, out); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_cb0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_4f0(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_4f0(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_48(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_410(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_3a0( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_ba0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_cb0(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_570(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_e70( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_cb0(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_670(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6d0( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_570( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + uint8_t hashed[64U]; + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_dd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_670(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_21 result; + result.fst = uu____5; + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_910(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ab(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_a00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_45(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_83(&zeta_i, re); + poly_barrett_reduce_20_94(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b60( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_910(u_bytes); + ntt_vector_u_a00(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_790(Eurydice_slice serialized) { + return deserialize_then_decompress_5_11(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_e60( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_870(&result, &product);); + invert_ntt_montgomery_400(&result); + result = subtract_reduce_20_bf(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_e10( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_b60(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_790( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_e60(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_3b(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_e10(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_cb0(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b30( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_d1(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_da0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_b30(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t result[32U]; + decrypt_unpacked_e10(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_4a0( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_da0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); + uint8_t hashed[64U]; + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_dd0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_670(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_670(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(public_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_3b(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_a8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_d7(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_fb( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); + uint8_t ret0[768U]; + serialize_secret_key_a8(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); + uint8_t result[800U]; + memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_15(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_e7( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_fb( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_20_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_4d(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with +const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_first_three_blocks_6b(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_next_block_1b(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_20_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_final_a9_ca(copy_of_seeds); + uint8_t randomness0[2U][504U]; + shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U][2U]; + memcpy(result, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ret, result, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_92(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_92(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_70( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_20_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_92( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 result; + memcpy( + result.fst, copy_of_re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_20_87( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i), + core_core_arch_x86___m256i); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_bb( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result0[i] = ZERO_20_d5();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_87(&result0[i1], &product); + } + add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_75( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_70(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_bb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_fc( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_20_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + tuple_4c uu____0 = generate_keypair_unpacked_75(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_fc(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_fb( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U]); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_4f( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_75(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_fb( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_a8(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_9a( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_11( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_4f(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_9a( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_67( + uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_4f(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_20_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; + memcpy( + copy_of_error_1, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 result; + memcpy( + result.fst, copy_of_error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + result.snd = domain_separator; + return result; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_40( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_29(&zeta_i, re); + invert_ntt_at_layer_2_9c(&zeta_i, re); + invert_ntt_at_layer_3_bc(&zeta_i, re); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_94(re); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_4f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result0[i] = ZERO_20_d5();); + for (size_t i0 = (size_t)0U; + i0 < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(a_element, &r_as_ntt[j]); + add_to_ring_element_20_87(&result0[i1], &product); + } + invert_ntt_montgomery_40(&result0[i1]); + add_error_reduce_20_b1(&result0[i1], &error_1[i1]); + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, result0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_41( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_87(&result, &product);); + invert_ntt_montgomery_40(&result); + result = add_message_error_reduce_20_24(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_61(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_cb( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_4f(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_920( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_4f(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_48(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_41(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_3a( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_ba( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); + uint8_t hashed[64U]; + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_cb(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_e7( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[768U]; + encrypt_unpacked_cb(uu____3, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_67(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6d( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_57( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + uint8_t hashed[64U]; + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_67(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_ec result; + result.fst = uu____5; + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b6( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_91(u_bytes); + ntt_vector_u_a0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_e6( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_87(&result, &product);); + invert_ntt_montgomery_40(&result); + result = subtract_reduce_20_bf(v, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_e1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_b6(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_79( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_e6(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_3b(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_e1(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t), + uint8_t); + uint8_t hashed[64U]; + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_cb(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_b3( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_20_d5();); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(secret_key, uint8_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_d1(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_da(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_b3(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t result[32U]; + decrypt_unpacked_e1(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_4a( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_da(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); + uint8_t hashed[64U]; + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + uint8_t); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_67(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_af_67(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t), + shared_secret); + uint8_t result[32U]; + memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index b6a41fc85..9c6c46953 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,534 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_vec_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_09(void); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array( + Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( + Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_vec_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_09(core_core_arch_x86___m256i x, + int16_t ret[16U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_09( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_09( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( + core_core_arch_x86___m256i v, int16_t c); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( + core_core_arch_x86___m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + core_core_arch_x86___m256i vector, int16_t constant); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_09( + core_core_arch_x86___m256i vector); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( + core_core_arch_x86___m256i vector, int16_t zeta); + +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_09( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_09( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_09( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_09( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_09( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( + Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_09( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); + +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( + Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_78( + core_core_arch_x86___m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + core_core_arch_x86___m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index ac3d6f7d3..cea132b10 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,24 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8679 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - int16_t result[16U]; - memcpy(result, out, (size_t)16U * sizeof(int16_t)); - memcpy(ret, result, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - core_core_arch_arm_shared_neon_uint16x8_t m0 = - libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - core_core_arch_arm_shared_neon_uint16x8_t m1 = - libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - core_core_arch_arm_shared_neon_int16x8_t c0 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - core_core_arch_arm_shared_neon_int16x8_t c1 = - libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v) { - core_core_arch_arm_shared_neon_int16x8_t adder = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - core_core_arch_arm_shared_neon_int16x8_t vec = - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - core_core_arch_arm_shared_neon_int16x8_t vec0 = - libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - core_core_arch_arm_shared_neon_int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)11, vec0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t sub = - libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high) { - core_core_arch_arm_shared_neon_int16x8_t k = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_arm_shared_neon_int16x8_t c = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t half = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - core_core_arch_arm_shared_neon_int16x8_t quarter = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - core_core_arch_arm_shared_neon_int16x8_t shifted = - libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - core_core_arch_arm_shared_neon_int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - core_core_arch_arm_shared_neon_uint16x8_t)); - core_core_arch_arm_shared_neon_int16x8_t shifted0 = - libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, shifted0, core_core_arch_arm_shared_neon_int16x8_t); - core_core_arch_arm_shared_neon_int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); - core_core_arch_arm_shared_neon_int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - core_core_arch_arm_shared_neon_uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c) { - core_core_arch_arm_shared_neon_int16x8_t v_low = - libcrux_intrinsics_arm64__vmulq_s16(v, c); - core_core_arch_arm_shared_neon_int16x8_t v_high = - libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), - core_core_arch_arm_shared_neon_int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t dup_a = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t dup_b = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - core_core_arch_arm_shared_neon_int16x8_t a = - libcrux_intrinsics_arm64__vaddq_s16(a0, b0); - core_core_arch_arm_shared_neon_int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - core_core_arch_arm_shared_neon_int16x8_t zeta0 = - libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - core_core_arch_arm_shared_neon_int16x8_t b_minus_a = - libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - core_core_arch_arm_shared_neon_int16x8_t zeta = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t a0 = - libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1 = - libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - core_core_arch_arm_shared_neon_int16x8_t b0 = - libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t b1 = - libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); - core_core_arch_arm_shared_neon_int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - core_core_arch_arm_shared_neon_int32x4_t a1b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - core_core_arch_arm_shared_neon_int32x4_t a1b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - core_core_arch_arm_shared_neon_int16x8_t fst_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t fst_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_low = - libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - core_core_arch_arm_shared_neon_int32x4_t a0b1_high = - libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - core_core_arch_arm_shared_neon_int16x8_t snd_low = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - core_core_arch_arm_shared_neon_int16x8_t snd_high = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - core_core_arch_arm_shared_neon_int16x8_t fst_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - core_core_arch_arm_shared_neon_int16x8_t snd_low16 = - libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); - core_core_arch_arm_shared_neon_int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - core_core_arch_arm_shared_neon_int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - core_core_arch_arm_shared_neon_int32x4_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int32x4_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - core_core_arch_arm_shared_neon_int16x8_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - core_core_arch_arm_shared_neon_int16x8_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - core_core_arch_arm_shared_neon_uint8x16_t index = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - core_core_arch_arm_shared_neon_int16x8_t high2 = - libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - core_core_arch_arm_shared_neon_int16x8_t one = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - core_core_arch_arm_shared_neon_int16x8_t low0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_arm_shared_neon_int16x8_t high0 = - libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - core_core_arch_arm_shared_neon_int16x8_t shift = - libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_slice( - (size_t)8U, shifter, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t lowt = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - core_core_arch_arm_shared_neon_uint16x8_t hight = - libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)10, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)20, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - core_core_arch_arm_shared_neon_int32x4_t low00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t low10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - core_core_arch_arm_shared_neon_int32x4_t mixt = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, low00, low10, core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t low0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - core_core_arch_arm_shared_neon_int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, low0, low1, core_core_arch_arm_shared_neon_int64x2_t); - core_core_arch_arm_shared_neon_int32x4_t high00 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t high10 = - libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - core_core_arch_arm_shared_neon_int32x4_t mixt0 = - libcrux_intrinsics_arm64__vsliq_n_s32( - (int32_t)12, high00, high10, - core_core_arch_arm_shared_neon_int32x4_t); - core_core_arch_arm_shared_neon_int64x2_t high0 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high1 = - libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - core_core_arch_arm_shared_neon_int64x2_t high_mix = - libcrux_intrinsics_arm64__vsliq_n_s64( - (int32_t)24, high0, high1, core_core_arch_arm_shared_neon_int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - core_core_arch_arm_shared_neon_uint8x16_t index_vec = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - core_core_arch_arm_shared_neon_int16x8_t shift_vec = - libcrux_intrinsics_arm64__vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t mask12 = - libcrux_intrinsics_arm64__vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec0 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_arm_shared_neon_uint8x16_t input_vec1 = - libcrux_intrinsics_arm64__vld1q_u8(Eurydice_array_to_slice( - (size_t)16U, input1, uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint16x8_t moved0 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted0 = - libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - core_core_arch_arm_shared_neon_uint16x8_t moved1 = - libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - core_core_arch_arm_shared_neon_uint16x8_t shifted1 = - libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_20_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_621( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_dd(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.low, core_core_arch_arm_shared_neon_int16x8_t); - v.high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)15, v.high, core_core_arch_arm_shared_neon_int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_4e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_dd(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_88( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_4e(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_25( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_88(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_dc1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_25(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_261( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_dc1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - uint8_t result[800U]; - memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_621( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_261( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_b71(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d1( - Simd128Hash *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_7d1(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_20_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_20_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_551(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U][2U]; - memcpy(result, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ret, result, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_68(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_20_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_20_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_e90(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_a6(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_4d( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_c5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_4d(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c8( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_c5( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_2e( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_81( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_5f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_20_47( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_b2(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_2e(&zeta_i, re); - ntt_at_layer_2_81(&zeta_i, re); - ntt_at_layer_1_5f(&zeta_i, re); - poly_barrett_reduce_20_47(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_c01( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_e90(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_24(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 result; - memcpy( - result.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_20_ee(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_20_fe1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_90(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_20_6b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_90(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_4c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fe1(&result0[i1], &product); - } - add_standard_error_reduce_20_6b(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_b71( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_c01(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_c01(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_4c1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_2b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_3a_f8( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_b71(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_2b1(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_3a_f8(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_261( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_b81( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_b71(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_261(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_dc1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 result; - memcpy(result.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(result.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_021( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_ec1(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_b81(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_021( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_b31(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_dc1( - uu____2, libcrux_ml_kem_types_from_07_8b1(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_e9(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_68(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_921(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 result; - memcpy( - result.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - result.snd = domain_separator; - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_1d( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ce( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_8b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_d3( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_4d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_cd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_d3( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_3f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1d(&zeta_i, re); - invert_ntt_at_layer_2_ce(&zeta_i, re); - invert_ntt_at_layer_3_8b(&zeta_i, re); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_47(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_20_20( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_e71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fe1(&result0[i1], &product); - } - invert_ntt_montgomery_3f1(&result0[i1]); - add_error_reduce_20_20(&result0[i1], &error_1[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_2f( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_ab(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_2f(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_20_04( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_4f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fe1(&result, &product);); - invert_ntt_montgomery_3f1(&result); - result = add_message_error_reduce_20_04(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_2e(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)10, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_19(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = compress_int32x4_t_2e(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = compress_int32x4_t_2e(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_2e(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_2e(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_54( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_19(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_f70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_54(to_unsigned_representative_88(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_2e0(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)11, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_190(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_2e0(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_2e0(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_2e0(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_2e0(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_540( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_190(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_170( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_f70(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_511( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_170(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_2e1(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)4, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_191(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_2e1(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_2e1(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_2e1(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_2e1(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_541( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_191(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), - size_t, void *); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_541(to_unsigned_representative_88(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -compress_int32x4_t_2e2(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t half = - libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - core_core_arch_arm_shared_neon_uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32( - (int32_t)5, v, core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - core_core_arch_arm_shared_neon_uint32x4_t compressed1 = - libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, compressed1, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_192(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_int16x8_t mask = - libcrux_intrinsics_arm64__vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - compress_int32x4_t_2e2(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - compress_int32x4_t_2e2(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - compress_int32x4_t_2e2(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - compress_int32x4_t_2e2(high10); - core_core_arch_arm_shared_neon_int16x8_t low = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - core_core_arch_arm_shared_neon_int16x8_t high = - libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_542( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_192(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_46( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), - size_t, void *); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_542(to_unsigned_representative_88(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_350( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_f0(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_b81( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_c01(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_921(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_e71(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_ab(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_4f1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_511( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_350( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_b81(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_551(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_511(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_581(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_621( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[768U]; - encrypt_unpacked_b81(uu____3, uu____4, randomness, result); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_921(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_ff1( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_511( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_581(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_551(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_921(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_40(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)10, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_4a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_40(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_40(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_40(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_40(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_f0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_4a(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_b1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - LowStar_Ignore_ignore( - core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, re.coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t), - size_t, void *); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_f0(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_400(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)11, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_4a0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_400(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_400(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_400(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_400(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_f00( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_4a0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_d5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_f00(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_d80(Eurydice_slice serialized) { - return deserialize_then_decompress_10_b1(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_890( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_2e(&zeta_i, re); - ntt_at_layer_2_81(&zeta_i, re); - ntt_at_layer_1_5f(&zeta_i, re); - poly_barrett_reduce_20_47(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_2c1( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_d80(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_890(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_401(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)4, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_4a1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_401(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_401(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_401(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_401(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_f01( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_4a1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_b9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_f01(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint32x4_t -decompress_uint32x4_t_402(core_core_arch_arm_shared_neon_uint32x4_t v) { - core_core_arch_arm_shared_neon_uint32x4_t coeff = - libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - core_core_arch_arm_shared_neon_uint32x4_t decompressed = - libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_arm_shared_neon_uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)5, decompressed0, core_core_arch_arm_shared_neon_uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_4a2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - core_core_arch_arm_shared_neon_uint32x4_t mask16 = - libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - core_core_arch_arm_shared_neon_uint32x4_t low00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - core_core_arch_arm_shared_neon_uint32x4_t low10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t high00 = - libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - core_core_arch_arm_shared_neon_uint32x4_t high10 = - libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - core_core_arch_arm_shared_neon_uint32x4_t); - core_core_arch_arm_shared_neon_uint32x4_t low0 = - decompress_uint32x4_t_402(low00); - core_core_arch_arm_shared_neon_uint32x4_t low1 = - decompress_uint32x4_t_402(low10); - core_core_arch_arm_shared_neon_uint32x4_t high0 = - decompress_uint32x4_t_402(high00); - core_core_arch_arm_shared_neon_uint32x4_t high1 = - decompress_uint32x4_t_402(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_f02( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_4a2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_26(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - re.coefficients[i0] = uu____0; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_f02(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_b30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b9(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_20_a0(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_601( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fe1(&result, &product);); - invert_ntt_montgomery_3f1(&result); - result = subtract_reduce_20_a0(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_f2( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_88(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_a41( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_2c1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_b30( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_601(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_f2(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc1( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_a41(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_b81(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_cd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_20_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_601( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_cd(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - memcpy( - result, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_571(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_601(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t result[32U]; - decrypt_unpacked_a41(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_9c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_571(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_581(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_921( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_921(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_620( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_dc0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_25(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_260( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_dc0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - uint8_t result[1184U]; - memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_620( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_260( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_b70(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d0( - Simd128Hash *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_7d0(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_20_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_550(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_c00( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_24(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 result; - memcpy( - result.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_20_fe0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_4c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fe0(&result0[i1], &product); - } - add_standard_error_reduce_20_6b(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_b70( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_c00(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_c00(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_4c0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_2b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_b70(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_2b0(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_3a_f8(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_260( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_b80( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_b70(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_260(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_dc0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 result; - memcpy(result.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(result.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_020( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ec0(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_b80(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_020( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_b3(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_dc( - uu____2, libcrux_ml_kem_types_from_07_8b(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_920(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 result; - memcpy( - result.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1d(&zeta_i, re); - invert_ntt_at_layer_2_ce(&zeta_i, re); - invert_ntt_at_layer_3_8b(&zeta_i, re); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_47(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_e70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fe0(&result0[i1], &product); - } - invert_ntt_montgomery_3f0(&result0[i1]); - add_error_reduce_20_20(&result0[i1], &error_1[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_4f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fe0(&result, &product);); - invert_ntt_montgomery_3f0(&result); - result = add_message_error_reduce_20_04(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_510( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_170(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_b80( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_c00(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_920(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_e70(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_ab(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_4f0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_510( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_350( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_b80(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_55(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_510(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_580(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_620( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - encrypt_unpacked_b80(uu____3, uu____4, randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_920(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_ff0( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_510( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_580(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_55(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_920(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_2c0( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_d80(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_890(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_600( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fe0(&result, &product);); - invert_ntt_montgomery_3f0(&result); - result = subtract_reduce_20_a0(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_a40( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_2c0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_b30( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_600(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_f2(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc0( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_a40(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_b80(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_600( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_cd(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - memcpy( - result, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_570(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_600(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t result[32U]; - decrypt_unpacked_a40(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_9c0( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_570(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_580(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_920( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_920(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_dc( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_25(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_26( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_dc(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - uint8_t result[1568U]; - memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_62( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_26( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_final_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_final_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_6b(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_first_three_blocks_48 with -const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_b7(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_7d( - Simd128Hash *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_next_block_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_next_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_7d(self, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_20_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_final_48_55(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U][4U]; - memcpy(result, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ret, result, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_c0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_24(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 result; - memcpy( - result.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_20_fe( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_4c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fe(&result0[i1], &product); - } - add_standard_error_reduce_20_6b(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_b7( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_c0(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_c0(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_4c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_b7(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_2b(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_3a_f8(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_26( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_b8( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_b7(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_26(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_dc(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; - memcpy(result.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(result.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_02( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ec(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_b8(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_02( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_b30(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_dc0( - uu____2, libcrux_ml_kem_types_from_07_8b0(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_92(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 result; - memcpy( - result.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - result.snd = domain_separator; - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1d(&zeta_i, re); - invert_ntt_at_layer_2_ce(&zeta_i, re); - invert_ntt_at_layer_3_8b(&zeta_i, re); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_cd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_47(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_e7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fe(&result0[i1], &product); - } - invert_ntt_montgomery_3f(&result0[i1]); - add_error_reduce_20_20(&result0[i1], &error_1[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_4f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fe(&result, &product);); - invert_ntt_montgomery_3f(&result); - result = add_message_error_reduce_20_04(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_540(to_unsigned_representative_88(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_17( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_70(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_51( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_17(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_46(re, out); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_b8( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_c0(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_92(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_e9(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_e7(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_ab(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_4f(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_51( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_35( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_b8(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_550(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_51(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_58(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_62( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1568U]; - encrypt_unpacked_b8(uu____3, uu____4, randomness, result); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_92(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_ff( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_51( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_58(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_550(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_92(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 result; - result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_d8(Eurydice_slice serialized) { - return deserialize_then_decompress_11_d5(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_89( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_2e(&zeta_i, re); - ntt_at_layer_2_81(&zeta_i, re); - ntt_at_layer_1_5f(&zeta_i, re); - poly_barrett_reduce_20_47(re); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_2c( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_then_decompress_ring_element_u_d8(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_89(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_b3(Eurydice_slice serialized) { - return deserialize_then_decompress_5_26(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_60( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_20_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_20_ee(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fe(&result, &product);); - invert_ntt_montgomery_3f(&result); - result = subtract_reduce_20_a0(v, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_a4( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_2c(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_b3( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_f2(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_a4(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_b8(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_60( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_cd(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - memcpy( - result, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_57(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_60(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t result[32U]; - decrypt_unpacked_a4(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_9c( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_57(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_58(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_92( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_92(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 0ee36ef1f..9e592656a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,576 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - core_core_arch_arm_shared_neon_int16x8_t low; - core_core_arch_arm_shared_neon_int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t low, - core_core_arch_arm_shared_neon_int16x8_t high); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -core_core_arch_arm_shared_neon_int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - core_core_arch_arm_shared_neon_int16x8_t v, - core_core_arch_arm_shared_neon_int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 58bbb62ef..a49912203 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -68,123 +66,6 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -192,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -210,340 +89,66 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); -} - KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -561,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -606,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -676,15 +270,35 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -715,6 +329,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -852,6 +997,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -885,6 +1043,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -903,6 +1075,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -934,6 +1117,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1206,6 +1411,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1297,19 +1524,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1325,96 +1550,317 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1423,17 +1869,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1468,22 +1912,115 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -1491,29 +2028,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -1555,12 +2088,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -1569,32 +2102,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -1628,15 +2153,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -1648,7 +2173,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -1659,8 +2184,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -1677,8 +2201,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -1716,7 +2239,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1744,16 +2267,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_27(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_to_reduced_ring_element_0c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -1769,14 +2289,14 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d41( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_02();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1784,9 +2304,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_27(ring_element); + deserialize_to_reduced_ring_element_0c(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1800,7 +2320,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1819,8 +2339,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1830,10 +2350,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_6c( +to_unsigned_representative_23( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1846,23 +2366,20 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_9c( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_6c(re->coefficients[i0]); + to_unsigned_representative_23(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -1874,30 +2391,27 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_491( +static KRML_MUSTINLINE void serialize_secret_key_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_9c(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_62(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } @@ -1910,24 +2424,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_7c1( +static KRML_MUSTINLINE void serialize_public_key_4c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_491(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_c11(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -1941,18 +2451,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_251(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c91(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_2a1( + deserialize_ring_elements_reduced_d41( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_7c1( + serialize_public_key_4c1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1980,7 +2490,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -1991,10 +2501,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_02();); + ret[i] = ZERO_20_39();); } /** @@ -2013,21 +2523,22 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_411(uint8_t input[4U][34U]) { +shake128_init_absorb_final_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2043,10 +2554,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_511(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_411(uu____0); +shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_751(copy_of_input); } /** @@ -2055,15 +2567,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2077,11 +2588,52 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_541(self, ret); -} - + shake128_squeeze_first_three_blocks_101(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2089,7 +2641,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2100,12 +2652,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2128,14 +2679,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_881( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2149,11 +2700,52 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_881(self, ret); -} - + shake128_squeeze_next_block_ed1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2161,7 +2753,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2172,12 +2764,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2205,16 +2796,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); +from_i16_array_20_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2227,10 +2817,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_20_48(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_20_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2240,37 +2830,42 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_511(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_7f1(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( - uu____1, sampled_coefficients, out); + shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_053( + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_681(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( - uu____2, sampled_coefficients, out); + shake128_squeeze_next_block_f1_c11(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_054( + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_991(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2283,32 +2878,33 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2317,7 +2913,9 @@ static KRML_MUSTINLINE void sample_matrix_A_551( } else { A_transpose[i1][j] = sample; } - }); + } + + ); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U][4U]; memcpy(result, A_transpose, (size_t)4U * @@ -2344,15 +2942,14 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2366,11 +2963,60 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2378,27 +3024,25 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_d7(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_76(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2414,8 +3058,8 @@ sample_from_binomial_distribution_2_d7(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_48(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_20_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2425,24 +3069,22 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_49(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_e7(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2460,8 +3102,8 @@ sample_from_binomial_distribution_3_49(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_48(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_20_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2471,8 +3113,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_48(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_d7(randomness); +sample_from_binomial_distribution_91(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_76(randomness); } /** @@ -2481,7 +3123,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_9e( +static KRML_MUSTINLINE void ntt_at_layer_7_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2489,9 +3131,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_9e( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -2510,7 +3151,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_18( +montgomery_multiply_fe_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2524,12 +3165,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_6b( + ntt_layer_int_vec_step_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_18(b, zeta_r); + montgomery_multiply_fe_99(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2543,7 +3184,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_08( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_e5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2556,7 +3197,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_08( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_6b( + ntt_layer_int_vec_step_9f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2573,7 +3214,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_41( +static KRML_MUSTINLINE void ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2591,18 +3232,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_ac( +static KRML_MUSTINLINE void ntt_at_layer_2_cf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -2611,12 +3252,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_d6( +static KRML_MUSTINLINE void ntt_at_layer_1_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2626,7 +3267,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_d6( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -2639,7 +3280,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_98( +static KRML_MUSTINLINE void poly_barrett_reduce_20_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2657,17 +3298,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_99( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_9e(re); + ntt_at_layer_7_62(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_41(&zeta_i, re); - ntt_at_layer_2_ac(&zeta_i, re); - ntt_at_layer_1_d6(&zeta_i, re); - poly_barrett_reduce_20_98(re); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_e0(&zeta_i, re); + poly_barrett_reduce_20_fd(re); } /** @@ -2679,36 +3320,36 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_781( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_531( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_20_39();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + re_as_ntt[i0] = sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( - result.fst, uu____2, + result.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -2725,9 +3366,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_db(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_64(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2760,17 +3401,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_981( +static KRML_MUSTINLINE void add_to_ring_element_20_521( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2787,7 +3426,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_25( +to_standard_domain_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2803,14 +3442,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_b9( +static KRML_MUSTINLINE void add_standard_error_reduce_20_46( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_25(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_0c(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -2825,40 +3464,38 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_021( +static KRML_MUSTINLINE void compute_As_plus_e_971( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_02();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_981(&result0[i1], &product); + ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_521(&result0[i1], &product); } - add_standard_error_reduce_20_b9(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -2878,69 +3515,75 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_6c1( +static tuple_540 generate_keypair_unpacked_f61( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_b61(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_781(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_781(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_531(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_021(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_971(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -2959,10 +3602,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_fb1( +static void closure_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_02();); + ret[i] = ZERO_20_39();); } /** @@ -2975,7 +3618,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_10( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -2997,7 +3640,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3016,28 +3659,27 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + size_t); + tuple_540 uu____0 = generate_keypair_unpacked_f61(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_fb1(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1f1(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_10(&ind_cpa_public_key.A[j][i1]); + clone_3a_59(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3047,36 +3689,39 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e61( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_7c1( + serialize_public_key_4c1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3093,25 +3738,30 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e51( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d71( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f61(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_7c1(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_4c1( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_491(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_c11(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; - memcpy(result.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(result.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return result; } @@ -3122,7 +3772,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_2f( +static KRML_MUSTINLINE void serialize_kem_secret_key_53( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3130,43 +3780,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_2f( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + H_f1_2e1(public_key, ret0); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -3184,37 +3828,37 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3c1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_9a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e51(ind_cpa_keypair_randomness); + generate_keypair_d71(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_2f( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_53( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_b30(uu____1); + libcrux_ml_kem_types_from_e7_ea1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_dc0( - uu____2, libcrux_ml_kem_types_from_07_8b0(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_671( + uu____2, libcrux_ml_kem_types_from_07_0e1(copy_of_public_key)); } /** @@ -3227,34 +3871,36 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_791(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bd1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_20_39();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( - result.fst, uu____2, + result.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -3265,11 +3911,10 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3283,9 +3928,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3294,12 +3939,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_67( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3309,7 +3954,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_67( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3318,18 +3963,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_57( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_87( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3338,7 +3983,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_13( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_eb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3358,7 +4003,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_6d( + inv_ntt_layer_int_vec_step_reduce_70( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3366,7 +4011,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_18(a_minus_b, zeta_r); + b = montgomery_multiply_fe_99(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3378,7 +4023,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ac( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_19( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3393,7 +4038,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ac( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_6d( + inv_ntt_layer_int_vec_step_reduce_70( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3410,18 +4055,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_ba1( +static KRML_MUSTINLINE void invert_ntt_montgomery_061( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_67(&zeta_i, re); - invert_ntt_at_layer_2_57(&zeta_i, re); - invert_ntt_at_layer_3_13(&zeta_i, re); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_98(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_87(&zeta_i, re); + invert_ntt_at_layer_3_eb(&zeta_i, re); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_fd(re); } /** @@ -3434,7 +4079,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_4a( +static KRML_MUSTINLINE void add_error_reduce_20_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3458,40 +4103,38 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_ff1( +static KRML_MUSTINLINE void compute_vector_u_631( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_02();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(a_element, &r_as_ntt[j]); - add_to_ring_element_20_981(&result0[i1], &product); + ntt_multiply_20_64(a_element, &r_as_ntt[j]); + add_to_ring_element_20_521(&result0[i1], &product); } - invert_ntt_montgomery_ba1(&result0[i1]); - add_error_reduce_20_4a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_061(&result0[i1]); + add_error_reduce_20_8e(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3509,7 +4152,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_f7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_db(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3523,8 +4166,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_aa(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_then_decompress_message_11(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3532,9 +4175,9 @@ deserialize_then_decompress_message_aa(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_f7(coefficient_compressed); + decompress_1_db(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3550,7 +4193,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_79( +add_message_error_reduce_20_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3580,18 +4223,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_0f1( +compute_ring_element_v_991( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_981(&result, &product);); - invert_ntt_montgomery_ba1(&result); - result = add_message_error_reduce_20_79(error_2, message, result); + ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_521(&result, &product);); + invert_ntt_montgomery_061(&result); + result = add_message_error_reduce_20_47(error_2, message, result); return result; } @@ -3601,7 +4244,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3622,9 +4265,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3633,7 +4276,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3655,8 +4298,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -3665,23 +4308,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_5e0( +static KRML_MUSTINLINE void compress_then_serialize_11_bd0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_6c(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_23(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -3693,10 +4333,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_612( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_5e0(re, uu____0); + compress_then_serialize_11_bd0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -3709,29 +4349,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_f51( +static void compress_then_serialize_u_441( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_080(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_612(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -3741,7 +4377,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3763,8 +4399,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -3773,24 +4409,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_16( +static KRML_MUSTINLINE void compress_then_serialize_4_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), - size_t, void *); + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_6c(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_23(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3800,7 +4434,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3822,8 +4456,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -3832,24 +4466,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_0c( +static KRML_MUSTINLINE void compress_then_serialize_5_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(core_slice___Slice_T___len(serialized, uint8_t, size_t), - size_t, void *); + LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, + void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_6c(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_23(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3860,9 +4492,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_0c(re, out); + compress_then_serialize_5_0b(re, out); } /** @@ -3883,22 +4515,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ba1( +static void encrypt_unpacked_e41( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_781(uu____0, 0U); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_791(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_bd1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -3906,35 +4541,33 @@ static void encrypt_unpacked_ba1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_ff1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_631(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_aa(uu____4); + deserialize_then_decompress_message_11(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_0f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_991(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_f51( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_441( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_0e0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_7b0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -3957,51 +4590,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_111( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_ba1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_e41(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_550(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4015,11 +4648,10 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a00(Eurydice_slice randomness, - uint8_t ret[32U]) { +static KRML_MUSTINLINE void entropy_preprocess_af_d4(Eurydice_slice randomness, + uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4041,49 +4673,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_d71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_cc1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_2a1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_d41( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_ba1(uu____3, uu____4, randomness, result); + encrypt_unpacked_e41(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4098,11 +4733,10 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_71(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_3a(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -4125,59 +4759,56 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e11( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_be1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a00( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_d4( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), - uint8_t, Eurydice_slice), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_111( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_b20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_d71(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_cc1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_550(uu____4); + libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_71(shared_secret, shared_secret_array); + kdf_af_3a(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -4188,7 +4819,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4213,9 +4844,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4225,28 +4856,24 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_67(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_then_decompress_10_a5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); LowStar_Ignore_ignore( - core_slice___Slice_T___len( + Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, re.coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, size_t), + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector), size_t, void *); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4259,7 +4886,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4284,9 +4911,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4296,20 +4923,17 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_2d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_then_decompress_11_f2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4322,8 +4946,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { - return deserialize_then_decompress_11_2d(serialized); +deserialize_then_decompress_ring_element_u_870(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f2(serialized); } /** @@ -4332,17 +4956,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_3a0( +static KRML_MUSTINLINE void ntt_vector_u_0b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_41(&zeta_i, re); - ntt_at_layer_2_ac(&zeta_i, re); - ntt_at_layer_1_d6(&zeta_i, re); - poly_barrett_reduce_20_98(re); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_e0(&zeta_i, re); + poly_barrett_reduce_20_fd(re); } /** @@ -4353,17 +4977,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_051( +static KRML_MUSTINLINE void deserialize_then_decompress_u_411( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_02();); + u_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -4376,11 +4999,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_051( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_f90(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3a0(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_870(u_bytes); + ntt_vector_u_0b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4394,7 +5015,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4419,9 +5040,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4431,19 +5052,17 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_e7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_then_decompress_4_2b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4456,7 +5075,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4481,9 +5100,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4493,21 +5112,17 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_e2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_then_decompress_5_8b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4520,8 +5135,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_510(Eurydice_slice serialized) { - return deserialize_then_decompress_5_e2(serialized); +deserialize_then_decompress_ring_element_v_090(Eurydice_slice serialized) { + return deserialize_then_decompress_5_8b(serialized); } /** @@ -4535,7 +5150,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_ae(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_ce(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4560,17 +5175,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_061( +compute_message_1c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_981(&result, &product);); - invert_ntt_montgomery_ba1(&result); - result = subtract_reduce_20_ae(v, result); + ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_521(&result, &product);); + invert_ntt_montgomery_061(&result); + result = subtract_reduce_20_ce(v, result); return result; } @@ -4580,25 +5195,23 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_d3( +static KRML_MUSTINLINE void compress_then_serialize_message_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_6c(re.coefficients[i0]); + to_unsigned_representative_23(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -4612,20 +5225,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_401( +static void decrypt_unpacked_f21( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_051(ciphertext, u_as_ntt); + deserialize_then_decompress_u_411(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_510( + deserialize_then_decompress_ring_element_v_090( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_061(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_1c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d3(message, ret0); + compress_then_serialize_message_67(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4634,11 +5246,10 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4652,8 +5263,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -4678,66 +5289,62 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_311( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_401(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f21(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_111( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_ba1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_e41(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4749,16 +5356,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_c7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_02(); +deserialize_to_uncompressed_ring_element_91(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -4772,14 +5376,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a31( +static KRML_MUSTINLINE void deserialize_secret_key_9d1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_02();); + secret_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4787,9 +5391,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_a31( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_c7(secret_bytes); + deserialize_to_uncompressed_ring_element_91(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -4811,21 +5415,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_121(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c81(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_a31(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + deserialize_secret_key_9d1(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_401(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_f21(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4851,78 +5456,72 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_6b1( +void libcrux_ml_kem_ind_cca_decapsulate_5f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_121(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c81(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_111( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_d71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_cc1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_71( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_3a(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_71(shared_secret0, shared_secret1); + kdf_af_3a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da0(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -4935,14 +5534,14 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d40( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_02();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4950,9 +5549,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_27(ring_element); + deserialize_to_reduced_ring_element_0c(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4967,30 +5566,27 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_490( +static KRML_MUSTINLINE void serialize_secret_key_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_9c(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_62(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } @@ -5003,23 +5599,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_7c0( +static KRML_MUSTINLINE void serialize_public_key_4c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_490(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_c10(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -5033,18 +5626,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_250(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c90(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_2a0( + deserialize_ring_elements_reduced_d40( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_7c0( + serialize_public_key_4c0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5058,10 +5651,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5072,7 +5665,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5083,10 +5676,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_02();); + ret[i] = ZERO_20_39();); } /** @@ -5105,21 +5698,22 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_410(uint8_t input[2U][34U]) { +shake128_init_absorb_final_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5135,10 +5729,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_510(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_410(uu____0); +shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_750(copy_of_input); } /** @@ -5147,15 +5742,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5169,11 +5763,52 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_540(self, ret); -} - + shake128_squeeze_first_three_blocks_100(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5181,7 +5816,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5192,12 +5827,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5220,14 +5854,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_880( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -5241,11 +5875,52 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_880(self, ret); -} - + shake128_squeeze_next_block_ed0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5253,7 +5928,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5264,12 +5939,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5293,10 +5967,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_20_48(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_20_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5306,37 +5980,42 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_510(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_7f0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( - uu____1, sampled_coefficients, out); + shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_051( + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_680(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( - uu____2, sampled_coefficients, out); + shake128_squeeze_next_block_f1_c10(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_052( + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_990(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5349,32 +6028,33 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -5383,7 +6063,9 @@ static KRML_MUSTINLINE void sample_matrix_A_550( } else { A_transpose[i1][j] = sample; } - }); + } + + ); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U][2U]; memcpy(result, A_transpose, (size_t)2U * @@ -5399,10 +6081,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5410,15 +6092,14 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -5432,9 +6113,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -5444,8 +6125,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_480(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_49(randomness); +sample_from_binomial_distribution_910(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_e7(randomness); } /** @@ -5457,36 +6138,36 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_780( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_530( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_20_39();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_480(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + re_as_ntt[i0] = sample_from_binomial_distribution_910( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 result; + tuple_740 result; memcpy( - result.fst, uu____2, + result.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5502,17 +6183,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_980( +static KRML_MUSTINLINE void add_to_ring_element_20_520( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5528,40 +6207,38 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_020( +static KRML_MUSTINLINE void compute_As_plus_e_970( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_02();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_980(&result0[i1], &product); + ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_520(&result0[i1], &product); } - add_standard_error_reduce_20_b9(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -5581,71 +6258,77 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_6c0( +static tuple_4c0 generate_keypair_unpacked_f60( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_b60(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_780(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_780(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_530(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_020(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_970(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -5662,10 +6345,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_fb0( +static void closure_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_02();); + ret[i] = ZERO_20_39();); } /** @@ -5677,7 +6360,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5696,28 +6379,27 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + size_t); + tuple_4c0 uu____0 = generate_keypair_unpacked_f60(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_fb0(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1f0(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_10(&ind_cpa_public_key.A[j][i1]); + clone_3a_59(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -5727,36 +6409,39 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e60( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_7c0( + serialize_public_key_4c0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5773,25 +6458,30 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e50( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_d70( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f60(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_7c0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_4c0( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_490(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_c10(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 result; - memcpy(result.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(result.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return result; } @@ -5802,7 +6492,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_58( +static KRML_MUSTINLINE void serialize_kem_secret_key_90( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -5810,43 +6500,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_58( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + H_f1_2e0(public_key, ret0); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -5864,37 +6548,37 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_3c0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_9a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e50(ind_cpa_keypair_randomness); + generate_keypair_d70(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_58( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_90( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_b31(uu____1); + libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_dc1( - uu____2, libcrux_ml_kem_types_from_07_8b1(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_67( + uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); } /** @@ -5903,15 +6587,14 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -5925,9 +6608,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -5939,35 +6622,37 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_790(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_bd0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_20_39();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 result; + tuple_740 result; memcpy( - result.fst, uu____2, + result.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5983,9 +6668,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -5994,18 +6679,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_ba0( +static KRML_MUSTINLINE void invert_ntt_montgomery_060( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_67(&zeta_i, re); - invert_ntt_at_layer_2_57(&zeta_i, re); - invert_ntt_at_layer_3_13(&zeta_i, re); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_98(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_87(&zeta_i, re); + invert_ntt_at_layer_3_eb(&zeta_i, re); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_fd(re); } /** @@ -6014,40 +6699,38 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_ff0( +static KRML_MUSTINLINE void compute_vector_u_630( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_02();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(a_element, &r_as_ntt[j]); - add_to_ring_element_20_980(&result0[i1], &product); + ntt_multiply_20_64(a_element, &r_as_ntt[j]); + add_to_ring_element_20_520(&result0[i1], &product); } - invert_ntt_montgomery_ba0(&result0[i1]); - add_error_reduce_20_4a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_060(&result0[i1]); + add_error_reduce_20_8e(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6065,18 +6748,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_0f0( +compute_ring_element_v_990( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_980(&result, &product);); - invert_ntt_montgomery_ba0(&result); - result = add_message_error_reduce_20_79(error_2, message, result); + ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_520(&result, &product);); + invert_ntt_montgomery_060(&result); + result = add_message_error_reduce_20_47(error_2, message, result); return result; } @@ -6086,23 +6769,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_56( +static KRML_MUSTINLINE void compress_then_serialize_10_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_6c(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_23(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -6114,10 +6794,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_610( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_56(re, uu____0); + compress_then_serialize_10_6a(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6130,29 +6810,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_f50( +static void compress_then_serialize_u_440( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_08(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_610(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -6163,9 +6839,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_16(re, out); + compress_then_serialize_4_4f(re, out); } /** @@ -6186,22 +6862,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ba0( +static void encrypt_unpacked_e40( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_780(uu____0, 0U); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_790(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_bd0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6209,34 +6888,33 @@ static void encrypt_unpacked_ba0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_ff0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_630(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_aa(uu____4); + deserialize_then_decompress_message_11(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_0f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_990(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_f50( + compress_then_serialize_u_440( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_0e( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_7b( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -6259,51 +6937,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_110( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_ba0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_e40(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_551(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6317,11 +6995,10 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_c5(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_b5(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -6343,49 +7020,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_d70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_cc0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_2a0( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_d40( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_ba0(uu____3, uu____4, randomness, result); + encrypt_unpacked_e40(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -6400,11 +7080,10 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_29(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_89(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -6427,59 +7106,56 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_be0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_c5( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_b5( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), - uint8_t, Eurydice_slice), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_110( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_b21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_d70(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_cc0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_551(uu____4); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_29(shared_secret, shared_secret_array); + kdf_af_89(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -6490,8 +7166,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { - return deserialize_then_decompress_10_67(serialized); +deserialize_then_decompress_ring_element_u_87(Eurydice_slice serialized) { + return deserialize_then_decompress_10_a5(serialized); } /** @@ -6500,17 +7176,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_3a( +static KRML_MUSTINLINE void ntt_vector_u_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_08(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_41(&zeta_i, re); - ntt_at_layer_2_ac(&zeta_i, re); - ntt_at_layer_1_d6(&zeta_i, re); - poly_barrett_reduce_20_98(re); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_cf(&zeta_i, re); + ntt_at_layer_1_e0(&zeta_i, re); + poly_barrett_reduce_20_fd(re); } /** @@ -6521,17 +7197,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_050( +static KRML_MUSTINLINE void deserialize_then_decompress_u_410( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_02();); + u_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -6544,11 +7219,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_050( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_f9(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3a(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_87(u_bytes); + ntt_vector_u_0b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6562,8 +7235,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_51(Eurydice_slice serialized) { - return deserialize_then_decompress_4_e7(serialized); +deserialize_then_decompress_ring_element_v_09(Eurydice_slice serialized) { + return deserialize_then_decompress_4_2b(serialized); } /** @@ -6573,17 +7246,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_060( +compute_message_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_980(&result, &product);); - invert_ntt_montgomery_ba0(&result); - result = subtract_reduce_20_ae(v, result); + ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_520(&result, &product);); + invert_ntt_montgomery_060(&result); + result = subtract_reduce_20_ce(v, result); return result; } @@ -6597,20 +7270,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_400( +static void decrypt_unpacked_f20( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_050(ciphertext, u_as_ntt); + deserialize_then_decompress_u_410(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_51( + deserialize_then_decompress_ring_element_v_09( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_060(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_1c0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d3(message, ret0); + compress_then_serialize_message_67(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6624,8 +7296,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -6650,65 +7322,61 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_310( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_400(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f20(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_110( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_ba0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_e40(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6719,14 +7387,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a30( +static KRML_MUSTINLINE void deserialize_secret_key_9d0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_02();); + secret_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6734,9 +7402,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_a30( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_c7(secret_bytes); + deserialize_to_uncompressed_ring_element_91(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -6758,21 +7426,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_120(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_a30(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + deserialize_secret_key_9d0(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_400(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_f20(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6798,77 +7467,71 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_6b0( +void libcrux_ml_kem_ind_cca_decapsulate_5f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_120(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_110( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_d70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_cc0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_29( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_89(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_29(shared_secret0, shared_secret1); + kdf_af_89(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da1(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); @@ -6881,14 +7544,14 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_02();); + deserialized_pk[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6896,9 +7559,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_2a( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_27(ring_element); + deserialize_to_reduced_ring_element_0c(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6913,30 +7576,27 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_49( +static KRML_MUSTINLINE void serialize_secret_key_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_9c(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_62(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -6949,24 +7609,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_7c( +static KRML_MUSTINLINE void serialize_public_key_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_49(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_c1(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -6980,18 +7636,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_25(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c9(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_2a( + deserialize_ring_elements_reduced_d4( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_7c( + serialize_public_key_4c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7019,7 +7675,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7030,10 +7686,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_02();); + ret[i] = ZERO_20_39();); } /** @@ -7052,21 +7708,22 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_41(uint8_t input[3U][34U]) { +shake128_init_absorb_final_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7082,10 +7739,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_51(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_41(uu____0); +shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_final_75(copy_of_input); } /** @@ -7094,15 +7752,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -7116,11 +7773,52 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_54(self, ret); -} - + shake128_squeeze_first_three_blocks_10(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7128,7 +7826,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7139,12 +7837,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7167,14 +7864,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_88( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -7188,11 +7885,52 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_88(self, ret); -} - + shake128_squeeze_next_block_ed(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7200,7 +7938,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7211,12 +7949,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7240,10 +7977,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_20_48(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_20_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7253,37 +7990,42 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_51(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_7f(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( - uu____1, sampled_coefficients, out); + shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_05( + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_68(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( - uu____2, sampled_coefficients, out); + shake128_squeeze_next_block_f1_c1(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_050( + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_99(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7296,32 +8038,33 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -7330,7 +8073,9 @@ static KRML_MUSTINLINE void sample_matrix_A_55( } else { A_transpose[i1][j] = sample; } - }); + } + + ); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; memcpy(result, A_transpose, (size_t)3U * @@ -7357,15 +8102,14 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -7379,9 +8123,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -7393,36 +8137,36 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_78( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_53( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_20_39();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + re_as_ntt[i0] = sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( - result.fst, uu____2, + result.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -7438,17 +8182,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_98( +static KRML_MUSTINLINE void add_to_ring_element_20_52( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -7464,40 +8206,38 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_02( +static KRML_MUSTINLINE void compute_As_plus_e_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_02();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_98(&result0[i1], &product); + ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_52(&result0[i1], &product); } - add_standard_error_reduce_20_b9(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -7517,69 +8257,75 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_6c( +static tuple_9b generate_keypair_unpacked_f6( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_b6(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_78(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_78(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_53(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_02(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_97(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -7598,10 +8344,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_fb( +static void closure_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_02();); + ret[i] = ZERO_20_39();); } /** @@ -7613,7 +8359,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7632,28 +8378,27 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + size_t); + tuple_9b uu____0 = generate_keypair_unpacked_f6(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_fb(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1f(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_10(&ind_cpa_public_key.A[j][i1]); + clone_3a_59(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -7663,36 +8408,39 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e6( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_7c( + serialize_public_key_4c( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7709,25 +8457,30 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e5( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_d7( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f6(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_7c(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_4c( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_49(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_c1(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 result; - memcpy(result.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(result.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return result; } @@ -7738,7 +8491,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( +static KRML_MUSTINLINE void serialize_kem_secret_key_ee( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7746,43 +8499,37 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + H_f1_2e(public_key, ret0); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -7800,37 +8547,37 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3c(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e5(ind_cpa_keypair_randomness); + generate_keypair_d7(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_ee( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_b3(uu____1); + libcrux_ml_kem_types_from_e7_ea0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_dc( - uu____2, libcrux_ml_kem_types_from_07_8b(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_64_670( + uu____2, libcrux_ml_kem_types_from_07_0e0(copy_of_public_key)); } /** @@ -7843,34 +8590,36 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_79(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bd(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_20_39();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( - result.fst, uu____2, + result.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -7886,9 +8635,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -7897,18 +8646,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_ba( +static KRML_MUSTINLINE void invert_ntt_montgomery_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_67(&zeta_i, re); - invert_ntt_at_layer_2_57(&zeta_i, re); - invert_ntt_at_layer_3_13(&zeta_i, re); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ac(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_98(re); + invert_ntt_at_layer_1_0d(&zeta_i, re); + invert_ntt_at_layer_2_87(&zeta_i, re); + invert_ntt_at_layer_3_eb(&zeta_i, re); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_fd(re); } /** @@ -7917,40 +8666,38 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_ff( +static KRML_MUSTINLINE void compute_vector_u_63( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_02();); + result0[i] = ZERO_20_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(a_element, &r_as_ntt[j]); - add_to_ring_element_20_98(&result0[i1], &product); + ntt_multiply_20_64(a_element, &r_as_ntt[j]); + add_to_ring_element_20_52(&result0[i1], &product); } - invert_ntt_montgomery_ba(&result0[i1]); - add_error_reduce_20_4a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_06(&result0[i1]); + add_error_reduce_20_8e(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -7968,18 +8715,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_0f( +compute_ring_element_v_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_98(&result, &product);); - invert_ntt_montgomery_ba(&result); - result = add_message_error_reduce_20_79(error_2, message, result); + ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_52(&result, &product);); + invert_ntt_montgomery_06(&result); + result = add_message_error_reduce_20_47(error_2, message, result); return result; } @@ -7992,29 +8739,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_f5( +static void compress_then_serialize_u_44( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_08(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_610(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -8036,22 +8779,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ba( +static void encrypt_unpacked_e4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_78(uu____0, 0U); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_79(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_bd(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8059,34 +8805,33 @@ static void encrypt_unpacked_ba( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_48(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_91( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_ff(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_63(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_aa(uu____4); + deserialize_then_decompress_message_11(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_0f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_99(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_f5( + compress_then_serialize_u_44( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_0e( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_7b( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -8109,51 +8854,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_11( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_ba(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_e4(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_55(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8167,11 +8912,10 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5f(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -8193,49 +8937,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_d7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_cc(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_2a( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_d4( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_ba(uu____3, uu____4, randomness, result); + encrypt_unpacked_e4(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8250,11 +8997,10 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_79(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_3e(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, ret); } @@ -8277,59 +9023,56 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_5f( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), - uint8_t, Eurydice_slice), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_11( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_b2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_d7(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_cc(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_55(uu____4); + libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_79(shared_secret, shared_secret_array); + kdf_af_3e(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c result; result.fst = uu____5; - memcpy(result.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_shared_secret_array, + (size_t)32U * sizeof(uint8_t)); return result; } @@ -8341,17 +9084,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_05( +static KRML_MUSTINLINE void deserialize_then_decompress_u_41( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_02();); + u_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8364,11 +9106,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_05( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_f9(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_3a(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_87(u_bytes); + ntt_vector_u_0b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8382,17 +9122,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_06( +compute_message_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_db(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_98(&result, &product);); - invert_ntt_montgomery_ba(&result); - result = subtract_reduce_20_ae(v, result); + ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_52(&result, &product);); + invert_ntt_montgomery_06(&result); + result = subtract_reduce_20_ce(v, result); return result; } @@ -8406,20 +9146,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_40( +static void decrypt_unpacked_f2( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_05(ciphertext, u_as_ntt); + deserialize_then_decompress_u_41(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_51( + deserialize_then_decompress_ring_element_v_09( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_06(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_1c(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d3(message, ret0); + compress_then_serialize_message_67(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8433,8 +9172,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -8459,65 +9198,61 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_31( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_40(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f2(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_11( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_ba(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_e4(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8528,14 +9263,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a3( +static KRML_MUSTINLINE void deserialize_secret_key_9d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_02();); + secret_as_ntt[i] = ZERO_20_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8543,9 +9278,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_a3( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_c7(secret_bytes); + deserialize_to_uncompressed_ring_element_91(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -8567,21 +9302,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_12(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_a3(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + deserialize_secret_key_9d(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_40(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_f2(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8607,77 +9343,70 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_6b( +void libcrux_ml_kem_ind_cca_decapsulate_5f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_12(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_11( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_ba_da(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_d7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_cc(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_79( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_3e(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_79(shared_secret0, shared_secret1); + kdf_af_3e(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_da(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), shared_secret); uint8_t result[32U]; memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f221b9507..6f21492f9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -262,6 +204,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( #define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \ ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -283,9 +238,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -301,6 +281,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -410,6 +412,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -476,6 +500,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -491,6 +564,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 45aed6f61..d1f3a25fe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_sha3_H @@ -22,105 +22,160 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 46869b9a3..47b97bc20 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,88 +4,2457 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(copy_of_a, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + core_core_arch_x86___m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; + store_block_e9(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3), + uint8_t);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3), + uint8_t);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} + +/** + Perform 4 SHAKE256 operations in parallel +*/ +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); +} + +/** + Initialise the [`KeccakState`]. +*/ +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +/** + Absorb +*/ +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); +} + +/** + Squeeze three blocks +*/ +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +/** + Squeeze another block +*/ +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 89133123f..e33b59fbb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_sha3_avx2_H @@ -20,46 +20,80 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + core_core_arch_x86___m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; + +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - -libcrux_sha3_avx2_x4_incremental_KeccakState +/** + Initialise the [`KeccakState`]. +*/ +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 5301f3c98..4797bc601 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -198,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -233,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -258,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -274,12 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -289,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -300,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -316,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -327,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -338,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -354,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -365,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -376,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -392,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -403,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -414,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -430,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -441,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -457,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -468,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -479,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -495,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -506,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -517,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -533,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -544,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -555,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -571,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -582,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -593,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -609,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -620,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -631,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -647,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -658,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -669,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -685,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -696,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -707,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -723,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -734,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -745,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -761,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -772,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -783,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -799,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -810,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -821,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -837,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -848,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -859,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -875,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -886,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -897,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -913,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -924,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -935,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -951,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -962,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -973,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -989,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1000,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1011,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1027,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1038,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1049,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1065,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1076,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1087,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1103,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1114,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1125,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1141,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1152,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1163,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1179,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1189,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1224,77 +1227,54 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; + s->st[1U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + s->st[2U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1304,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1358,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1370,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1389,16 +1369,16 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1408,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1417,19 +1397,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1442,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1454,9 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1466,10 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1477,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1486,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1502,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1518,12 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1534,16 +1511,16 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1553,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1562,19 +1539,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1587,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1599,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1611,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1626,12 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1641,13 +1616,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1655,15 +1630,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + libcrux_sha3_portable_keccak_store_block_58(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1676,9 +1652,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1689,22 +1665,22 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1715,23 +1691,23 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1743,37 +1719,36 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1781,7 +1756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1799,12 +1774,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1815,11 +1790,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -1827,7 +1803,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1836,9 +1812,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1856,12 +1831,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -1871,13 +1847,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1885,11 +1861,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1901,12 +1877,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -1917,16 +1894,16 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1936,8 +1913,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1945,19 +1922,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1966,15 +1940,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + libcrux_sha3_portable_keccak_store_block_583(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1987,9 +1962,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -2000,22 +1975,22 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2028,9 +2003,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2040,9 +2015,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2052,10 +2027,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2065,23 +2040,23 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2093,37 +2068,36 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2131,7 +2105,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2149,12 +2123,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2165,11 +2139,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -2177,7 +2152,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2186,9 +2161,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2206,12 +2180,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2221,13 +2196,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2235,11 +2210,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2251,12 +2226,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2267,16 +2243,16 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2286,8 +2262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2295,19 +2271,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2316,15 +2289,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + libcrux_sha3_portable_keccak_store_block_582(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2337,9 +2311,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2350,22 +2324,22 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2378,9 +2352,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2390,9 +2364,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2402,10 +2376,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2415,23 +2389,23 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2443,37 +2417,36 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2481,7 +2454,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2499,12 +2472,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2515,11 +2488,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2531,12 +2505,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -2546,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2560,15 +2535,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + libcrux_sha3_portable_keccak_store_block_580(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2581,9 +2557,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2594,22 +2570,22 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2620,23 +2596,23 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2648,37 +2624,36 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2686,7 +2661,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2704,12 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2720,11 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2735,16 +2711,16 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2754,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2766,37 +2742,36 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2804,7 +2779,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2822,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2838,11 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2850,7 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2859,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2879,12 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -2894,13 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2908,11 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2924,12 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2940,16 +2917,16 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2959,8 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2968,19 +2945,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2989,15 +2963,16 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + libcrux_sha3_portable_keccak_store_block_581(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3009,9 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3022,22 +2997,22 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3050,9 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3062,9 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3074,10 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3087,23 +3062,23 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3115,37 +3090,36 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3153,7 +3127,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3171,12 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3187,11 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 8e379321b..85f0186ef 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,3563 +4,110 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veor5q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - core_core_arch_arm_shared_neon_uint64x2_t cd = - libcrux_intrinsics_arm64__veorq_u64(c, d); - core_core_arch_arm_shared_neon_uint64x2_t abcd = - libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor5_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c, - core_core_arch_arm_shared_neon_uint64x2_t d, - core_core_arch_arm_shared_neon_uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_58(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)1, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)63, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vrax1q_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left1_and_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vbcaxq_u64(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -and_not_xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b, - core_core_arch_arm_shared_neon_uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_veorq_n_u64(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - core_core_arch_arm_shared_neon_uint64x2_t c0 = - libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_constant_fa(core_core_arch_arm_shared_neon_uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_fa(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_580(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_581(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f0(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_582(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)41, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)23, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f1(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_583(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)18, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)46, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f2(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f3(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_584(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f4(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_585(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)10, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)54, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f5(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_586(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)45, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)19, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f6(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_587(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f7(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_588(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)62, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)2, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f8(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_589(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)6, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)58, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f9(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5810(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c110(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f10(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5811(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)15, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)49, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c111(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f11(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5812(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)61, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)3, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c112(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f12(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5813(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)28, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)36, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c113(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f13(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5814(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)55, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)9, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c114(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f14(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5815(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c115(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f15(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5816(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)21, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)43, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c116(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f16(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5817(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c117(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f17(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5818(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)27, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)37, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c118(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f18(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5819(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)20, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)44, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c119(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f19(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5820(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)39, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)25, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c120(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f20(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5821(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)8, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)56, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c121(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f21(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -rotate_left_5822(core_core_arch_arm_shared_neon_uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64( - (int32_t)14, x, core_core_arch_arm_shared_neon_uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64( - (int32_t)50, x, core_core_arch_arm_shared_neon_uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -_vxarq_u64_c122(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - core_core_arch_arm_shared_neon_uint64x2_t ab = - libcrux_intrinsics_arm64__veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE core_core_arch_arm_shared_neon_uint64x2_t -xor_and_rotate_fa_1f22(core_core_arch_arm_shared_neon_uint64x2_t a, - core_core_arch_arm_shared_neon_uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t c[5U] = { - xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_arm_shared_neon_uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - core_core_arch_arm_shared_neon_uint64x2_t uu____4 = - xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_arm_shared_neon_uint64x2_t uu____5 = - xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_arm_shared_neon_uint64x2_t uu____6 = - xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_arm_shared_neon_uint64x2_t uu____7 = - xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_arm_shared_neon_uint64x2_t uu____8 = - xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_arm_shared_neon_uint64x2_t uu____9 = - xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_arm_shared_neon_uint64x2_t uu____10 = - xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_arm_shared_neon_uint64x2_t uu____11 = - xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_arm_shared_neon_uint64x2_t uu____12 = - xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_arm_shared_neon_uint64x2_t uu____13 = - xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_arm_shared_neon_uint64x2_t uu____14 = - xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_arm_shared_neon_uint64x2_t uu____15 = - xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_arm_shared_neon_uint64x2_t uu____16 = - xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_arm_shared_neon_uint64x2_t uu____17 = - xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_arm_shared_neon_uint64x2_t uu____18 = - xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_arm_shared_neon_uint64x2_t uu____19 = - xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_arm_shared_neon_uint64x2_t uu____20 = - xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_arm_shared_neon_uint64x2_t uu____21 = - xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_arm_shared_neon_uint64x2_t uu____22 = - xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_arm_shared_neon_uint64x2_t uu____23 = - xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_arm_shared_neon_uint64x2_t uu____24 = - xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_arm_shared_neon_uint64x2_t uu____25 = - xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_arm_shared_neon_uint64x2_t uu____26 = - xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_arm_shared_neon_uint64x2_t uu____27 = - xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - core_core_arch_arm_shared_neon_uint64x2_t old[5U][5U]; - memcpy(old, s->st, - (size_t)5U * sizeof(core_core_arch_arm_shared_neon_uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 + A portable SHA3 512 implementation. */ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); -} - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 + A portable SHA3 256 implementation. */ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); -} - void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} + Run SHAKE256 on both inputs in parallel. -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 + Writes the two results into `out0` and `out1` */ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 + Initialise the `KeccakState2`. */ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); -} - -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); -} - -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ -static KRML_MUSTINLINE void load_block_3c1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); -} - -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. */ -static KRML_MUSTINLINE void store_block_2f1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); -} - -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, - Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. */ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 + A portable SHA3 224 implementation. */ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); -} - KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - core_core_arch_arm_shared_neon_uint64x2_t uvec = - libcrux_intrinsics_arm64__vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { - core_core_arch_arm_shared_neon_uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_arm_shared_neon_uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - core_core_arch_arm_shared_neon_uint64x2_t v0 = - libcrux_intrinsics_arm64__vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - core_core_arch_arm_shared_neon_uint64x2_t v1 = - libcrux_intrinsics_arm64__vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2( - core_core_arch_arm_shared_neon_uint64x2_t (*s)[5U], uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903( - core_core_arch_arm_shared_neon_uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 + A portable SHA3 384 implementation. */ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); -} - KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index ee848eab4..d51dea3a7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 0576bfc67e99aae86c51930421072688138b672b + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_sha3_neon_H @@ -20,43 +20,67 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" /** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t + A portable SHA3 512 implementation. */ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - core_core_arch_arm_shared_neon_uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -libcrux_sha3_generic_keccak_KeccakState_fc +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + +/** + Initialise the `KeccakState2`. +*/ +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 614fdb4fe..3ae4c6980 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 0576bfc67e99aae86c51930421072688138b672b +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 22a1ced03239d28794aa8f9c32340e861ae5f749 +Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 60279cc30..36884a1f4 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_94( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_69( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_20(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_0e(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -270,7 +270,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_98(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_67(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -286,7 +286,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_78(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_ea(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -316,7 +316,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_25(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_58(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -333,7 +333,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_50( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_fe( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -419,7 +419,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_74( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ef( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 92ba5de0b..e931ae78c 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 95df2b794..40d43cacf 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem768_avx2_H @@ -47,53 +47,55 @@ typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { +libcrux_ml_kem_vector_avx2_vec_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( - void) { - return libcrux_ml_kem_vector_avx2_zero(); +static KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ZERO_09(void) { + return libcrux_ml_kem_vector_avx2_vec_zero(); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { +libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); +libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); + int16_t result[16U]; + memcpy(result, output, (size_t)16U * sizeof(int16_t)); + memcpy(ret, result, (size_t)16U * sizeof(int16_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( +static inline void libcrux_ml_kem_vector_avx2_to_i16_array_09( core_core_arch_x86___m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); + libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); } KRML_ATTRIBUTE_TARGET("avx2") @@ -105,10 +107,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_09( core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } @@ -122,10 +124,10 @@ libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_09( core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } @@ -140,11 +142,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, +libcrux_ml_kem_vector_avx2_multiply_by_constant_09(core_core_arch_x86___m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } @@ -159,11 +161,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( core_core_arch_x86___m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); @@ -189,11 +191,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( +libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -227,11 +229,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_ea( +libcrux_ml_kem_vector_avx2_barrett_reduce_09( core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } @@ -260,11 +262,11 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( core_core_arch_x86___m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); @@ -297,11 +299,11 @@ libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { +libcrux_ml_kem_vector_avx2_compress_1_09(core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } @@ -362,11 +364,11 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( +libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, @@ -392,11 +394,11 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( +libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } @@ -445,11 +447,11 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( +libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } @@ -485,11 +487,11 @@ libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( +libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( @@ -526,11 +528,11 @@ libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( +libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); @@ -560,11 +562,11 @@ libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( +libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } @@ -676,11 +678,11 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, +libcrux_ml_kem_vector_avx2_ntt_multiply_09(core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { @@ -710,10 +712,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( +static inline void libcrux_ml_kem_vector_avx2_serialize_1_09( core_core_arch_x86___m256i vector, uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } @@ -755,11 +757,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } @@ -808,10 +810,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( +static inline void libcrux_ml_kem_vector_avx2_serialize_4_09( core_core_arch_x86___m256i vector, uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } @@ -858,11 +860,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } @@ -922,10 +924,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( +static inline void libcrux_ml_kem_vector_avx2_serialize_5_09( core_core_arch_x86___m256i vector, uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } @@ -982,11 +984,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } @@ -1046,10 +1048,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( +static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( core_core_arch_x86___m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } @@ -1100,11 +1102,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } @@ -1124,10 +1126,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( +static inline void libcrux_ml_kem_vector_avx2_serialize_11_09( core_core_arch_x86___m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } @@ -1145,11 +1147,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } @@ -1209,10 +1211,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( +static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( core_core_arch_x86___m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } @@ -1263,11 +1265,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1325,10 +1327,10 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_ea( +static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( Eurydice_slice input, Eurydice_slice output) { return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } @@ -1356,22 +1358,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_polynomial_ZERO_20_d5(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_09(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_09(); return lit; } @@ -1383,7 +1385,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_52(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5d(size_t _) { return libcrux_ml_kem_polynomial_ZERO_20_d5(); } @@ -1395,7 +1397,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_20( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -1404,7 +1406,7 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); } return re; } @@ -1416,7 +1418,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_db( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1434,7 +1436,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_db( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_20( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1467,7 +1469,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_6b(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c5(size_t _) { return libcrux_ml_kem_polynomial_ZERO_20_d5(); } @@ -1479,7 +1481,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_92( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1535,19 +1537,19 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f2( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_92( vector); } @@ -1559,7 +1561,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_95( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_8a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -1574,9 +1576,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_95( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f2( coefficient); } return re; @@ -1590,7 +1592,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_920( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1646,19 +1648,19 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c0( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f20( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_920( vector); } @@ -1670,7 +1672,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -1680,9 +1682,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_f5( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f20( coefficient); } return re; @@ -1696,9 +1698,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6b( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7d( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_95(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8a(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1716,7 +1718,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55( core_core_arch_x86___m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } /** @@ -1732,8 +1734,8 @@ libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, int16_t zeta_r) { core_core_arch_x86___m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); + a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -1782,7 +1784,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_45( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); } @@ -1801,7 +1803,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -1823,7 +1825,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_83( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + @@ -1853,7 +1855,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + libcrux_ml_kem_vector_avx2_barrett_reduce_09(self->coefficients[i0]); } } @@ -1864,7 +1866,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_41( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, @@ -1891,7 +1893,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c0( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_54( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1916,16 +1918,12 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c0( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6b( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7d( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_41(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_05(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - result, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1937,7 +1935,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_921( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1993,19 +1991,19 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c1( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f21( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_921( vector); } @@ -2017,7 +2015,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_11( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -2027,9 +2025,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_11( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f21( coefficient); } return re; @@ -2043,7 +2041,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_922( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2099,19 +2097,19 @@ libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c2( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f22( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9c2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_922( vector); } @@ -2123,7 +2121,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_00( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_8e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -2132,9 +2130,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_00( size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_1b2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f22( re.coefficients[i0]); } return re; @@ -2148,9 +2146,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_29( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_96( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_11(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c1(serialized); } /** @@ -2173,7 +2171,7 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_41( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09( &self->coefficients[i0], &rhs->coefficients[i0], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + (size_t)4U * i0], @@ -2211,7 +2209,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_87( core_core_arch_x86___m256i); i++) { size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( self->coefficients[i0], &rhs->coefficients[i0]); } } @@ -2223,14 +2221,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_62( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_29( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -2250,14 +2248,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - @@ -2273,14 +2271,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); } @@ -2294,13 +2292,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_75( +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + libcrux_ml_kem_vector_avx2_sub_09(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_add_09(a, &b)); b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); @@ -2314,7 +2312,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2329,7 +2327,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_75( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2347,20 +2345,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_62(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_8e(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_29(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_bc(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_f8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); } @@ -2377,17 +2375,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_86( +libcrux_ml_kem_polynomial_subtract_reduce_20_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0], &coefficient_normal_form)); } return b; @@ -2401,7 +2399,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_6d( +libcrux_ml_kem_matrix_compute_message_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2414,8 +2412,8 @@ libcrux_ml_kem_matrix_compute_message_6d( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_86(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_ee(v, result); return result; } @@ -2426,7 +2424,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7a( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_81( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2434,18 +2432,18 @@ libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7a( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_3e( +libcrux_ml_kem_vector_avx2_shift_right_09_da( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7a(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_81(vector); } /** @@ -2459,11 +2457,11 @@ static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_3e(a); + libcrux_ml_kem_vector_avx2_shift_right_09_da(a); core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); + return libcrux_ml_kem_vector_avx2_add_09(a, &fm); } /** @@ -2474,7 +2472,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_ee( +libcrux_ml_kem_serialize_compress_then_serialize_message_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2483,9 +2481,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_ee( libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); Eurydice_slice_copy( @@ -2505,20 +2503,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_28( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c0(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_54(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_29( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_96( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_6d(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_2c(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_ee(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_b8(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2533,11 +2531,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_fe(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_db(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_a1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2549,7 +2547,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_fe(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_28(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2603,12 +2601,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_00( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_87( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_20_d5(); } @@ -2621,7 +2618,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -2631,9 +2628,9 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } return re; } @@ -2642,12 +2639,11 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -2665,7 +2661,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( ring_element); deserialized_pk[i0] = uu____0; } @@ -2856,7 +2852,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( Eurydice_slice uu____0 = Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -2990,7 +2986,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( Eurydice_slice uu____0 = Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -3032,7 +3028,7 @@ libcrux_ml_kem_polynomial_from_i16_array_20_10(Eurydice_slice a) { i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2( a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; @@ -3421,12 +3417,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_64( for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + libcrux_ml_kem_vector_avx2_multiply_by_constant_09( re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + libcrux_ml_kem_vector_avx2_add_09(re->coefficients[j], &t); } } @@ -3514,7 +3510,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_9a(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_4b(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_20_d5(); } @@ -3528,7 +3524,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_4f(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3606,7 +3602,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_b9(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_20_d5(); } @@ -3621,17 +3617,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_44( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); } } @@ -3643,7 +3639,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3675,8 +3671,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_44(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_b1(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3696,9 +3692,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_0c(core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), +libcrux_ml_kem_vector_traits_decompress_1_14(core_core_arch_x86___m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), (int16_t)1665); } @@ -3711,18 +3707,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_bb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_48( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_20_d5(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( + libcrux_ml_kem_vector_avx2_deserialize_1_09( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_0c(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_14(coefficient_compressed); } return re; } @@ -3739,7 +3735,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_d5( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_24( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3747,14 +3743,14 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_20_d5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_09( self->coefficients[i0], &message->coefficients[i0]); core_core_arch_x86___m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); } return result; } @@ -3767,7 +3763,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_32( +libcrux_ml_kem_matrix_compute_ring_element_v_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3781,8 +3777,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_32( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8e(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_d5( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_24( error_2, message, result); return result; } @@ -3795,7 +3791,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_88( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3854,17 +3850,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_c0(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_09_9c(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_88( vector); } @@ -3876,18 +3872,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_fd( +libcrux_ml_kem_serialize_compress_then_serialize_10_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_c0( + libcrux_ml_kem_vector_avx2_compress_09_9c( libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re->coefficients[i0])); uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( @@ -3904,7 +3900,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_880( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3963,17 +3959,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_c00(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_09_9c0(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_880( vector); } @@ -3985,18 +3981,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e6( +libcrux_ml_kem_serialize_compress_then_serialize_11_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_c00( + libcrux_ml_kem_vector_avx2_compress_09_9c0( libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re->coefficients[i0])); uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( @@ -4014,10 +4010,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_71( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_610( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_fd(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_43(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4031,7 +4027,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_7a( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4047,8 +4043,8 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_7a( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_71(&re, - ret); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_610(&re, + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -4062,7 +4058,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_881( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4121,17 +4117,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_c01(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_09_9c1(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_881( vector); } @@ -4152,11 +4148,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_f8( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_c01( + libcrux_ml_kem_vector_avx2_compress_09_9c1( libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re.coefficients[i0])); uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), @@ -4172,7 +4168,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_882( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4231,17 +4227,17 @@ libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} +libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ /** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_c02(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_09_9c2(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_882( vector); } @@ -4253,7 +4249,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_11( +libcrux_ml_kem_serialize_compress_then_serialize_5_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4262,11 +4258,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_11( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_c02( + libcrux_ml_kem_vector_avx2_compress_09_9c2( libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re.coefficients[i0])); uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t), @@ -4283,7 +4279,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_07( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { libcrux_ml_kem_serialize_compress_then_serialize_4_f8(re, out); } @@ -4306,7 +4302,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4324,7 +4320,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_99( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_4f( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4339,27 +4335,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a( libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_7b(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_4f(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_bb( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_48( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_32( + libcrux_ml_kem_matrix_compute_ring_element_v_41( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_7a( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_07( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4383,12 +4379,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_de(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4430,7 +4426,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_de(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4447,7 +4443,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_35( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -4478,7 +4474,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_c8( +static inline void libcrux_ml_kem_ind_cca_decapsulate_99( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4496,7 +4492,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c8( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_fe(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4520,7 +4516,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c8( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -4531,18 +4527,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c8( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_de(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_5a( + libcrux_ml_kem_ind_cca_kdf_43_35( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_5a(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_35(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4574,10 +4570,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_c9( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c8(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_99(private_key, ciphertext, ret); } /** @@ -4591,7 +4587,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_c9(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a(private_key, ciphertext, ret); } @@ -4651,11 +4647,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_c6( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_1b( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_28( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4685,7 +4681,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_c6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -4697,11 +4693,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_c6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4738,10 +4734,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_c9( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_c6(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8(key_pair, ciphertext, ret); } @@ -4756,7 +4752,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_c9( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( private_key, ciphertext, ret); } @@ -4771,7 +4767,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_dd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a5( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4813,11 +4809,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_dd( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_a5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4828,7 +4824,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_50(public_key), + libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4843,20 +4839,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_de(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_5a(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_35(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4889,14 +4885,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_3c( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6d(uu____0, copy_of_randomness); } /** @@ -4914,7 +4910,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_3c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( uu____0, copy_of_randomness); } @@ -4937,7 +4933,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_96( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4965,7 +4961,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_96( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5a(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4975,7 +4971,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_96( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5009,7 +5005,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_e7( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5017,7 +5013,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_e7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_96( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e6( uu____0, copy_of_randomness); } @@ -5038,7 +5034,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_e7( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( uu____0, copy_of_randomness); } @@ -5077,7 +5073,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_traits_to_standard_domain_f0( core_core_arch_x86___m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -5102,8 +5098,8 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a5( core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_traits_to_standard_domain_f0( self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( + libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); } } @@ -5265,7 +5261,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_d7( libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( re->coefficients[i0]); uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( @@ -5304,9 +5300,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a8( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - uint8_t result[1152U]; - memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } /** @@ -5318,7 +5312,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -5350,13 +5344,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_54(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_4f(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_fb( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; @@ -5386,7 +5380,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_17( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5442,7 +5436,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_3f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_11(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5451,13 +5445,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_3f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_54(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_4f(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_17( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9a( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5466,13 +5460,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_3f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_98( - uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_67( + uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); } /** @@ -5488,12 +5482,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c4( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_3f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_11(copy_of_randomness); } /** @@ -5505,7 +5499,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_c4( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( copy_of_randomness); } @@ -5524,7 +5518,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_35( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_39( size_t _j) { return libcrux_ml_kem_polynomial_ZERO_20_d5(); } @@ -5544,7 +5538,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_df( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_9b( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); @@ -5563,7 +5557,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_77( +libcrux_ml_kem_polynomial_clone_3a_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5589,7 +5583,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5606,7 +5600,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_df(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_9b(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5614,7 +5608,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_77(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_47(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5626,7 +5620,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_fb( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5681,12 +5675,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_8f( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_fd( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( copy_of_randomness); } @@ -5700,7 +5694,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_8f( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( copy_of_randomness); } @@ -5716,7 +5710,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_e5( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5727,7 +5721,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_64( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_94(ciphertext), + libcrux_ml_kem_types_as_slice_a8_69(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5761,7 +5755,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_c80( +static inline void libcrux_ml_kem_ind_cca_decapsulate_990( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5779,7 +5773,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c80( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_fe(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5803,7 +5797,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c80( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -5814,18 +5808,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c80( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_de(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_64( + libcrux_ml_kem_ind_cca_kdf_6c_e5( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_64(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_e5(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5861,10 +5855,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_58( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c80(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_990(private_key, ciphertext, ret); } /** @@ -5878,7 +5872,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_58( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( private_key, ciphertext, ret); } @@ -5893,7 +5887,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_76( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); } @@ -5918,11 +5912,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_76( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5933,7 +5927,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_50(public_key), + libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5948,20 +5942,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_de(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_64(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_e5(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5997,14 +5991,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_17( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6d0(uu____0, copy_of_randomness); } /** @@ -6022,60 +6016,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_17( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( uu____0, copy_of_randomness); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_000( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); - } - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b4( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6085,16 +6029,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_00( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_15( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_bd0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_37( + libcrux_ml_kem_ind_cpa_serialize_public_key_fb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6113,9 +6057,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_25( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_00(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_15(public_key); } /** @@ -6128,7 +6072,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_25( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); @@ -6140,10 +6084,10 @@ libcrux_ml_kem_mlkem768_avx2_validate_public_key( /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( +static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_78( core_core_arch_x86___m256i *self) { return self[0U]; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 2eb68823f..4ac1f96bf 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_mlkem768_portable_H @@ -1086,11 +1086,10 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( #define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER \ ((int32_t)20159) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT ((int32_t)26) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT ((int32_t)26) -#define LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R \ - ((int32_t)1 << (uint32_t) \ - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +#define LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R \ + ((int32_t)1 << (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT) /** Signed Barrett Reduction @@ -1110,11 +1109,9 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_MULTIPLIER + - (LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_R >> 1U); + (LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_R >> 1U); int16_t quotient = - (int16_t)(t >> - (uint32_t) - LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT); + (int16_t)(t >> (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_BARRETT_SHIFT); return value - quotient * LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; } @@ -2474,7 +2471,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_00(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b7(size_t _) { return libcrux_ml_kem_polynomial_ZERO_20_39(); } @@ -2485,7 +2482,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a7( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_f5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -2507,7 +2504,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a8( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2525,7 +2522,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a7( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_f5( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2557,7 +2554,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_20(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ab(size_t _) { return libcrux_ml_kem_polynomial_ZERO_20_39(); } @@ -2606,7 +2603,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_e5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_3e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -2677,7 +2674,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_a2( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_26( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -2703,9 +2700,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_8e( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_e5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3e(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2873,7 +2870,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_7a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U, @@ -2899,7 +2896,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_74( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dd( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2924,16 +2921,12 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_74( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_8e( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_7a(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_31(&u_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - result, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, + ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2982,7 +2975,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_8b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_7f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -3046,7 +3039,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_a5( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_d7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -3072,9 +3065,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_3e( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_8b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_7f(serialized); } /** @@ -3149,7 +3142,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a0( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3175,7 +3168,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_87( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3197,7 +3190,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_eb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3219,7 +3212,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_2c( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_70( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3240,7 +3233,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3255,7 +3248,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_2c( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_70( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3272,20 +3265,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a0(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_c5(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_0d(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_87(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_eb(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_dc(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); } @@ -3301,7 +3294,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_17( +libcrux_ml_kem_polynomial_subtract_reduce_20_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3327,7 +3320,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_a6( +libcrux_ml_kem_matrix_compute_message_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3340,8 +3333,8 @@ libcrux_ml_kem_matrix_compute_message_a6( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_17(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_78(v, result); return result; } @@ -3400,7 +3393,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_99( +libcrux_ml_kem_serialize_compress_then_serialize_message_db( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3432,20 +3425,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_d3( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_74(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dd(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_3e( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_a6(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_c2(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3459,11 +3452,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_28(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_6d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_5d(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_a8(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3475,7 +3468,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_28(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_d3(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_89(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3526,11 +3519,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_df( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_af( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_20_39(); } @@ -3542,7 +3534,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -3564,11 +3556,10 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -3586,7 +3577,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( ring_element); deserialized_pk[i0] = uu____0; } @@ -4403,7 +4394,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_e6(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_20_39(); } @@ -4417,7 +4408,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_56(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bd(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4492,7 +4483,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_37(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_9a(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_20_39(); } @@ -4506,7 +4497,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4530,7 +4521,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_03( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_63( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4562,8 +4553,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_03( libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_a1(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_8e(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4582,7 +4573,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_8a( +libcrux_ml_kem_vector_traits_decompress_1_db( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4597,7 +4588,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_24( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_11( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -4610,7 +4601,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_24( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_8a(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_db(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4627,7 +4618,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_41( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_47( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4657,7 +4648,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_5a( +libcrux_ml_kem_matrix_compute_ring_element_v_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4671,8 +4662,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_5a( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_03(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_41( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_47( error_2, message, result); return result; } @@ -4718,7 +4709,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_e8( +libcrux_ml_kem_serialize_compress_then_serialize_10_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4779,7 +4770,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_42( +libcrux_ml_kem_serialize_compress_then_serialize_11_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4807,10 +4798,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_21( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_e8(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_6a(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4823,7 +4814,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_44( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4839,7 +4830,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_21(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4887,7 +4878,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_8c( +libcrux_ml_kem_serialize_compress_then_serialize_4_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4949,7 +4940,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_7e( +libcrux_ml_kem_serialize_compress_then_serialize_5_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4978,9 +4969,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_eb( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_8c(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_4f(re, out); } /** @@ -5001,7 +4992,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5019,7 +5010,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_56( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bd( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5034,27 +5025,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b( libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_03(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_63(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_24( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_11( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_5a( + libcrux_ml_kem_matrix_compute_ring_element_v_99( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e6( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_44( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_eb( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7b( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5078,12 +5069,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0c(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_cc(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5125,7 +5116,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0c(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5141,7 +5132,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_c9( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -5171,7 +5162,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_81( +static inline void libcrux_ml_kem_ind_cca_decapsulate_96( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5189,7 +5180,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_81( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_28(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_6d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5213,7 +5204,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_81( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -5224,18 +5215,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_81( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_cc(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a( + libcrux_ml_kem_ind_cca_kdf_43_c9( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_c9(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5267,10 +5258,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_27( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c8( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_96(private_key, ciphertext, ret); } /** @@ -5283,7 +5274,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_27( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_27( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c8( private_key, ciphertext, ret); } @@ -5343,11 +5334,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_93( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cd( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_d3( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5377,7 +5368,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_93( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -5389,11 +5380,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_93( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5429,10 +5420,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_b7( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_93(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cd(key_pair, ciphertext, ret); } @@ -5446,7 +5437,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_b7( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_b7( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_d4( private_key, ciphertext, ret); } @@ -5460,7 +5451,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_41( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_cd( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5500,11 +5491,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_41( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_cd( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5515,7 +5506,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_50(public_key), + libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5530,20 +5521,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_cc(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_c9(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5575,14 +5566,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fa( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cf( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9f(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_be(uu____0, copy_of_randomness); } /** @@ -5599,7 +5590,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fa( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cf( uu____0, copy_of_randomness); } @@ -5622,7 +5613,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b9( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5650,7 +5641,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b9( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_5b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5660,7 +5651,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b9( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5693,7 +5684,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_e4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_46( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5701,7 +5692,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_e4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b9( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b2( uu____0, copy_of_randomness); } @@ -5721,7 +5712,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_e4( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_46( uu____0, copy_of_randomness); } @@ -5984,9 +5975,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_c1( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - uint8_t result[1152U]; - memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } /** @@ -5997,7 +5986,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_f9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -6029,13 +6018,13 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_80(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_d7(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f9( + libcrux_ml_kem_ind_cpa_serialize_public_key_4c( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; @@ -6064,7 +6053,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_32( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ee( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6120,7 +6109,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6129,13 +6118,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_80(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_d7(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_32( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ee( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6144,13 +6133,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_bb(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_78(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_98( - uu____2, libcrux_ml_kem_types_from_07_20(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_67( + uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); } /** @@ -6166,12 +6155,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ca( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_99( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_bb(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_9a(copy_of_randomness); } /** @@ -6182,7 +6171,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ca( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_99( copy_of_randomness); } @@ -6201,7 +6190,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_0a( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_f5( size_t _j) { return libcrux_ml_kem_polynomial_ZERO_20_39(); } @@ -6221,7 +6210,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_5f( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_39( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); @@ -6239,7 +6228,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_10( +libcrux_ml_kem_polynomial_clone_3a_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6267,7 +6256,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6284,7 +6273,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_5f(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_39(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6292,7 +6281,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_10(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_51(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6304,7 +6293,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f9( + libcrux_ml_kem_ind_cpa_serialize_public_key_4c( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6358,12 +6347,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_5a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( copy_of_randomness); } @@ -6376,7 +6365,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_e1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_5a( copy_of_randomness); } @@ -6391,7 +6380,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_fb( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6402,7 +6391,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_da( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_94(ciphertext), + libcrux_ml_kem_types_as_slice_a8_69(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6435,7 +6424,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_810( +static inline void libcrux_ml_kem_ind_cca_decapsulate_960( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6453,7 +6442,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_810( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_28(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_6d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6477,7 +6466,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_810( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -6488,18 +6477,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_810( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_cc(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da( + libcrux_ml_kem_ind_cca_kdf_6c_fb( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_fb(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_74(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6535,10 +6524,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_3e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_960(private_key, ciphertext, ret); } /** @@ -6551,7 +6540,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_3e( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_3e( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_5b( private_key, ciphertext, ret); } @@ -6565,7 +6554,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_3c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c6( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } @@ -6589,11 +6578,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_3c( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c6( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6604,7 +6593,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_50(public_key), + libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6619,20 +6608,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9f0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_50(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0c(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_cc(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_25(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_da(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_fb(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6668,14 +6657,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8c( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9f0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_be0(uu____0, copy_of_randomness); } /** @@ -6692,58 +6681,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_8c( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5a( uu____0, copy_of_randomness); } -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_df0( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); - } - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_d4( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6752,16 +6693,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_b9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c9( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_cc0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f9( + libcrux_ml_kem_ind_cpa_serialize_public_key_4c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6779,9 +6720,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_0f( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_b9(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); } /** @@ -6793,7 +6734,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_0f( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 72126756e..e563787cd 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 5b62d6191..fc4a166a5 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 0576bfc67e99aae86c51930421072688138b672b * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 3ed3c98d39ce028c31c5908a38bc68ad5098f563 - * Libcrux: 5cc4b70a624527733049367b7fa90e15047c47c7 + * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 + * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 65c11e4e9..312bea76b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -37,20 +37,6 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = _super_11581440318597584651 = FStar.Tactics.Typeclasses.solve; _super_9442900250278684536 = FStar.Tactics.Typeclasses.solve; _super_8706949974463268012 = FStar.Tactics.Typeclasses.solve; - f_to_i16_array_pre - = - (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_to_i16_array_post - = - (fun - (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array i16 (sz 16)) - -> - out == impl.f_repr x); - f_to_i16_array - = - (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x); f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = @@ -67,6 +53,20 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_from_i16_array = (fun (array: t_Slice i16) -> Libcrux_ml_kem.Vector.Portable.Vector_type.from_i16_array array); + f_to_i16_array_pre + = + (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + f_to_i16_array_post + = + (fun + (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (out: t_Array i16 (sz 16)) + -> + out == impl.f_repr x); + f_to_i16_array + = + (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x); f_add_pre = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index bd1772c8c..3b7aa112e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -16,19 +16,6 @@ class t_Operations (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_11581440318597584651:Core.Marker.t_Copy v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_9442900250278684536:Core.Clone.t_Clone v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_8706949974463268012:t_Repr v_Self; - f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; - f_to_i16_array_post:x: v_Self -> result: t_Array i16 (sz 16) - -> pred: Type0{pred ==> f_repr x == result}; - f_to_i16_array:x0: v_Self - -> Prims.Pure (t_Array i16 (sz 16)) - (f_to_i16_array_pre x0) - (fun result -> f_to_i16_array_post x0 result); - f_from_i16_array_pre:array: t_Slice i16 - -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; - f_from_i16_array_post:array: t_Slice i16 -> result: v_Self - -> pred: Type0{pred ==> f_repr result == array}; - f_from_i16_array:x0: t_Slice i16 - -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); f_ZERO_pre:x: Prims.unit -> pred: Type0 @@ -42,6 +29,19 @@ class t_Operations (v_Self: Type0) = { (let _:Prims.unit = x in f_repr result == Seq.create 16 0s) }; f_ZERO:x0: Prims.unit -> Prims.Pure v_Self (f_ZERO_pre x0) (fun result -> f_ZERO_post x0 result); + f_from_i16_array_pre:array: t_Slice i16 + -> pred: Type0{(Core.Slice.impl__len #i16 array <: usize) =. sz 16 ==> pred}; + f_from_i16_array_post:array: t_Slice i16 -> result: v_Self + -> pred: Type0{pred ==> f_repr result == array}; + f_from_i16_array:x0: t_Slice i16 + -> Prims.Pure v_Self (f_from_i16_array_pre x0) (fun result -> f_from_i16_array_post x0 result); + f_to_i16_array_pre:x: v_Self -> pred: Type0{true ==> pred}; + f_to_i16_array_post:x: v_Self -> result: t_Array i16 (sz 16) + -> pred: Type0{pred ==> f_repr x == result}; + f_to_i16_array:x0: v_Self + -> Prims.Pure (t_Array i16 (sz 16)) + (f_to_i16_array_pre x0) + (fun result -> f_to_i16_array_post x0 result); f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; f_add_post:lhs: v_Self -> rhs: v_Self -> result: v_Self -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( +. ) (f_repr lhs) (f_repr rhs)}; diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index db290ea88..9d2fb3c62 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -151,7 +151,6 @@ impl Operations for SIMD256Vector { } } - #[ensures(|result| fstar!("f_repr $result == Spec.MLKEM.Math.ntt_layer_step $a $zeta0..."))] fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 986543086..cf05ab802 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -96,7 +96,6 @@ impl Operations for PortableVector { decompress_ciphertext_coefficient::(v) } - #[ensures(|result| fstar!("f_repr $result == Spec.MLKEM.Math.ntt_layer_step $a $zeta0..."))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } From b934c24a10d55d801fd94a85abd96b1b3407b0a0 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 28 Aug 2024 13:49:57 +0200 Subject: [PATCH 159/348] wip --- Cargo.lock | 3 - Cargo.toml | 4 +- fstar-helpers/fstar-bitvec/RwLemmas.fst | 204 +----------------- fstar-helpers/fstar-bitvec/RwLemmas.js | 43 ---- fstar-helpers/fstar-bitvec/Tactics.Folds.fst | 82 +++++++ fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 58 +++++ .../fstar-bitvec/Tactics.MachineInts.fst | 57 +++-- fstar-helpers/fstar-bitvec/Tactics.Pow2.fst | 8 +- fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 148 +++++++++---- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 148 ++++++++++--- .../src/vector/portable/serialize.rs | 15 ++ 11 files changed, 429 insertions(+), 341 deletions(-) delete mode 100644 fstar-helpers/fstar-bitvec/RwLemmas.js create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Folds.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.GetBit.fst diff --git a/Cargo.lock b/Cargo.lock index 871b50375..c96329dd6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -701,7 +701,6 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,7 +710,6 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", @@ -724,7 +722,6 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index 26e8c50da..bbaf94942 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,8 +77,8 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -# hax-lib = { path = "/home/lucas/repos/hax/lib-proofs-bitvectors-additions/hax-lib" } -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { path = "/home/lucas/repos/hax/lib-proofs-bitvectors-additions/hax-lib" } +# hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/fstar-helpers/fstar-bitvec/RwLemmas.fst b/fstar-helpers/fstar-bitvec/RwLemmas.fst index a623c1a22..1fc1e00de 100644 --- a/fstar-helpers/fstar-bitvec/RwLemmas.fst +++ b/fstar-helpers/fstar-bitvec/RwLemmas.fst @@ -57,215 +57,15 @@ let deserialize_10_int (bytes: t_Array u8 (sz 10)) = let deserialize_10_int' (bytes: t_Array u8 (sz 10)): t_Array i16 (sz 8) = MkSeq.create8 (deserialize_10_int bytes) - -let compute_one_round (): Tac _ = - norm [ iota; zeta; reify_ - ; delta_namespace ["FStar"; "RwLemmas"; "MkSeq"] - ; primops; unmeta]; - print "compute_one_round: light norm done"; - norm_pow2 (); - print "compute_one_round: norm_pow2 done"; - Tactics.Seq.simplify_index_seq_of_list (); - print "compute_one_round: simplify_index_seq_of_list done"; - norm_machine_int (); - print "compute_one_round: norm_machine_int done"; - Tactics.Seq.norm_list_index (); - print "compute_one_round: norm_list_index done" - -let compute' (): Tac unit - = - let rec fixpoint (): Tac _ = - dump' "compute"; - let goal0 = cur_goal () in - compute_one_round (); - let goal1 = cur_goal () in - if not (term_eq goal0 goal1) then fixpoint () - in - print "compute': start"; - fixpoint (); - print "compute': done" - -let opts = "--using_facts_from '-* +Rust_primitives.BitVectors -+Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers.get_bit_and +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend' --fuel 0 --ifuel 0" - -let _split_forall_nat - (upper_bound: pos) - ($p: (i:nat{i < upper_bound}) -> Type0) - : Lemma (requires (if upper_bound = 0 then True - else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) - (ensures forall (i:nat{i < upper_bound}). p i) - = () - -let rec prove_forall_pointwise (tactic: unit -> Tac unit): Tac unit - = print ("prove_forall_pointwise: " ^ term_to_string (cur_goal ())); - apply_lemma (`_split_forall_nat); - trivial `or_else` (fun _ -> - if try norm [primops]; - split (); - true - with | e -> false - then ( - tactic (); - prove_forall_pointwise tactic - ) - ) - -// #push-options "--using_facts_from '+ -FStar.Seq +Rust_primitives -Core -Lib +Rust_primitives.BitVectors +Rust_primitives.Integers.get_bit_cast +Rust_primitives.Integers +Lib.IntTypes +Rust_primitives.Integers.get_bit_or +Rust_primitives.Integers.get_bit_shl +Rust_primitives.Integers.get_bit_shr +Rust_primitives.Integers.get_bit_cast_extend +FStar'" -#restart-solver - - -let get_bit_or_zero_left #t (x y: int_t t) (i: nat) - : Lemma (requires get_bit x i == 0) - (ensures get_bit (x |. y) i == get_bit y i) - [SMTPat (get_bit (x |. y) i)] - = get_bit_or x y i -let get_bit_or_zero_right #t (x y: int_t t) (i: nat) - : Lemma (requires get_bit y i == 0) - (ensures get_bit (x |. y) i == get_bit x i) - [SMTPat (get_bit (x |. y) i)] - = get_bit_or x y i - - + #push-options "--compat_pre_core 0" -// #push-options "--z3rlimit 100 --fuel 0 --ifuel 0" #push-options "--z3rlimit 80" let fff_ (bytes: t_Array u8 (sz 10)) x: unit = let bv1 = bit_vec_of_int_t_array bytes 8 in let out = deserialize_10_int' bytes in let bv2 = bit_vec_of_int_t_array out 10 in - // let lhs = ((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) < - Tactics.Seq.norm_list_index (); - dump' "Send to SMT"; - set_rlimit 80; - let _ = repeat clear_top in - focus smt_sync; - dump' "solved!"; - () - ) + Tactics.GetBit.prove_bit_vector_equality () ) #pop-options -#push-options "--compat_pre_core 0" -#push-options "--z3rlimit 80" -#push-options "--print_implicits" -let asdsd (bytes: t_Array u8 (sz 10)) - = let cast: u8 -> i16 = cast in - assert ( - eq2 #(bit) (get_bit #(Lib.IntTypes.U8) (FStar.Seq.Base.index #(Rust_primitives.Integers.int_t (Lib.IntTypes.U8)) (bytes) (2)) (sz (1))) (get_bit #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Bar_Dot #(Lib.IntTypes.S16) (Rust_primitives.Integers.op_Less_Less_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.Integers.op_Amp_Dot #(Lib.IntTypes.S16) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (2)))) (FStar.Int16.int_to_t (15))) (FStar.Int32.int_to_t (6))) (Rust_primitives.Integers.op_Greater_Greater_Bang #(Lib.IntTypes.S16) #(Lib.IntTypes.S32) (Rust_primitives.cast #(u8) #(i16) #(Rust_primitives.cast_tc_integers (Lib.IntTypes.U8) (Lib.IntTypes.S16)) (Core.Ops.op_String_Access #(Rust_primitives.Arrays.t_Array (u8) (sz (10))) #(usize) #(Rust_primitives.Hax.impl__index (u8) (sz (10)) (Rust_primitives.Integers.usize_inttype)) (bytes) (sz (1)))) (FStar.Int32.int_to_t (2)))) (sz (7))) - // get_bit ( - // ((cast bytes.[ sz 3 ] <: i16) &. 63s <: i16) <>! 4l - // ) (sz 5) - // == get_bit (cast bytes.[ sz 3 ] <: i16) (sz 0) - ) by ( - norm [iota; delta_only [`%( .[] ); `%Core.Ops.Index.Mkt_Index; `%Rust_primitives.Hax.impl__index; `%Core.Ops.Index.f_index]]; - Tactics.MachineInts.(transform norm_generic_machine_int_term); - solve_get_bit_equality (); - // print (term_to_string' (cur_goal())); - // smt_sync (); - fail "done" - ) - - - - - -let fff bytes x: unit = - assert ( - get_bit (Seq.index (deserialize_10_int' bytes) 0) (sz 3) - == get_bit (Seq.index bytes 0) (sz 3) - ) by ( - compute'' (); - smt_sync (); - // l_to_r [`rewrite_to_zero]; - // compute'' (); - // apply_lemma_rw - // l_to_r [`rw_rhs_bit_or_no_mask]; - fail "DONE"; - focus (tadmit) - ); - () - - - - - - -#push-options "--z3rlimit 80" -let rw_rhs_bit_or #t #u #shift_t - (lhs: int_t u) (rhs: int_t t) - (relevant_bits: nat {relevant_bits < bits t - (if unsigned t then 0 else 1)}) - (i: nat {i < bits u}) - (shift: nat {shift < bits u /\ Rust_primitives.Integers.range shift shift_t}) - : Lemma ( - let full = get_bit ( - lhs |. - ((cast (rhs &. mk_int (pow2 relevant_bits - 1)) <: int_t u) <= relevant_bits + shift || i < shift then get_bit lhs (sz i) else full) - ) - = if i >= relevant_bits + shift then ( - let i' = i - shift in - let mask: int_t t = mk_int (pow2 relevant_bits - 1) in - let a = rhs &. mask in - if i' < bits t then ( - get_bit_pow2_minus_one #t relevant_bits (sz i'); - get_bit_and rhs (mk_int (pow2 relevant_bits - 1)) (sz i') - ) else get_bit_cast_extend #t #u a (sz i'); - let a: int_t u = cast a in - get_bit_shl #u #shift_t a (mk_int shift) (sz i') - ) else if i < shift then () else () -#pop-options - -#push-options "--z3rlimit 80" -let rw_rhs_bit_or_no_mask #t #u #shift_t - (lhs: int_t u) (rhs: int_t t) - (i: nat {i < bits u}) - (shift: nat {shift < bits u /\ Rust_primitives.Integers.range shift shift_t}) - : Lemma ( - let full = get_bit ( - lhs |. ((cast rhs <: int_t u) <= shift then ( - let i' = i - shift in - let a = rhs in - let a: int_t u = cast a in - get_bit_shl #u #shift_t a (mk_int shift) (sz i') - ) else () -#pop-options - -#push-options "--z3rlimit 150" -let add_shift_zero #t #shift_t (x: int_t t) - : Lemma (x < x.trim()); - -let template = template_lines.join('\n'); - -let sizes = ['8', '16', '32', '64']; - -let replace = (str, from_size, to_sign, to_size) => - str - .replaceAll(`u${from_size}`, `${to_sign ? 'u' : 'i'}${to_size}`) - .replaceAll(`UInt${from_size}`, `${to_sign ? 'U' : ''}Int${to_size}`) - .replaceAll(`uint_to`, `${to_sign ? 'u' : ''}int_to`); - -let all = ""; -for(let n1 of sizes) { - for(let s1 of [true, false]) { - let s = template; - console.log({n1, s1}); - s = replace(s, 8, s1, n1); - all += s; - } -} - -let generated_lines = [...new Set(all.split('\n'))]; -let names = generated_lines.map(x => x.split(' ')[1]).filter(x => x); -let generated = generated_lines.filter(x => !template_lines.includes(x)).join('\n'); - -generated += '\nlet rw_integers_list0 = [' + names.map(n => '`' + n).join(';') + ']'; - -let before = lemmas - .split('// START GENERATED')[0]; - -let after = lemmas - .split('// END GENERATED')[1]; - -fs.writeFileSync('RwLemmas.fst', before + '// START GENERATED\n' + generated + '\n// END GENERATED' + after); - diff --git a/fstar-helpers/fstar-bitvec/Tactics.Folds.fst b/fstar-helpers/fstar-bitvec/Tactics.Folds.fst new file mode 100644 index 000000000..c5ead30b0 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Folds.fst @@ -0,0 +1,82 @@ +module Tactics.Folds + +open Core +module L = FStar.List.Tot +module S = FStar.Seq.Base +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Rust_primitives.Hax.Folds + +open Tactics.Utils + +// let unfold_fold_range +// (#acc_t: Type0) (#u: Lib.IntTypes.inttype) +// (start_: int_t u) +// (end_: int_t u) +// (inv: acc_t -> (i:int_t u{fold_range_wf_index start_ end_ false (v i)}) -> Type0) +// (init: acc_t {inv init start_}) +// (f: (acc:acc_t -> i:int_t u {v i <= v end_ /\ fold_range_wf_index start_ end_ true (v i) /\ inv acc i} +// -> acc':acc_t {(inv acc' (mk_int (v i + 1)))})) +// = if v start_ < v end_ +// then fold_range (start_ +! mk_int 1) end_ inv (f init start_) f +// else init + + +// #push-options "--z3rlimit 100" +// let unfold_fold_range +// (#acc_t: Type0) (#u: Lib.IntTypes.inttype) +// (start_: int_t u) +// (end_: int_t u) +// (inv: acc_t -> (i:int_t u{fold_range_wf_index start_ end_ false (v i)}) -> Type0) +// (init: acc_t {inv init start_}) +// (f: (acc:acc_t -> i:int_t u {v i <= v end_ /\ fold_range_wf_index start_ end_ true (v i) /\ inv acc i} +// -> acc':acc_t {(inv acc' (mk_int (v i + 1)))})) +// : Lemma ( fold_range start_ end_ inv init f +// == ( if v start_ < v end_ +// then +// fold_range (start_ +! mk_int 1) end_ inv (f init start_) f +// else init ) +// ) +// = admit () +// #pop-options + +// let expect_fold_range t +// = let?# (fr, [acc_t,_;u,_;start_,_;end_,_;inv,_;init,_;f,_]) = expect_app_n t 7 in +// let _ = expect_free_var fr (`%fold_range) in +// Some (acc_t, u, start_, end_, inv, init, f) + +// let make_fold_range_lemma (start_: nat) (end_: nat): Tac _ = +// let _ = tcut (quote (squash (forall acc_t u inv init f. +// fold_range #acc_t #u start_ end_ inv init f +// == fold_range #acc_t #u start_ end_ inv init f +// ))) in +// flip (); +// let acc_t = forall_intro () in +// let u = forall_intro () in +// let inv = forall_intro () in +// let init = forall_intro () in +// let f = forall_intro () in +// fail "xx"; +// let _ = rewrite_rhs () in +// flip (); +// focus (fun _ -> +// fail "xx"; +// apply_lemma_rw (`unfold_fold_range) +// ); +// () +// // rewrite_lhs +// // let aux start_ = + +// jlet _ = +// assert true by (make_fold_range_lemma 1 10) + +// in + + +// let tactic_fold_range t +// = let?# expect_fold_range _ = + diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst new file mode 100644 index 000000000..c1f191e01 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -0,0 +1,58 @@ +/// Provides tactics around `get_bit _ _ == get_bit _ _` goals +module Tactics.GetBit + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Tactics.Utils +open Tactics.Pow2 + +open BitVecEq {} +open Tactics.Seq {norm_index, tactic_list_index} + + +let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) + +/// Does one round of computation +let compute_one_round (): Tac _ = + norm [ iota; zeta; reify_ + ; delta_namespace ["FStar"; implode_qn (cur_module ()); "MkSeq"] + ; primops; unmeta]; + trace "compute_one_round: norm_pow2" norm_pow2; + trace "compute_one_round: norm_machine_int" norm_machine_int; + trace "compute_one_round: norm_index" norm_index + +/// Normalizes up to `get_bit` +let compute': unit -> Tac unit = goal_fixpoint compute_one_round + +private let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) + = let time0 = curms () in + let result = t x in + let time1 = curms () in + (result, time1 - time0) + +private let print_time prefix (t: 'a -> Tac 'b) (x: 'a): Tac 'b + = let (result, time) = time_tactic_ms t x in + print (prefix ^ string_of_int (time / 1000) ^ "." ^ string_of_int ((time/100)%10) ^ "s"); + result + +/// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) +let prove_bit_vector_equality' (): Tac unit = + norm [iota; primops; delta_only [`%bit_vec_of_int_t_array; `%FunctionalExtensionality.on]]; + norm [iota; primops; delta_namespace [implode_qn (cur_module ())]]; + compute_one_round (); + prove_forall_nat_pointwise (print_time "SMT solved the goal in " (fun _ -> + Tactics.Seq.norm_index_minimal (); + print ("Ask SMT: " ^ term_to_string (cur_goal ())); + set_rlimit 80; + let _ = repeat clear_top in + focus smt_sync + )) +let prove_bit_vector_equality (): Tac unit = + with_compat_pre_core 2 prove_bit_vector_equality' + diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst index 8306cbf99..85bb0bb78 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst @@ -1,3 +1,7 @@ +/// This module interprets machine integers terms that comes from +/// `FStar.[U]Int*` modules or from `Rust_primtiives.Integers` module. +/// It can then convert from and back those two representation, +/// normalize them, etc. module Tactics.MachineInts open FStar.Tactics.V2 @@ -8,21 +12,31 @@ open FStar.Option open Tactics.Utils module RI = Rust_primitives.Integers -/// The size of a machine int. +/// The size of a machine int type size = | PtrSize | Size of n:nat {match n with | 8 | 16 | 32 | 64 | 128 -> true | _ -> false} +/// The signedness of a machine int type signedness = | Signed | Unsigned +/// The operations we recognize on machine ints type machine_int_op = | MkInt | V +/// The AST of a machine int expression noeq type machine_int_term = - | Op { op: machine_int_op; native: bool; size: size; signedness: signedness; contents: machine_int_term } + /// Operations `mk_int` (aka `FStar.[U]Int*.[u]int_to_t`) and `v` + | Op { /// Which operation is it? + op: machine_int_op + /// Is that a generic (Rust_primitives.Integers) operation or a native one (FStar.[U]Int*)? + ; native: bool + ; size: size + ; signedness: signedness + ; contents: machine_int_term } + /// A (math) integer literal | Lit of int + /// An arbitrary term | Term of term -let x = `%FStar.UInt8.uint_to_t - /// Expect `n` to be a definition in a machine int namespace let expect_native_machine_int_ns (n: string): (option (signedness & size & string)) = match explode_qn n with @@ -42,11 +56,13 @@ let expect_native_machine_int_ns (n: string): (option (signedness & size & strin in Some (sign, size, def_name) | _ -> None +/// Given a sign and a size, produces the correct namespace `FStar.[U]Int*` let mk_native_machine_int_ns (sign: signedness) (size: size): option (list string) = let sign = match sign with | Signed -> "" | Unsigned -> "U" in let? size = match size with | PtrSize -> None | Size n -> Some (string_of_int n) in Some ["FStar"; sign ^ "Int" ^ size] +/// Interpret HACL*'s `inttype`s let expect_inttype t: Tac (option (signedness & size)) = let t = norm_term [iota; reify_; delta_namespace ["Rust_primitives.Integers"; "Lib.IntTypes"]; primops; unmeta] t in let?# t = expect_fvar t in @@ -65,15 +81,23 @@ let expect_inttype t: Tac (option (signedness & size)) | `%RI.usize_inttype -> Some (Unsigned, PtrSize) | _ -> None +/// Given a signedness and a size, creates a name `[ui]*_inttype` let mk_inttype_name (sign: signedness) (size: size): name = let sign = match sign with | Signed -> "i" | Unsigned -> "u" in let size = match size with | PtrSize -> "size" | Size n -> string_of_int n in ["Rust_primitives"; "Integers"; sign ^ size ^ "_inttype"] +/// Given a signedness and a size, creates a term `[ui]*_inttype` let mk_inttype (sign: signedness) (size: size): Tac term = pack (Tv_FVar (pack_fv (mk_inttype_name sign size))) -let rec term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = +/// Interprets a term as a machine int. This function always returns +/// something: when `t` is not a machine int expression we recognize, +/// it returns `Term t`. Below, `term_to_machine_int_term` returns an +/// option. +let rec term_to_machine_int_term' (t: term): Tac machine_int_term = + match term_to_machine_int_term'' t with | Some t -> t | None -> Term t +and term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = let t = norm_term [delta_only [(`%RI.sz); (`%RI.isz)]] t in match t with | Tv_Const (C_Int n) -> Some (Lit n) @@ -98,13 +122,13 @@ let rec term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = end | _ -> None -and term_to_machine_int_term' (t: term): Tac machine_int_term = - match term_to_machine_int_term'' t with | Some t -> t | None -> Term t - +/// Tries to interpret a term as a machine int let term_to_machine_int_term (t: term): Tac (option (t: machine_int_term {~(Term? t)})) = match term_to_machine_int_term' t with | Term _ -> None | t -> Some t +/// Transform a machine int AST into a term. Note that this doesn't +/// support native usize/isize (aka `FStar.SizeT`), whence the option. let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = match t with | Term t -> Some t @@ -126,6 +150,7 @@ let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = Some (mk_e_app f [contents]) | Lit n -> Some (pack (Tv_Const (C_Int n))) +/// An operation on a machine_int_term type operation = machine_int_term -> option machine_int_term /// Removes `mk_int (v ...)` or `v (mk_int ...)` when it's the same type @@ -141,6 +166,7 @@ let rec flatten_machine_int_term: operation = function end | _ -> None +/// Makes a machine int native or not let rec change_native_machine_int_term (native: bool): operation = function | Op x -> let contents = change_native_machine_int_term native x.contents in if x.native = native @@ -151,6 +177,7 @@ let rec change_native_machine_int_term (native: bool): operation = function | None -> x.contents}) | _ -> None +/// Combines two operation together let combine: operation -> operation -> operation = fun f g t -> match f t with | Some t -> (match g t with | Some t -> Some t | None -> Some t) @@ -169,11 +196,6 @@ let norm_machine_int_term = combine flatten_machine_int_term (change_native_mach /// (mk_int ...)`. let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) -let rw_v_mk_int_usize x - : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () -let rw_mk_int_v_usize x - : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () - /// Unfolds `mk_int` using `mk_int_equiv_lemma` let norm_mk_int () = let?# (lhs, _) = expect_lhs_eq_uvar () in @@ -185,11 +207,16 @@ let norm_mk_int () = let lemma = norm_term [primops; iota; delta; zeta] lemma in focus (fun _ -> apply_lemma_rw lemma - // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")) ); Some () | _ -> None +/// Lemmas to deal with the special case of usize +let rw_v_mk_int_usize x + : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () +let rw_mk_int_v_usize x + : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () + /// Rewrites `goal_lhs` into `machine_int`. This function expects the /// goal to be of the shape ` == (?...)`, where `` /// is a machine int. Do not call this function directly. @@ -213,6 +240,8 @@ let _rewrite_to (goal_lhs: term) (eq_type: typ) (machine_int: machine_int_term): apply_lemma_rw rw )) +/// Rewrites a goal deeply, replacing every machine integer expression +/// `x` by `f x` (when it is `Some _`). let transform (f: machine_int_term -> option machine_int_term): Tac unit = pointwise' (fun _ -> match revert_if_none (fun _ -> diff --git a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst index 0bd0c5918..9f6ee1f0f 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst @@ -1,14 +1,17 @@ +/// Provides tools to normalize `pow2` module Tactics.Pow2 open Core open Tactics.Utils open FStar.Tactics.V2 +/// Expects `t` to be of the shape `pow2 n`, with `n` a literal, returns n let expect_pow2_literal t: Tac (option int) = let?# (f, [x, _]) = expect_app_n t 1 in let?# () = expect_free_var f (`%pow2) in expect_int_literal x +/// Expects `t` to be of the shape `pow2 n - 1`, with `n` a literal, returns n let expect_pow2_minus_one_literal t: Tac (option int) = let?# (f, [x, _; y, _]) = expect_app_n t 2 in let?# () = expect_free_var f (`%op_Subtraction) in @@ -25,6 +28,7 @@ let norm_pow2 (): Tac unit = Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in trefl ()) +/// Inverse of `pow2` let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) = if n = 0 then None else if n = 1 then Some 0 @@ -33,8 +37,7 @@ let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) | Some n -> Some (1 + n) | None -> None -let lemma_of_refinement #t #p (n: t {p n}): Lemma (p n) = () - +/// Rewrite integers in the goal into `pow2 _ - 1` whenever possible let rewrite_pow2_minus_one () = pointwise (fun () -> match let?# (t, _) = expect_lhs_eq_uvar () in @@ -50,5 +53,6 @@ let rewrite_pow2_minus_one () = with None -> trefl () | _ -> () ) +// Test let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) by (norm_pow2 (); trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 5e6b9f66e..1e8ba7372 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -2,6 +2,7 @@ module Tactics.Seq open Core module L = FStar.List.Tot +module S = FStar.Seq.Base open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable @@ -11,51 +12,112 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 -let rw_seq_index_list #t (l: list t) i - : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) +(*** Rewrite lemmas *) +private let rw_seq_index_list #t (l: list t) i + : Lemma (S.index (S.seq_of_list l) i == FStar.List.Tot.index l i) = () - -private let unfold_index_lemma (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) - : Lemma ( FStar.List.Tot.index #a l i - == Pervasives.norm [iota; primops] (let hd::tl = l in - if i = 0 then hd else List.Tot.index tl (i - 1))) +private let rw_index_slice #typ (s: S.seq typ) i j n: Lemma (S.index (S.slice s i j) n == S.index s (normalize_term (i + n))) + = () +private let rw_index_upd s n v i + : Lemma (S.index (S.upd s n v) i == (if n = i then v else S.index s i)) = () -private exception DoRefl -private exception StopNormIndex -let norm_list_index (): Tac unit = - let _ = repeat (fun _ -> - lset "found" false; - pointwise (fun _ -> - (fun () -> - match let?# (t, _) = expect_lhs_eq_uvar () in - let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%FStar.List.Tot.index) in - let?# n = expect_int_literal index in - apply_lemma_rw (`unfold_index_lemma); - lset "found" true; - Some () - with | Some () -> () | _ -> raise DoRefl - ) `or_else` trefl); - if lget "found" then () else raise StopNormIndex) in () - -let _ = assert (L.index [1;2;3;4;5;6] 3 == 4) by (norm_list_index(); trefl ()) - -let expect_seq_of_list t - = let?# (f, [_; _]) = expect_app_n t 2 in - expect_free_var f (`%Seq.Base.seq_of_list) - -let simplify_index_seq_of_list () = - pointwise (fun _ -> - match let?# (t, _) = expect_lhs_eq_uvar () in - let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in - let?# () = expect_free_var f (`%Seq.Base.index) in - let?# _ = expect_seq_of_list l in - (fun _ -> apply_lemma_rw (`rw_seq_index_list)) `or_else` trefl; - Some () - with | None -> trefl () | _ -> () - ) +/// A version of `L.index` to mark specific instances we want to normalize. +let rec index_to_normalize #a (l: list a) (i:nat{i < L.length l}): Tot a + = let hd::tl = l in + if i = 0 then hd else index_to_normalize tl (i - 1) + +private let rec rw_index_to_index_to_normalize #a (l: list a) (i:nat{i < L.length l}) + : Lemma (L.index #a l i == index_to_normalize #a l i) + = if i = 0 then () else rw_index_to_index_to_normalize (L.tl l) (i - 1) + + +(*** Tactics that apply those lemmas only if needed *) +let tactic_list_index () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`rw_index_to_index_to_normalize); + Some () + +/// Expects `t` to be of the shape `seq_of_list #_ _` +let expect_seq_of_list (t: term): Tac (option (term & term)) + = let?# (f, [t,_; index,_]) = expect_app_n t 2 in + let?# _ = expect_free_var f (`%S.seq_of_list) in + Some (t, index) + +/// Expects `t` to be of the shape `index #_ _` +let expect_seq_index (t: term): Tac (option (term & term & term)) + = let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%S.index) in + Some (typ, l, index) + +/// Expects `t` to be of the shape `slice #_ _` +let expect_seq_slice (t: term): Tac (option (term & term & term & term)) + = let?# (f, [typ, _; s, _; i, _; j, _]) = expect_app_n t 4 in + let?# () = expect_free_var f (`%S.slice) in + Some (typ, s, i, j) + +/// Expects `t` to be of the shape `upd #_ _` +let expect_seq_upd (t: term): Tac (option (term & term & term & term)) + = let?# (f, [typ, _; s, _; i, _; v, _]) = expect_app_n t 4 in + let?# () = expect_free_var f (`%S.upd) in + Some (typ, s, i, v) + +let tactic_seq_index_of_list () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (_, l, _) = expect_seq_index t in + let?# _ = expect_seq_of_list l in + apply_lemma_rw (`rw_seq_index_list); + Some () + +let tactic_rw_index_slice () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (typ, s, index) = expect_seq_index t in + let?# (_, s, i, j) = expect_seq_slice s in + apply_lemma_rw (`rw_index_slice #(`#typ) (`#s) (`#i) (`#j)); + Some () + +let tactic_rw_index_upd () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (typ, s, index) = expect_seq_index t in + let?# (_, s, i, v) = expect_seq_upd s in + apply_lemma_rw (`rw_index_upd #(`#typ) (`#s) (`#i) (`#v)); + Some () + +(*** Final tactics *) +let norm_zeta_full_list_index (): Tac unit + = norm [iota; primops; zeta_full; delta_only [`%index_to_normalize]] + + +let norm_index_minimal (): Tac unit + = pointwise ((unwrap ∘ tactic_list_index) ||> trefl); + norm_zeta_full_list_index () + +let norm_index' (): Tac unit + = pointwise ( (unwrap ∘ tactic_seq_index_of_list) + ||> (unwrap ∘ tactic_list_index) + ||> (unwrap ∘ tactic_rw_index_slice) + ||> (unwrap ∘ tactic_rw_index_upd) + ||> trefl) let norm_index (): Tac unit - = simplify_index_seq_of_list (); - norm_list_index () + = goal_fixpoint norm_index' (); + norm_zeta_full_list_index () + + +(*** Tests *) +let _ = assert ( + let s = S.seq_of_list [1;2;3;4;5;6] in + let s = S.slice s 2 4 in + S.index s 1 == 4 +) by (norm []; norm_index (); trefl ()) + +let _ = assert ( + L.index [L.index [1;2;3;4;5;6] (L.index [1;2;3;4;3;3] 2)] 0 == 4 +) by (norm_index(); trefl ()) +let _ = assert ( + S.index (S.seq_of_list [1;2;3;(S.index (S.seq_of_list [1;2;3;(S.index (S.seq_of_list [1;2;3;4;1]) 3);1]) 3);1]) 3 == 4 +) by (norm_index(); trefl ()) + diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 12f8e5383..c4fe4c624 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -8,7 +8,7 @@ open FStar.Class.Printable open FStar.Mul open FStar.Option - +(*** Let operators *) let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) = match x with | Some x -> f x @@ -17,6 +17,81 @@ let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) let ( let?? ) (x: bool) (f: unit -> Tac (option 'a)): Tac (option 'a) = if x then f () else None +(*** Debug helpers *) +/// Dump before failing (in some cases, exception cathing messes with +/// `fail`) +let fail' msg = dump msg; fail msg + +exception Restore +/// Dumps a goal with a minimal number of binders in the environment +let dump' (msg: string): Tac unit + = try set_smt_goals []; + iterAll (fun _ -> let _ = repeat clear_top in ()); + dump msg; + raise Restore + with | _ -> () + +(*** `option _` helpers *) +/// Executes `f`, if it fails, execute `g`. Like `or_else`, but returns +/// a chunk. +let ( ||> ) (f: 'a -> Tac 'b) (g: 'a -> Tac 'b) (a: 'a): Tac 'b + = try f a with | _ -> g a + +exception ExpectedSome +/// Unwraps an option, throws `ExpectedSome` if the option is `None` +let unwrap (x: option 'a): Tac 'a + = match x with + | Some x -> x + | None -> raise ExpectedSome + +/// Expects an option to be `None`, otherwise throws an error +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + +(*** misc. utils *) +/// Reverse function composition (in Tac) +unfold let (>>>) (f: 'a -> Tac 'b) (g: 'b -> Tac 'c) (x: 'a): Tac 'c + = g (f x) +/// Function composition (in Tac) +unfold let (∘) (f: 'b -> Tac 'c) (g: 'a -> Tac 'b): 'a -> Tac 'c + = g >>> f + + +let trace (fun_name: string) (t: unit -> Tac 'b) = + print (fun_name ^ ": enter"); + let result = + try t () + with | e -> (print (fun_name ^ ": exit (with an exception!)"); raise e) + in + print (fun_name ^ ": exit"); + result + +(*** control utils *) +/// Repeats a tactic `f` until the goal is stable +let goal_fixpoint (f: unit -> Tac unit): unit -> Tac unit + = let rec aux (): Tac _ = + let goal0 = cur_goal () in + f (); + let goal1 = cur_goal () in + if not (term_eq goal0 goal1) then aux () + in aux + +private exception DoRefl +let some_or_refl (f: unit -> Tac (option unit)) + = or_else (fun _ -> match f () with | None -> raise DoRefl | _ -> ()) trefl + +/// Runs `f` on each subterms for rewrite. If `f` is `None` or raises +/// an error, applies `trefl`. +let pointwise_or_refl (f: unit -> Tac (option unit)) + = pointwise (fun _ -> some_or_refl f) + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f + +(*** `expect_*` combinators *) let expect_int_literal (t: term): Tac (option int) = match inspect_unascribe t with | Tv_Const (C_Int n) -> Some n @@ -38,13 +113,6 @@ let expect_lhs_eq_rhs_term t = let typ = match typ with | None -> `_ | Some typ -> typ in Some (lhs, rhs, typ) | _ -> None - -// let expect_forall t = -// match term_as_formula t with -// | Comp (Eq typ) lhs rhs -> -// let typ = match typ with | None -> `_ | Some typ -> typ in -// Some (lhs, rhs, typ) -// | _ -> None let expect_lhs_eq_rhs () = expect_lhs_eq_rhs_term (cur_goal ()) @@ -61,6 +129,7 @@ let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = then Some (head, args) else None +(*** Rewrite utils *) private exception ForceRevert let revert_if_none (f: unit -> Tac (option 'a)): Tac (option 'a) = try match f () with Some x -> Some x @@ -73,28 +142,6 @@ let collect_app_hd t: Tac (option (string & list argv)) let?# fv = expect_fvar hd in Some (fv, args) -let rec repeatWhile (f: unit -> Tac bool): Tac unit - = if f () then repeatWhile f - - -let fail' msg = dump msg; fail msg - -exception Restore -let dump' (msg: string): Tac unit - = try set_smt_goals []; - iterAll (fun _ -> let _ = repeat clear_top in ()); - dump msg; - raise Restore - with | _ -> () - -let expect (msg: string) (x: option 'a): Tac 'a - = match x with - | None -> - dump' ("Expected " ^ msg); - fail ("Expected " ^ msg) - | Some x -> x - - let statement_of_lemma (lemma: term) = let _, comp = collect_arr (tc (cur_env ()) lemma) in match inspect_comp comp with @@ -110,7 +157,8 @@ let weaken_eq2_lemma (u: Type) (t: Type {subtype_of t u}) (p q: t) () : Lemma (requires ( == ) #u p q) (ensures ( == ) #t p q) = () - + +/// `apply_lemma_rw` doesn't work if the goal is `(==) #t ... (?u ...)` while the lemma is `(==) #u .. (?u ....)`. `apply_lemma_rw_eqtype` fixes some of those case, and warns about it. let apply_lemma_rw_eqtype (lemma: term): Tac unit = try apply_lemma_rw lemma @@ -139,9 +187,45 @@ let apply_lemma_rw_eqtype (lemma: term): Tac unit with | None -> raise e | Some () -> () - +/// Rewrites LHS of an equality: on goal `squash (x == y)`, it will add `squash (x == (?u ...))`. let rewrite_lhs (): Tac _ = let (lhs, _, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_lhs)" in let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in tcut (`squash (`#lhs == `#uvar)) +/// Rewrites RHS of an equality: on goal `squash (x == y)`, it will add `squash (y == (?u ...))`. +let rewrite_rhs (): Tac _ = + let (_, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_rhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) rhs)) in + tcut (`squash (`#rhs == `#uvar)) + + +(*** Unroll forall goals *) +let _split_forall_nat + (upper_bound: pos) + ($p: (i:nat{i < upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True + else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) + (ensures forall (i:nat{i < upper_bound}). p i) + = () + +/// Proves `forall (i:nat{i < bound})` for `bound` being a concrete int +let rec prove_forall_nat_pointwise (tactic: unit -> Tac unit): Tac unit + = let _ = + (* hacky way of printing the progress *) + let goal = term_to_string (cur_goal ()) in + let goal = match String.split ['\n'] goal with + | s::_ -> s | _ -> "" in + print ("prove_forall_pointwise: " ^ goal ^ "...") + in + apply_lemma (`_split_forall_nat); + trivial `or_else` (fun _ -> + if try norm [primops]; + split (); + true + with | e -> false + then ( + tactic (); + prove_forall_nat_pointwise tactic + ) + ) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index c18e35239..d03ccfbcf 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,6 +15,21 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; +fn bitwise_equal(length: usize, d1: usize, d2: usize, inputs: &[T], outputs: &[U]) -> bool { + false +} + +#[hax::lemma] +pub fn serialize_4_int( + v: &[i16], +) -> Proof< + { + let (x1, x2, x3, x4) = serialize_4_int(v); + bitwise_equal(length, 4, 8, v, &[x1, x2, x3, x4]) + }, +> { +} + #[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { From 48fad7e8559664650a0b5e345539c7a1b9c5c395 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 28 Aug 2024 14:41:49 +0200 Subject: [PATCH 160/348] more --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 6 +-- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 10 +++++ ...crux_ml_kem.Vector.Portable.Serialize.fsti | 5 +-- .../src/vector/portable/serialize.rs | 38 +++++++++---------- 4 files changed, 32 insertions(+), 27 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index c1f191e01..8d1b9dfab 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -49,10 +49,8 @@ let prove_bit_vector_equality' (): Tac unit = prove_forall_nat_pointwise (print_time "SMT solved the goal in " (fun _ -> Tactics.Seq.norm_index_minimal (); print ("Ask SMT: " ^ term_to_string (cur_goal ())); - set_rlimit 80; - let _ = repeat clear_top in focus smt_sync )) let prove_bit_vector_equality (): Tac unit = - with_compat_pre_core 2 prove_bit_vector_equality' - + set_rlimit 100; + with_compat_pre_core 0 prove_bit_vector_equality' diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 092aa2781..685335f6e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -258,6 +258,16 @@ let serialize_4_int (v: t_Slice i16) = let _:Prims.unit = admit () (* Panic freedom *) in result +let serialize_4_int_lemma (inputs: t_Array i16 (sz 8)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index inputs i) 4)) + : squash ( + let outputs = serialize_4_int inputs in + let outputs = MkSeq.create4 outputs in + let inputs = bit_vec_of_int_t_array inputs 4 in + let outputs = bit_vec_of_int_t_array outputs 8 in + (forall (i: nat {i < 32}). inputs i == outputs i) + ) = _ by (Tactics.GetBit.prove_bit_vector_equality ()) + let serialize_5_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) |. ((v.[ sz 1 ] <: i16) < - let tuple:(u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 4 (MkSeq.create4 tuple) 8) + (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index d03ccfbcf..5f73f1926 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,21 +15,6 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; -fn bitwise_equal(length: usize, d1: usize, d2: usize, inputs: &[T], outputs: &[U]) -> bool { - false -} - -#[hax::lemma] -pub fn serialize_4_int( - v: &[i16], -) -> Proof< - { - let (x1, x2, x3, x4) = serialize_4_int(v); - bitwise_equal(length, 4, 8, v, &[x1, x2, x3, x4]) - }, -> { -} - #[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { @@ -56,16 +41,31 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } +#[hax_lib::fstar::replace( + " +let serialize_4_int_lemma (inputs: t_Array i16 (sz 8)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index inputs i) 4)) + : squash ( + let outputs = ${serialize_4_int} inputs in + let outputs = MkSeq.create4 outputs in + let inputs = bit_vec_of_int_t_array inputs 4 in + let outputs = bit_vec_of_int_t_array outputs 8 in + (forall (i: nat {i < 32}). inputs i == outputs i) + ) = _ by (Tactics.GetBit.prove_bit_vector_equality ()) +" +)] +fn serialize_4_int_lemma(_inputs: &[i16]) {} + #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 - (MkSeq.create4 $tuple) 8 -"#))] +// #[hax_lib::ensures(|tuple| fstar!(r#" +// BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 +// (MkSeq.create4 $tuple) 8 +// "#))] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); let result1 = ((v[3] as u8) << 4) | (v[2] as u8); From aaafdfc4c48cb20219044fd848b047ab5f86f9b3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 29 Aug 2024 16:03:53 +0200 Subject: [PATCH 161/348] norm array_of_list --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 8d1b9dfab..5ea5036a2 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -21,7 +21,12 @@ let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) /// Does one round of computation let compute_one_round (): Tac _ = norm [ iota; zeta; reify_ - ; delta_namespace ["FStar"; implode_qn (cur_module ()); "MkSeq"] + ; delta_namespace [ + "FStar" + ; implode_qn (cur_module ()) + ; "MkSeq" + ; `%Rust_primitives.Hax.array_of_list + ] ; primops; unmeta]; trace "compute_one_round: norm_pow2" norm_pow2; trace "compute_one_round: norm_machine_int" norm_machine_int; From d1bbc2abd6f8dca21343b7923914b80e2fe24cf9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 11:55:31 +0200 Subject: [PATCH 162/348] reduce f_elements --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 1 + 1 file changed, 1 insertion(+) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 5ea5036a2..24797065c 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -26,6 +26,7 @@ let compute_one_round (): Tac _ = ; implode_qn (cur_module ()) ; "MkSeq" ; `%Rust_primitives.Hax.array_of_list + ; `%Libcrux_ml_kem.Vector.Portable.Vector_type.__proj__Mkt_PortableVector__item__f_elements ] ; primops; unmeta]; trace "compute_one_round: norm_pow2" norm_pow2; From b528d43601ec88c7c7ad6686dab28763e43fcfc5 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 30 Aug 2024 13:09:28 +0200 Subject: [PATCH 163/348] math proofs --- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 34 ++++- .../Libcrux_ml_kem.Vector.Avx2.fsti | 29 +++- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 136 ++++++++++++++++- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 63 +++----- .../Libcrux_ml_kem.Vector.Traits.fsti | 30 +++- .../proofs/fstar/extraction/Makefile | 17 +-- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 1 - .../proofs/fstar/spec/Spec.Utils.fst | 34 +++++ libcrux-ml-kem/src/vector/avx2.rs | 7 + libcrux-ml-kem/src/vector/avx2/ntt.rs | 7 + .../src/vector/portable/arithmetic.rs | 141 ++++++++++++++---- libcrux-ml-kem/src/vector/traits.rs | 14 +- 12 files changed, 401 insertions(+), 112 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index 7ce8dfe2a..5b5ee2e40 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -8,24 +8,44 @@ let ntt_multiply__PERMUTE_WITH: i32 = 216l val inv_ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) + (fun _ -> Prims.l_True) val inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1) + (fun _ -> Prims.l_True) val inv_ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Spec.Utils.is_i16b 1664 zeta) + (fun _ -> Prims.l_True) val ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) + (fun _ -> Prims.l_True) val ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1) + (fun _ -> Prims.l_True) val ntt_layer_3_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Spec.Utils.is_i16b 1664 zeta) + (fun _ -> Prims.l_True) val ntt_multiply (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 08c285c87..121efc293 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -225,7 +225,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_ntt_layer_1_step_pre = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); f_ntt_layer_1_step_post = (fun @@ -247,7 +249,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); + f_ntt_layer_2_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); f_ntt_layer_2_step_post = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); @@ -259,7 +264,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); + f_ntt_layer_3_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta: i16) -> Spec.Utils.is_i16b 1664 zeta); f_ntt_layer_3_step_post = (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); @@ -271,7 +278,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_inv_ntt_layer_1_step_pre = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> true); + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); f_inv_ntt_layer_1_step_post = (fun @@ -297,7 +306,10 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> true); + f_inv_ntt_layer_2_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); f_inv_ntt_layer_2_step_post = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); @@ -311,7 +323,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_inv_ntt_layer_3_step_pre = (fun (vector: t_SIMD256Vector) (zeta: i16) -> true); + f_inv_ntt_layer_3_step_pre + = + (fun (vector: t_SIMD256Vector) (zeta: i16) -> Spec.Utils.is_i16b 1664 zeta); f_inv_ntt_layer_3_step_post = (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); @@ -331,7 +345,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); f_ntt_multiply_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 39f5490b4..a563ec31f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -3,7 +3,32 @@ module Libcrux_ml_kem.Vector.Portable.Arithmetic open Core open FStar.Mul -let get_n_least_significant_bits (n: u8) (value: u32) = value &. ((1ul <>! 1l <: i32) in + let _:Prims.unit = + assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2 * 3329)); + assert (v t = v value * v v_BARRETT_MULTIPLIER + pow2 25) + in + let _:Prims.unit = assert (v t / pow2 26 < 9) in + let _:Prims.unit = assert (v t / pow2 26 > - 9) in let quotient:i16 = cast (t >>! Libcrux_ml_kem.Vector.Traits.v_BARRETT_SHIFT <: i32) <: i16 in - value -! (quotient *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) + let _:Prims.unit = assert (v quotient = v t / pow2 26) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 9 quotient) in + let result:i16 = value -! (quotient *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) in + let _:Prims.unit = + calc ( == ) { + v result % 3329; + ( == ) { () } + (v value - (v quotient * 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub_distr (v value) (v quotient * 3329) 3329 } + (v value - (v quotient * 3329) % 3329) % 3329; + ( == ) { Math.Lemmas.cancel_mul_mod (v quotient) 3329 } + (v value - 0) % 3329; + ( == ) { () } + (v value) % 3329; + } + in + result + +#pop-options + +#push-options "--z3rlimit 300 --split_queries always" let montgomery_reduce_element (value: i32) = let _:i32 = v_MONTGOMERY_R in @@ -22,16 +73,93 @@ let montgomery_reduce_element (value: i32) = (cast (cast (value <: i32) <: i16) <: i32) *! (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) <: i32) in + let _:Prims.unit = + assert (v (cast (cast (k <: i32) <: i16) <: i32) == v k @% pow2 16); + assert (v (cast (cast (k <: i32) <: i16) <: i32) < pow2 15); + assert (v (cast (cast (k <: i32) <: i16) <: i32) >= - pow2 15); + assert (v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) == 3329) + in let k_times_modulus:i32 = (cast (cast (k <: i32) <: i16) <: i32) *! (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) in + let _:Prims.unit = + Spec.Utils.lemma_mul_i16b (pow2 15) + (3329) + (cast (k <: i32) <: i16) + Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS; + assert (Spec.Utils.is_i32b (pow2 15 * 3329) k_times_modulus) + in let c:i16 = cast (k_times_modulus >>! v_MONTGOMERY_SHIFT <: i32) <: i16 in + let _:Prims.unit = + assert (v k_times_modulus < pow2 31); + assert (v k_times_modulus / pow2 16 < pow2 15); + assert (v c == (v k_times_modulus / pow2 16) @% pow2 16); + assert (v c == v k_times_modulus / pow2 16); + assert (Spec.Utils.is_i16b 1665 c) + in let value_high:i16 = cast (value >>! v_MONTGOMERY_SHIFT <: i32) <: i16 in - value_high -! c + let _:Prims.unit = + assert (v value < pow2 31); + assert (v value / pow2 16 < pow2 15); + assert (v value_high == (v value / pow2 16) @% pow2 16); + assert (v value_high == (v value / pow2 16)); + assert (Spec.Utils.is_i16b 3328 value_high) + in + let res:i16 = value_high -! c in + let _:Prims.unit = assert (Spec.Utils.is_i16b (3328 + 1665) res) in + let _:Prims.unit = + calc ( == ) { + v k_times_modulus % pow2 16; + ( == ) { () } + ((v k @% pow2 16) * 3329) % pow2 16; + ( == ) { () } + ((((v value @% pow2 16) * 62209) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_sub ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) + (pow2 16) + 3329 } + ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v value @% pow2 16) * 62209) 3329 (pow2 16) } + ((((v value @% pow2 16) * 62209) * 3329) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v value @% pow2 16) (62209 * 3329) (pow2 16) } + ((v value @% pow2 16) % pow2 16); + ( == ) { () } + (v value) % pow2 16; + }; + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v value) (v k_times_modulus); + assert ((v value - v k_times_modulus) % pow2 16 == 0) + in + let _:Prims.unit = + calc ( == ) { + v res % 3329; + ( == ) { () } + (v value / pow2 16 - v k_times_modulus / pow2 16) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } + ((v value - v k_times_modulus) / pow2 16) % 3329; + ( == ) { () } + (((v value - v k_times_modulus) / pow2 16) * ((pow2 16 * 62209) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v value - v k_times_modulus) / pow2 16) + (pow2 16 * 62209) + 3329 } + (((v value - v k_times_modulus) / pow2 16) * pow2 16 * 62209) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } + ((v value - v k_times_modulus) * 62209) % 3329; + ( == ) { () } + ((v value * 62209) - ((v k @% pow2 16) * 3329 * 62209)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub (v value * 62209) 3329 ((v k @% pow2 16) * 62209) } + (v value * 62209) % 3329; + } + in + let result:i16 = res in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +#pop-options let montgomery_multiply_fe_by_fer (fe fer: i16) = - montgomery_reduce_element ((cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) <: i32) + let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer in + let product:i32 = (cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) in + montgomery_reduce_element product #push-options "--admit_smt_queries true" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 897836967..ebe994b40 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -12,15 +12,11 @@ let v_MONTGOMERY_R: i32 = 1l < let result:u32 = result in - result <. - (Core.Num.impl__u32__pow 2ul - (Core.Convert.f_into #u8 #u32 #FStar.Tactics.Typeclasses.solve n <: u32) - <: - u32)) + v result == v value % pow2 (v n)) /// Signed Barrett Reduction /// Given an input `value`, `barrett_reduce` outputs a representative `result` @@ -28,61 +24,50 @@ val get_n_least_significant_bits (n: u8) (value: u32) /// - result ≡ value (mod FIELD_MODULUS) /// - the absolute value of `result` is bound as follows: /// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +/// +/// Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS +/// val barrett_reduce_element (value: i16) : Prims.Pure i16 - (requires - (Core.Convert.f_from #i32 #i16 #FStar.Tactics.Typeclasses.solve value <: i32) >. - (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_BARRETT_R <: i32) && - (Core.Convert.f_from #i32 #i16 #FStar.Tactics.Typeclasses.solve value <: i32) <. - Libcrux_ml_kem.Vector.Traits.v_BARRETT_R) + (requires Spec.Utils.is_i16b 28296 value) (ensures fun result -> let result:i16 = result in - result >. (Core.Ops.Arith.Neg.neg Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) && - result <. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + Spec.Utils.is_i16b 3328 result /\ v result % 3329 == v value % 3329) /// Signed Montgomery Reduction /// Given an input `value`, `montgomery_reduce` outputs a representative `o` /// such that: /// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) /// - the absolute value of `o` is bound as follows: -/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) -/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. +/// `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 +/// In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. +/// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 +/// val montgomery_reduce_element (value: i32) : Prims.Pure i16 - (requires - value >=. - ((Core.Ops.Arith.Neg.neg (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) - <: - i32) *! - v_MONTGOMERY_R - <: - i32) && - value <=. - ((cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) *! v_MONTGOMERY_R - <: - i32)) + (requires Spec.Utils.is_i32b (3328 * pow2 16) value) (ensures fun result -> let result:i16 = result in - result >=. - ((Core.Ops.Arith.Neg.neg (3s *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) - <: - i16) /! - 2s - <: - i16) && - result <=. ((3s *! Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) /! 2s <: i16)) + Spec.Utils.is_i16b (3328 + 1665) result /\ + (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\ + v result % 3329 == (v value * 62209) % 3329) -/// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to +/// If `fe` is some field element \'x\' of the Kyber field and `fer` is congruent to /// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to /// `x · y`, as follows: /// `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` /// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. val montgomery_multiply_fe_by_fer (fe fer: i16) - : Prims.Pure i16 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure i16 + (requires Spec.Utils.is_i16b 3328 fer) + (ensures + fun result -> + let result:i16 = result in + Spec.Utils.is_i16b (3328 + 1665) result /\ + v result % 3329 == (v fe * v fer * 62209) % 3329) val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -120,7 +105,7 @@ val montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Spec.Utils.is_i16b 3328 c) (fun _ -> Prims.l_True) val multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 3b7aa112e..a7be4ecd7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -126,38 +126,50 @@ class t_Operations (v_Self: Type0) = { (f_decompress_ciphertext_coefficient_pre v_COEFFICIENT_BITS x0) (fun result -> f_decompress_ciphertext_coefficient_post v_COEFFICIENT_BITS x0 result); f_ntt_layer_1_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> zeta2: i16 -> zeta3: i16 - -> pred: Type0{true ==> pred}; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + pred }; f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> pred: Type0{true ==> pred}; + f_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 + -> pred: Type0{Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 ==> pred}; f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); - f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0{true ==> pred}; + f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 + -> pred: Type0{Spec.Utils.is_i16b 1664 zeta ==> pred}; f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) (fun result -> f_ntt_layer_3_step_post x0 x1 result); f_inv_ntt_layer_1_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> zeta2: i16 -> zeta3: i16 - -> pred: Type0{true ==> pred}; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + pred }; f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); - f_inv_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 -> pred: Type0{true ==> pred}; + f_inv_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 + -> pred: Type0{Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 ==> pred}; f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); - f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0{true ==> pred}; + f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 + -> pred: Type0{Spec.Utils.is_i16b 1664 zeta ==> pred}; f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self @@ -170,7 +182,11 @@ class t_Operations (v_Self: Type0) = { zeta1: i16 -> zeta2: i16 -> zeta3: i16 - -> pred: Type0{true ==> pred}; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + pred }; f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index d493ba7e5..26dc2933f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -5,12 +5,15 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Avx2.Compress.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Portable.Compress.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.Sampling.fst \ + Libcrux_ml_kem.Vector.Portable.Serialize.fst \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ Libcrux_ml_kem.Vector.Neon.fsti \ @@ -18,14 +21,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ - Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Serialize.fst \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Vector.Traits.fst OTHERFLAGS="--query_stats" FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index a1b9d71ac..5dab105e8 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -257,4 +257,3 @@ let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Ar let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial = map_array (decompress_d d) (byte_decode d b) - diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 671f5d46e..463bb1d5a 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -70,3 +70,37 @@ let update_at_range_lemma #n introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) + + +/// Bounded integers + +let is_i16b (l:nat) (x:i16) = (v x <= l) && (v x >= -l) +let is_i16b_array (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) +let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = forall i. i < v r ==> is_i16b_array l (Seq.index x i) +let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) + +let is_i32b (l:nat) (x:i32) = (v x <= l) && (v x >= -l) +let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) + +let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 + +let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) + : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) + (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) = + if v n1 = 0 || v n2 = 0 + then () + else + let open FStar.Math.Lemmas in + lemma_abs_bound (v n1) b1; + lemma_abs_bound (v n2) b2; + lemma_abs_mul (v n1) (v n2); + lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2; + lemma_mult_le_right b2 (abs (v n1)) b1; + lemma_abs_bound (v n1 * v n2) (b1 * b2) + +let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : + Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) + (ensures (range (v n1 + v n2) i16_inttype /\ + is_i16b (b1 + b2) (n1 +! n2))) + = () + diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 9d2fb3c62..01f1207ec 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -151,42 +151,49 @@ impl Operations for SIMD256Vector { } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { Self { elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1), } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self { Self { elements: ntt::ntt_layer_3_step(vector.elements, zeta), } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { Self { elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1), } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self { Self { elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta), } } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn ntt_multiply( lhs: &Self, rhs: &Self, diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs index b571b0ee7..8ad12720d 100644 --- a/libcrux-ml-kem/src/vector/avx2/ntt.rs +++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs @@ -1,6 +1,7 @@ use super::*; #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn ntt_layer_1_step( vector: Vec256, zeta0: i16, @@ -22,6 +23,7 @@ pub(crate) fn ntt_layer_1_step( } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 { let zetas = mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, @@ -37,6 +39,7 @@ pub(crate) fn ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { let rhs = mm256_extracti128_si256::<1>(vector); let rhs = arithmetic::montgomery_multiply_m128i_by_constants(rhs, mm_set1_epi16(zeta)); @@ -53,6 +56,7 @@ pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn inv_ntt_layer_1_step( vector: Vec256, zeta0: i16, @@ -82,6 +86,7 @@ pub(crate) fn inv_ntt_layer_1_step( } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] pub(crate) fn inv_ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Vec256 { let lhs = mm256_permute4x64_epi64::<0b11_11_01_01>(vector); @@ -103,6 +108,7 @@ pub(crate) fn inv_ntt_layer_2_step(vector: Vec256, zeta0: i16, zeta1: i16) -> Ve } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { let lhs = mm256_extracti128_si256::<1>(vector); let rhs = mm256_castsi256_si128(vector); @@ -120,6 +126,7 @@ pub(crate) fn inv_ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn ntt_multiply( lhs: Vec256, rhs: Vec256, diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 923108750..dcd1ce462 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -17,13 +17,26 @@ pub(crate) const MONTGOMERY_R: i32 = 1 << MONTGOMERY_SHIFT; /// This is calculated as ⌊(BARRETT_R / FIELD_MODULUS) + 1/2⌋ pub(crate) const BARRETT_MULTIPLIER: i32 = 20159; -#[cfg_attr(hax, hax_lib::requires(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT))] -#[cfg_attr(hax, hax_lib::ensures(|result| result < 2u32.pow(n.into())))] +#[hax_lib::fstar::options("--z3rlimit 150 --split_queries always")] +#[cfg_attr(hax, hax_lib::requires(n <= 16))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("v result == v value % pow2(v n)")))] #[inline(always)] pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { - // hax_debug_assert!(n == 4 || n == 5 || n == 10 || n == 11 || n == MONTGOMERY_SHIFT); - - value & ((1 << n) - 1) + let res = value & ((1 << n) - 1); + hax_lib::fstar!("calc (==) { + v res; + (==) { } + v (logand value ((1ul <(mut v: PortableVector) -> PortableVector /// - the absolute value of `result` is bound as follows: /// /// `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -/// -/// In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -#[cfg_attr(hax, hax_lib::requires((i32::from(value) > -BARRETT_R && i32::from(value) < BARRETT_R)))] -#[cfg_attr(hax, hax_lib::ensures(|result| result > -FIELD_MODULUS && result < FIELD_MODULUS))] +/// +/// Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS +/// +#[hax_lib::fstar::options("--z3rlimit 150")] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 28296 value")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\ + v result % 3329 == v value % 3329")))] pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement { - // hax_debug_assert!( - // i32::from(value) > -BARRETT_R && i32::from(value) < BARRETT_R, - // "value is {value}" - // ); - let t = (i32::from(value) * BARRETT_MULTIPLIER) + (BARRETT_R >> 1); + hax_lib::fstar!("assert_norm (v v_BARRETT_MULTIPLIER == (pow2 27 + 3329) / (2*3329)); + assert (v t = v value * v v_BARRETT_MULTIPLIER + pow2 25)"); + hax_lib::fstar!("assert (v t / pow2 26 < 9)"); + hax_lib::fstar!("assert (v t / pow2 26 > - 9)"); let quotient = (t >> BARRETT_SHIFT) as i16; - + hax_lib::fstar!("assert (v quotient = v t / pow2 26)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 9 quotient)"); let result = value - (quotient * FIELD_MODULUS); - - // hax_debug_assert!( - // result > -FIELD_MODULUS && result < FIELD_MODULUS, - // "value is {value}" - // ); - + hax_lib::fstar!("calc (==) { + v result % 3329; + (==) { } + (v value - (v quotient * 3329)) % 3329; + (==) {Math.Lemmas.lemma_mod_sub_distr (v value) (v quotient * 3329) 3329} + (v value - (v quotient * 3329) % 3329) % 3329; + (==) {Math.Lemmas.cancel_mul_mod (v quotient) 3329} + (v value - 0) % 3329; + (==) {} + (v value) % 3329; + }"); result } @@ -153,11 +174,17 @@ pub(crate) fn barrett_reduce(mut v: PortableVector) -> PortableVector { /// - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) /// - the absolute value of `o` is bound as follows: /// -/// `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) +/// `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 /// -/// In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · FIELD_MODULUS) / 2`. -#[cfg_attr(hax, hax_lib::requires(value >= -(FIELD_MODULUS as i32) * MONTGOMERY_R && value <= (FIELD_MODULUS as i32) * MONTGOMERY_R))] -#[cfg_attr(hax, hax_lib::ensures(|result| result >= -(3 * FIELD_MODULUS) / 2 && result <= (3 * FIELD_MODULUS) / 2))] +/// In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. +/// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 +/// +#[hax_lib::fstar::options("--z3rlimit 300 --split_queries always")] +#[hax_lib::fstar::verification_status(panic_free)] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ + (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\\ + v result % 3329 == (v value * 62209) % 3329")))] pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { // This forces hax to extract code for MONTGOMERY_R before it extracts code // for this function. The removal of this line is being tracked in: @@ -170,12 +197,62 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { //); let k = (value as i16) as i32 * (INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32); + hax_lib::fstar!("assert(v (cast (cast (k <: i32) <: i16) <: i32) == v k @% pow2 16); + assert(v (cast (cast (k <: i32) <: i16) <: i32) < pow2 15); + assert(v (cast (cast (k <: i32) <: i16) <: i32) >= -pow2 15); + assert(v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) == 3329)"); let k_times_modulus = (k as i16 as i32) * (FIELD_MODULUS as i32); - + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 15) (3329) (cast (k <: i32) <: i16) Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS; + assert (Spec.Utils.is_i32b (pow2 15 * 3329) k_times_modulus)"); let c = (k_times_modulus >> MONTGOMERY_SHIFT) as i16; + hax_lib::fstar!("assert (v k_times_modulus < pow2 31); + assert (v k_times_modulus / pow2 16 < pow2 15); + assert (v c == (v k_times_modulus / pow2 16) @% pow2 16); + assert(v c == v k_times_modulus / pow2 16); + assert(Spec.Utils.is_i16b 1665 c)"); let value_high = (value >> MONTGOMERY_SHIFT) as i16; - - value_high - c + hax_lib::fstar!("assert (v value < pow2 31); + assert (v value / pow2 16 < pow2 15); + assert (v value_high == (v value / pow2 16) @% pow2 16); + assert (v value_high == (v value / pow2 16)); + assert(Spec.Utils.is_i16b 3328 value_high)"); + let res = value_high - c; + hax_lib::fstar!("assert(Spec.Utils.is_i16b (3328 + 1665) res)"); + hax_lib::fstar!("calc ( == ) { + v k_times_modulus % pow2 16; + ( == ) { } + ((v k @% pow2 16) * 3329) % pow2 16; + ( == ) { } + ((((v value @% pow2 16) * 62209) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_sub ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) (pow2 16) 3329 } + ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v value @% pow2 16) * 62209) 3329 (pow2 16) } + ((((v value @% pow2 16) * 62209) * 3329) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v value @% pow2 16) (62209 * 3329) (pow2 16) } + ((v value @% pow2 16) % pow2 16); + ( == ) {} + (v value) % pow2 16; + }; + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v value) (v k_times_modulus); + assert ((v value - v k_times_modulus) % pow2 16 == 0)"); + hax_lib::fstar!("calc ( == ) { + v res % 3329; + ( == ) { } + (v value / pow2 16 - v k_times_modulus / pow2 16) % 3329 ; + ( == ) {Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } + ((v value - v k_times_modulus) / pow2 16) % 3329; + ( == ) {} + (((v value - v k_times_modulus) / pow2 16) * ((pow2 16 * 62209) % 3329)) % 3329; + ( == ) {Math.Lemmas.lemma_mod_mul_distr_r ((v value - v k_times_modulus) / pow2 16) (pow2 16 * 62209) 3329} + (((v value - v k_times_modulus) / pow2 16) * pow2 16 * 62209) % 3329; + ( == ) {Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16)} + ((v value - v k_times_modulus) * 62209) % 3329; + ( == ) {} + ((v value * 62209) - ((v k @% pow2 16) * 3329 * 62209)) % 3329; + ( == ) {Math.Lemmas.lemma_mod_sub (v value * 62209) 3329 ((v k @% pow2 16) * 62209)} + (v value * 62209) % 3329; + }"); + res } /// If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to @@ -187,14 +264,20 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { /// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. #[inline(always)] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 fer")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ + v result % 3329 == (v fe * v fer * 62209) % 3329")))] pub(crate) fn montgomery_multiply_fe_by_fer( fe: FieldElement, fer: FieldElementTimesMontgomeryR, ) -> FieldElement { - montgomery_reduce_element((fe as i32) * (fer as i32)) + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer"); + let product = (fe as i32) * (fer as i32); + montgomery_reduce_element(product) } #[inline(always)] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 c")))] pub(crate) fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { v.elements[i] = montgomery_multiply_fe_by_fer(v.elements[i], c) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 56ff9cf27..e3e370161 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -73,21 +73,21 @@ pub trait Operations: Copy + Clone + Repr { fn decompress_ciphertext_coefficient(v: Self) -> Self; // NTT - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; From 84795a28600d663a3111089c94f858de41311d72 Mon Sep 17 00:00:00 2001 From: mamonet Date: Fri, 30 Aug 2024 13:52:56 +0000 Subject: [PATCH 164/348] Update serialize.rs --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 647 +++--------------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 88 +-- .../src/vector/portable/serialize.rs | 380 +++++----- 3 files changed, 339 insertions(+), 776 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 685335f6e..cc53f10b0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -1,8 +1,10 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 1500" open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 6l <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = @@ -82,12 +79,7 @@ let deserialize_11_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_12_int (bytes: t_Slice u8) = let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in @@ -95,10 +87,7 @@ let deserialize_12_int (bytes: t_Slice u8) = let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16) = r0, r1 <: (i16 & i16) in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1 <: (i16 & i16) let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in @@ -109,12 +98,7 @@ let deserialize_4_int (bytes: t_Slice u8) = let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in @@ -153,13 +137,7 @@ let deserialize_5_int (bytes: t_Slice u8) = i16 in let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#push-options "--z3rlimit 480 --split_queries always" + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let serialize_10_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -176,12 +154,7 @@ let serialize_10_int (v: t_Slice i16) = (cast (((v.[ sz 2 ] <: i16) >>! 4l <: i16) &. 63s <: i16) <: u8) in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8 & u8 & u8) = r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#pop-options + r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in @@ -216,14 +189,9 @@ let serialize_11_int (v: t_Slice i16) = (cast ((v.[ sz 6 ] <: i16) >>! 6l <: i16) <: u8) in let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -235,10 +203,7 @@ let serialize_12_int (v: t_Slice i16) = u8 in let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8) = r0, r1, r2 <: (u8 & u8 & u8) in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2 <: (u8 & u8 & u8) let serialize_4_int (v: t_Slice i16) = let result0:u8 = @@ -253,20 +218,7 @@ let serialize_4_int (v: t_Slice i16) = let result3:u8 = ((cast (v.[ sz 7 ] <: i16) <: u8) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < - let result:t_Array u8 (sz 2) = result in + (fun result0 temp_1_ -> + let result0:u8 = result0 in let _:usize = temp_1_ in true) - result - (fun result i -> - let result:t_Array u8 (sz 2) = result in + result0 + (fun result0 i -> + let result0:u8 = result0 in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 0) - ((result.[ sz 0 ] <: u8) |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let result:t_Array u8 (sz 2) = result in + (fun result1 temp_1_ -> + let result1:u8 = result1 in let _:usize = temp_1_ in true) - result - (fun result i -> - let result:t_Array u8 (sz 2) = result in + result1 + (fun result1 i -> + let result1:u8 = result1 in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - (sz 1) - ((result.[ sz 1 ] <: u8) |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 10)) 8 (MkSeq.create8 tuple) 10 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 10)) + (fun _ -> Prims.l_True) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 11) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 11)) 8 (MkSeq.create8 tuple) 11 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 11)) + (fun _ -> Prims.l_True) val deserialize_12_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 3) - (ensures - fun tuple -> - let tuple:(i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 3)) 8 (MkSeq.create2 tuple) 12 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 tuple) i) 12)) + (fun _ -> Prims.l_True) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 4) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 4)) 8 (MkSeq.create8 tuple) 4 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) + (fun _ -> Prims.l_True) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) (requires Core.Slice.impl__len #u8 bytes =. sz 5) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 5)) 8 (MkSeq.create8 tuple) 5 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) + (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 4)) 10 (MkSeq.create5 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 4) + (fun _ -> Prims.l_True) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ - (forall i. Rust_primitives.bounded (Seq.index v i) 11)) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 11 (MkSeq.create11 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 8) + (fun _ -> Prims.l_True) val serialize_12_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 2 /\ - (forall i. Rust_primitives.bounded (Seq.index v i) 12)) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 2)) 12 (MkSeq.create3 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 2) + (fun _ -> Prims.l_True) val serialize_4_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) - ) + (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) - ) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 5 (MkSeq.create5 tuple) 8) + (requires Core.Slice.impl__len #i16 v =. sz 8) + (fun _ -> Prims.l_True) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 8) + (fun _ -> Prims.l_True) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) @@ -113,30 +78,25 @@ val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 v =. sz 2) (fun _ -> Prims.l_True) val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 20) (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 22) (fun _ -> Prims.l_True) val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) - -val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 24) (fun _ -> Prims.l_True) val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Core.Slice.impl__len #u8 bytes =. sz 10) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index 5f73f1926..af5503a0b 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -15,21 +15,51 @@ use super::vector_type::*; use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_1} inputs) 8 inputs.f_elements 1) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_1_lemma inputs = +// serialize_1_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_1} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let serialize_1_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 1)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 1 in +// let outputs = bit_vec_of_int_t_array (${serialize_1} v) 8 in +// (forall (i: nat {i < 16}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { - let mut result = [0u8; 2]; + let mut result0 = 0u8; + let mut result1 = 0u8; for i in 0..8 { - result[0] |= (v.elements[i] as u8) << i; + result0 |= (v.elements[i] as u8) << i; } for i in 8..16 { - result[1] |= (v.elements[i] as u8) << (i - 8); + result1 |= (v.elements[i] as u8) << (i - 8); } - result + [ + result0, + result1 + ] } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${v.len() == 2} +"#))] pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { let mut result = zero(); for i in 0..8 { @@ -41,67 +71,48 @@ pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { result } -#[hax_lib::fstar::replace( - " -let serialize_4_int_lemma (inputs: t_Array i16 (sz 8)) - (_: squash (forall i. Rust_primitives.bounded (Seq.index inputs i) 4)) - : squash ( - let outputs = ${serialize_4_int} inputs in - let outputs = MkSeq.create4 outputs in - let inputs = bit_vec_of_int_t_array inputs 4 in - let outputs = bit_vec_of_int_t_array outputs 8 in - (forall (i: nat {i < 32}). inputs i == outputs i) - ) = _ by (Tactics.GetBit.prove_bit_vector_equality ()) -" -)] -fn serialize_4_int_lemma(_inputs: &[i16]) {} - #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) "#))] -// #[hax_lib::ensures(|tuple| fstar!(r#" -// BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 4 -// (MkSeq.create4 $tuple) 8 -// "#))] pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { let result0 = ((v[1] as u8) << 4) | (v[0] as u8); let result1 = ((v[3] as u8) << 4) | (v[2] as u8); let result2 = ((v[5] as u8) << 4) | (v[4] as u8); let result3 = ((v[7] as u8) << 4) | (v[6] as u8); - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (result0, result1, result2, result3) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_4_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 4)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 4 in +// let outputs = bit_vec_of_int_t_array (${serialize_4} v) 8 in +// (forall (i: nat {i < 64}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality ()) +// "))] #[inline(always)] pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { let result0_3 = serialize_4_int(&v.elements[0..8]); let result4_7 = serialize_4_int(&v.elements[8..16]); - let mut result = [0u8; 8]; - result[0] = result0_3.0; - result[1] = result0_3.1; - result[2] = result0_3.2; - result[3] = result0_3.3; - result[4] = result4_7.0; - result[5] = result4_7.1; - result[6] = result4_7.2; - result[7] = result4_7.3; - result + [ + result0_3.0, + result0_3.1, + result0_3.2, + result0_3.3, + result4_7.0, + result4_7.1, + result4_7.2, + result4_7.3, + ] } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 4} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 4)) 8 - (MkSeq.create8 $tuple) 4 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) -"#))] pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x0F) as i16; let v1 = ((bytes[0] >> 4) & 0x0F) as i16; @@ -111,44 +122,62 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let v5 = ((bytes[2] >> 4) & 0x0F) as i16; let v6 = (bytes[3] & 0x0F) as i16; let v7 = ((bytes[3] >> 4) & 0x0F) as i16; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (v0, v1, v2, v3, v4, v5, v6, v7) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma +// (ensures BitVecEq.int_t_array_bitwise_eq' (${deserialize_4} inputs).f_elements 4 inputs 8) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let deserialize_4_lemma inputs = +// deserialize_4_bit_vec_lemma inputs; +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 8 in +// let outputs = bit_vec_of_int_t_array (${deserialize_4} v).f_elements 4 in +// (forall (i: nat {i < 64}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 8} +"#))] #[inline(always)] pub(crate) fn deserialize_4(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_4_int(&bytes[0..4]); let v8_15 = deserialize_4_int(&bytes[4..8]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) -"#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 5 - (MkSeq.create5 $tuple) 8 "#))] pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] | v[1] << 5) as u8; @@ -159,7 +188,6 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { let r0_4 = serialize_5_int(&v.elements[0..8]); @@ -179,15 +207,9 @@ pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 5} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 5)) 8 - (MkSeq.create8 $tuple) 5 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 4) -"#))] pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let v0 = (bytes[0] & 0x1F) as i16; let v1 = ((bytes[1] & 0x3) << 3 | (bytes[0] >> 5)) as i16; @@ -200,8 +222,10 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 10} +"#))] pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_5_int(&bytes[0..5]); let v8_15 = deserialize_5_int(&bytes[5..10]); @@ -226,12 +250,8 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::fstar::options("--z3rlimit 480 --split_queries always")] -#[hax_lib::requires(v.len() == 4)] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 4)) 10 - (MkSeq.create5 $tuple) 8 +#[hax_lib::requires(fstar!(r#" + ${v.len() == 4} "#))] pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; @@ -239,11 +259,34 @@ pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { let r2 = ((v[2] & 0x0F) as u8) << 4 | ((v[1] >> 6) & 0x0F) as u8; let r3 = ((v[3] & 0x03) as u8) << 6 | ((v[2] >> 4) & 0x3F) as u8; let r4 = ((v[3] >> 2) & 0xFF) as u8; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_10} inputs) 8 inputs.f_elements 10) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_10_lemma inputs = +// serialize_10_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_10} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let serialize_10_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 10)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 10 in +// let outputs = bit_vec_of_int_t_array (${serialize_10} v) 8 in +// (forall (i: nat {i < 160}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r0_4 = serialize_10_int(&v.elements[0..4]); @@ -257,15 +300,9 @@ pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 10} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 10)) 8 - (MkSeq.create8 $tuple) 10 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 10) -"#))] pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = ((bytes[1] as i16 & 0x03) << 8 | (bytes[0] as i16 & 0xFF)) as i16; let r1 = ((bytes[2] as i16 & 0x0F) << 6 | (bytes[1] as i16 >> 2)) as i16; @@ -275,12 +312,13 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let r5 = ((bytes[7] as i16 & 0x0F) << 6 | (bytes[6] as i16 >> 2)) as i16; let r6 = ((bytes[8] as i16 & 0x3F) << 4 | (bytes[7] as i16 >> 4)) as i16; let r7 = (((bytes[9] as i16) << 2) | (bytes[8] as i16 >> 6)) as i16; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 20} +"#))] pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_10_int(&bytes[0..10]); let v8_15 = deserialize_10_int(&bytes[10..20]); @@ -305,14 +343,8 @@ pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 8} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 11) -"#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 8)) 11 - (MkSeq.create11 $tuple) 8 "#))] pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8, u8, u8) { let r0 = v[0] as u8; @@ -326,51 +358,48 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 let r8 = ((v[6] & 0x3F) as u8) << 2 | (v[5] >> 9) as u8; let r9 = ((v[7] & 0x7) as u8) << 5 | (v[6] >> 6) as u8; let r10 = (v[7] >> 3) as u8; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_11_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_11} inputs) 8 inputs.f_elements 11) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_11_lemma inputs = +// serialize_11_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 11)) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2\" + +// let serialize_11_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 11)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v.f_elements 11 in +// let outputs = bit_vec_of_int_t_array (${serialize_11} v) 8 in +// (forall (i: nat {i < 176}). inputs i == outputs i) +// ) = +// admit() + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_11(v: PortableVector) -> [u8; 22] { let r0_10 = serialize_11_int(&v.elements[0..8]); let r11_21 = serialize_11_int(&v.elements[8..16]); - let mut result = [0u8; 22]; - result[0] = r0_10.0; - result[1] = r0_10.1; - result[2] = r0_10.2; - result[3] = r0_10.3; - result[4] = r0_10.4; - result[5] = r0_10.5; - result[6] = r0_10.6; - result[7] = r0_10.7; - result[8] = r0_10.8; - result[9] = r0_10.9; - result[10] = r0_10.10; - result[11] = r11_21.0; - result[12] = r11_21.1; - result[13] = r11_21.2; - result[14] = r11_21.3; - result[15] = r11_21.4; - result[16] = r11_21.5; - result[17] = r11_21.6; - result[18] = r11_21.7; - result[19] = r11_21.8; - result[20] = r11_21.9; - result[21] = r11_21.10; - result + [ + r0_10.0, r0_10.1, r0_10.2, r0_10.3, r0_10.4, r0_10.5, r0_10.6, r0_10.7, r0_10.8, r0_10.9, r0_10.10, + r11_21.0, r11_21.1, r11_21.2, r11_21.3, r11_21.4, r11_21.5, r11_21.6, r11_21.7, r11_21.8, r11_21.9, r11_21.10, + ] } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 11} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 11)) 8 - (MkSeq.create8 $tuple) 11 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 $tuple) i) 11) -"#))] pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, i16, i16) { let r0 = (bytes[1] as i16 & 0x7) << 8 | bytes[0] as i16; let r1 = (bytes[2] as i16 & 0x3F) << 5 | (bytes[1] as i16 >> 3); @@ -380,12 +409,13 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, let r5 = (bytes[8] as i16 & 0x3) << 9 | ((bytes[7] as i16) << 1) | ((bytes[6] as i16) >> 7); let r6 = (bytes[9] as i16 & 0x1F) << 6 | (bytes[8] as i16 >> 2); let r7 = ((bytes[10] as i16) << 3) | (bytes[9] as i16 >> 5); - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2, r3, r4, r5, r6, r7) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 22} +"#))] pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_11_int(&bytes[0..11]); let v8_15 = deserialize_11_int(&bytes[11..22]); @@ -410,24 +440,41 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${v.len() == 2} - /\ (forall i. Rust_primitives.bounded (Seq.index v i) 12) -"#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($v <: t_Array _ (sz 2)) 12 - (MkSeq.create3 $tuple) 8 "#))] pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { let r0 = (v[0] & 0xFF) as u8; let r1 = ((v[0] >> 8) | ((v[1] & 0x0F) << 4)) as u8; let r2 = ((v[1] >> 4) & 0xFF) as u8; - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1, r2) } -#[hax_lib::fstar::verification_status(lax)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) +// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_12} inputs) 8 inputs.f_elements 12) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// let serialize_12_lemma inputs = +// serialize_12_bit_vec_lemma inputs (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_12} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12)) +// "))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2\" + +let serialize_12_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 12)) + : squash ( + let inputs = bit_vec_of_int_t_array v.f_elements 12 in + let outputs = bit_vec_of_int_t_array (${serialize_12} v) 8 in + (forall (i: nat {i < 192}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { let r0_2 = serialize_12_int(&v.elements[0..2]); @@ -438,56 +485,35 @@ pub(crate) fn serialize_12(v: PortableVector) -> [u8; 24] { let r15_17 = serialize_12_int(&v.elements[10..12]); let r18_20 = serialize_12_int(&v.elements[12..14]); let r21_23 = serialize_12_int(&v.elements[14..16]); - let mut result = [0u8; 24]; - result[0] = r0_2.0; - result[1] = r0_2.1; - result[2] = r0_2.2; - result[3] = r3_5.0; - result[4] = r3_5.1; - result[5] = r3_5.2; - result[6] = r6_8.0; - result[7] = r6_8.1; - result[8] = r6_8.2; - result[9] = r9_11.0; - result[10] = r9_11.1; - result[11] = r9_11.2; - result[12] = r12_14.0; - result[13] = r12_14.1; - result[14] = r12_14.2; - result[15] = r15_17.0; - result[16] = r15_17.1; - result[17] = r15_17.2; - result[18] = r18_20.0; - result[19] = r18_20.1; - result[20] = r18_20.2; - result[21] = r21_23.0; - result[22] = r21_23.1; - result[23] = r21_23.2; - result + [ + r0_2.0, r0_2.1, r0_2.2, + r3_5.0, r3_5.1, r3_5.2, + r6_8.0, r6_8.1, r6_8.2, + r9_11.0, r9_11.1, r9_11.2, + r12_14.0, r12_14.1, r12_14.2, + r15_17.0, r15_17.1, r15_17.2, + r18_20.0, r18_20.1, r18_20.2, + r21_23.0, r21_23.1, r21_23.2, + ] } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 3} "#))] -#[hax_lib::ensures(|tuple| fstar!(r#" - BitVecEq.int_t_array_bitwise_eq' ($bytes <: t_Array _ (sz 3)) 8 - (MkSeq.create2 $tuple) 12 - /\ (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 $tuple) i) 12) -"#))] pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { let byte0 = bytes[0] as i16; let byte1 = bytes[1] as i16; let byte2 = bytes[2] as i16; let r0 = (byte1 & 0x0F) << 8 | (byte0 & 0xFF); let r1 = (byte2 << 4) | ((byte1 >> 4) & 0x0F); - hax_lib::fstar!("BitVecEq.bit_vec_equal_intro_principle ()"); (r0, r1) } -#[hax_lib::fstar::verification_status(lax)] #[inline(always)] +#[hax_lib::requires(fstar!(r#" + ${bytes.len() == 24} +"#))] pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v0_1 = deserialize_12_int(&bytes[0..3]); let v2_3 = deserialize_12_int(&bytes[3..6]); From 3a21d6716b455d104da10dd8788df308ff756528 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 30 Aug 2024 18:58:10 +0200 Subject: [PATCH 165/348] verif --- Cargo.lock | 3 - Cargo.toml | 3 +- .../Libcrux_ml_kem.Vector.Avx2.fsti | 8 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 193 +++++++++--------- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 16 +- .../Libcrux_ml_kem.Vector.Portable.fsti | 6 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 8 +- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 5 +- libcrux-ml-kem/src/vector/avx2.rs | 2 + libcrux-ml-kem/src/vector/portable.rs | 2 + .../src/vector/portable/arithmetic.rs | 82 ++++---- libcrux-ml-kem/src/vector/traits.rs | 6 +- 12 files changed, 179 insertions(+), 155 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index aab24163c..e5d0f8e38 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,6 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +711,6 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +723,6 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index 5ecbea800..d596bd97f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,7 +77,8 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +#hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { path = "../hax/hax-lib" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 121efc293..3d329030c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -150,7 +150,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } <: t_SIMD256Vector); - f_barrett_reduce_pre = (fun (vector: t_SIMD256Vector) -> true); + f_barrett_reduce_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array 28296 (impl.f_repr vector)); f_barrett_reduce_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); f_barrett_reduce = @@ -158,7 +160,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.barrett_reduce vector.f_elements } <: t_SIMD256Vector); - f_montgomery_multiply_by_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); + f_montgomery_multiply_by_constant_pre + = + (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 3328 constant); f_montgomery_multiply_by_constant_post = (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index a563ec31f..da78ce70c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -74,6 +74,8 @@ let montgomery_reduce_element (value: i32) = (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) <: i32) in let _:Prims.unit = + assert (v (cast (cast (value <: i32) <: i16) <: i32) == v value @% pow2 16); + assert (v k == (v value @% pow2 16) * 62209); assert (v (cast (cast (k <: i32) <: i16) <: i32) == v k @% pow2 16); assert (v (cast (cast (k <: i32) <: i16) <: i32) < pow2 15); assert (v (cast (cast (k <: i32) <: i16) <: i32) >= - pow2 15); @@ -103,17 +105,22 @@ let montgomery_reduce_element (value: i32) = assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); + assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); assert (v value_high == (v value / pow2 16)); + assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert (Spec.Utils.is_i16b 3328 value_high) in let res:i16 = value_high -! c in let _:Prims.unit = assert (Spec.Utils.is_i16b (3328 + 1665) res) in + let _:Prims.unit = + assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 res) + in let _:Prims.unit = calc ( == ) { v k_times_modulus % pow2 16; - ( == ) { () } + ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } ((v k @% pow2 16) * 3329) % pow2 16; - ( == ) { () } + ( == ) { assert (v k = (v value @% pow2 16) * 62209) } ((((v value @% pow2 16) * 62209) @% pow2 16) * 3329) % pow2 16; ( == ) { Math.Lemmas.lemma_mod_sub ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) (pow2 16) @@ -123,7 +130,7 @@ let montgomery_reduce_element (value: i32) = ((((v value @% pow2 16) * 62209) * 3329) % pow2 16); ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v value @% pow2 16) (62209 * 3329) (pow2 16) } ((v value @% pow2 16) % pow2 16); - ( == ) { () } + ( == ) { Math.Lemmas.lemma_mod_sub (v value) (pow2 16) 1 } (v value) % pow2 16; }; Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v value) (v k_times_modulus); @@ -132,27 +139,25 @@ let montgomery_reduce_element (value: i32) = let _:Prims.unit = calc ( == ) { v res % 3329; - ( == ) { () } + ( == ) { assert (v res == v value_high - v c) } (v value / pow2 16 - v k_times_modulus / pow2 16) % 3329; ( == ) { Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } ((v value - v k_times_modulus) / pow2 16) % 3329; - ( == ) { () } - (((v value - v k_times_modulus) / pow2 16) * ((pow2 16 * 62209) % 3329)) % 3329; + ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } + (((v value - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v value - v k_times_modulus) / pow2 16) - (pow2 16 * 62209) + (pow2 16 * 169) 3329 } - (((v value - v k_times_modulus) / pow2 16) * pow2 16 * 62209) % 3329; + (((v value - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; ( == ) { Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } - ((v value - v k_times_modulus) * 62209) % 3329; - ( == ) { () } - ((v value * 62209) - ((v k @% pow2 16) * 3329 * 62209)) % 3329; - ( == ) { Math.Lemmas.lemma_mod_sub (v value * 62209) 3329 ((v k @% pow2 16) * 62209) } - (v value * 62209) % 3329; + ((v value - v k_times_modulus) * 169) % 3329; + ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } + ((v value * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub (v value * 169) 3329 ((v k @% pow2 16) * 169) } + (v value * 169) % 3329; } in - let result:i16 = res in - let _:Prims.unit = admit () (* Panic freedom *) in - result + res #pop-options @@ -161,8 +166,6 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = let product:i32 = (cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) in montgomery_reduce_element product -#push-options "--admit_smt_queries true" - let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -182,8 +185,11 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + (Core.Num.impl__i16__wrapping_add (lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i16) <: @@ -192,43 +198,47 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - lhs - -#pop-options + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:Prims.unit = admit () (* Panic freedom *) in + result -let barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (barrett_reduce_element (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - i16) + Seq.length vec.f_elements == Seq.length v__vec0.f_elements /\ + (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j))) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ + i ] + <: + i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - v - -#push-options "--admit_smt_queries true" + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let _:Prims.unit = admit () (* Panic freedom *) in + result let bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -259,41 +269,25 @@ let bitwise_and_with_constant <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - v - -#pop-options - -#push-options "--admit_smt_queries true" + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:Prims.unit = admit () (* Panic freedom *) in + result let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> + (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) + let i:usize = i in + Seq.length v.f_elements == Seq.length v__vec0.f_elements) v (fun v i -> let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in let i:usize = i in - let _:Prims.unit = - if true - then - let _:Prims.unit = - Hax_lib.v_assert (((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) >=. - 0s - <: - bool) && - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <. 4096s - <: - bool)) - in - () - in - if (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s + if + (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s <: bool then { v with @@ -305,14 +299,16 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s <: i16) + <: + t_Array i16 (sz 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector else v) in - v - -#pop-options + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:Prims.unit = admit () (* Panic freedom *) in + result let montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -351,8 +347,6 @@ let montgomery_multiply_by_constant in v -#push-options "--admit_smt_queries true" - let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -372,18 +366,22 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) *! c <: i16) + (Core.Num.impl__i16__wrapping_mul (v + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + c + <: + i16) <: t_Array i16 (sz 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - v - -#pop-options - -#push-options "--admit_smt_queries true" + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:Prims.unit = admit () (* Panic freedom *) in + result let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -413,11 +411,9 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - v - -#pop-options - -#push-options "--admit_smt_queries true" + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let _:Prims.unit = admit () (* Panic freedom *) in + result let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -438,8 +434,11 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + (Core.Num.impl__i16__wrapping_sub (lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i16) <: @@ -448,6 +447,6 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - lhs - -#pop-options + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index ebe994b40..d4bb456f7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -52,7 +52,7 @@ val montgomery_reduce_element (value: i32) let result:i16 = result in Spec.Utils.is_i16b (3328 + 1665) result /\ (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\ - v result % 3329 == (v value * 62209) % 3329) + v result % 3329 == (v value * 169) % 3329) /// If `fe` is some field element \'x\' of the Kyber field and `fer` is congruent to /// `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to @@ -66,8 +66,7 @@ val montgomery_multiply_fe_by_fer (fe fer: i16) (ensures fun result -> let result:i16 = result in - Spec.Utils.is_i16b (3328 + 1665) result /\ - v result % 3329 == (v fe * v fer * 62209) % 3329) + Spec.Utils.is_i16b (3328 + 1665) result /\ v result % 3329 == (v fe * v fer * 169) % 3329) val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -77,10 +76,15 @@ val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in result.f_elements == Spec.Utils.map2 ( +. ) (lhs.f_elements) (rhs.f_elements)) -val barrett_reduce (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +val barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires Spec.Utils.is_i16b_array 28296 vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements /\ + Spec.MLKEM.Math.to_spec_array result.f_elements == + Spec.MLKEM.Math.to_spec_array vec.f_elements) val bitwise_and_with_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 312bea76b..ed7826f7a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -175,7 +175,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.cond_subtract_3329_ v); f_barrett_reduce_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.Utils.is_i16b_array 28296 (impl.f_repr v)); f_barrett_reduce_post = (fun @@ -189,7 +190,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce v); f_montgomery_multiply_by_constant_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) -> true); + (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) -> + Spec.Utils.is_i16b 3328 r); f_montgomery_multiply_by_constant_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index a7be4ecd7..155041e0a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -89,11 +89,13 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_cond_subtract_3329_pre x0) (fun result -> f_cond_subtract_3329_post x0 result); - f_barrett_reduce_pre:vector: v_Self -> pred: Type0{true ==> pred}; + f_barrett_reduce_pre:vector: v_Self + -> pred: Type0{Spec.Utils.is_i16b_array 28296 (f_repr vector) ==> pred}; f_barrett_reduce_post:v_Self -> v_Self -> Type0; f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); - f_montgomery_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; + f_montgomery_multiply_by_constant_pre:v: v_Self -> c: i16 + -> pred: Type0{Spec.Utils.is_i16b 3328 c ==> pred}; f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self @@ -286,7 +288,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure v_T (requires Spec.Utils.is_i16b 3328 fer) (fun _ -> Prims.l_True) val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index 5dab105e8..a33f3a0f6 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -47,8 +47,11 @@ let int_to_spec_fe (m:int) : field_element = let to_spec_fe (m:i16) : field_element = int_to_spec_fe (v m) +let to_spec_array #len (m:t_Array i16 len) : t_Array field_element len = + createi #field_element len (fun i -> to_spec_fe (m.[i])) + let to_spec_poly (m:t_Array i16 (sz 256)) : polynomial = - createi #field_element (sz 256) (fun i -> to_spec_fe (m.[i])) + to_spec_array m let to_spec_vector (#r:rank) (m:t_Array (t_Array i16 (sz 256)) r) diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 01f1207ec..93bfca2fa 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -113,12 +113,14 @@ impl Operations for SIMD256Vector { } } + #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (impl.f_repr ${vector})"))] fn barrett_reduce(vector: Self) -> Self { Self { elements: arithmetic::barrett_reduce(vector.elements), } } + #[requires(fstar!("Spec.Utils.is_i16b 3328 $constant"))] fn montgomery_multiply_by_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::montgomery_multiply_by_constant(vector.elements, constant), diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index cf05ab802..452c48fbf 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -72,10 +72,12 @@ impl Operations for PortableVector { cond_subtract_3329(v) } + #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (impl.f_repr ${v})"))] fn barrett_reduce(v: Self) -> Self { barrett_reduce(v) } + #[requires(fstar!("Spec.Utils.is_i16b 3328 $r"))] fn montgomery_multiply_by_constant(v: Self, r: i16) -> Self { montgomery_multiply_by_constant(v, r) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index dcd1ce462..4d72204a3 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -40,40 +40,40 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (+.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] += rhs.elements[i]; + lhs.elements[i] = lhs.elements[i].wrapping_add(rhs.elements[i]); } lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (-.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] -= rhs.elements[i]; + lhs.elements[i] = lhs.elements[i].wrapping_sub(rhs.elements[i]); } lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${v}.f_elements)"))] pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] *= c; + v.elements[i] = v.elements[i].wrapping_mul(c); } v } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${v}.f_elements)"))] pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { @@ -84,7 +84,7 @@ pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVecto } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] #[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${v}.f_elements)"))] pub fn shift_right(mut v: PortableVector) -> PortableVector { @@ -105,11 +105,12 @@ pub fn shift_right(mut v: PortableVector) -> PortableVector // } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (${v}.f_elements)"))] pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { + let _vec0 = v; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - debug_assert!(v.elements[i] >= 0 && v.elements[i] < 4096); + hax_lib::loop_invariant!(|i: usize| { fstar!("Seq.length ${v}.f_elements == Seq.length ${_vec0}.f_elements")}); if v.elements[i] >= 3329 { v.elements[i] -= 3329 } @@ -158,12 +159,18 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement { } #[inline(always)] -pub(crate) fn barrett_reduce(mut v: PortableVector) -> PortableVector { +#[hax_lib::fstar::verification_status(panic_free)] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 vec.f_elements")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 result.f_elements /\\ + Spec.MLKEM.Math.to_spec_array result.f_elements == Spec.MLKEM.Math.to_spec_array vec.f_elements")))] +pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = barrett_reduce_element(v.elements[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!("Seq.length ${vec}.f_elements == Seq.length ${_vec0}.f_elements /\\ + (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j))") }); + vec.elements[i] = barrett_reduce_element(vec.elements[i]); } - - v + vec } /// Signed Montgomery Reduction @@ -180,24 +187,20 @@ pub(crate) fn barrett_reduce(mut v: PortableVector) -> PortableVector { /// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 /// #[hax_lib::fstar::options("--z3rlimit 300 --split_queries always")] -#[hax_lib::fstar::verification_status(panic_free)] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\\ - v result % 3329 == (v value * 62209) % 3329")))] + v result % 3329 == (v value * 169) % 3329")))] pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { // This forces hax to extract code for MONTGOMERY_R before it extracts code // for this function. The removal of this line is being tracked in: // https://github.com/cryspen/libcrux/issues/134 let _ = MONTGOMERY_R; - //hax_debug_assert!( - // value >= -FIELD_MODULUS * MONTGOMERY_R && value <= FIELD_MODULUS * MONTGOMERY_R, - // "value is {value}" - //); - let k = (value as i16) as i32 * (INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32); - hax_lib::fstar!("assert(v (cast (cast (k <: i32) <: i16) <: i32) == v k @% pow2 16); + hax_lib::fstar!("assert(v (cast (cast (value <: i32) <: i16) <: i32) == v value @% pow2 16); + assert(v k == (v value @% pow2 16) * 62209); + assert(v (cast (cast (k <: i32) <: i16) <: i32) == v k @% pow2 16); assert(v (cast (cast (k <: i32) <: i16) <: i32) < pow2 15); assert(v (cast (cast (k <: i32) <: i16) <: i32) >= -pow2 15); assert(v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS <: i16) <: i32) == 3329)"); @@ -214,15 +217,18 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { hax_lib::fstar!("assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); + assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); assert (v value_high == (v value / pow2 16)); + assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert(Spec.Utils.is_i16b 3328 value_high)"); let res = value_high - c; hax_lib::fstar!("assert(Spec.Utils.is_i16b (3328 + 1665) res)"); + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 res)"); hax_lib::fstar!("calc ( == ) { v k_times_modulus % pow2 16; - ( == ) { } + ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } ((v k @% pow2 16) * 3329) % pow2 16; - ( == ) { } + ( == ) { assert (v k = (v value @% pow2 16) * 62209) } ((((v value @% pow2 16) * 62209) @% pow2 16) * 3329) % pow2 16; ( == ) { Math.Lemmas.lemma_mod_sub ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) (pow2 16) 3329 } ((((v value @% pow2 16) * 62209) % pow2 16) * 3329) % pow2 16; @@ -230,27 +236,27 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { ((((v value @% pow2 16) * 62209) * 3329) % pow2 16); ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v value @% pow2 16) (62209 * 3329) (pow2 16) } ((v value @% pow2 16) % pow2 16); - ( == ) {} + ( == ) { Math.Lemmas.lemma_mod_sub (v value) (pow2 16) 1 } (v value) % pow2 16; }; Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v value) (v k_times_modulus); assert ((v value - v k_times_modulus) % pow2 16 == 0)"); hax_lib::fstar!("calc ( == ) { v res % 3329; - ( == ) { } + ( == ) { assert (v res == v value_high - v c) } (v value / pow2 16 - v k_times_modulus / pow2 16) % 3329 ; - ( == ) {Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } + ( == ) { Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16) } ((v value - v k_times_modulus) / pow2 16) % 3329; - ( == ) {} - (((v value - v k_times_modulus) / pow2 16) * ((pow2 16 * 62209) % 3329)) % 3329; - ( == ) {Math.Lemmas.lemma_mod_mul_distr_r ((v value - v k_times_modulus) / pow2 16) (pow2 16 * 62209) 3329} - (((v value - v k_times_modulus) / pow2 16) * pow2 16 * 62209) % 3329; - ( == ) {Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16)} - ((v value - v k_times_modulus) * 62209) % 3329; - ( == ) {} - ((v value * 62209) - ((v k @% pow2 16) * 3329 * 62209)) % 3329; - ( == ) {Math.Lemmas.lemma_mod_sub (v value * 62209) 3329 ((v k @% pow2 16) * 62209)} - (v value * 62209) % 3329; + ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } + (((v value - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v value - v k_times_modulus) / pow2 16) (pow2 16 * 169) 3329} + (((v value - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v value - v k_times_modulus) (pow2 16)} + ((v value - v k_times_modulus) * 169) % 3329; + ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } + ((v value * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub (v value * 169) 3329 ((v k @% pow2 16) * 169)} + (v value * 169) % 3329; }"); res } @@ -266,7 +272,7 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { #[inline(always)] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 fer")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ - v result % 3329 == (v fe * v fer * 62209) % 3329")))] + v result % 3329 == (v fe * v fer * 169) % 3329")))] pub(crate) fn montgomery_multiply_fe_by_fer( fe: FieldElement, fer: FieldElementTimesMontgomeryR, diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index e3e370161..db794b41f 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -56,10 +56,10 @@ pub trait Operations: Copy + Clone + Repr { #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (f_repr $vector)"))] fn barrett_reduce(vector: Self) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.Utils.is_i16b 3328 c"))] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; // Compression @@ -167,9 +167,11 @@ pub trait Operations: Copy + Clone { } // hax does not support trait with default implementations, so we use the following pattern +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $fer"))] pub fn montgomery_multiply_fe(v: T, fer: i16) -> T { T::montgomery_multiply_by_constant(v, fer) } + pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } From e46edf3dd20776d518ddf48d2f3c2640784ae6dc Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 20:20:23 +0200 Subject: [PATCH 166/348] Update and improve `Makefile`s --- fstar-helpers/Makefile.base | 5 + fstar-helpers/Makefile.generic | 271 ++++++++++++++++++ fstar-helpers/README.md | 5 + fstar-helpers/fstar-bitvec/Makefile | 33 +++ .../proofs/fstar/extraction/Makefile | 1 + libcrux-sha3/proofs/fstar/extraction/Makefile | 1 + 6 files changed, 316 insertions(+) create mode 100644 fstar-helpers/Makefile.base create mode 100644 fstar-helpers/Makefile.generic create mode 100644 fstar-helpers/README.md create mode 100644 fstar-helpers/fstar-bitvec/Makefile create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Makefile create mode 100644 libcrux-sha3/proofs/fstar/extraction/Makefile diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base new file mode 100644 index 000000000..e7c57847f --- /dev/null +++ b/fstar-helpers/Makefile.base @@ -0,0 +1,5 @@ +# Base Makefile for F* in libcrux. +# This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. + +FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/Makefile.generic b/fstar-helpers/Makefile.generic new file mode 100644 index 000000000..d63f08b13 --- /dev/null +++ b/fstar-helpers/Makefile.generic @@ -0,0 +1,271 @@ +# This is a generically useful Makefile for F* that is self-contained +# +# We expect: +# 1. `fstar.exe` to be in PATH (alternatively, you can also set +# $FSTAR_HOME to be set to your F* repo/install directory) +# +# 2. `cargo`, `rustup`, `hax` and `jq` to be installed and in PATH. +# +# 3. the extracted Cargo crate to have "hax-lib" as a dependency: +# `hax-lib = { version = "0.1.0-pre.1", git = "https://github.com/hacspec/hax"}` +# +# Optionally, you can set `HACL_HOME`. +# +# ROOTS contains all the top-level F* files you wish to verify +# The default target `verify` verified ROOTS and its dependencies +# To lax-check instead, set `OTHERFLAGS="--lax"` on the command-line +# +# To make F* emacs mode use the settings in this file, you need to +# add the following lines to your .emacs +# +# (setq-default fstar-executable "/bin/fstar.exe") +# (setq-default fstar-smt-executable "/bin/z3") +# +# (defun my-fstar-compute-prover-args-using-make () +# "Construct arguments to pass to F* by calling make." +# (with-demoted-errors "Error when constructing arg string: %S" +# (let* ((fname (file-name-nondirectory buffer-file-name)) +# (target (concat fname "-in")) +# (argstr (car (process-lines "make" "--quiet" target)))) +# (split-string argstr)))) +# (setq fstar-subp-prover-args #'my-fstar-compute-prover-args-using-make) +# + +PATH_TO_CHILD_MAKEFILE := "$(abspath $(firstword $(MAKEFILE_LIST)))" +PATH_TO_TEMPLATE_MAKEFILE := "$(abspath $(lastword $(MAKEFILE_LIST)))" + +HACL_HOME ?= $(HOME)/.hax/hacl_home +# Expand variable FSTAR_BIN_DETECT now, so that we don't run this over and over + +FSTAR_BIN_DETECT := $(if $(shell command -v fstar.exe), fstar.exe, $(FSTAR_HOME)/bin/fstar.exe) +FSTAR_BIN ?= $(FSTAR_BIN_DETECT) + +GIT_ROOT_DIR := $(shell git rev-parse --show-toplevel)/ +CACHE_DIR ?= ${GIT_ROOT_DIR}.fstar-cache/checked +HINT_DIR ?= ${GIT_ROOT_DIR}.fstar-cache/hints + +# Makes command quiet by default +Q ?= @ + +# Verify the required executable are in PATH +EXECUTABLES = cargo cargo-hax jq +K := $(foreach exec,$(EXECUTABLES),\ + $(if $(shell which $(exec)),some string,$(error "No $(exec) in PATH"))) + +export ANSI_COLOR_BLUE=\033[34m +export ANSI_COLOR_RED=\033[31m +export ANSI_COLOR_BBLUE=\033[1;34m +export ANSI_COLOR_GRAY=\033[90m +export ANSI_COLOR_TONE=\033[35m +export ANSI_COLOR_RESET=\033[0m + +ifdef NO_COLOR +export ANSI_COLOR_BLUE= +export ANSI_COLOR_RED= +export ANSI_COLOR_BBLUE= +export ANSI_COLOR_GRAY= +export ANSI_COLOR_TONE= +export ANSI_COLOR_RESET= +endif + +# The following is a bash script that discovers F* libraries. +# Due to incompatibilities with make 4.3, I had to make a "oneliner" bash script... +define FINDLIBS + : "Prints a path if and only if it exists. Takes one argument: the path."; \ + function print_if_exists() { \ + if [ -d "$$1" ]; then \ + echo "$$1"; \ + fi; \ + } ; \ + : "Asks Cargo all the dependencies for the current crate or workspace,"; \ + : "and extract all "root" directories for each. Takes zero argument."; \ + function dependencies() { \ + cargo metadata --format-version 1 | \ + jq -r ".packages | .[] | .manifest_path | split(\"/\") | .[:-1] | join(\"/\")"; \ + } ; \ + : "Find hax libraries *around* a given path. Takes one argument: the"; \ + : "path."; \ + function find_hax_libraries_at_path() { \ + path="$$1" ; \ + : "if there is a [proofs/fstar/extraction] subfolder, then that s a F* library" ; \ + print_if_exists "$$path/proofs/fstar/extraction" ; \ + : "Maybe the [proof-libs] folder of hax is around?" ; \ + MAYBE_PROOF_LIBS=$$(realpath -q "$$path/../proof-libs/fstar") ; \ + if [ $$? -eq 0 ]; then \ + print_if_exists "$$MAYBE_PROOF_LIBS/core" ; \ + print_if_exists "$$MAYBE_PROOF_LIBS/rust_primitives" ; \ + fi ; \ + } ; \ + { while IFS= read path; do \ + find_hax_libraries_at_path "$$path"; \ + done < <(dependencies) ; } | sort -u +endef +export FINDLIBS + +FSTAR_INCLUDE_DIRS_EXTRA ?= +FINDLIBS_OUTPUT := $(shell bash -c '${FINDLIBS}') +FSTAR_INCLUDE_DIRS = $(HACL_HOME)/lib $(FSTAR_INCLUDE_DIRS_EXTRA) $(FINDLIBS_OUTPUT) + +# Make sure FSTAR_INCLUDE_DIRS has the `proof-libs`, print hints and +# an error message otherwise +ifneq (,$(findstring proof-libs/fstar,$(FSTAR_INCLUDE_DIRS))) +else + K += $(info ) + ERROR := $(shell printf '${ANSI_COLOR_RED}Error: could not detect `proof-libs`!${ANSI_COLOR_RESET}') + K += $(info ${ERROR}) + ERROR := $(shell printf ' > Do you have `${ANSI_COLOR_BLUE}hax-lib${ANSI_COLOR_RESET}` in your `${ANSI_COLOR_BLUE}Cargo.toml${ANSI_COLOR_RESET}` as a ${ANSI_COLOR_BLUE}git${ANSI_COLOR_RESET} or ${ANSI_COLOR_BLUE}path${ANSI_COLOR_RESET} dependency?') + K += $(info ${ERROR}) + ERROR := $(shell printf ' ${ANSI_COLOR_BLUE}> Tip: you may want to run `cargo add --git https://github.com/hacspec/hax hax-lib`${ANSI_COLOR_RESET}') + K += $(info ${ERROR}) + K += $(info ) + K += $(error Fatal error: `proof-libs` is required.) +endif + +.PHONY: all verify clean + +all: + $(Q)rm -f .depend + $(Q)$(MAKE) .depend hax.fst.config.json verify + +all-keep-going: + $(Q)rm -f .depend + $(Q)$(MAKE) --keep-going .depend hax.fst.config.json verify + +# If $HACL_HOME doesn't exist, clone it +${HACL_HOME}: + $(Q)mkdir -p "${HACL_HOME}" + $(info Clonning Hacl* in ${HACL_HOME}...) + git clone --depth 1 https://github.com/hacl-star/hacl-star.git "${HACL_HOME}" + $(info Clonning Hacl* in ${HACL_HOME}... done!) + +# If no any F* file is detected, we run hax +ifeq "$(wildcard *.fst *fsti)" "" +$(shell cargo hax into fstar) +endif + +# By default, we process all the files in the current directory +ROOTS ?= $(wildcard *.fst *fsti) +ADMIT_MODULES ?= + +ADMIT_MODULE_FLAGS ?= --admit_smt_queries true + +# Can be useful for debugging purposes +FINDLIBS.sh: + $(Q)echo '${FINDLIBS}' > FINDLIBS.sh +include-dirs: + $(Q)bash -c '${FINDLIBS}' + +FSTAR_FLAGS = \ + --warn_error -321-331-241-274-239-271 \ + --cache_checked_modules --cache_dir $(CACHE_DIR) \ + --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ + $(addprefix --include ,$(FSTAR_INCLUDE_DIRS)) + +FSTAR := $(FSTAR_BIN) $(FSTAR_FLAGS) + +.depend: $(HINT_DIR) $(CACHE_DIR) $(ROOTS) $(HACL_HOME) + @$(FSTAR) --dep full $(ROOTS) --extract '* -Prims -LowStar -FStar' > $@ + +include .depend + +$(HINT_DIR) $(CACHE_DIR): + $(Q)mkdir -p $@ + +define HELPMESSAGE +echo "hax' default Makefile for F*" +echo "" +echo "The available targets are:" +echo "" +function target() { + printf ' ${ANSI_COLOR_BLUE}%-20b${ANSI_COLOR_RESET} %s\n' "$$1" "$$2" +} +target "all" "Verify every F* files (stops whenever an F* fails first)" +target "all-keep-going" "Verify every F* files (tries as many F* module as possible)" +target "" "" +target "run/${ANSI_COLOR_TONE} " 'Runs F* on `MyModule.fst` only' +target "" "" +target "vscode" 'Generates a `hax.fst.config.json` file' +target "${ANSI_COLOR_TONE}${ANSI_COLOR_BLUE}-in " 'Useful for Emacs, outputs the F* prefix command to be used' +target "" "" +target "clean" 'Cleanup the target' +target "include-dirs" 'List the F* include directories' +target "" "" +target "describe" 'List the F* root modules, and describe the environment.' +echo "" +echo "Variables:" +target "NO_COLOR" "Set to anything to disable colors" +target "ADMIT_MODULES" "List of modules where F* will assume every SMT query" +target "FSTAR_INCLUDE_DIRS_EXTRA" "List of extra include F* dirs" +endef +export HELPMESSAGE + +describe: + @printf '${ANSI_COLOR_BBLUE}F* roots:${ANSI_COLOR_RESET}\n' + @for root in ${ROOTS}; do \ + filename=$$(basename -- "$$root") ;\ + ext="$${filename##*.}" ;\ + noext="$${filename%.*}" ;\ + printf "${ANSI_COLOR_GRAY}$$(dirname -- "$$root")/${ANSI_COLOR_RESET}%s${ANSI_COLOR_GRAY}.${ANSI_COLOR_TONE}%s${ANSI_COLOR_RESET}%b\n" "$$noext" "$$ext" $$([[ "${ADMIT_MODULES}" =~ (^| )$$root($$| ) ]] && echo '${ANSI_COLOR_RED}\t[ADMITTED]${ANSI_COLOR_RESET}'); \ + done + @printf '\n${ANSI_COLOR_BBLUE}Environment:${ANSI_COLOR_RESET}\n' + @printf ' - ${ANSI_COLOR_BLUE}HACL_HOME${ANSI_COLOR_RESET} = %s\n' '${HACL_HOME}' + @printf ' - ${ANSI_COLOR_BLUE}FSTAR_BIN${ANSI_COLOR_RESET} = %s\n' '${FSTAR_BIN}' + @printf ' - ${ANSI_COLOR_BLUE}GIT_ROOT_DIR${ANSI_COLOR_RESET} = %s\n' '${GIT_ROOT_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}CACHE_DIR${ANSI_COLOR_RESET} = %s\n' '${CACHE_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}HINT_DIR${ANSI_COLOR_RESET} = %s\n' '${HINT_DIR}' + @printf ' - ${ANSI_COLOR_BLUE}ADMIT_MODULE_FLAGS${ANSI_COLOR_RESET} = %s\n' '${ADMIT_MODULE_FLAGS}' + @printf ' - ${ANSI_COLOR_BLUE}FSTAR_INCLUDE_DIRS_EXTRA${ANSI_COLOR_RESET} = %s\n' '${FSTAR_INCLUDE_DIRS_EXTRA}' + @printf ' - ${ANSI_COLOR_BLUE}OTHERFLAGS${ANSI_COLOR_RESET} = %s\n' '${OTHERFLAGS}' + +help: ;@bash -c "$$HELPMESSAGE" +h: ;@bash -c "$$HELPMESSAGE" + +HEADER = $(Q)printf '${ANSI_COLOR_BBLUE}[CHECK] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" + +run/%: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) + ${HEADER} + $(Q)$(FSTAR) $(OTHERFLAGS) $(@:run/%=%) + +VERIFIED_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ROOTS))) +ADMIT_CHECKED = $(addsuffix .checked, $(addprefix $(CACHE_DIR)/,$(ADMIT_MODULES))) + +$(ADMIT_CHECKED): + $(Q)printf '${ANSI_COLOR_BBLUE}[${ANSI_COLOR_TONE}ADMIT${ANSI_COLOR_BBLUE}] %s ${ANSI_COLOR_RESET}\n' "$(basename $(notdir $@))" + $(Q)$(FSTAR) $(OTHERFLAGS) $(ADMIT_MODULE_FLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + echo "" ; \ + exit 1 ; \ + } + $(Q)printf "\n\n" + +$(CACHE_DIR)/%.checked: | .depend $(HINT_DIR) $(CACHE_DIR) $(HACL_HOME) + ${HEADER} + $(Q)$(FSTAR) $(OTHERFLAGS) $< $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(notdir $*).hints || { \ + echo "" ; \ + exit 1 ; \ + } + touch $@ + $(Q)printf "\n\n" + +verify: $(VERIFIED_CHECKED) $(ADMIT_CHECKED) + +# Targets for Emacs +%.fst-in: + $(info $(FSTAR_FLAGS) $(OTHERFLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fst.hints) +%.fsti-in: + $(info $(FSTAR_FLAGS) $(OTHERFLAGS) \ + $(ENABLE_HINTS) --hint_file $(HINT_DIR)/$(basename $@).fsti.hints) + +# Targets for VSCode +hax.fst.config.json: .depend + $(Q)echo "$(FSTAR_INCLUDE_DIRS)" | jq --arg fstar "$(FSTAR_BIN)" -R 'split(" ") | {fstar_exe: $$fstar | gsub("^\\s+|\\s+$$";""), include_dirs: .}' > $@ +vscode: + $(Q)rm -f .depend + $(Q)$(MAKE) hax.fst.config.json + +SHELL=bash + +# Clean target +clean: + rm -rf $(CACHE_DIR)/* + rm *.fst diff --git a/fstar-helpers/README.md b/fstar-helpers/README.md new file mode 100644 index 000000000..122ed5b03 --- /dev/null +++ b/fstar-helpers/README.md @@ -0,0 +1,5 @@ +This folder provides F* helpers: + + - `Makefile.generic` is the generic hax Makefile, available here: https://gist.github.com/W95Psp/4c304132a1f85c5af4e4959dd6b356c3. `Makefile.generic` is not supposed to be edited. + - `Makefile.base` is the base file that adds a couple of include folders that are useful generally in the scope of libcrux verification with F*. + - `fstar-bitvec` F* modules related to bitvectors. diff --git a/fstar-helpers/fstar-bitvec/Makefile b/fstar-helpers/fstar-bitvec/Makefile new file mode 100644 index 000000000..4bddb3c33 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Makefile @@ -0,0 +1,33 @@ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Ind_cca.fst \ + Libcrux_ml_kem.Ind_cpa.fst \ + Libcrux_ml_kem.Ind_cpa.fsti \ + Libcrux_ml_kem.Invert_ntt.fst \ + Libcrux_ml_kem.Matrix.fst \ + Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Polynomial.fst \ + Libcrux_ml_kem.Sampling.fst \ + Libcrux_ml_kem.Serialize.fst \ + Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ + Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Avx2.Compress.fst \ + Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ + Libcrux_ml_kem.Vector.Avx2.Portable.fst \ + Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Neon.Compress.fst \ + Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.Ntt.fst \ + Libcrux_ml_kem.Vector.Neon.Serialize.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ + Libcrux_ml_kem.Vector.Portable.Compress.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.Sampling.fst \ + Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ + Libcrux_ml_kem.Vector.Traits.fst + +OTHERFLAGS += --unsafe_tactic_exec +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Makefile b/libcrux-intrinsics/proofs/fstar/extraction/Makefile new file mode 100644 index 000000000..b4ce70a38 --- /dev/null +++ b/libcrux-intrinsics/proofs/fstar/extraction/Makefile @@ -0,0 +1 @@ +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-sha3/proofs/fstar/extraction/Makefile b/libcrux-sha3/proofs/fstar/extraction/Makefile new file mode 100644 index 000000000..ec420d509 --- /dev/null +++ b/libcrux-sha3/proofs/fstar/extraction/Makefile @@ -0,0 +1 @@ +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template From 0fb14cb20804967353a7f18bdab5cd301cc934ad Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 20:21:44 +0200 Subject: [PATCH 167/348] Reintroduce BitVecEq from previous proofs --- fstar-helpers/fstar-bitvec/BitVecEq.fst | 12 + fstar-helpers/fstar-bitvec/BitVecEq.fsti | 293 +++++++++++++++++++++++ fstar-helpers/fstar-bitvec/MkSeq.fst | 59 +++++ 3 files changed, 364 insertions(+) create mode 100644 fstar-helpers/fstar-bitvec/BitVecEq.fst create mode 100644 fstar-helpers/fstar-bitvec/BitVecEq.fsti create mode 100644 fstar-helpers/fstar-bitvec/MkSeq.fst diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fst b/fstar-helpers/fstar-bitvec/BitVecEq.fst new file mode 100644 index 000000000..c89f2fe35 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVecEq.fst @@ -0,0 +1,12 @@ +module BitVecEq + +open Core +open FStar.Mul +open FStar.FunctionalExtensionality + +let bit_vec_equal #n bv1 bv2 = forall i. bv1 i == bv2 i + +let bit_vec_equal_intro bv1 bv2 = () +let bit_vec_equal_elim bv1 bv2 = assert (feq bv1 bv2) + + diff --git a/fstar-helpers/fstar-bitvec/BitVecEq.fsti b/fstar-helpers/fstar-bitvec/BitVecEq.fsti new file mode 100644 index 000000000..c370f28bf --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVecEq.fsti @@ -0,0 +1,293 @@ +module BitVecEq +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul +open MkSeq +open FStar.FunctionalExtensionality + +val bit_vec_equal (#n: nat) (bv1 bv2: bit_vec n): Type0 +val bit_vec_equal_intro (#n: nat) (bv1 bv2: bit_vec n) + : Lemma (requires forall i. bv1 i == bv2 i) + (ensures bit_vec_equal bv1 bv2) +val bit_vec_equal_elim (#n: nat) (bv1 bv2: bit_vec n) + : Lemma (requires bit_vec_equal #n bv1 bv2) + (ensures bv1 == bv2) + [SMTPat (bit_vec_equal #n bv1 bv2)] + +let bit_vec_equal_intro_principle () + : Lemma (forall n (bv1 bv2: bit_vec n). (forall i. bv1 i == bv2 i) ==> bit_vec_equal #n bv1 bv2) + = introduce forall n (bv1 bv2: bit_vec n). _ + with introduce (forall i. bv1 i == bv2 i) ==> bit_vec_equal #n bv1 bv2 + with _. bit_vec_equal_intro #n bv1 bv2 + +let bit_vec_equal_elim_principle () + : Lemma (forall n (bv1 bv2: bit_vec n). bit_vec_equal #n bv1 bv2 ==> (forall i. bv1 i == bv2 i)) + = introduce forall n (bv1 bv2: bit_vec n). _ + with introduce bit_vec_equal #n bv1 bv2 ==> (forall i. bv1 i == bv2 i) + with _. bit_vec_equal_elim #n bv1 bv2 + +let bit_vec_equal_trivial (bv1 bv2: bit_vec 0): Lemma (bv1 == bv2) + [SMTPat (eq2 #(bit_vec 0) bv1 bv2)] + = bit_vec_equal_intro bv1 bv2 + +let bit_vec_sub #n (bv: bit_vec n) (start: nat) (len: nat {start + len <= n}) + : bit_vec len + = on (i: nat {i < len}) + (fun i -> bv (start + i)) + +let bit_vec_equal_trivial_sub_smtpat (bv1: bit_vec 'n) + : Lemma (forall (bv2: bit_vec 0). bit_vec_sub bv1 0 0 == bv2) + [SMTPat (bit_vec_sub bv1 0 0)] + = introduce forall (bv2: bit_vec 0). bit_vec_sub bv1 0 0 == bv2 + with bit_vec_equal_trivial (bit_vec_sub bv1 0 0) bv2 + +unfold let retype #a #b (#_:unit{a == b}) + (x: a): b + = x + +let bit_vec_sub_all_lemma #n (bv: bit_vec n) + : Lemma (bit_vec_sub bv 0 n == bv) + [SMTPat (bit_vec_sub bv 0 n)] + = bit_vec_equal_intro (bit_vec_sub bv 0 n) bv + +let int_t_array_bitwise_eq' + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) (d1: num_bits t1) + (arr2: t_Array (int_t t2) n2) (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = bit_vec_equal (bit_vec_of_int_t_array arr1 d1) + (retype (bit_vec_of_int_t_array arr2 d2)) + +let int_t_array_bitwise_eq + #t1 #t2 #n1 #n2 + (arr1: t_Array (int_t t1) n1) (d1: num_bits t1) + (arr2: t_Array (int_t t2) n2) (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = bit_vec_of_int_t_array arr1 d1 == bit_vec_of_int_t_array arr2 d2 + +// let get_bit_intro () +// : Lemma (forall (#n: inttype) (x: int_t n) (nth: usize {v nth < bits n}). +// get_bit #n x nth == ( if v x >= 0 then get_bit_nat (v x) (v nth) +// else get_bit_nat (pow2 (bits n) + v x) (v nth))) +// = introduce forall (n: inttype) (x: int_t n) (nth: usize {v nth < bits n}). +// get_bit #n x nth == ( if v x >= 0 then get_bit_nat (v x) (v nth) +// else get_bit_nat (pow2 (bits n) + v x) (v nth)) +// with get_bit_intro #n x nth + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 80" +/// Rewrite a `bit_vec_of_int_t_array (Seq.slice arr ...)` into a `bit_vec_sub ...` +let int_t_seq_slice_to_bv_sub_lemma #t #n + (arr: t_Array (int_t t) n) + (start: nat) (len: usize {start + v len <= v n}) + (d: num_bits t) + : Lemma ( bit_vec_of_int_t_array (Seq.slice arr start (start + v len) <: t_Array _ len) d + `bit_vec_equal` bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d)) + [SMTPat (bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d))] + = let bv1 = bit_vec_of_int_t_array #_ #len (Seq.slice arr start (start + v len)) d in + let bv2 = bit_vec_sub (bit_vec_of_int_t_array arr d) (start * d) (v len * d) in + introduce forall i. bv1 i == bv2 i + with ( Seq.lemma_index_slice arr start (start + v len) (i / d); + Math.Lemmas.lemma_div_plus i start d; + Math.Lemmas.lemma_mod_plus i start d); + bit_vec_equal_intro bv1 bv2 + +#push-options "--split_queries always" +let int_t_eq_seq_slice_bv_sub_lemma #t #n1 #n2 + (arr1: t_Array (int_t t) n1) (arr2: t_Array (int_t t) n2) (d: num_bits t) + (start1 start2: nat) (len: nat {start1 + len <= v n1 /\ start2 + len <= v n2}) + : Lemma (requires Seq.slice arr1 start1 (start1 + len) == Seq.slice arr2 start2 (start2 + len)) + (ensures bit_vec_equal + (bit_vec_sub (bit_vec_of_int_t_array arr1 d) (start1 * d) (len * d)) + (bit_vec_sub (bit_vec_of_int_t_array arr2 d) (start2 * d) (len * d))) + [SMTPat ((bit_vec_sub (bit_vec_of_int_t_array arr1 d) (start1 * d) (len * d)) == + (bit_vec_sub (bit_vec_of_int_t_array arr2 d) (start2 * d) (len * d)))] + = let len = sz len in + int_t_seq_slice_to_bv_sub_lemma arr1 start1 len d; + int_t_seq_slice_to_bv_sub_lemma arr2 start2 len d; + // bit_vec_equal_elim_principle (); + bit_vec_equal_intro_principle () +#pop-options + +let bit_vec_equal_extend #n1 #n2 + (bv1: bit_vec n1) (bv2: bit_vec n2) (start1 start2: nat) + (len1: nat) + (len2: nat { start1 + len1 + len2 <= n1 /\ start2 + len1 + len2 <= n2}) + : Lemma + (requires + bit_vec_sub bv1 start1 len1 == bit_vec_sub bv2 start2 len1 + /\ bit_vec_sub bv1 (start1 + len1) len2 == bit_vec_sub bv2 (start2 + len1) len2) + (ensures bit_vec_sub bv1 start1 (len1+len2) == bit_vec_sub bv2 start2 (len1+len2)) + // [SMTPat (bit_vec_sub bv1 start1 len1 == bit_vec_sub bv2 start2 len1); + // SMTPat () + // ] + // SMTPat (bit_vec_sub bv1 (start1 + len1) len2 == bit_vec_sub bv2 (start2 + len1) len2)] + = let left1 = bit_vec_sub bv1 start1 len1 in + let left2 = bit_vec_sub bv2 start2 len1 in + let right1 = bit_vec_sub bv1 (start1 + len1) len2 in + let right2 = bit_vec_sub bv2 (start2 + len1) len2 in + // () + // bit_vec_equal_elim left1 left2 ; + // bit_vec_equal_elim right1 right2; + let entire1 = bit_vec_sub bv1 start1 (len1 + len2) in + let entire2 = bit_vec_sub bv2 start2 (len1 + len2) in + assert (forall (i:nat). i < len1 ==> left1 i == left2 i); + assert (forall (i:nat). i < len2 ==> right1 i == right2 i); + introduce forall (i:nat). i < len1 + len2 ==> entire1 i == entire2 i + with introduce i < len1 + len2 ==> entire1 i == entire2 i + with _. if i < len1 then assert (left1 i == left2 i) + else assert (entire1 i == right1 (i - len1)); + bit_vec_equal_intro entire1 entire2 +#pop-options + +// let bit_vec_equal_trans (#n: nat) (bv1 bv2 bv3: bit_vec n) +// : Lemma (requires bv1 `bit_vec_equal` bv2 /\ bv2 `bit_vec_equal` bv3) +// (ensures bv1 `bit_vec_equal` bv3) +// = bit_vec_equal_elim_principle (); +// bit_vec_equal_intro_principle () + +(* +let int_arr_bitwise_eq_range + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (offset1 offset2: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + }) + = bit_vec_equal #bits (fun i -> bit_vec_of_int_t_array arr1 d1 (i + offset1)) + = forall (k: nat). k < bits ==> + bit_vec_of_int_t_array arr1 d1 (offset1 + k) + == bit_vec_of_int_t_array arr2 d2 (offset2 + k) + +let int_arr_bitwise_eq_range_comm + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (offset1 offset2: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + }) + : Lemma (requires int_arr_bitwise_eq_range arr1 d1 arr2 d2 offset1 offset2 bits) + (ensures int_arr_bitwise_eq_range arr2 d2 arr1 d1 offset2 offset1 bits) + = () + +// kill that function in favor of range +let int_arr_bitwise_eq_up_to + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + (max: nat {max <= v n1 * d1}) + + = forall i. i < max + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i + +let int_arr_bitwise_eq_ + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = int_arr_bitwise_eq_up_to arr1 d1 arr2 d2 (v n1 * d1) + +// move to fsti +let bit_vec_equal #n (bv1 bv2: bit_vec n) + = forall i. i < n ==> bv1 i == bv2 i + +let int_arr_bitwise_eq + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + = forall i. i < v n1 * d1 + ==> bit_vec_of_int_t_array arr1 d1 i == bit_vec_of_int_t_array arr2 d2 i + +let int_arr_bitwise_eq_range_transitivity + #t1 #t2 #t3 #n1 #n2 #n3 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement2 x}) n2) + (d2: num_bits t2) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement3: int_t t3 -> Type0) + (arr3: t_Array (x: int_t t3 {refinement3 x}) n3) + (d3: num_bits t3) + (offset1 offset2 offset3: nat) + (bits: nat { + offset1 + bits <= v n1 * d1 + /\ offset2 + bits <= v n2 * d2 + /\ offset3 + bits <= v n3 * d3 + }) + : Lemma + (requires int_arr_bitwise_eq_range #t1 #t2 #n1 #n2 arr1 d1 arr2 d2 offset1 offset2 bits + /\ int_arr_bitwise_eq_range #t2 #t3 #n2 #n3 arr2 d2 arr3 d3 offset2 offset3 bits) + (ensures int_arr_bitwise_eq_range #t1 #t3 #n1 #n3 arr1 d1 arr3 d3 offset1 offset3 bits) + = () + + +let int_arr_bitwise_eq_range_intro + #t1 #t2 #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t1 -> Type0) + (arr1: t_Array (x: int_t t1 {refinement1 x}) n1) + (d1: num_bits t1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t2 -> Type0) + (arr2: t_Array (x: int_t t2 {refinement x}) n2) + (d2: num_bits t2 {v n1 * d1 == v n2 * d2}) + : Lemma + (requires int_arr_bitwise_eq arr1 d1 arr2 d2) + (ensures int_arr_bitwise_eq_range arr1 d1 arr2 d2 0 0 (v n1 * d1)) + = admit () + +let int_arr_bitwise_eq_range_intro_eq_slice + #t #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement: int_t t -> Type0) + (arr1: t_Array (x: int_t t {refinement x}) n1) + (arr2: t_Array (x: int_t t {refinement x}) n2) + (d: num_bits t) + (offset1 offset2: nat) + (n: nat {offset1 + n < v n1 /\ offset2 + n < v n2}) + (bits: nat { + offset1 + bits <= v n1 * d + /\ offset2 + bits <= v n2 * d + /\ bits <= n * d + }) + : Lemma (requires Seq.slice arr1 offset1 (offset1 + n) == Seq.slice arr2 offset2 (offset2 + n)) + (ensures int_arr_bitwise_eq_range arr1 d arr2 d offset1 offset2 bits) + = admit () + +let int_arr_bitwise_eq_range_intro_eq + #t #n1 #n2 + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement1: int_t t -> Type0) + (arr1: t_Array (x: int_t t {refinement1 x}) n1) + (#[FStar.Tactics.exact (`(fun _ -> True))]refinement2: int_t t -> Type0) + (arr2: t_Array (x: int_t t {refinement2 x}) n2) + (d: num_bits t) + (n_offset1 n_offset2: nat) + (n: nat {n_offset1 + n <= v n1 /\ n_offset2 + n <= v n2}) + // (offset1 offset2: nat) + (bits: nat { + n_offset1 * d + bits <= v n1 * d + /\ n_offset2 * d + bits <= v n2 * d + /\ bits <= n * d + }) + : Lemma (requires forall (i: nat). i < n ==> Seq.index arr1 (i + n_offset1) == Seq.index arr2 (i + n_offset2)) + (ensures int_arr_bitwise_eq_range arr1 d arr2 d (n_offset1 * d) (n_offset2 * d) bits) + = admit () +*) diff --git a/fstar-helpers/fstar-bitvec/MkSeq.fst b/fstar-helpers/fstar-bitvec/MkSeq.fst new file mode 100644 index 000000000..89c8e0216 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/MkSeq.fst @@ -0,0 +1,59 @@ +module MkSeq +open Core + +open FStar.Tactics.V2 + +private let init (len: nat) (f: (i:nat{i < len}) -> Tac 'a): Tac (list 'a) + = let rec h (i: nat {i <= len}): Tac (list 'a) + = if i = len then [] else f i :: h (i + 1) + in h 0 + +private let tuple_proj (n: nat) (i: nat): Tac term + = if n = 1 then `(id) else + let name = "__proj__Mktuple" ^ string_of_int n ^ "__item___" ^ string_of_int (i + 1) in + Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) + +private let tuple_type (n: nat): Tac term + = if n = 1 then `(id) else + let name = "tuple" ^ string_of_int n in + Tv_FVar (pack_fv ["FStar";"Pervasives";"Native";name]) + +open Rust_primitives.Integers + +private let create_gen_tac (n: nat): Tac sigelt + = let typ_bd = {fresh_binder_named "t" (`Type0) with qual = FStar.Reflection.V2.Q_Implicit} in + let typ = binder_to_term typ_bd in + let input_typ = mk_e_app (tuple_type n) (init n (fun _ -> typ)) in + let input_bd = fresh_binder_named "tup" input_typ in + let output_type = `t_Array (`#typ) (sz (`@n)) in + let nth i = `((`#(tuple_proj n i)) (`#input_bd)) in + let mk_and: term -> term -> Tac term = fun t u -> `(`#t /\ `#u) in + let post = + let mk_inv s i = `(Seq.index (`#s) (`@i) == (`#(tuple_proj n i)) (`#input_bd)) in + let invs s = Tactics.fold_left mk_and (`(Seq.length (`#s) == (`@n))) (init n (mk_inv s)) in + let bd = fresh_binder_named "s" output_type in + mk_abs [bd] (invs bd) + in + let comp = C_Eff [] ["Prims"; "Pure"] + (`t_Array (`#typ) (sz (`@n))) + [ (`(requires True), Q_Explicit); (post, Q_Explicit)] [] + in + let args = [typ_bd; input_bd] in + let l = Tactics.fold_right (fun hd tl -> `((`#hd)::(`#tl))) (init n nth) (`[]) in + let indexes = + let f i = `((`#(nth i)) == List.Tot.index (`#l) (`@i)) in + Tactics.fold_left mk_and (`True) (init n f) + in + let lb_def = mk_abs args (`( + let l = `#l in + let s = Seq.createL l <: t_Array (`#typ) (sz (`@n)) in + FStar.Classical.forall_intro (Seq.lemma_index_is_nth s); + assert (`#indexes) by (Tactics.norm [primops; iota; delta; zeta]); + s + )) in + let lb_typ = mk_arr args (pack_comp comp) in + let open FStar.List.Tot in + let lb_fv = pack_fv (cur_module () @ ["create" ^ string_of_int n]) in + Sg_Let { isrec = false; lbs = [{ lb_fv; lb_us = []; lb_typ; lb_def }] } + +%splice[] (init 13 (fun i -> create_gen_tac (i + 1))) From 8feb7815f6aebe9f986a61e721a135b5245ef007 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 20:22:05 +0200 Subject: [PATCH 168/348] intro tactic library to do hybrid norm/rewrite inside terms --- fstar-helpers/fstar-bitvec/Tactics.Folds.fst | 82 ++++++ fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 76 +++++ .../fstar-bitvec/Tactics.MachineInts.fst | 273 ++++++++++++++++++ fstar-helpers/fstar-bitvec/Tactics.Pow2.fst | 58 ++++ fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 123 ++++++++ fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 267 +++++++++++++++++ 6 files changed, 879 insertions(+) create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Folds.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.GetBit.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Pow2.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Seq.fst create mode 100644 fstar-helpers/fstar-bitvec/Tactics.Utils.fst diff --git a/fstar-helpers/fstar-bitvec/Tactics.Folds.fst b/fstar-helpers/fstar-bitvec/Tactics.Folds.fst new file mode 100644 index 000000000..c5ead30b0 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Folds.fst @@ -0,0 +1,82 @@ +module Tactics.Folds + +open Core +module L = FStar.List.Tot +module S = FStar.Seq.Base +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Rust_primitives.Hax.Folds + +open Tactics.Utils + +// let unfold_fold_range +// (#acc_t: Type0) (#u: Lib.IntTypes.inttype) +// (start_: int_t u) +// (end_: int_t u) +// (inv: acc_t -> (i:int_t u{fold_range_wf_index start_ end_ false (v i)}) -> Type0) +// (init: acc_t {inv init start_}) +// (f: (acc:acc_t -> i:int_t u {v i <= v end_ /\ fold_range_wf_index start_ end_ true (v i) /\ inv acc i} +// -> acc':acc_t {(inv acc' (mk_int (v i + 1)))})) +// = if v start_ < v end_ +// then fold_range (start_ +! mk_int 1) end_ inv (f init start_) f +// else init + + +// #push-options "--z3rlimit 100" +// let unfold_fold_range +// (#acc_t: Type0) (#u: Lib.IntTypes.inttype) +// (start_: int_t u) +// (end_: int_t u) +// (inv: acc_t -> (i:int_t u{fold_range_wf_index start_ end_ false (v i)}) -> Type0) +// (init: acc_t {inv init start_}) +// (f: (acc:acc_t -> i:int_t u {v i <= v end_ /\ fold_range_wf_index start_ end_ true (v i) /\ inv acc i} +// -> acc':acc_t {(inv acc' (mk_int (v i + 1)))})) +// : Lemma ( fold_range start_ end_ inv init f +// == ( if v start_ < v end_ +// then +// fold_range (start_ +! mk_int 1) end_ inv (f init start_) f +// else init ) +// ) +// = admit () +// #pop-options + +// let expect_fold_range t +// = let?# (fr, [acc_t,_;u,_;start_,_;end_,_;inv,_;init,_;f,_]) = expect_app_n t 7 in +// let _ = expect_free_var fr (`%fold_range) in +// Some (acc_t, u, start_, end_, inv, init, f) + +// let make_fold_range_lemma (start_: nat) (end_: nat): Tac _ = +// let _ = tcut (quote (squash (forall acc_t u inv init f. +// fold_range #acc_t #u start_ end_ inv init f +// == fold_range #acc_t #u start_ end_ inv init f +// ))) in +// flip (); +// let acc_t = forall_intro () in +// let u = forall_intro () in +// let inv = forall_intro () in +// let init = forall_intro () in +// let f = forall_intro () in +// fail "xx"; +// let _ = rewrite_rhs () in +// flip (); +// focus (fun _ -> +// fail "xx"; +// apply_lemma_rw (`unfold_fold_range) +// ); +// () +// // rewrite_lhs +// // let aux start_ = + +// jlet _ = +// assert true by (make_fold_range_lemma 1 10) + +// in + + +// let tactic_fold_range t +// = let?# expect_fold_range _ = + diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst new file mode 100644 index 000000000..6a7da3303 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -0,0 +1,76 @@ +/// Provides tactics around `get_bit _ _ == get_bit _ _` goals +module Tactics.GetBit + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Tactics.Utils +open Tactics.Pow2 + +open BitVecEq {} +open Tactics.Seq {norm_index, tactic_list_index} + + +let _ = Rust_primitives.Hax.array_of_list + +let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) + +/// Does one round of computation +let compute_one_round (): Tac _ = + norm [ iota; zeta; reify_ + ; delta_namespace [ + "FStar" + ; "BitVecEq" + ; implode_qn (cur_module ()) + ; "MkSeq" + ; `%Rust_primitives.Hax.array_of_list + ] + ; primops; unmeta]; + trace "compute_one_round: norm_pow2" norm_pow2; + trace "compute_one_round: norm_machine_int" norm_machine_int; + trace "compute_one_round: norm_index" norm_index + +/// Normalizes up to `get_bit` +let compute': unit -> Tac unit = goal_fixpoint compute_one_round + +private let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) + = let time0 = curms () in + let result = t x in + let time1 = curms () in + (result, time1 - time0) + +private let print_time prefix (t: 'a -> Tac 'b) (x: 'a): Tac 'b + = let (result, time) = time_tactic_ms t x in + print (prefix ^ string_of_int (time / 1000) ^ "." ^ string_of_int ((time/100)%10) ^ "s"); + result + + + +/// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) +let prove_bit_vector_equality' (): Tac unit = + norm [ + iota; + primops; + delta_only [`%bit_vec_of_int_t_array; `%FunctionalExtensionality.on]; + delta_namespace [ + implode_qn (cur_module ()); + "Libcrux_intrinsics.Avx2_extract"; + "BitVec.Intrinsics"; + "BitVecEq"; + ]; + ]; + compute_one_round (); + prove_forall_nat_pointwise (print_time "SMT solved the goal in " (fun _ -> + Tactics.Seq.norm_index_minimal (); + l_to_r [`bit_vec_to_int_t_lemma]; + print ("Ask SMT: " ^ term_to_string (cur_goal ())); + focus smt_sync + )) +let prove_bit_vector_equality (): Tac unit = + set_rlimit 100; + with_compat_pre_core 0 prove_bit_vector_equality' diff --git a/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst new file mode 100644 index 000000000..85bb0bb78 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.MachineInts.fst @@ -0,0 +1,273 @@ +/// This module interprets machine integers terms that comes from +/// `FStar.[U]Int*` modules or from `Rust_primtiives.Integers` module. +/// It can then convert from and back those two representation, +/// normalize them, etc. +module Tactics.MachineInts + +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Option + +open Tactics.Utils +module RI = Rust_primitives.Integers + +/// The size of a machine int +type size = + | PtrSize + | Size of n:nat {match n with | 8 | 16 | 32 | 64 | 128 -> true | _ -> false} +/// The signedness of a machine int +type signedness = | Signed | Unsigned + +/// The operations we recognize on machine ints +type machine_int_op = | MkInt | V + +/// The AST of a machine int expression +noeq type machine_int_term = + /// Operations `mk_int` (aka `FStar.[U]Int*.[u]int_to_t`) and `v` + | Op { /// Which operation is it? + op: machine_int_op + /// Is that a generic (Rust_primitives.Integers) operation or a native one (FStar.[U]Int*)? + ; native: bool + ; size: size + ; signedness: signedness + ; contents: machine_int_term } + /// A (math) integer literal + | Lit of int + /// An arbitrary term + | Term of term + +/// Expect `n` to be a definition in a machine int namespace +let expect_native_machine_int_ns (n: string): (option (signedness & size & string)) + = match explode_qn n with + | "FStar"::int_module::[def_name] -> + let? (sign, size) = match int_module with + | "Int8" -> Some (Signed, Size 8) + | "Int16" -> Some (Signed, Size 16) + | "Int32" -> Some (Signed, Size 32) + | "Int64" -> Some (Signed, Size 64) + | "Int128" -> Some (Signed, Size 128) + | "UInt8" -> Some (Unsigned, Size 8) + | "UInt16" -> Some (Unsigned, Size 16) + | "UInt32" -> Some (Unsigned, Size 32) + | "UInt64" -> Some (Unsigned, Size 64) + | "UInt18" -> Some (Unsigned, Size 128) + | _ -> None + in Some (sign, size, def_name) + | _ -> None + +/// Given a sign and a size, produces the correct namespace `FStar.[U]Int*` +let mk_native_machine_int_ns (sign: signedness) (size: size): option (list string) + = let sign = match sign with | Signed -> "" | Unsigned -> "U" in + let? size = match size with | PtrSize -> None | Size n -> Some (string_of_int n) in + Some ["FStar"; sign ^ "Int" ^ size] + +/// Interpret HACL*'s `inttype`s +let expect_inttype t: Tac (option (signedness & size)) + = let t = norm_term [iota; reify_; delta_namespace ["Rust_primitives.Integers"; "Lib.IntTypes"]; primops; unmeta] t in + let?# t = expect_fvar t in + match t with + | `%RI.i8_inttype | `%Lib.IntTypes.S8 -> Some ( Signed, Size 8) + | `%RI.i16_inttype | `%Lib.IntTypes.S16 -> Some ( Signed, Size 16) + | `%RI.i32_inttype | `%Lib.IntTypes.S32 -> Some ( Signed, Size 32) + | `%RI.i64_inttype | `%Lib.IntTypes.S64 -> Some ( Signed, Size 64) + | `%RI.i128_inttype | `%Lib.IntTypes.S128 -> Some ( Signed, Size 128) + | `%RI.u8_inttype | `%Lib.IntTypes.U8 -> Some (Unsigned, Size 8) + | `%RI.u16_inttype | `%Lib.IntTypes.U16 -> Some (Unsigned, Size 16) + | `%RI.u32_inttype | `%Lib.IntTypes.U32 -> Some (Unsigned, Size 32) + | `%RI.u64_inttype | `%Lib.IntTypes.U64 -> Some (Unsigned, Size 64) + | `%RI.u128_inttype | `%Lib.IntTypes.U128 -> Some (Unsigned, Size 128) + | `%RI.isize_inttype -> Some (Signed, PtrSize) + | `%RI.usize_inttype -> Some (Unsigned, PtrSize) + | _ -> None + +/// Given a signedness and a size, creates a name `[ui]*_inttype` +let mk_inttype_name (sign: signedness) (size: size): name = + let sign = match sign with | Signed -> "i" | Unsigned -> "u" in + let size = match size with | PtrSize -> "size" | Size n -> string_of_int n in + ["Rust_primitives"; "Integers"; sign ^ size ^ "_inttype"] + +/// Given a signedness and a size, creates a term `[ui]*_inttype` +let mk_inttype (sign: signedness) (size: size): Tac term = + pack (Tv_FVar (pack_fv (mk_inttype_name sign size))) + +/// Interprets a term as a machine int. This function always returns +/// something: when `t` is not a machine int expression we recognize, +/// it returns `Term t`. Below, `term_to_machine_int_term` returns an +/// option. +let rec term_to_machine_int_term' (t: term): Tac machine_int_term = + match term_to_machine_int_term'' t with | Some t -> t | None -> Term t +and term_to_machine_int_term'' (t: term): Tac (option machine_int_term) = + let t = norm_term [delta_only [(`%RI.sz); (`%RI.isz)]] t in + match t with + | Tv_Const (C_Int n) -> Some (Lit n) + | _ -> + let?# (hd, args) = collect_app_hd t in + match expect_native_machine_int_ns hd, args with + | (Some (signedness, size, def_name), [arg, _]) -> begin + let native = true in + let contents = term_to_machine_int_term' arg in + let?# op = match def_name with + | "__uint_to_t" | "__int_to_t" | "uint_to_t" | "int_to_t" -> Some MkInt + | "v" -> Some V | _ -> None in + Some (Op {op; native; size; signedness; contents}) + end + | (None, [inttype, _; contents, _]) -> begin + let?# (signedness, size) = expect_inttype inttype in + let contents = term_to_machine_int_term' contents in + let?# op = match hd with | `%RI.mk_int -> Some MkInt + | `%RI.v -> Some V + | _ -> None in + Some (Op {op; native = false; size; signedness; contents}) + end + | _ -> None + +/// Tries to interpret a term as a machine int +let term_to_machine_int_term (t: term): Tac (option (t: machine_int_term {~(Term? t)})) + = match term_to_machine_int_term' t with + | Term _ -> None | t -> Some t + +/// Transform a machine int AST into a term. Note that this doesn't +/// support native usize/isize (aka `FStar.SizeT`), whence the option. +let rec machine_int_term_to_term (t: machine_int_term): Tac (option term) = + match t with + | Term t -> Some t + | Op {native = false; op; size; signedness; contents} -> + let inttype = mk_inttype signedness size in + let?# contents = machine_int_term_to_term contents in + let op = match op with | V -> `RI.v + | MkInt -> `RI.mk_int in + Some (`((`#op) #(`#inttype) (`#contents))) + | Op {native = true; op; size; signedness; contents} -> + let?# ns = mk_native_machine_int_ns signedness size in + let f = FStar.List.Tot.append ns [ + match op with + | MkInt -> (match signedness with | Signed -> "" | Unsigned -> "u") ^ "int_to_t" + | V -> "v" + ] in + let f = pack (Tv_FVar (pack_fv f)) in + let?# contents = machine_int_term_to_term contents in + Some (mk_e_app f [contents]) + | Lit n -> Some (pack (Tv_Const (C_Int n))) + +/// An operation on a machine_int_term +type operation = machine_int_term -> option machine_int_term + +/// Removes `mk_int (v ...)` or `v (mk_int ...)` when it's the same type +let rec flatten_machine_int_term: operation = function + | Op x -> begin match x.contents with + | Op y -> if x.op <> y.op && x.size = y.size && x.signedness = y.signedness + then Some (match flatten_machine_int_term y.contents with + | Some result -> result + | None -> y.contents) + else let? y = flatten_machine_int_term (Op y) in + Some (Op {x with contents = y}) + | _ -> None + end + | _ -> None + +/// Makes a machine int native or not +let rec change_native_machine_int_term (native: bool): operation = function + | Op x -> let contents = change_native_machine_int_term native x.contents in + if x.native = native + then None + else Some (Op { x with native + ; contents = match contents with + | Some contents -> contents + | None -> x.contents}) + | _ -> None + +/// Combines two operation together +let combine: operation -> operation -> operation = + fun f g t -> match f t with + | Some t -> (match g t with | Some t -> Some t | None -> Some t) + | None -> g t + +/// We call `x` a normal machine integer if `x` has no `mk_int (v +/// ...)` or `v (mk_int ...)` sequence and if all `mk_int` and `v` are +/// native (aka `FStar.[U]Int*.*`, not +/// `Rust_primitives.Integer.*`). Note `usize` is an exception, +/// `mk_int` and `v` alone one usizes (and isizes) cannot be reduced +/// further. +let norm_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term true) + +/// We call `x` a normal generic machine integer if `x` has no +/// `FStar.[U]Int*.[u]int_to_t/v`, and no `mk_int (v ...)` or `v +/// (mk_int ...)`. +let norm_generic_machine_int_term = combine flatten_machine_int_term (change_native_machine_int_term false) + +/// Unfolds `mk_int` using `mk_int_equiv_lemma` +let norm_mk_int () = + let?# (lhs, _) = expect_lhs_eq_uvar () in + let lhs' = term_to_machine_int_term lhs in + match?# lhs' with + | Op {op = MkInt; native = false; size; signedness; contents} -> + let inttype = mk_inttype signedness size in + let lemma = `(RI.mk_int_equiv_lemma #(`#inttype)) in + let lemma = norm_term [primops; iota; delta; zeta] lemma in + focus (fun _ -> + apply_lemma_rw lemma + ); + Some () + | _ -> None + +/// Lemmas to deal with the special case of usize +let rw_v_mk_int_usize x + : Lemma (eq2 (RI.v #RI.usize_inttype (RI.mk_int #RI.usize_inttype x)) x) = () +let rw_mk_int_v_usize x + : Lemma (eq2 (RI.mk_int #RI.usize_inttype (RI.v #RI.usize_inttype x)) x) = () + +/// Rewrites `goal_lhs` into `machine_int`. This function expects the +/// goal to be of the shape ` == (?...)`, where `` +/// is a machine int. Do not call this function directly. +let _rewrite_to (goal_lhs: term) (eq_type: typ) (machine_int: machine_int_term): Tac (option unit) + = let?# t_term = machine_int_term_to_term machine_int in + Some (focus (fun _ -> + let rw = tcut (`squash (eq2 #(`#eq_type) (`#goal_lhs) (`#t_term))) in + // This tcut will generate simple verification conditions, we + // discharge them right away + // iterAllSMT (fun () -> smt_sync `or_else` (fun _ -> dump "norm_mk_int: Could not solve SMT here")); + flip (); + pointwise' (fun () -> match norm_mk_int () with + | Some _ -> () + | None -> // special case for usize + (fun () -> (fun () -> apply_lemma_rw (`rw_v_mk_int_usize)) + `or_else` (fun () -> apply_lemma_rw (`rw_mk_int_v_usize))) + `or_else` trefl + ); + compute (); + trefl (); + apply_lemma_rw rw + )) + +/// Rewrites a goal deeply, replacing every machine integer expression +/// `x` by `f x` (when it is `Some _`). +let transform (f: machine_int_term -> option machine_int_term): Tac unit + = pointwise' (fun _ -> + match revert_if_none (fun _ -> + let?# (lhs, eq_type) = expect_lhs_eq_uvar () in + let?# machine_int = term_to_machine_int_term lhs in + let?# machine_int' = f machine_int in + let?# _ = _rewrite_to lhs eq_type machine_int' in + Some () + ) + with + | None -> trefl () + | _ -> () + ) + +open Rust_primitives.Integers +let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) + by (transform norm_machine_int_term; trefl ()) +let _ = assert (mk_int #u8_inttype 3 == 3uy) + by (transform norm_machine_int_term; trefl ()) +let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) + by (transform norm_machine_int_term) +let _ = assert (v (mk_int #usize_inttype 3) == 3) + by (transform norm_machine_int_term; trefl ()) +let _ = fun x -> assert (v (mk_int #usize_inttype x) == x) + by (transform norm_machine_int_term; trefl ()) +let _ = assert (mk_int #u8_inttype 3 == 3uy) + by (transform norm_generic_machine_int_term; trefl ()) +let _ = fun x -> assert (mk_int #u8_inttype x == FStar.UInt8.uint_to_t x) + by (transform norm_generic_machine_int_term; trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst new file mode 100644 index 000000000..9f6ee1f0f --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Pow2.fst @@ -0,0 +1,58 @@ +/// Provides tools to normalize `pow2` +module Tactics.Pow2 + +open Core +open Tactics.Utils +open FStar.Tactics.V2 + +/// Expects `t` to be of the shape `pow2 n`, with `n` a literal, returns n +let expect_pow2_literal t: Tac (option int) + = let?# (f, [x, _]) = expect_app_n t 1 in + let?# () = expect_free_var f (`%pow2) in + expect_int_literal x + +/// Expects `t` to be of the shape `pow2 n - 1`, with `n` a literal, returns n +let expect_pow2_minus_one_literal t: Tac (option int) + = let?# (f, [x, _; y, _]) = expect_app_n t 2 in + let?# () = expect_free_var f (`%op_Subtraction) in + let?# y = expect_int_literal y in + let?? () = y = 1 in + expect_pow2_literal x + +/// Fully normalize a term of the shape `pow2 n`, where `n` is a literal +let norm_pow2 (): Tac unit = + pointwise (fun () -> + let _ = let?# (t, _) = expect_lhs_eq_uvar () in + let?# n = expect_pow2_literal t in + debug ("Normalized `pow2 " ^ string_of_int n ^ "`"); + Some (norm [iota; zeta_full; reify_; delta; primops; unmeta]) in + trefl ()) + +/// Inverse of `pow2` +let rec log2 (n: nat): Tot (option (m: nat {pow2 m == n})) (decreases n) + = if n = 0 then None + else if n = 1 then Some 0 + else if n % 2 <> 0 then None + else match log2 (n / 2) with + | Some n -> Some (1 + n) + | None -> None + +/// Rewrite integers in the goal into `pow2 _ - 1` whenever possible +let rewrite_pow2_minus_one () = + pointwise (fun () -> + match let?# (t, _) = expect_lhs_eq_uvar () in + let?# n = expect_int_literal t in + if n >= 0 then + match log2 (n + 1) with + | Some e -> + let rw_lemma (): Lemma (n == pow2 e - 1) = () in + apply_lemma_rw (quote rw_lemma); + Some () + | _ -> None + else None + with None -> trefl () | _ -> () + ) + +// Test +let _ = fun (i: nat) -> assert (pow2 (i + 3) + pow2 10 == pow2 (i + 3) + 1024) + by (norm_pow2 (); trefl ()) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst new file mode 100644 index 000000000..1e8ba7372 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -0,0 +1,123 @@ +module Tactics.Seq + +open Core +module L = FStar.List.Tot +module S = FStar.Seq.Base +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +open Tactics.Utils +open Tactics.Pow2 + +(*** Rewrite lemmas *) +private let rw_seq_index_list #t (l: list t) i + : Lemma (S.index (S.seq_of_list l) i == FStar.List.Tot.index l i) + = () +private let rw_index_slice #typ (s: S.seq typ) i j n: Lemma (S.index (S.slice s i j) n == S.index s (normalize_term (i + n))) + = () +private let rw_index_upd s n v i + : Lemma (S.index (S.upd s n v) i == (if n = i then v else S.index s i)) + = () + +/// A version of `L.index` to mark specific instances we want to normalize. +let rec index_to_normalize #a (l: list a) (i:nat{i < L.length l}): Tot a + = let hd::tl = l in + if i = 0 then hd else index_to_normalize tl (i - 1) + +private let rec rw_index_to_index_to_normalize #a (l: list a) (i:nat{i < L.length l}) + : Lemma (L.index #a l i == index_to_normalize #a l i) + = if i = 0 then () else rw_index_to_index_to_normalize (L.tl l) (i - 1) + + +(*** Tactics that apply those lemmas only if needed *) +let tactic_list_index () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%FStar.List.Tot.index) in + let?# n = expect_int_literal index in + apply_lemma_rw (`rw_index_to_index_to_normalize); + Some () + +/// Expects `t` to be of the shape `seq_of_list #_ _` +let expect_seq_of_list (t: term): Tac (option (term & term)) + = let?# (f, [t,_; index,_]) = expect_app_n t 2 in + let?# _ = expect_free_var f (`%S.seq_of_list) in + Some (t, index) + +/// Expects `t` to be of the shape `index #_ _` +let expect_seq_index (t: term): Tac (option (term & term & term)) + = let?# (f, [typ, _; l, _; index, _]) = expect_app_n t 3 in + let?# () = expect_free_var f (`%S.index) in + Some (typ, l, index) + +/// Expects `t` to be of the shape `slice #_ _` +let expect_seq_slice (t: term): Tac (option (term & term & term & term)) + = let?# (f, [typ, _; s, _; i, _; j, _]) = expect_app_n t 4 in + let?# () = expect_free_var f (`%S.slice) in + Some (typ, s, i, j) + +/// Expects `t` to be of the shape `upd #_ _` +let expect_seq_upd (t: term): Tac (option (term & term & term & term)) + = let?# (f, [typ, _; s, _; i, _; v, _]) = expect_app_n t 4 in + let?# () = expect_free_var f (`%S.upd) in + Some (typ, s, i, v) + +let tactic_seq_index_of_list () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (_, l, _) = expect_seq_index t in + let?# _ = expect_seq_of_list l in + apply_lemma_rw (`rw_seq_index_list); + Some () + +let tactic_rw_index_slice () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (typ, s, index) = expect_seq_index t in + let?# (_, s, i, j) = expect_seq_slice s in + apply_lemma_rw (`rw_index_slice #(`#typ) (`#s) (`#i) (`#j)); + Some () + +let tactic_rw_index_upd () + = let?# (t, _) = expect_lhs_eq_uvar () in + let?# (typ, s, index) = expect_seq_index t in + let?# (_, s, i, v) = expect_seq_upd s in + apply_lemma_rw (`rw_index_upd #(`#typ) (`#s) (`#i) (`#v)); + Some () + +(*** Final tactics *) +let norm_zeta_full_list_index (): Tac unit + = norm [iota; primops; zeta_full; delta_only [`%index_to_normalize]] + + +let norm_index_minimal (): Tac unit + = pointwise ((unwrap ∘ tactic_list_index) ||> trefl); + norm_zeta_full_list_index () + +let norm_index' (): Tac unit + = pointwise ( (unwrap ∘ tactic_seq_index_of_list) + ||> (unwrap ∘ tactic_list_index) + ||> (unwrap ∘ tactic_rw_index_slice) + ||> (unwrap ∘ tactic_rw_index_upd) + ||> trefl) + +let norm_index (): Tac unit + = goal_fixpoint norm_index' (); + norm_zeta_full_list_index () + + +(*** Tests *) +let _ = assert ( + let s = S.seq_of_list [1;2;3;4;5;6] in + let s = S.slice s 2 4 in + S.index s 1 == 4 +) by (norm []; norm_index (); trefl ()) + +let _ = assert ( + L.index [L.index [1;2;3;4;5;6] (L.index [1;2;3;4;3;3] 2)] 0 == 4 +) by (norm_index(); trefl ()) +let _ = assert ( + S.index (S.seq_of_list [1;2;3;(S.index (S.seq_of_list [1;2;3;(S.index (S.seq_of_list [1;2;3;4;1]) 3);1]) 3);1]) 3 == 4 +) by (norm_index(); trefl ()) + diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst new file mode 100644 index 000000000..7a48823d9 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -0,0 +1,267 @@ +module Tactics.Utils + +open Core +module L = FStar.List.Tot +open FStar.Tactics.V2 +open FStar.Tactics.V2.SyntaxHelpers +open FStar.Class.Printable +open FStar.Mul +open FStar.Option + +(*** Let operators *) +let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) + = match x with + | Some x -> f x + | None -> None + +let ( let?? ) (x: bool) (f: unit -> Tac (option 'a)): Tac (option 'a) + = if x then f () else None + +(*** Debug helpers *) +/// Dump before failing (in some cases, exception cathing messes with +/// `fail`) +let fail' msg = dump msg; fail msg + +exception Restore +/// Dumps a goal with a minimal number of binders in the environment +let dump' (msg: string): Tac unit + = try set_smt_goals []; + iterAll (fun _ -> let _ = repeat clear_top in ()); + dump msg; + raise Restore + with | _ -> () + +(*** `option _` helpers *) +/// Executes `f`, if it fails, execute `g`. Like `or_else`, but returns +/// a chunk. +let ( ||> ) (f: 'a -> Tac 'b) (g: 'a -> Tac 'b) (a: 'a): Tac 'b + = try f a with | _ -> g a + +exception ExpectedSome +/// Unwraps an option, throws `ExpectedSome` if the option is `None` +let unwrap (x: option 'a): Tac 'a + = match x with + | Some x -> x + | None -> raise ExpectedSome + +/// Expects an option to be `None`, otherwise throws an error +let expect (msg: string) (x: option 'a): Tac 'a + = match x with + | None -> dump' ("Expected " ^ msg); + fail ("Expected " ^ msg) + | Some x -> x + +(*** misc. utils *) +/// Reverse function composition (in Tac) +unfold let (>>>) (f: 'a -> Tac 'b) (g: 'b -> Tac 'c) (x: 'a): Tac 'c + = g (f x) +/// Function composition (in Tac) +unfold let (∘) (f: 'b -> Tac 'c) (g: 'a -> Tac 'b): 'a -> Tac 'c + = g >>> f + + +let trace (fun_name: string) (t: unit -> Tac 'b) = + print (fun_name ^ ": enter"); + let result = + try t () + with | e -> (print (fun_name ^ ": exit (with an exception!)"); raise e) + in + print (fun_name ^ ": exit"); + result + +(*** control utils *) +/// Repeats a tactic `f` until the goal is stable +let goal_fixpoint (f: unit -> Tac unit): unit -> Tac unit + = let rec aux (): Tac _ = + let goal0 = cur_goal () in + f (); + let goal1 = cur_goal () in + if not (term_eq goal0 goal1) then aux () + in aux + +private exception DoRefl +let some_or_refl (f: unit -> Tac (option unit)) + = or_else (fun _ -> match f () with | None -> raise DoRefl | _ -> ()) trefl + +/// Runs `f` on each subterms for rewrite. If `f` is `None` or raises +/// an error, applies `trefl`. +let pointwise_or_refl (f: unit -> Tac (option unit)) + = pointwise (fun _ -> some_or_refl f) + +let rec repeatWhile (f: unit -> Tac bool): Tac unit + = if f () then repeatWhile f + +(*** `expect_*` combinators *) +let expect_int_literal (t: term): Tac (option int) = + match inspect_unascribe t with + | Tv_Const (C_Int n) -> Some n + | _ -> None + +let expect_fvar (t: term): Tac (option string) = + match t with + | Tv_UInst fv _ + | Tv_FVar fv -> Some (implode_qn (inspect_fv fv)) + | _ -> None + +let expect_free_var (t: term) (fv: string): Tac (option unit) = + let?# fv' = expect_fvar t in + if fv = fv' then Some () else None + +let expect_lhs_eq_rhs_term t = + match term_as_formula t with + | Comp (Eq typ) lhs rhs -> + let typ = match typ with | None -> `_ | Some typ -> typ in + Some (lhs, rhs, typ) + | _ -> None + +let expect_lhs_eq_rhs () = + expect_lhs_eq_rhs_term (cur_goal ()) + +let expect_lhs_eq_uvar () = + match expect_lhs_eq_rhs () with + | Some (lhs, rhs, typ) -> + ( match rhs with | Tv_Uvar _ _ -> Some (lhs, typ) | _ -> None ) + | _ -> None + +let expect_app_n t n: Tac (option (term & (l: list _ {L.length l == n}))) = + let (head, args) = collect_app t in + if L.length args = n + then Some (head, args) + else None + +let expect_forall t: Tac _ = + match term_as_formula t with + | Forall bv typ phi -> Some (bv, typ, phi) + | _ -> None + +(*** Rewrite utils *) +private exception ForceRevert +let revert_if_none (f: unit -> Tac (option 'a)): Tac (option 'a) + = try match f () with Some x -> Some x + | None -> raise ForceRevert + with | ForceRevert -> None | e -> raise e + +/// Collects an application whose head is a free variable +let collect_app_hd t: Tac (option (string & list argv)) + = let (hd, args) = collect_app t in + let?# fv = expect_fvar hd in + Some (fv, args) + +let statement_of_lemma (lemma: term) = + let _, comp = collect_arr (tc (cur_env ()) lemma) in + match inspect_comp comp with + | C_Total x + | C_Lemma _ x _ -> ( + match x with + | Tv_Abs _ x -> `(squash (`#x)) + | _ -> `(squash (`#x)) + ) + | _ -> fail "statement_of_lemma: supports only Tot and Lemma" + +let weaken_eq2_lemma (u: Type) (t: Type {subtype_of t u}) (p q: t) () + : Lemma (requires ( == ) #u p q) + (ensures ( == ) #t p q) + = () + +/// `apply_lemma_rw` doesn't work if the goal is `(==) #t ... (?u ...)` while the lemma is `(==) #u .. (?u ....)`. `apply_lemma_rw_eqtype` fixes some of those case, and warns about it. +let apply_lemma_rw_eqtype (lemma: term): Tac unit + = try + apply_lemma_rw lemma + with + | e -> match + let stmt = statement_of_lemma lemma in + let?# (lemma_lhs, lemma_rhs, type_lemma') = expect_lhs_eq_rhs_term stmt in + let?# (goal_lhs, goal_rhs, type_goal') = expect_lhs_eq_rhs () in + let type_lemma = norm_term [delta; iota; primops] type_lemma' in + let type_goal = norm_term [delta; iota; primops] type_goal' in + if term_eq type_lemma type_goal + then None + else + ( print "######## Warning: apply_lemma_rw, rewrite equalities with different type"; + print ("######## Your lemma has eq over type " ^ term_to_string type_lemma); + print ("######## Your goal has eq over type " ^ term_to_string type_goal); + print ("######## Trying to weaken the type of the goal."); + apply_lemma ( + `weaken_eq2_lemma + (`#type_lemma') (`#type_goal') + (`#goal_lhs) (`#goal_rhs) + ); + apply_lemma_rw lemma; + Some () + ) + with | None -> raise e + | Some () -> () + +/// Rewrites LHS of an equality: on goal `squash (x == y)`, it will add `squash (x == (?u ...))`. +let rewrite_lhs (): Tac _ = + let (lhs, _, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_lhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) lhs)) in + tcut (`squash (`#lhs == `#uvar)) + +/// Rewrites RHS of an equality: on goal `squash (x == y)`, it will add `squash (y == (?u ...))`. +let rewrite_rhs (): Tac _ = + let (_, rhs, _) = expect_lhs_eq_rhs () |> expect "a goal ` == ` (rewrite_rhs)" in + let uvar = fresh_uvar (Some (tc (cur_env ()) rhs)) in + tcut (`squash (`#rhs == `#uvar)) + + +(*** Unroll forall goals *) +let _split_forall_nat + (upper_bound: pos) + ($p: (i:nat{i < upper_bound}) -> Type0) + : Lemma (requires (if upper_bound = 0 then True + else p (upper_bound - 1) /\ (forall (i:nat{i < upper_bound - 1}). p i))) + (ensures forall (i:nat{i < upper_bound}). p i) + = () + + +let focus_first_forall_goal (t : unit -> Tac unit) : Tac unit = + let goals = goals () in + let found_goal = alloc false in + iterAll (fun _ -> + (match expect_forall (cur_goal ()) with + | Some _ -> + if read found_goal + then () + else begin + write found_goal true; + t (); + () + end + | _ -> + ()) + ); + if not (read found_goal) then t () + +/// Proves `forall (i:nat{i < bound})` for `bound` being a concrete int +let rec prove_forall_nat_pointwise (tactic: unit -> Tac unit): Tac unit + = let _ = + (* hacky way of printing the progress *) + let goal = term_to_string (cur_goal ()) in + let goal = match String.split ['\n'] goal with + | s::_ -> s | _ -> "" in + print ("prove_forall_pointwise: " ^ goal ^ "...") + in + focus_first_forall_goal (fun _ -> + apply_lemma (`_split_forall_nat); + trivial `or_else` (fun _ -> + if try norm [primops]; + split (); + true + with | e -> false + then ( + tactic (); + prove_forall_nat_pointwise tactic + ) + ) + ) + +#push-options "--compat_pre_core 2" +private let _example (phi: int -> Type0) (proof: (i:int -> Lemma (phi i))) = + assert (forall (i: nat {i < 40}). phi i) + by ( + prove_forall_nat_pointwise (fun _ -> + apply_lemma (quote proof) + ) + ) +#pop-options From 47177fec4915aacb93dbebf2c2b40fb1a06187c5 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 20:24:20 +0200 Subject: [PATCH 169/348] Kill `let mut`, use array literal instead --- libcrux-ml-kem/src/vector/avx2/serialize.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 5b2a4fae5..603d11504 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -47,11 +47,7 @@ pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // significant bit from each element and collate them into two bytes. let bits_packed = mm_movemask_epi8(msbs); - let mut serialized = [0u8; 2]; - serialized[0] = bits_packed as u8; - serialized[1] = (bits_packed >> 8) as u8; - - serialized + [bits_packed as u8; (bits_packed >> 8) as u8] } #[inline(always)] From 77fe3340f36d57d5e14e5baf81d373d409ba1e5e Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 20:28:05 +0200 Subject: [PATCH 170/348] Serialization pre/post in vector/traits.rs + spec in *Math.fst --- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 28 +++++++++++++++++++ libcrux-ml-kem/src/vector/traits.rs | 19 ++++++++----- 2 files changed, 40 insertions(+), 7 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index a1b9d71ac..1b0d730dc 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -258,3 +258,31 @@ let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): = map_array (decompress_d d) (byte_decode d b) + + +(**** Definitions to move or to rework *) +let serialize_pre + (d1: dT) + (coefficients: t_Array i16 (sz 16)) + = forall i. i < 16 ==> bounded (Seq.index coefficients i) d1 + +// TODO: this is an alternative version of byte_encode +// rename to encoded bytes +#push-options "--z3rlimit 80 --split_queries always" +let serialize_post + (d1: dT) + (coefficients: t_Array i16 (sz 16) { serialize_pre d1 coefficients }) + (output: t_Array u8 (sz (d1 * 2))) + = BitVecEq.int_t_array_bitwise_eq coefficients d1 + output 8 + +// TODO: this is an alternative version of byte_decode +// rename to decoded bytes +let deserialize_post + (d1: dT) + (bytes: t_Array u8 (sz (d1 * 2))) + (output: t_Array i16 (sz 16)) + = BitVecEq.int_t_array_bitwise_eq bytes 8 + output d1 + /\ (forall i. i < 16 ==> bounded (Seq.index output i) d1) +#pop-options diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 56ff9cf27..835d671a9 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -91,33 +91,38 @@ pub trait Operations: Copy + Clone + Repr { fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - // Serialization and deserialization - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"))] fn serialize_1(a: Self) -> [u8; 2]; #[requires(true)] fn deserialize_1(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"))] fn serialize_4(a: Self) -> [u8; 8]; #[requires(true)] fn deserialize_4(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 5 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 5 (f_repr $a) ==> Spec.MLKEM.serialize_post 5 (f_repr $a) $result"))] fn serialize_5(a: Self) -> [u8; 10]; #[requires(true)] fn deserialize_5(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"))] fn serialize_10(a: Self) -> [u8; 20]; #[requires(true)] fn deserialize_10(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 11 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 11 (f_repr $a) ==> Spec.MLKEM.serialize_post 11 (f_repr $a) $result"))] fn serialize_11(a: Self) -> [u8; 22]; #[requires(true)] fn deserialize_11(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"))] fn serialize_12(a: Self) -> [u8; 24]; #[requires(true)] fn deserialize_12(a: &[u8]) -> Self; From 37cab5179bba258e13e25e12d3d720f8bb922382 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 30 Aug 2024 20:50:28 +0200 Subject: [PATCH 171/348] hax --- Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index d596bd97f..6eec956ec 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,8 +77,8 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -#hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } -hax-lib = { path = "../hax/hax-lib" } +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +#hax-lib = { path = "../hax/hax-lib" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } From 7cd7a08d172e1715493176358bffadf8f87ae3a4 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 30 Aug 2024 19:03:11 +0000 Subject: [PATCH 172/348] c code --- Cargo.lock | 3 + libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 44 +- .../c/internal/libcrux_mlkem_avx2.h | 44 +- .../c/internal/libcrux_mlkem_portable.h | 44 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1124 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1185 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 16 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 22 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 660 ++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 719 +++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 43 files changed, 2112 insertions(+), 2103 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e5d0f8e38..9625ede51 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,6 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax?branch=main#205ea2636d32bdaf6e260247b7dc01830dba1424" dependencies = [ "hax-lib-macros", "num-bigint", @@ -711,6 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax?branch=main#205ea2636d32bdaf6e260247b7dc01830dba1424" dependencies = [ "hax-lib-macros-types", "paste", @@ -723,6 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax?branch=main#205ea2636d32bdaf6e260247b7dc01830dba1424" dependencies = [ "proc-macro2", "quote", diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 3ae4c6980..76cd050f0 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 0576bfc67e99aae86c51930421072688138b672b Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 +Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 5bf5efe81..37b4942e2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __internal_libcrux_core_H @@ -21,6 +21,12 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" +static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); + +static inline int16_t core_num__i16_1__wrapping_mul(int16_t x0, int16_t x1); + +static inline int16_t core_num__i16_1__wrapping_sub(int16_t x0, int16_t x1); + #define CORE_NUM__U32_8__BITS (32U) static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); @@ -75,7 +81,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_0e1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( uint8_t value[1568U]); /** @@ -88,7 +94,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_671( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -101,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_ea1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( uint8_t value[3168U]); /** @@ -113,7 +119,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_581( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( uint8_t value[1568U]); /** @@ -124,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_fe1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_941( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_381( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -159,7 +165,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_0e0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( uint8_t value[1184U]); /** @@ -172,7 +178,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_670( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -185,7 +191,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_ea0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( uint8_t value[2400U]); /** @@ -197,7 +203,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_580( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( uint8_t value[1088U]); /** @@ -208,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_fe0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_940( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -220,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_380( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -243,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_0e( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( uint8_t value[800U]); /** @@ -256,7 +262,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_67( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -269,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_ea( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( uint8_t value[1632U]); /** @@ -281,7 +287,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_58( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( uint8_t value[768U]); /** @@ -292,7 +298,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_fe( +uint8_t *libcrux_ml_kem_types_as_slice_f6_94( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -349,7 +355,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_38( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index fdb8dc318..ecb75ad66 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_151(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_111(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4a1( +void libcrux_ml_kem_ind_cca_decapsulate_251( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_150(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_110(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6d0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4a0( +void libcrux_ml_kem_ind_cca_decapsulate_250( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_15(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_11( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6d( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4a( +void libcrux_ml_kem_ind_cca_decapsulate_25( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 749f9cbbb..16ffd7952 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c91(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_be1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_5f1( +void libcrux_ml_kem_ind_cca_decapsulate_531( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c90(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_9a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_be0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_5f0( +void libcrux_ml_kem_ind_cca_decapsulate_530( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c9(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_5f( +void libcrux_ml_kem_ind_cca_decapsulate_53( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index d83ea9c17..6eb1bbfa3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 3fc73c214..3c29ac3c3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index ff8e04abd..aa0fcdaad 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_0e1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_671( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_ea1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_581( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_fe1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_941( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_381( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_0e0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_670( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_ea0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_580( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_fe0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_940( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_380( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_0e( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_67( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_ea( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_58( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_fe( +uint8_t *libcrux_ml_kem_types_as_slice_f6_94( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_38( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 00ebb74d5..899863274 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 218453fb9..56091a76a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 888425745..0e62ab674 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_f3( +static void decapsulate_5e( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4a0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_250(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f3(private_key, ciphertext, ret); + decapsulate_5e(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_d1( +static void decapsulate_unpacked_0c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d1(private_key, ciphertext, ret); + decapsulate_unpacked_0c(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_6c( +static tuple_21 encapsulate_53( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6d0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6c(uu____0, copy_of_randomness); + return encapsulate_53(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_e9( +static tuple_21 encapsulate_unpacked_7d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_e9( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e9(uu____0, copy_of_randomness); + return encapsulate_unpacked_7d(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a3( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ed( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_110(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_210(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a3(copy_of_randomness); + return generate_keypair_ed(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_3e(uint8_t randomness[64U]) { +generate_keypair_unpacked_1f(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_3e(copy_of_randomness); + return generate_keypair_unpacked_1f(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_ea0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_150(public_key); +static bool validate_public_key_6b0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2a0(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_ea0(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_ea0(public_key.value)) { + if (validate_public_key_6b0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 7e589711f..50f971f65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index a94309e46..60a1e0f8b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_23( +static void decapsulate_aa( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_531(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_23(private_key, ciphertext, ret); + decapsulate_aa(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_70( +static void decapsulate_unpacked_0b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_70(private_key, ciphertext, ret); + decapsulate_unpacked_0b(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_cb( +static tuple_21 encapsulate_07( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_be1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_cb(uu____0, copy_of_randomness); + return encapsulate_07(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_d5( +static tuple_21 encapsulate_unpacked_7c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_d5( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d5(uu____0, copy_of_randomness); + return encapsulate_unpacked_7c(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_18( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_99( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_9a1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_651(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_18(copy_of_randomness); + return generate_keypair_99(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_8d(uint8_t randomness[64U]) { +generate_keypair_unpacked_60(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_8d(copy_of_randomness); + return generate_keypair_unpacked_60(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_0f1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c91(public_key); +static bool validate_public_key_931(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_361(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_0f1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_0f1(public_key.value)) { + if (validate_public_key_931(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2dfabc1a8..498b356d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 1722c1f14..a5da3cc7d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 4f5cd8c74..b23590730 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_25(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4a(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_25(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1c(private_key, ciphertext, ret); + decapsulate_25(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_36( +static void decapsulate_unpacked_4a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_36( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_36(private_key, ciphertext, ret); + decapsulate_unpacked_4a(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_93( +static tuple_ec encapsulate_79( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6d(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_93(uu____0, copy_of_randomness); + return encapsulate_79(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ff( +static tuple_ec encapsulate_unpacked_e6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_ff( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ff(uu____0, copy_of_randomness); + return encapsulate_unpacked_e6(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c6( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_11(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c6(copy_of_randomness); + return generate_keypair_9f(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_7a(uint8_t randomness[64U]) { +generate_keypair_unpacked_8e(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_7a(copy_of_randomness); + return generate_keypair_unpacked_8e(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_ea(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_15(public_key); +static bool validate_public_key_6b(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ea(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_ea(public_key.value)) { + if (validate_public_key_6b(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index c08174811..68a5a2896 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 8717edd85..86a68b433 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_ed(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_530(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_ed(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_ed(private_key, ciphertext, ret); + decapsulate_3e(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_b0( +static void decapsulate_unpacked_0e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_b0( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b0(private_key, ciphertext, ret); + decapsulate_unpacked_0e(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_5b( +static tuple_ec encapsulate_d8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_be0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_5b(uu____0, copy_of_randomness); + return encapsulate_d8(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_3a( +static tuple_ec encapsulate_unpacked_d7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_3a( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_3a(uu____0, copy_of_randomness); + return encapsulate_unpacked_d7(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7b( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_9a0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_650(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7b(copy_of_randomness); + return generate_keypair_25(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_88(uint8_t randomness[64U]) { +generate_keypair_unpacked_d1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_88(copy_of_randomness); + return generate_keypair_unpacked_d1(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_0f0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c90(public_key); +static bool validate_public_key_930(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_360(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_0f0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_0f0(public_key.value)) { + if (validate_public_key_930(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 5a52535ce..97ba0332c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index f3e6953da..54ff3c780 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index b7f16106e..19ce04aee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_10( +static void decapsulate_0a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4a1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_251(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_10( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_10(private_key, ciphertext, ret); + decapsulate_0a(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_1f( +static void decapsulate_unpacked_fc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_1f( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_1f(private_key, ciphertext, ret); + decapsulate_unpacked_fc(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_6f( +static tuple_3c encapsulate_1c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6d1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e91(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6f(uu____0, copy_of_randomness); + return encapsulate_1c(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_b8( +static tuple_3c encapsulate_unpacked_49( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_b8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b8(uu____0, copy_of_randomness); + return encapsulate_unpacked_49(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_75( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_54( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_111(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_211(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_75(copy_of_randomness); + return generate_keypair_54(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_4c(uint8_t randomness[64U]) { +generate_keypair_unpacked_52(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4c(copy_of_randomness); + return generate_keypair_unpacked_52(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_ea1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_151(public_key); +static bool validate_public_key_6b1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2a1(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ea1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_ea1(public_key.value)) { + if (validate_public_key_6b1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index decd40742..b51cad8ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 3b992c994..02189bb2e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_6b( +static void decapsulate_64( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_53(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_6b( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_6b(private_key, ciphertext, ret); + decapsulate_64(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_c8( +static void decapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_c8( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_c8(private_key, ciphertext, ret); + decapsulate_unpacked_87(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_e5( +static tuple_3c encapsulate_eb( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_be(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_e5(uu____0, copy_of_randomness); + return encapsulate_eb(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1f( +static tuple_3c encapsulate_unpacked_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_1f( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1f(uu____0, copy_of_randomness); + return encapsulate_unpacked_d0(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_99( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_0a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_9a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_99(copy_of_randomness); + return generate_keypair_0a(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_2f(uint8_t randomness[64U]) { +generate_keypair_unpacked_0f(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2f(copy_of_randomness); + return generate_keypair_unpacked_0f(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_0f(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); +static bool validate_public_key_93(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_0f(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_0f(public_key.value)) { + if (validate_public_key_93(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 3b7b27bd9..229cdc944 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index f9830bc7e..267a9ff3d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1261,7 +1261,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_d5(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_98(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1289,8 +1289,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_3b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_to_reduced_ring_element_ce(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1310,12 +1310,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); + deserialized_pk[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1327,7 +1327,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_3b(ring_element); + deserialize_to_reduced_ring_element_ce(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1341,7 +1341,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_79(core_core_arch_x86___m256i vector) { +shift_right_fb(core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); } @@ -1355,9 +1355,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_09_fb( +static core_core_arch_x86___m256i shift_right_09_cf( core_core_arch_x86___m256i vector) { - return shift_right_79(vector); + return shift_right_fb(vector); } /** @@ -1366,9 +1366,9 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_d4( +static core_core_arch_x86___m256i to_unsigned_representative_4b( core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_09_fb(a); + core_core_arch_x86___m256i t = shift_right_09_cf(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1381,14 +1381,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_d7( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d4(re->coefficients[i0]); + to_unsigned_representative_4b(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1406,7 +1406,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_a81( +static KRML_MUSTINLINE void serialize_secret_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1424,7 +1424,7 @@ static KRML_MUSTINLINE void serialize_secret_key_a81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_d7(&re, ret0); + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1439,14 +1439,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_fb1( +static KRML_MUSTINLINE void serialize_public_key_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_a81(t_as_ntt, ret0); + serialize_secret_key_801(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1466,15 +1466,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_151(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_e71( + deserialize_ring_elements_reduced_f51( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_fb1( + serialize_public_key_ac1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1515,10 +1515,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_b81( +static void closure_d61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_d5();); + ret[i] = ZERO_20_98();); } /** @@ -1650,7 +1650,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_973( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1775,7 +1775,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_974( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1818,8 +1818,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); +from_i16_array_20_84(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1836,9 +1836,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e91( int16_t s[272U]) { - return from_i16_array_20_10( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1848,7 +1848,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_b01( +static KRML_MUSTINLINE void sample_from_xof_0c1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1863,7 +1863,7 @@ static KRML_MUSTINLINE void sample_from_xof_b01( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( + bool done = sample_from_uniform_distribution_next_973( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1875,7 +1875,7 @@ static KRML_MUSTINLINE void sample_from_xof_b01( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( + done = sample_from_uniform_distribution_next_974( copy_of_randomness, sampled_coefficients, out); } } @@ -1884,7 +1884,7 @@ static KRML_MUSTINLINE void sample_from_xof_b01( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(copy_of_out[i]);); + ret0[i] = closure_e91(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1896,12 +1896,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_a21( +static KRML_MUSTINLINE void sample_matrix_A_431( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); + closure_d61(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1916,7 +1916,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(copy_of_seeds, sampled); + sample_from_xof_0c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2059,7 +2059,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_25(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2093,7 +2093,7 @@ sample_from_binomial_distribution_2_25(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_10( + return from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2104,7 +2104,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_92(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2137,7 +2137,7 @@ sample_from_binomial_distribution_3_92(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_10( + return from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2148,8 +2148,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_920(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_25(randomness); +sample_from_binomial_distribution_cf0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_9b(randomness); } /** @@ -2158,7 +2158,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_64( +static KRML_MUSTINLINE void ntt_at_layer_7_68( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2184,7 +2184,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_55( +static core_core_arch_x86___m256i montgomery_multiply_fe_7b( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -2196,9 +2196,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, +ntt_layer_int_vec_step_c5(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_55(b, zeta_r); + core_core_arch_x86___m256i t = montgomery_multiply_fe_7b(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2211,7 +2211,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2224,7 +2224,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_88( + ntt_layer_int_vec_step_c5( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2241,7 +2241,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_45( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2257,7 +2257,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_10( +static KRML_MUSTINLINE void ntt_at_layer_2_70( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2276,7 +2276,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_83( +static KRML_MUSTINLINE void ntt_at_layer_1_7e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2303,7 +2303,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_94( +static KRML_MUSTINLINE void poly_barrett_reduce_20_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2319,17 +2319,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_48( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_64(re); + ntt_at_layer_7_68(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_45(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_83(&zeta_i, re); - poly_barrett_reduce_20_94(re); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_70(&zeta_i, re); + ntt_at_layer_1_7e(&zeta_i, re); + poly_barrett_reduce_20_78(re); } /** @@ -2340,11 +2340,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_701( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_d5();); + re_as_ntt[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2359,9 +2359,9 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_701( PRFxN_a9_512(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_920( + re_as_ntt[i0] = sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2386,9 +2386,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_41(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_15(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2419,7 +2419,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_871( +static KRML_MUSTINLINE void add_to_ring_element_20_f31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2440,7 +2440,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_f0( +static core_core_arch_x86___m256i to_standard_domain_6b( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -2456,14 +2456,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_a5( +static KRML_MUSTINLINE void add_standard_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; core_core_arch_x86___m256i coefficient_normal_form = - to_standard_domain_f0(self->coefficients[j]); + to_standard_domain_6b(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2476,14 +2476,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_bb1( +static KRML_MUSTINLINE void compute_As_plus_e_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_d5();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2504,10 +2504,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_bb1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_871(&result0[i1], &product); + ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_f31(&result0[i1], &product); } - add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2526,7 +2526,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_751( +static tuple_9b0 generate_keypair_unpacked_f81( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); @@ -2538,14 +2538,14 @@ static tuple_9b0 generate_keypair_unpacked_751( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); + sample_matrix_A_431(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2557,10 +2557,10 @@ static tuple_9b0 generate_keypair_unpacked_751( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_701(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_571(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_bb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_4b1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -2612,10 +2612,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_fc1( +static void closure_1c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_d5();); + ret[i] = ZERO_20_98();); } /** @@ -2628,7 +2628,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_b3( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -2666,7 +2666,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2675,18 +2675,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_751(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_f81(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_fc1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + clone_3a_4a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2696,7 +2696,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_121( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_fb1( + serialize_public_key_ac1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -2744,17 +2744,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_4f1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_f81( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_751(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_f81(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_fb1( + serialize_public_key_ac1( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_a81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_801(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2778,7 +2778,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_9a1( +static KRML_MUSTINLINE void serialize_kem_secret_key_c91( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2833,7 +2833,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_111(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2842,13 +2842,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_111(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_4f1(ind_cpa_keypair_randomness); + generate_keypair_f81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_9a1( + serialize_kem_secret_key_c91( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2857,13 +2857,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_111(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_ea0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_670( - uu____2, libcrux_ml_kem_types_from_07_0e0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_750( + uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); } /** @@ -2875,10 +2875,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_4f1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_d5();); + error_1[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2894,7 +2894,7 @@ sample_ring_element_cbd_4f1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_920( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2943,7 +2943,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_29( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2967,7 +2967,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_9c( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_e4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2987,7 +2987,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_bc( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3005,14 +3005,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_8c(core_core_arch_x86___m256i a, +inv_ntt_layer_int_vec_step_reduce_e9(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_55(a_minus_b, zeta_r); + b = montgomery_multiply_fe_7b(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -3023,7 +3023,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_e6( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3038,7 +3038,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_e6( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_8c( + inv_ntt_layer_int_vec_step_reduce_e9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -3055,18 +3055,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_401( +static KRML_MUSTINLINE void invert_ntt_montgomery_c51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_29(&zeta_i, re); - invert_ntt_at_layer_2_9c(&zeta_i, re); - invert_ntt_at_layer_3_bc(&zeta_i, re); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_94(re); + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_e4(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_78(re); } /** @@ -3079,7 +3079,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_b1( +static KRML_MUSTINLINE void add_error_reduce_20_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3100,14 +3100,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_4f1( +static KRML_MUSTINLINE void compute_vector_u_641( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_d5();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3127,11 +3127,11 @@ static KRML_MUSTINLINE void compute_vector_u_4f1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(a_element, &r_as_ntt[j]); - add_to_ring_element_20_871(&result0[i1], &product); + ntt_multiply_20_15(a_element, &r_as_ntt[j]); + add_to_ring_element_20_f31(&result0[i1], &product); } - invert_ntt_montgomery_401(&result0[i1]); - add_error_reduce_20_b1(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_c51(&result0[i1]); + add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -3148,7 +3148,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_14( +static core_core_arch_x86___m256i decompress_1_05( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), @@ -3163,8 +3163,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_48(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3172,7 +3172,7 @@ deserialize_then_decompress_message_48(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_14(coefficient_compressed);); + re.coefficients[i0] = decompress_1_05(coefficient_compressed);); return re; } @@ -3187,7 +3187,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_24( +add_message_error_reduce_20_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3214,18 +3214,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_411( +compute_ring_element_v_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_871(&result, &product);); - invert_ntt_montgomery_401(&result); - result = add_message_error_reduce_20_24(error_2, message, result); + ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_f31(&result, &product);); + invert_ntt_montgomery_c51(&result); + result = add_message_error_reduce_20_86(error_2, message, result); return result; } @@ -3236,7 +3236,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bd(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_a7(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3301,9 +3301,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_09_de( +static core_core_arch_x86___m256i compress_09_b5( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bd(vector); + return compress_ciphertext_coefficient_a7(vector); } /** @@ -3312,14 +3312,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_43( +static KRML_MUSTINLINE void compress_then_serialize_10_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_09_de(to_unsigned_representative_d4(re->coefficients[i0])); + compress_09_b5(to_unsigned_representative_4b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3337,7 +3337,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bd0(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_a70(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3402,9 +3402,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_09_de0( +static core_core_arch_x86___m256i compress_09_b50( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bd0(vector); + return compress_ciphertext_coefficient_a70(vector); } /** @@ -3414,10 +3414,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_61( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_43(re, uu____0); + compress_then_serialize_10_a8(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3430,7 +3430,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_3a1( +static void compress_then_serialize_u_521( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3446,7 +3446,7 @@ static void compress_then_serialize_u_3a1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_61(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3459,7 +3459,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bd1(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_a71(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3524,9 +3524,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_09_de1( +static core_core_arch_x86___m256i compress_09_b51( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bd1(vector); + return compress_ciphertext_coefficient_a71(vector); } /** @@ -3535,7 +3535,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_f8( +static KRML_MUSTINLINE void compress_then_serialize_4_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3544,7 +3544,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_f8( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_09_de1(to_unsigned_representative_d4(re.coefficients[i0])); + compress_09_b51(to_unsigned_representative_4b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3561,7 +3561,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_bd2(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_a72(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3626,9 +3626,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_09_de2( +static core_core_arch_x86___m256i compress_09_b52( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_bd2(vector); + return compress_ciphertext_coefficient_a72(vector); } /** @@ -3637,7 +3637,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_e0( +static KRML_MUSTINLINE void compress_then_serialize_5_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3646,7 +3646,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_e0( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - compress_09_de2(to_unsigned_representative_d4(re.coefficients[i0])); + compress_09_b52(to_unsigned_representative_4b(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3663,9 +3663,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_f8(re, out); + compress_then_serialize_4_42(re, out); } /** @@ -3685,7 +3685,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_cb1( +static void encrypt_unpacked_ac1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3693,7 +3693,7 @@ static void encrypt_unpacked_cb1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_701(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3703,7 +3703,7 @@ static void encrypt_unpacked_cb1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_4f1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_b31(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3714,28 +3714,28 @@ static void encrypt_unpacked_cb1( PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_920( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_4f1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_641(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_48(copy_of_message); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_411(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_6c1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_3a1( + compress_then_serialize_u_521( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_ba( + compress_then_serialize_ring_element_v_7a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3759,7 +3759,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3786,7 +3786,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_cb1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ac1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3796,7 +3796,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c61( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3817,7 +3817,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_571(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_8d1(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -3841,10 +3841,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_e71( + deserialize_ring_elements_reduced_f51( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -3852,7 +3852,7 @@ static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); + sample_matrix_A_431(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -3886,7 +3886,7 @@ static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_cb1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_ac1(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3901,7 +3901,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_671(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -3927,11 +3927,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_571( + entropy_preprocess_af_8d1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -3941,7 +3941,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d1( size_t); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3955,19 +3955,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_dd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_671(shared_secret, shared_secret_array); + kdf_af_e51(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3987,7 +3987,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_b5(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_2f(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4050,9 +4050,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_52( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_b5(vector); + return decompress_ciphertext_coefficient_2f(vector); } /** @@ -4062,8 +4062,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_9c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_then_decompress_10_04(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); LowStar_Ignore_ignore( Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, core_core_arch_x86___m256i), @@ -4076,7 +4076,7 @@ deserialize_then_decompress_10_9c(Eurydice_slice serialized) { serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_52(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab(coefficient); } return re; } @@ -4088,7 +4088,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_b50(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_2f0(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4151,9 +4151,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_520( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab0( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_b50(vector); + return decompress_ciphertext_coefficient_2f0(vector); } /** @@ -4163,8 +4163,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_ab(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_then_decompress_11_0a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4172,7 +4172,7 @@ deserialize_then_decompress_11_ab(Eurydice_slice serialized) { serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_520(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab0(coefficient); } return re; } @@ -4184,8 +4184,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_91(Eurydice_slice serialized) { - return deserialize_then_decompress_10_9c(serialized); +deserialize_then_decompress_ring_element_u_07(Eurydice_slice serialized) { + return deserialize_then_decompress_10_04(serialized); } /** @@ -4194,17 +4194,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_a0( +static KRML_MUSTINLINE void ntt_vector_u_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_45(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_83(&zeta_i, re); - poly_barrett_reduce_20_94(re); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_70(&zeta_i, re); + ntt_at_layer_1_7e(&zeta_i, re); + poly_barrett_reduce_20_78(re); } /** @@ -4215,12 +4215,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b61( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_d5();); + u_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -4238,8 +4238,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b61( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_91(u_bytes); - ntt_vector_u_a0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); + ntt_vector_u_bf(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4253,7 +4253,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_b51(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_2f1(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4316,9 +4316,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_521( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab1( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_b51(vector); + return decompress_ciphertext_coefficient_2f1(vector); } /** @@ -4328,8 +4328,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_ef(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_then_decompress_4_f0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4337,7 +4337,7 @@ deserialize_then_decompress_4_ef(Eurydice_slice serialized) { serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_521(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab1(coefficient); } return re; } @@ -4349,7 +4349,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_b52(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_2f2(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4412,9 +4412,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_522( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab2( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_b52(vector); + return decompress_ciphertext_coefficient_2f2(vector); } /** @@ -4424,8 +4424,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_11(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_then_decompress_5_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4433,7 +4433,7 @@ deserialize_then_decompress_5_11(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_522(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_ab2(re.coefficients[i0]); } return re; } @@ -4445,8 +4445,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_79(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ef(serialized); +deserialize_then_decompress_ring_element_v_bb(Eurydice_slice serialized) { + return deserialize_then_decompress_4_f0(serialized); } /** @@ -4460,7 +4460,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_bf(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_45(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4482,17 +4482,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_e61( +compute_message_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_871(&result, &product);); - invert_ntt_montgomery_401(&result); - result = subtract_reduce_20_bf(v, result); + ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_f31(&result, &product);); + invert_ntt_montgomery_c51(&result); + result = subtract_reduce_20_45(v, result); return result; } @@ -4502,13 +4502,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3b( +static KRML_MUSTINLINE void compress_then_serialize_message_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d4(re.coefficients[i0]); + to_unsigned_representative_4b(re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4531,19 +4531,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e11( +static void decrypt_unpacked_071( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b61(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b31(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_79( + deserialize_then_decompress_ring_element_v_bb( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_e61(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c81(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3b(message, ret0); + compress_then_serialize_message_fc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4594,11 +4594,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e11(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_071(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4627,7 +4627,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4638,11 +4638,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_cb1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ac1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4660,8 +4660,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_d5(); +deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4678,12 +4678,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_b31( +static KRML_MUSTINLINE void deserialize_secret_key_a21( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_d5();); + secret_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4695,7 +4695,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b31( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_d1(secret_bytes); + deserialize_to_uncompressed_ring_element_10(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4717,10 +4717,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_da1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_b31(secret_key, secret_as_ntt); + deserialize_secret_key_a21(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4732,7 +4732,7 @@ static void decrypt_da1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_e11(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_071(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4758,7 +4758,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4a1( +void libcrux_ml_kem_ind_cca_decapsulate_251( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4776,7 +4776,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_da1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4798,7 +4798,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4808,17 +4808,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_dd1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_f01(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_671(Eurydice_array_to_slice( + kdf_af_e51(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_671(shared_secret0, shared_secret1); + kdf_af_e51(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4835,12 +4835,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); + deserialized_pk[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4852,7 +4852,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_3b(ring_element); + deserialize_to_reduced_ring_element_ce(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4867,7 +4867,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_a80( +static KRML_MUSTINLINE void serialize_secret_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4885,7 +4885,7 @@ static KRML_MUSTINLINE void serialize_secret_key_a80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_d7(&re, ret0); + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4900,14 +4900,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_fb0( +static KRML_MUSTINLINE void serialize_public_key_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_a80(t_as_ntt, ret0); + serialize_secret_key_800(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4927,15 +4927,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_150(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_e70( + deserialize_ring_elements_reduced_f50( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_fb0( + serialize_public_key_ac0( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4976,10 +4976,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_b80( +static void closure_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_d5();); + ret[i] = ZERO_20_98();); } /** @@ -5114,7 +5114,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_971( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5242,7 +5242,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_972( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5280,9 +5280,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e90( int16_t s[272U]) { - return from_i16_array_20_10( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5292,7 +5292,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_b00( +static KRML_MUSTINLINE void sample_from_xof_0c0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -5307,7 +5307,7 @@ static KRML_MUSTINLINE void sample_from_xof_b00( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( + bool done = sample_from_uniform_distribution_next_971( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -5319,7 +5319,7 @@ static KRML_MUSTINLINE void sample_from_xof_b00( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( + done = sample_from_uniform_distribution_next_972( copy_of_randomness, sampled_coefficients, out); } } @@ -5328,7 +5328,7 @@ static KRML_MUSTINLINE void sample_from_xof_b00( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(copy_of_out[i]);); + ret0[i] = closure_e90(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5340,12 +5340,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_a20( +static KRML_MUSTINLINE void sample_matrix_A_430( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); + closure_d60(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5360,7 +5360,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(copy_of_seeds, sampled); + sample_from_xof_0c0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5458,11 +5458,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_700( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_d5();); + re_as_ntt[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5477,9 +5477,9 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_700( PRFxN_a9_511(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_920( + re_as_ntt[i0] = sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5503,7 +5503,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_870( +static KRML_MUSTINLINE void add_to_ring_element_20_f30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5524,14 +5524,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_bb0( +static KRML_MUSTINLINE void compute_As_plus_e_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_d5();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5552,10 +5552,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_bb0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_870(&result0[i1], &product); + ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_f30(&result0[i1], &product); } - add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5574,7 +5574,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_750( +static tuple_54 generate_keypair_unpacked_f80( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); @@ -5586,14 +5586,14 @@ static tuple_54 generate_keypair_unpacked_750( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); + sample_matrix_A_430(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5605,10 +5605,10 @@ static tuple_54 generate_keypair_unpacked_750( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_700(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_570(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_bb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_4b0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -5660,10 +5660,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_fc0( +static void closure_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_d5();); + ret[i] = ZERO_20_98();); } /** @@ -5693,7 +5693,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5702,18 +5702,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_750(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_f80(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_fc0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + clone_3a_4a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5723,7 +5723,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_120( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_fb0( + serialize_public_key_ac0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5771,17 +5771,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_4f0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_f80( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_750(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_f80(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_fb0( + serialize_public_key_ac0( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_a80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_800(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5805,7 +5805,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_9a0( +static KRML_MUSTINLINE void serialize_kem_secret_key_c90( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5860,7 +5860,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_110(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5869,13 +5869,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_110(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_4f0(ind_cpa_keypair_randomness); + generate_keypair_f80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_9a0( + serialize_kem_secret_key_c90( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5884,13 +5884,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_110(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_ea1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_671( - uu____2, libcrux_ml_kem_types_from_07_0e1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_751( + uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); } /** @@ -5902,10 +5902,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_4f0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_d5();); + error_1[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5921,7 +5921,7 @@ sample_ring_element_cbd_4f0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_920( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5958,18 +5958,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_400( +static KRML_MUSTINLINE void invert_ntt_montgomery_c50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_29(&zeta_i, re); - invert_ntt_at_layer_2_9c(&zeta_i, re); - invert_ntt_at_layer_3_bc(&zeta_i, re); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_94(re); + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_e4(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_78(re); } /** @@ -5978,14 +5978,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_4f0( +static KRML_MUSTINLINE void compute_vector_u_640( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_d5();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6005,11 +6005,11 @@ static KRML_MUSTINLINE void compute_vector_u_4f0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(a_element, &r_as_ntt[j]); - add_to_ring_element_20_870(&result0[i1], &product); + ntt_multiply_20_15(a_element, &r_as_ntt[j]); + add_to_ring_element_20_f30(&result0[i1], &product); } - invert_ntt_montgomery_400(&result0[i1]); - add_error_reduce_20_b1(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_c50(&result0[i1]); + add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -6027,18 +6027,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_410( +compute_ring_element_v_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_870(&result, &product);); - invert_ntt_montgomery_400(&result); - result = add_message_error_reduce_20_24(error_2, message, result); + ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_f30(&result, &product);); + invert_ntt_montgomery_c50(&result); + result = add_message_error_reduce_20_86(error_2, message, result); return result; } @@ -6048,14 +6048,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_b60( +static KRML_MUSTINLINE void compress_then_serialize_11_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_09_de0(to_unsigned_representative_d4(re->coefficients[i0])); + compress_09_b50(to_unsigned_representative_4b(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6073,10 +6073,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_611( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_b60(re, uu____0); + compress_then_serialize_11_a50(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6089,7 +6089,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_3a0( +static void compress_then_serialize_u_520( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6105,7 +6105,7 @@ static void compress_then_serialize_u_3a0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_611(&re, ret); + compress_then_serialize_ring_element_u_970(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -6118,9 +6118,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ba0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_e0(re, out); + compress_then_serialize_5_8a(re, out); } /** @@ -6140,7 +6140,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_cb0( +static void encrypt_unpacked_ac0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6148,7 +6148,7 @@ static void encrypt_unpacked_cb0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_700(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6158,7 +6158,7 @@ static void encrypt_unpacked_cb0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_4f0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_b30(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6169,28 +6169,28 @@ static void encrypt_unpacked_cb0( PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_920( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_4f0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_640(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_48(copy_of_message); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_410(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_6c0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_3a0( + compress_then_serialize_u_520( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_ba0( + compress_then_serialize_ring_element_v_7a0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6214,7 +6214,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6241,7 +6241,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_cb0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ac0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6251,7 +6251,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c60( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6272,7 +6272,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_570(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_8d0(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -6296,10 +6296,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_e70( + deserialize_ring_elements_reduced_f50( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -6307,7 +6307,7 @@ static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); + sample_matrix_A_430(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -6341,7 +6341,7 @@ static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_cb0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_ac0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -6356,7 +6356,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_670(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -6382,11 +6382,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6d0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_570( + entropy_preprocess_af_8d0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6396,7 +6396,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6d0( size_t); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6410,19 +6410,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_dd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_670(shared_secret, shared_secret_array); + kdf_af_e50(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6442,8 +6442,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_910(Eurydice_slice serialized) { - return deserialize_then_decompress_11_ab(serialized); +deserialize_then_decompress_ring_element_u_070(Eurydice_slice serialized) { + return deserialize_then_decompress_11_0a(serialized); } /** @@ -6452,17 +6452,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_a00( +static KRML_MUSTINLINE void ntt_vector_u_bf0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_45(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_83(&zeta_i, re); - poly_barrett_reduce_20_94(re); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_70(&zeta_i, re); + ntt_at_layer_1_7e(&zeta_i, re); + poly_barrett_reduce_20_78(re); } /** @@ -6473,12 +6473,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b60( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_d5();); + u_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6496,8 +6496,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b60( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_910(u_bytes); - ntt_vector_u_a00(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_070(u_bytes); + ntt_vector_u_bf0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6511,8 +6511,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_790(Eurydice_slice serialized) { - return deserialize_then_decompress_5_11(serialized); +deserialize_then_decompress_ring_element_v_bb0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_fe(serialized); } /** @@ -6522,17 +6522,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_e60( +compute_message_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_870(&result, &product);); - invert_ntt_montgomery_400(&result); - result = subtract_reduce_20_bf(v, result); + ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_f30(&result, &product);); + invert_ntt_montgomery_c50(&result); + result = subtract_reduce_20_45(v, result); return result; } @@ -6546,19 +6546,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e10( +static void decrypt_unpacked_070( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b60(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b30(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_790( + deserialize_then_decompress_ring_element_v_bb0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_e60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c80(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3b(message, ret0); + compress_then_serialize_message_fc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6597,12 +6597,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e10(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_070(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6631,7 +6631,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6642,11 +6642,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_cb0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ac0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6663,12 +6663,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_b30( +static KRML_MUSTINLINE void deserialize_secret_key_a20( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_d5();); + secret_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6680,7 +6680,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b30( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_d1(secret_bytes); + deserialize_to_uncompressed_ring_element_10(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6702,10 +6702,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_da0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_b30(secret_key, secret_as_ntt); + deserialize_secret_key_a20(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6717,7 +6717,7 @@ static void decrypt_da0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_e10(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_070(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6743,7 +6743,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4a0( +void libcrux_ml_kem_ind_cca_decapsulate_250( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6762,7 +6762,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_da0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6784,7 +6784,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6794,17 +6794,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_dd0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_f00(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_670(Eurydice_array_to_slice( + kdf_af_e50(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_670(shared_secret0, shared_secret1); + kdf_af_e50(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6821,12 +6821,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_d5();); + deserialized_pk[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6838,7 +6838,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_3b(ring_element); + deserialize_to_reduced_ring_element_ce(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6853,7 +6853,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_a8( +static KRML_MUSTINLINE void serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6871,7 +6871,7 @@ static KRML_MUSTINLINE void serialize_secret_key_a8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_d7(&re, ret0); + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6886,14 +6886,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_fb( +static KRML_MUSTINLINE void serialize_public_key_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_a8(t_as_ntt, ret0); + serialize_secret_key_80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6913,15 +6913,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_15(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_e7( + deserialize_ring_elements_reduced_f5( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_fb( + serialize_public_key_ac( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6962,10 +6962,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_b8( +static void closure_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_d5();); + ret[i] = ZERO_20_98();); } /** @@ -7094,7 +7094,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_97( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7216,7 +7216,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_970( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7254,9 +7254,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e9( int16_t s[272U]) { - return from_i16_array_20_10( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7266,7 +7266,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_b0( +static KRML_MUSTINLINE void sample_from_xof_0c( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -7281,7 +7281,7 @@ static KRML_MUSTINLINE void sample_from_xof_b0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( + bool done = sample_from_uniform_distribution_next_97( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -7293,7 +7293,7 @@ static KRML_MUSTINLINE void sample_from_xof_b0( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( + done = sample_from_uniform_distribution_next_970( copy_of_randomness, sampled_coefficients, out); } } @@ -7302,7 +7302,7 @@ static KRML_MUSTINLINE void sample_from_xof_b0( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(copy_of_out[i]);); + ret0[i] = closure_e9(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7314,12 +7314,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_a2( +static KRML_MUSTINLINE void sample_matrix_A_43( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); + closure_d6(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7334,7 +7334,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(copy_of_seeds, sampled); + sample_from_xof_0c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7425,8 +7425,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_92(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_92(randomness); +sample_from_binomial_distribution_cf(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_41(randomness); } /** @@ -7437,11 +7437,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_d5();); + re_as_ntt[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7456,9 +7456,9 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_70( PRFxN_a9_51(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_92( + re_as_ntt[i0] = sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7482,7 +7482,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_87( +static KRML_MUSTINLINE void add_to_ring_element_20_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7503,14 +7503,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_bb( +static KRML_MUSTINLINE void compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_d5();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7531,10 +7531,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_87(&result0[i1], &product); + ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_f3(&result0[i1], &product); } - add_standard_error_reduce_20_a5(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7553,7 +7553,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_75( +static tuple_4c generate_keypair_unpacked_f8( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); @@ -7565,14 +7565,14 @@ static tuple_4c generate_keypair_unpacked_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); + sample_matrix_A_43(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7584,10 +7584,10 @@ static tuple_4c generate_keypair_unpacked_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_70(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_bb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -7639,10 +7639,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_fc( +static void closure_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_d5();); + ret[i] = ZERO_20_98();); } /** @@ -7672,7 +7672,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7681,18 +7681,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_75(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_f8(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_fc(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_b3(&ind_cpa_public_key.A[j][i1]); + clone_3a_4a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7702,7 +7702,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_12( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_fb( + serialize_public_key_ac( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -7750,17 +7750,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_4f( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_f8( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_75(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_f8(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_fb( + serialize_public_key_ac( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_a8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7784,7 +7784,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_9a( +static KRML_MUSTINLINE void serialize_kem_secret_key_c9( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7838,7 +7838,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_11( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7848,13 +7848,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_11( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_4f(ind_cpa_keypair_randomness); + generate_keypair_f8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_9a( + serialize_kem_secret_key_c9( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7863,13 +7863,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_11( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_67( - uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -7927,10 +7927,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_4f(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_d5();); + error_1[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7946,7 +7946,7 @@ sample_ring_element_cbd_4f(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_920( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7983,18 +7983,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_40( +static KRML_MUSTINLINE void invert_ntt_montgomery_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_29(&zeta_i, re); - invert_ntt_at_layer_2_9c(&zeta_i, re); - invert_ntt_at_layer_3_bc(&zeta_i, re); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_e6(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_94(re); + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_e4(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_78(re); } /** @@ -8003,14 +8003,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_4f( +static KRML_MUSTINLINE void compute_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_d5();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8030,11 +8030,11 @@ static KRML_MUSTINLINE void compute_vector_u_4f( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(a_element, &r_as_ntt[j]); - add_to_ring_element_20_87(&result0[i1], &product); + ntt_multiply_20_15(a_element, &r_as_ntt[j]); + add_to_ring_element_20_f3(&result0[i1], &product); } - invert_ntt_montgomery_40(&result0[i1]); - add_error_reduce_20_b1(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_c5(&result0[i1]); + add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -8052,18 +8052,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_41( +compute_ring_element_v_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_87(&result, &product);); - invert_ntt_montgomery_40(&result); - result = add_message_error_reduce_20_24(error_2, message, result); + ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_f3(&result, &product);); + invert_ntt_montgomery_c5(&result); + result = add_message_error_reduce_20_86(error_2, message, result); return result; } @@ -8076,7 +8076,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_3a( +static void compress_then_serialize_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8092,7 +8092,7 @@ static void compress_then_serialize_u_3a( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_61(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8115,7 +8115,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_cb( +static void encrypt_unpacked_ac( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8123,7 +8123,7 @@ static void encrypt_unpacked_cb( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_70(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -8133,7 +8133,7 @@ static void encrypt_unpacked_cb( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_4f(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_b3(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8144,28 +8144,28 @@ static void encrypt_unpacked_cb( PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_920( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_4f(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_48(copy_of_message); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_41(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_6c(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_3a( + compress_then_serialize_u_52( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_ba( + compress_then_serialize_ring_element_v_7a( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8189,7 +8189,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8216,7 +8216,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_cb(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8226,7 +8226,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c6( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8247,7 +8247,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_8d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -8271,10 +8271,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_e7( + deserialize_ring_elements_reduced_f5( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8282,7 +8282,7 @@ static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); + sample_matrix_A_43(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -8316,7 +8316,7 @@ static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_cb(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -8331,7 +8331,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_67(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -8357,11 +8357,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6d( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_57( + entropy_preprocess_af_8d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -8371,7 +8371,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6d( size_t); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8385,19 +8385,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_67(shared_secret, shared_secret_array); + kdf_af_e5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8418,12 +8418,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b6( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_d5();); + u_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8441,8 +8441,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b6( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_91(u_bytes); - ntt_vector_u_a0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); + ntt_vector_u_bf(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8456,17 +8456,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_e6( +compute_message_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_41(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_87(&result, &product);); - invert_ntt_montgomery_40(&result); - result = subtract_reduce_20_bf(v, result); + ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_f3(&result, &product);); + invert_ntt_montgomery_c5(&result); + result = subtract_reduce_20_45(v, result); return result; } @@ -8480,19 +8480,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e1( +static void decrypt_unpacked_07( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b6(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_79( + deserialize_then_decompress_ring_element_v_bb( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_e6(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c8(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3b(message, ret0); + compress_then_serialize_message_fc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8531,11 +8531,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_07(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -8564,7 +8564,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8575,11 +8575,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_0a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_cb(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ac(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8596,12 +8596,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_b3( +static KRML_MUSTINLINE void deserialize_secret_key_a2( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_d5();); + secret_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8613,7 +8613,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_d1(secret_bytes); + deserialize_to_uncompressed_ring_element_10(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8635,10 +8635,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_da(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_b3(secret_key, secret_as_ntt); + deserialize_secret_key_a2(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8650,7 +8650,7 @@ static void decrypt_da(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_e1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_07(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8676,7 +8676,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4a( +void libcrux_ml_kem_ind_cca_decapsulate_25( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8694,7 +8694,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_da(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8716,7 +8716,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8726,16 +8726,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_4a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_67(Eurydice_array_to_slice((size_t)32U, + kdf_af_e5(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_67(shared_secret0, shared_secret1); + kdf_af_e5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 9c6c46953..8fe2c54bf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index cea132b10..9c19313ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 9e592656a..314d97b10 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index a49912203..67e234ab7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "internal/libcrux_mlkem_portable.h" @@ -876,8 +876,8 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + lhs.elements[i0] = + core_num__i16_1__wrapping_add(lhs.elements[i0], rhs->elements[i0]); } return lhs; } @@ -900,8 +900,9 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + int16_t uu____0 = + core_num__i16_1__wrapping_sub(lhs.elements[i0], rhs->elements[i0]); + lhs.elements[i0] = uu____0; } return lhs; } @@ -923,8 +924,8 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; + int16_t uu____0 = core_num__i16_1__wrapping_mul(v.elements[i0], c); + v.elements[i0] = uu____0; } return v; } @@ -965,26 +966,15 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; } - return v; } + return v; } /** @@ -1008,7 +998,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. + Note: The input bound is 28296 to prevent overflow in the multiplication of + quotient by FIELD_MODULUS + */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1022,15 +1014,15 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); + vec.elements[i0]); } - return v; + return vec; } /** @@ -1052,10 +1044,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 + + In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS + 1664 - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. */ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1089,8 +1083,9 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { + int32_t product = (int32_t)fe * (int32_t)fer; return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); + product); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2239,7 +2234,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_9a(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2267,8 +2262,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_0c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_to_reduced_ring_element_a2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2289,12 +2284,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d41( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2306,7 +2301,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d41( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_0c(ring_element); + deserialize_to_reduced_ring_element_a2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2320,7 +2315,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2339,8 +2334,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_53(v); } /** @@ -2350,10 +2345,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_23( +to_unsigned_representative_39( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_e7(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2366,14 +2361,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_62( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_23(re->coefficients[i0]); + to_unsigned_representative_39(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2391,7 +2386,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_c11( +static KRML_MUSTINLINE void serialize_secret_key_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2409,7 +2404,7 @@ static KRML_MUSTINLINE void serialize_secret_key_c11( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_62(&re, ret0); + serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2424,14 +2419,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_4c1( +static KRML_MUSTINLINE void serialize_public_key_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_c11(t_as_ntt, ret0); + serialize_secret_key_f01(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2451,15 +2446,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c91(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_d41( + deserialize_ring_elements_reduced_c71( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_4c1( + serialize_public_key_951( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2501,10 +2496,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_441( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_9a();); } /** @@ -2641,7 +2636,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_833( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2753,7 +2748,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_834( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2796,8 +2791,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); +from_i16_array_20_8d(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2817,9 +2812,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a1( int16_t s[272U]) { - return from_i16_array_20_6b( + return from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2830,7 +2825,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_611( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2844,7 +2839,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( + bool done = sample_from_uniform_distribution_next_833( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2856,7 +2851,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( + done = sample_from_uniform_distribution_next_834( copy_of_randomness, sampled_coefficients, out); } } @@ -2865,7 +2860,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(copy_of_out[i]);); + ret0[i] = closure_6a1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2878,12 +2873,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_451( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_441(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2898,7 +2893,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(copy_of_seeds, sampled); + sample_from_xof_611(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3024,7 +3019,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_76(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3058,7 +3053,7 @@ sample_from_binomial_distribution_2_76(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_6b( + return from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3069,7 +3064,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_e7(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3102,7 +3097,7 @@ sample_from_binomial_distribution_3_e7(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_6b( + return from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3113,8 +3108,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_91(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_76(randomness); +sample_from_binomial_distribution_c3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_b3(randomness); } /** @@ -3123,7 +3118,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_62( +static KRML_MUSTINLINE void ntt_at_layer_7_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3151,7 +3146,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_99( +montgomery_multiply_fe_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3165,12 +3160,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_9f( + ntt_layer_int_vec_step_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_99(b, zeta_r); + montgomery_multiply_fe_10(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3184,7 +3179,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_e5( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3197,7 +3192,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_e5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_9f( + ntt_layer_int_vec_step_59( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3214,7 +3209,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_db( +static KRML_MUSTINLINE void ntt_at_layer_3_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3232,7 +3227,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_cf( +static KRML_MUSTINLINE void ntt_at_layer_2_6b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3252,7 +3247,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_e0( +static KRML_MUSTINLINE void ntt_at_layer_1_37( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3280,7 +3275,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_fd( +static KRML_MUSTINLINE void poly_barrett_reduce_20_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3298,17 +3293,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f7( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_62(re); + ntt_at_layer_7_3e(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_e0(&zeta_i, re); - poly_barrett_reduce_20_fd(re); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9c(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_37(&zeta_i, re); + poly_barrett_reduce_20_8e(re); } /** @@ -3320,11 +3315,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_531( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_39();); + re_as_ntt[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3339,9 +3334,9 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_531( PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_91( + re_as_ntt[i0] = sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3366,9 +3361,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_64(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3401,7 +3396,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_521( +static KRML_MUSTINLINE void add_to_ring_element_20_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3426,7 +3421,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_0c( +to_standard_domain_d6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3442,14 +3437,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_46( +static KRML_MUSTINLINE void add_standard_error_reduce_20_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_0c(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_d6(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3464,14 +3459,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_971( +static KRML_MUSTINLINE void compute_As_plus_e_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3492,10 +3487,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_971( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_521(&result0[i1], &product); + ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_0e1(&result0[i1], &product); } - add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3515,7 +3510,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f61( +static tuple_540 generate_keypair_unpacked_a11( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); @@ -3527,14 +3522,14 @@ static tuple_540 generate_keypair_unpacked_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + sample_matrix_A_451(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3546,10 +3541,10 @@ static tuple_540 generate_keypair_unpacked_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_531(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_561(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_971(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0e1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -3602,10 +3597,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1f1( +static void closure_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_9a();); } /** @@ -3618,7 +3613,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_59( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3659,7 +3654,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3668,18 +3663,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_f61(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a11(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1f1(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a11(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_59(&ind_cpa_public_key.A[j][i1]); + clone_3a_20(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3689,7 +3684,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_4c1( + serialize_public_key_951( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -3738,17 +3733,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d71( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c01( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f61(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a11(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_4c1( + serialize_public_key_951( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_c11(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f01(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3772,7 +3767,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_53( +static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3828,7 +3823,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3837,13 +3832,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_d71(ind_cpa_keypair_randomness); + generate_keypair_c01(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_53( + serialize_kem_secret_key_50( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3852,13 +3847,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_ea1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_671( - uu____2, libcrux_ml_kem_types_from_07_0e1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_751( + uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); } /** @@ -3871,10 +3866,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_bd1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_39();); + error_1[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3890,7 +3885,7 @@ sample_ring_element_cbd_bd1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_91( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3939,7 +3934,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_1e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3963,7 +3958,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_87( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_12( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3983,7 +3978,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_eb( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4003,7 +3998,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_70( + inv_ntt_layer_int_vec_step_reduce_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4011,7 +4006,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_99(a_minus_b, zeta_r); + b = montgomery_multiply_fe_10(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4023,7 +4018,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_19( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4038,7 +4033,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_19( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_70( + inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4055,18 +4050,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_061( +static KRML_MUSTINLINE void invert_ntt_montgomery_271( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_87(&zeta_i, re); - invert_ntt_at_layer_3_eb(&zeta_i, re); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_fd(re); + invert_ntt_at_layer_1_1e(&zeta_i, re); + invert_ntt_at_layer_2_12(&zeta_i, re); + invert_ntt_at_layer_3_72(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_8e(re); } /** @@ -4079,7 +4074,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_8e( +static KRML_MUSTINLINE void add_error_reduce_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4103,14 +4098,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_631( +static KRML_MUSTINLINE void compute_vector_u_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4130,11 +4125,11 @@ static KRML_MUSTINLINE void compute_vector_u_631( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(a_element, &r_as_ntt[j]); - add_to_ring_element_20_521(&result0[i1], &product); + ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + add_to_ring_element_20_0e1(&result0[i1], &product); } - invert_ntt_montgomery_061(&result0[i1]); - add_error_reduce_20_8e(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_271(&result0[i1]); + add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4152,7 +4147,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_db(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4166,8 +4161,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_11(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_message_08(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4177,7 +4172,7 @@ deserialize_then_decompress_message_11(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_db(coefficient_compressed); + decompress_1_5f(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4193,7 +4188,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_47( +add_message_error_reduce_20_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4223,18 +4218,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_991( +compute_ring_element_v_041( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_521(&result, &product);); - invert_ntt_montgomery_061(&result); - result = add_message_error_reduce_20_47(error_2, message, result); + ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_0e1(&result, &product);); + invert_ntt_montgomery_271(&result); + result = add_message_error_reduce_20_0f(error_2, message, result); return result; } @@ -4244,7 +4239,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4265,9 +4260,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_5f(v); } /** @@ -4276,7 +4271,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4298,8 +4293,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_730(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_5f0(v); } /** @@ -4308,14 +4303,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_bd0( +static KRML_MUSTINLINE void compress_then_serialize_11_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_23(re->coefficients[i0])); + compress_0d_730(to_unsigned_representative_39(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4333,10 +4328,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_612( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_bd0(re, uu____0); + compress_then_serialize_11_250(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4349,7 +4344,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_441( +static void compress_then_serialize_u_a41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4365,7 +4360,7 @@ static void compress_then_serialize_u_441( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_612(&re, ret); + compress_then_serialize_ring_element_u_4c0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4377,7 +4372,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4399,8 +4394,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_731(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_5f1(v); } /** @@ -4409,7 +4404,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_4f( +static KRML_MUSTINLINE void compress_then_serialize_4_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4418,7 +4413,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_4f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_23(re.coefficients[i0])); + compress_0d_731(to_unsigned_representative_39(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4434,7 +4429,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4456,8 +4451,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_732(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_5f2(v); } /** @@ -4466,7 +4461,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_0b( +static KRML_MUSTINLINE void compress_then_serialize_5_94( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4475,7 +4470,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_0b( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_23(re.coefficients[i0])); + compress_0d_732(to_unsigned_representative_39(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4492,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_0b(re, out); + compress_then_serialize_5_94(re, out); } /** @@ -4515,7 +4510,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_e41( +static void encrypt_unpacked_8e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4523,7 +4518,7 @@ static void encrypt_unpacked_e41( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_531(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4533,7 +4528,7 @@ static void encrypt_unpacked_e41( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_bd1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_151(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4544,28 +4539,28 @@ static void encrypt_unpacked_e41( PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_91( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_631(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a21(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_11(copy_of_message); + deserialize_then_decompress_message_08(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_991(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_441( + compress_then_serialize_u_a41( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7b0( + compress_then_serialize_ring_element_v_fc0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4590,7 +4585,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4617,7 +4612,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_e41(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4627,7 +4622,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_881( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4648,7 +4643,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d4(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_9b(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4673,10 +4668,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_cc1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_d41( + deserialize_ring_elements_reduced_c71( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4684,7 +4679,7 @@ static void encrypt_cc1(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + sample_matrix_A_451(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4718,7 +4713,7 @@ static void encrypt_cc1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_e41(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8e1(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4733,7 +4728,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_3a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4a(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -4759,11 +4754,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_be1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d4( + entropy_preprocess_af_9b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4773,7 +4768,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_be1( size_t); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4787,19 +4782,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_be1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_fe1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_cc1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_971(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_581(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_3a(shared_secret, shared_secret_array); + kdf_af_4a(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4819,7 +4814,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4844,9 +4839,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_63(v); } /** @@ -4856,8 +4851,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_a5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_10_26(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4873,7 +4868,7 @@ deserialize_then_decompress_10_a5(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_80(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4886,7 +4881,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_630( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4911,9 +4906,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_800( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_630(v); } /** @@ -4923,8 +4918,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_11_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4933,7 +4928,7 @@ deserialize_then_decompress_11_f2(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_800(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4946,8 +4941,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_870(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f2(serialized); +deserialize_then_decompress_ring_element_u_110(Eurydice_slice serialized) { + return deserialize_then_decompress_11_fe(serialized); } /** @@ -4956,17 +4951,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_0b0( +static KRML_MUSTINLINE void ntt_vector_u_2e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_e0(&zeta_i, re); - poly_barrett_reduce_20_fd(re); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9c(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_37(&zeta_i, re); + poly_barrett_reduce_20_8e(re); } /** @@ -4977,12 +4972,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_411( +static KRML_MUSTINLINE void deserialize_then_decompress_u_031( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_39();); + u_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5000,8 +4995,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_411( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_870(u_bytes); - ntt_vector_u_0b0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_110(u_bytes); + ntt_vector_u_2e0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5015,7 +5010,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_631( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5040,9 +5035,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_801( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_631(v); } /** @@ -5052,8 +5047,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_2b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_4_ab(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5062,7 +5057,7 @@ deserialize_then_decompress_4_2b(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_801(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5075,7 +5070,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_632( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5100,9 +5095,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_802( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_632(v); } /** @@ -5112,8 +5107,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_8b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_then_decompress_5_5c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5122,7 +5117,7 @@ deserialize_then_decompress_5_8b(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_802(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5135,8 +5130,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_090(Eurydice_slice serialized) { - return deserialize_then_decompress_5_8b(serialized); +deserialize_then_decompress_ring_element_v_9f0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_5c(serialized); } /** @@ -5150,7 +5145,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_ce(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_4b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5175,17 +5170,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_1c1( +compute_message_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_521(&result, &product);); - invert_ntt_montgomery_061(&result); - result = subtract_reduce_20_ce(v, result); + ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_0e1(&result, &product);); + invert_ntt_montgomery_271(&result); + result = subtract_reduce_20_4b(v, result); return result; } @@ -5195,13 +5190,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_67( +static KRML_MUSTINLINE void compress_then_serialize_message_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_23(re.coefficients[i0]); + to_unsigned_representative_39(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5225,19 +5220,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_f21( +static void decrypt_unpacked_681( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_411(ciphertext, u_as_ntt); + deserialize_then_decompress_u_031(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_090( + deserialize_then_decompress_ring_element_v_9f0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_1c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9a1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_67(message, ret0); + compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5289,12 +5284,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f21(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_681(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5323,7 +5318,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5334,11 +5329,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_e41(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8e1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5356,8 +5351,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_91(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_39(); +deserialize_to_uncompressed_ring_element_30(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5376,12 +5371,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_9d1( +static KRML_MUSTINLINE void deserialize_secret_key_681( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_39();); + secret_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5393,7 +5388,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9d1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_91(secret_bytes); + deserialize_to_uncompressed_ring_element_30(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5415,10 +5410,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c81(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_9d1(secret_key, secret_as_ntt); + deserialize_secret_key_681(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5430,7 +5425,7 @@ static void decrypt_c81(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_f21(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_681(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5456,7 +5451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_5f1( +void libcrux_ml_kem_ind_cca_decapsulate_531( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5475,7 +5470,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c81(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b41(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5497,7 +5492,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5507,17 +5502,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_cc1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_971(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3a(Eurydice_array_to_slice((size_t)32U, + kdf_af_4a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3a(shared_secret0, shared_secret1); + kdf_af_4a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_381(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5534,12 +5529,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d40( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5551,7 +5546,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_0c(ring_element); + deserialize_to_reduced_ring_element_a2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5566,7 +5561,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_c10( +static KRML_MUSTINLINE void serialize_secret_key_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5584,7 +5579,7 @@ static KRML_MUSTINLINE void serialize_secret_key_c10( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_62(&re, ret0); + serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5599,14 +5594,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_4c0( +static KRML_MUSTINLINE void serialize_public_key_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_c10(t_as_ntt, ret0); + serialize_secret_key_f00(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5626,15 +5621,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c90(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_d40( + deserialize_ring_elements_reduced_c70( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_4c0( + serialize_public_key_950( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5676,10 +5671,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_440( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_9a();); } /** @@ -5816,7 +5811,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_831( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5928,7 +5923,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_832( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5967,9 +5962,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a0( int16_t s[272U]) { - return from_i16_array_20_6b( + return from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5980,7 +5975,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_610( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5994,7 +5989,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( + bool done = sample_from_uniform_distribution_next_831( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6006,7 +6001,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( + done = sample_from_uniform_distribution_next_832( copy_of_randomness, sampled_coefficients, out); } } @@ -6015,7 +6010,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(copy_of_out[i]);); + ret0[i] = closure_6a0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6028,12 +6023,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_450( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_440(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6048,7 +6043,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(copy_of_seeds, sampled); + sample_from_xof_610(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6125,8 +6120,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_910(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_e7(randomness); +sample_from_binomial_distribution_c30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_25(randomness); } /** @@ -6138,11 +6133,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_530( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_39();); + re_as_ntt[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6157,9 +6152,9 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_530( PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_910( + re_as_ntt[i0] = sample_from_binomial_distribution_c30( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6183,7 +6178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_520( +static KRML_MUSTINLINE void add_to_ring_element_20_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6207,14 +6202,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_970( +static KRML_MUSTINLINE void compute_As_plus_e_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6235,10 +6230,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_970( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_520(&result0[i1], &product); + ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_0e0(&result0[i1], &product); } - add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6258,7 +6253,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f60( +static tuple_4c0 generate_keypair_unpacked_a10( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); @@ -6270,14 +6265,14 @@ static tuple_4c0 generate_keypair_unpacked_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + sample_matrix_A_450(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6289,10 +6284,10 @@ static tuple_4c0 generate_keypair_unpacked_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_530(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_560(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_970(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0e0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -6345,10 +6340,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_1f0( +static void closure_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_9a();); } /** @@ -6379,7 +6374,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6388,18 +6383,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_f60(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_a10(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1f0(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a10(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_59(&ind_cpa_public_key.A[j][i1]); + clone_3a_20(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6409,7 +6404,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_4c0( + serialize_public_key_950( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6458,17 +6453,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_d70( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c00( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f60(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_a10(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_4c0( + serialize_public_key_950( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_c10(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f00(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6492,7 +6487,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_90( +static KRML_MUSTINLINE void serialize_kem_secret_key_fb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6548,7 +6543,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_9a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6557,13 +6552,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_d70(ind_cpa_keypair_randomness); + generate_keypair_c00(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_90( + serialize_kem_secret_key_fb( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6572,13 +6567,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_67( - uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -6623,10 +6618,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_bd0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_39();); + error_1[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6642,7 +6637,7 @@ sample_ring_element_cbd_bd0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_91( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6679,18 +6674,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_060( +static KRML_MUSTINLINE void invert_ntt_montgomery_270( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_87(&zeta_i, re); - invert_ntt_at_layer_3_eb(&zeta_i, re); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_fd(re); + invert_ntt_at_layer_1_1e(&zeta_i, re); + invert_ntt_at_layer_2_12(&zeta_i, re); + invert_ntt_at_layer_3_72(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_8e(re); } /** @@ -6699,14 +6694,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_630( +static KRML_MUSTINLINE void compute_vector_u_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6726,11 +6721,11 @@ static KRML_MUSTINLINE void compute_vector_u_630( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(a_element, &r_as_ntt[j]); - add_to_ring_element_20_520(&result0[i1], &product); + ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + add_to_ring_element_20_0e0(&result0[i1], &product); } - invert_ntt_montgomery_060(&result0[i1]); - add_error_reduce_20_8e(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_270(&result0[i1]); + add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6748,18 +6743,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_990( +compute_ring_element_v_040( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_520(&result, &product);); - invert_ntt_montgomery_060(&result); - result = add_message_error_reduce_20_47(error_2, message, result); + ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_0e0(&result, &product);); + invert_ntt_montgomery_270(&result); + result = add_message_error_reduce_20_0f(error_2, message, result); return result; } @@ -6769,14 +6764,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_6a( +static KRML_MUSTINLINE void compress_then_serialize_10_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_23(re->coefficients[i0])); + compress_0d_73(to_unsigned_representative_39(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6794,10 +6789,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_610( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_6a(re, uu____0); + compress_then_serialize_10_51(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6810,7 +6805,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_440( +static void compress_then_serialize_u_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6826,7 +6821,7 @@ static void compress_then_serialize_u_440( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_610(&re, ret); + compress_then_serialize_ring_element_u_4c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6839,9 +6834,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7b( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_4f(re, out); + compress_then_serialize_4_53(re, out); } /** @@ -6862,7 +6857,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_e40( +static void encrypt_unpacked_8e0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6870,7 +6865,7 @@ static void encrypt_unpacked_e40( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_530(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6880,7 +6875,7 @@ static void encrypt_unpacked_e40( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_bd0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_150(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6891,28 +6886,28 @@ static void encrypt_unpacked_e40( PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_91( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_630(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a20(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_11(copy_of_message); + deserialize_then_decompress_message_08(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_990(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_440( + compress_then_serialize_u_a40( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7b( + compress_then_serialize_ring_element_v_fc( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6937,7 +6932,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6964,7 +6959,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_e40(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6974,7 +6969,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_880( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6995,7 +6990,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_b5(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_b2(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -7020,10 +7015,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_cc0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_d40( + deserialize_ring_elements_reduced_c70( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7031,7 +7026,7 @@ static void encrypt_cc0(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + sample_matrix_A_450(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7065,7 +7060,7 @@ static void encrypt_cc0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_e40(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8e0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7080,7 +7075,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_89(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7106,11 +7101,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_be0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_b5( + entropy_preprocess_af_b2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -7120,7 +7115,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_be0( size_t); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7134,19 +7129,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_be0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_cc0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_970(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_89(shared_secret, shared_secret_array); + kdf_af_ff(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7166,8 +7161,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_87(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a5(serialized); +deserialize_then_decompress_ring_element_u_11(Eurydice_slice serialized) { + return deserialize_then_decompress_10_26(serialized); } /** @@ -7176,17 +7171,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_0b( +static KRML_MUSTINLINE void ntt_vector_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_cf(&zeta_i, re); - ntt_at_layer_1_e0(&zeta_i, re); - poly_barrett_reduce_20_fd(re); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9c(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_37(&zeta_i, re); + poly_barrett_reduce_20_8e(re); } /** @@ -7197,12 +7192,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_410( +static KRML_MUSTINLINE void deserialize_then_decompress_u_030( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_39();); + u_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7220,8 +7215,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_410( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_87(u_bytes); - ntt_vector_u_0b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); + ntt_vector_u_2e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7235,8 +7230,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_09(Eurydice_slice serialized) { - return deserialize_then_decompress_4_2b(serialized); +deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) { + return deserialize_then_decompress_4_ab(serialized); } /** @@ -7246,17 +7241,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_1c0( +compute_message_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_520(&result, &product);); - invert_ntt_montgomery_060(&result); - result = subtract_reduce_20_ce(v, result); + ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_0e0(&result, &product);); + invert_ntt_montgomery_270(&result); + result = subtract_reduce_20_4b(v, result); return result; } @@ -7270,19 +7265,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f20( +static void decrypt_unpacked_680( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_410(ciphertext, u_as_ntt); + deserialize_then_decompress_u_030(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_09( + deserialize_then_decompress_ring_element_v_9f( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_1c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_67(message, ret0); + compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7322,11 +7317,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f20(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_680(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -7355,7 +7350,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7366,11 +7361,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_e40(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8e0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7387,12 +7382,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_9d0( +static KRML_MUSTINLINE void deserialize_secret_key_680( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_39();); + secret_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7404,7 +7399,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_91(secret_bytes); + deserialize_to_uncompressed_ring_element_30(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7426,10 +7421,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c80(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_9d0(secret_key, secret_as_ntt); + deserialize_secret_key_680(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7441,7 +7436,7 @@ static void decrypt_c80(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_f20(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_680(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7467,7 +7462,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_5f0( +void libcrux_ml_kem_ind_cca_decapsulate_530( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7485,7 +7480,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c80(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b40(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7507,7 +7502,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7517,17 +7512,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_cc0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_970(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_89(Eurydice_array_to_slice((size_t)32U, + kdf_af_ff(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_89(shared_secret0, shared_secret1); + kdf_af_ff(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_38(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7544,12 +7539,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_39();); + deserialized_pk[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7561,7 +7556,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_d4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_0c(ring_element); + deserialize_to_reduced_ring_element_a2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7576,7 +7571,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_c1( +static KRML_MUSTINLINE void serialize_secret_key_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7594,7 +7589,7 @@ static KRML_MUSTINLINE void serialize_secret_key_c1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_62(&re, ret0); + serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7609,14 +7604,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_4c( +static KRML_MUSTINLINE void serialize_public_key_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_c1(t_as_ntt, ret0); + serialize_secret_key_f0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7636,15 +7631,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c9(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_d4( + deserialize_ring_elements_reduced_c7( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_4c( + serialize_public_key_95( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7686,10 +7681,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_44( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_9a();); } /** @@ -7826,7 +7821,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_83( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7938,7 +7933,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_830( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7977,9 +7972,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a( int16_t s[272U]) { - return from_i16_array_20_6b( + return from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7990,7 +7985,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_61( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8004,7 +7999,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( + bool done = sample_from_uniform_distribution_next_83( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -8016,7 +8011,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( + done = sample_from_uniform_distribution_next_830( copy_of_randomness, sampled_coefficients, out); } } @@ -8025,7 +8020,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(copy_of_out[i]);); + ret0[i] = closure_6a(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8038,12 +8033,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_45( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_44(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8058,7 +8053,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(copy_of_seeds, sampled); + sample_from_xof_61(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8137,11 +8132,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_53( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_39();); + re_as_ntt[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8156,9 +8151,9 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_53( PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_91( + re_as_ntt[i0] = sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8182,7 +8177,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_52( +static KRML_MUSTINLINE void add_to_ring_element_20_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8206,14 +8201,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_97( +static KRML_MUSTINLINE void compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8234,10 +8229,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_52(&result0[i1], &product); + ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_0e(&result0[i1], &product); } - add_standard_error_reduce_20_46(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8257,7 +8252,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f6( +static tuple_9b generate_keypair_unpacked_a1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); @@ -8269,14 +8264,14 @@ static tuple_9b generate_keypair_unpacked_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + sample_matrix_A_45(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8288,10 +8283,10 @@ static tuple_9b generate_keypair_unpacked_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_53(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_97(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -8344,10 +8339,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1f( +static void closure_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_39();); + ret[i] = ZERO_20_9a();); } /** @@ -8378,7 +8373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8387,18 +8382,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_f6(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1f(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_59(&ind_cpa_public_key.A[j][i1]); + clone_3a_20(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8408,7 +8403,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_0c( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_4c( + serialize_public_key_95( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -8457,17 +8452,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_d7( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c0( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f6(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_4c( + serialize_public_key_95( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_c1(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8491,7 +8486,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_ee( +static KRML_MUSTINLINE void serialize_kem_secret_key_cd( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8547,7 +8542,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8556,13 +8551,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_d7(ind_cpa_keypair_randomness); + generate_keypair_c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_ee( + serialize_kem_secret_key_cd( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8571,13 +8566,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_ea0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_670( - uu____2, libcrux_ml_kem_types_from_07_0e0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_750( + uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); } /** @@ -8590,10 +8585,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_bd(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_39();); + error_1[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8609,7 +8604,7 @@ sample_ring_element_cbd_bd(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_91( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8646,18 +8641,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_06( +static KRML_MUSTINLINE void invert_ntt_montgomery_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_87(&zeta_i, re); - invert_ntt_at_layer_3_eb(&zeta_i, re); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_fd(re); + invert_ntt_at_layer_1_1e(&zeta_i, re); + invert_ntt_at_layer_2_12(&zeta_i, re); + invert_ntt_at_layer_3_72(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_8e(re); } /** @@ -8666,14 +8661,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_63( +static KRML_MUSTINLINE void compute_vector_u_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_39();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8693,11 +8688,11 @@ static KRML_MUSTINLINE void compute_vector_u_63( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(a_element, &r_as_ntt[j]); - add_to_ring_element_20_52(&result0[i1], &product); + ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + add_to_ring_element_20_0e(&result0[i1], &product); } - invert_ntt_montgomery_06(&result0[i1]); - add_error_reduce_20_8e(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_27(&result0[i1]); + add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8715,18 +8710,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_99( +compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_52(&result, &product);); - invert_ntt_montgomery_06(&result); - result = add_message_error_reduce_20_47(error_2, message, result); + ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_0e(&result, &product);); + invert_ntt_montgomery_27(&result); + result = add_message_error_reduce_20_0f(error_2, message, result); return result; } @@ -8739,7 +8734,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_44( +static void compress_then_serialize_u_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8755,7 +8750,7 @@ static void compress_then_serialize_u_44( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_610(&re, ret); + compress_then_serialize_ring_element_u_4c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8779,7 +8774,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_e4( +static void encrypt_unpacked_8e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -8787,7 +8782,7 @@ static void encrypt_unpacked_e4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_53(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8797,7 +8792,7 @@ static void encrypt_unpacked_e4( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_bd(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_15(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8808,28 +8803,28 @@ static void encrypt_unpacked_e4( PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_91( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_63(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_11(copy_of_message); + deserialize_then_decompress_message_08(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_99(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_44( + compress_then_serialize_u_a4( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7b( + compress_then_serialize_ring_element_v_fc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8854,7 +8849,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8881,7 +8876,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_e4(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8891,7 +8886,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_88( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8912,7 +8907,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5f(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_ac(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -8937,10 +8932,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_cc(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_d4( + deserialize_ring_elements_reduced_c7( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8948,7 +8943,7 @@ static void encrypt_cc(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + sample_matrix_A_45(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -8982,7 +8977,7 @@ static void encrypt_cc(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_e4(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8997,7 +8992,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_3e(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_3f(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -9023,11 +9018,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5f( + entropy_preprocess_af_ac( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -9037,7 +9032,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( size_t); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9051,19 +9046,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_cc(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_580(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_3e(shared_secret, shared_secret_array); + kdf_af_3f(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9084,12 +9079,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_41( +static KRML_MUSTINLINE void deserialize_then_decompress_u_03( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_39();); + u_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9107,8 +9102,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_41( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_87(u_bytes); - ntt_vector_u_0b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); + ntt_vector_u_2e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9122,17 +9117,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_1c( +compute_message_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_64(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_52(&result, &product);); - invert_ntt_montgomery_06(&result); - result = subtract_reduce_20_ce(v, result); + ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_0e(&result, &product);); + invert_ntt_montgomery_27(&result); + result = subtract_reduce_20_4b(v, result); return result; } @@ -9146,19 +9141,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f2( +static void decrypt_unpacked_68( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_41(ciphertext, u_as_ntt); + deserialize_then_decompress_u_03(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_09( + deserialize_then_decompress_ring_element_v_9f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_1c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_67(message, ret0); + compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9198,11 +9193,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f2(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_68(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -9231,7 +9226,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9242,11 +9237,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_4d( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_e4(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8e(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9263,12 +9258,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_9d( +static KRML_MUSTINLINE void deserialize_secret_key_68( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_39();); + secret_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9280,7 +9275,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_91(secret_bytes); + deserialize_to_uncompressed_ring_element_30(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9302,10 +9297,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c8(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_9d(secret_key, secret_as_ntt); + deserialize_secret_key_68(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9317,7 +9312,7 @@ static void decrypt_c8(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_f2(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_68(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9343,7 +9338,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_5f( +void libcrux_ml_kem_ind_cca_decapsulate_53( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9361,7 +9356,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c8(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9383,7 +9378,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9393,16 +9388,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_5f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_cc(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3e(Eurydice_array_to_slice((size_t)32U, + kdf_af_3f(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3e(shared_secret0, shared_secret1); + kdf_af_3f(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_380(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6f21492f9..6bf72c982 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem_portable_H @@ -215,14 +215,16 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. + Note: The input bound is 28296 to prevent overflow in the multiplication of + quotient by FIELD_MODULUS + */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -247,10 +249,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 + + In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS + 1664 - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. */ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index d1f3a25fe..3d85b72ab 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 47b97bc20..efded9269 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index e33b59fbb..6343f4989 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 4797bc601..aad0794d0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 85f0186ef..da552ce57 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index d51dea3a7..11459ad8b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 3ae4c6980..76cd050f0 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 0576bfc67e99aae86c51930421072688138b672b Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 +Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 36884a1f4..d7b256985 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_core_H @@ -45,6 +45,12 @@ typedef struct core_option_Option_b3_s { size_t f0; } core_option_Option_b3; +static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); + +static inline int16_t core_num__i16_1__wrapping_mul(int16_t x0, int16_t x1); + +static inline int16_t core_num__i16_1__wrapping_sub(int16_t x0, int16_t x1); + static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); #define CORE_NUM__U32_8__BITS (32U) @@ -221,7 +227,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_69( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_14( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -236,7 +242,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_0e(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_3a(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -270,7 +276,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_67(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_75(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -286,7 +292,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_ea(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_20(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -316,7 +322,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_58(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_30(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -333,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_fe( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_94( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -419,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ef( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_49( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index e931ae78c..27cb005ca 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 40d43cacf..54143cfb1 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1356,7 +1356,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_d5(void) { +libcrux_ml_kem_polynomial_ZERO_20_98(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1385,8 +1385,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5d(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a8(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -1397,10 +1397,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_20( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1418,12 +1418,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1436,7 +1436,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_20( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1469,8 +1469,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_c5(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_98(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -1481,7 +1481,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_92( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1547,9 +1547,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_92( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( vector); } @@ -1561,10 +1561,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_8a( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); LowStar_Ignore_ignore( Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, core_core_arch_x86___m256i), @@ -1578,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_8a( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( coefficient); } return re; @@ -1592,7 +1592,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_920( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1658,9 +1658,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f20( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_920( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( vector); } @@ -1672,10 +1672,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_4e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1684,7 +1684,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_4e( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f20( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( coefficient); } return re; @@ -1698,9 +1698,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7d( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8a(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1716,7 +1716,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1729,11 +1729,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88(core_core_arch_x86___m256i a, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1747,7 +1747,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1760,7 +1760,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_88( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -1778,7 +1778,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_45( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1797,7 +1797,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_70( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1819,7 +1819,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_83( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1849,7 +1849,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1866,21 +1866,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_05( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_45(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); } /** @@ -1893,12 +1893,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_54( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1918,9 +1918,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_54( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7d( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_05(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1935,7 +1935,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_921( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2001,9 +2001,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f21( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_921( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( vector); } @@ -2015,10 +2015,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c1( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2027,7 +2027,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c1( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f21( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( coefficient); } return re; @@ -2041,7 +2041,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_922( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2107,9 +2107,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f22( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_922( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( vector); } @@ -2121,10 +2121,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_8e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -2132,7 +2132,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_8e( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_f22( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( re.coefficients[i0]); } return re; @@ -2146,9 +2146,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_96( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c1(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_58(serialized); } /** @@ -2163,11 +2163,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_41( +libcrux_ml_kem_polynomial_ntt_multiply_20_15( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2199,7 +2199,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_87( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2221,7 +2221,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_29( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2248,7 +2248,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2271,7 +2271,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2292,14 +2292,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c( +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_55(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2312,7 +2312,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2327,7 +2327,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8c( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2345,22 +2345,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_29(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_bc(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e6(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); } /** @@ -2375,7 +2375,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_ee( +libcrux_ml_kem_polynomial_subtract_reduce_20_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2399,21 +2399,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_2c( +libcrux_ml_kem_matrix_compute_message_12( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_41(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_ee(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_c4(v, result); return result; } @@ -2424,7 +2424,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_81( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2441,9 +2441,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_09_da( +libcrux_ml_kem_vector_avx2_shift_right_09_06( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_81(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(vector); } /** @@ -2454,10 +2454,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( +libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_09_da(a); + libcrux_ml_kem_vector_avx2_shift_right_09_06(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2472,13 +2472,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_b8( +libcrux_ml_kem_serialize_compress_then_serialize_message_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2503,20 +2503,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_28( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_54(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_96( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_2c(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_12(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_b8(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_33(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2531,11 +2531,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_20(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_a1(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2547,7 +2547,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_20(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_28(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_02(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2605,9 +2605,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_87( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9a( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -2618,10 +2618,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2643,12 +2643,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2661,7 +2661,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( ring_element); deserialized_pk[i0] = uu____0; } @@ -2678,8 +2678,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2b(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -2689,10 +2689,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d6( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } } @@ -2840,7 +2840,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2974,7 +2974,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3021,9 +3021,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_10(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3042,8 +3042,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_10( +libcrux_ml_kem_sampling_sample_from_xof_closure_e9(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3054,7 +3054,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3071,7 +3071,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -3084,7 +3084,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( copy_of_randomness, sampled_coefficients, out); } } @@ -3094,7 +3094,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_e9(copy_of_out[i]); } memcpy( ret, ret0, @@ -3108,12 +3108,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_d6(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3133,7 +3133,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_0c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3193,8 +3193,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_84(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_48(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -3305,7 +3305,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_25( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3340,7 +3340,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_25( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_10( + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3352,7 +3352,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_92( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3386,7 +3386,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_92( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_10( + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3398,9 +3398,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_25( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( randomness); } @@ -3411,7 +3411,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_68( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3434,20 +3434,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_48( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_64(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_68(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_45(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_83(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_94(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); } /** @@ -3460,11 +3460,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3483,9 +3483,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_48(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3510,8 +3510,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_4b(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2a(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -3524,11 +3524,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_4f(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3547,7 +3547,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_4f(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3602,8 +3602,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_7d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_matrix_compute_vector_u_closure_73(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -3617,7 +3617,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_b1( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3639,14 +3639,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3667,12 +3667,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4f( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_41(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_15(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_b1(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3692,7 +3692,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_14(core_core_arch_x86___m256i v) { +libcrux_ml_kem_vector_traits_decompress_1_05(core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -3707,10 +3707,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_48( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3718,7 +3718,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_48( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_14(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_05(coefficient_compressed); } return re; } @@ -3735,7 +3735,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_24( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3763,22 +3763,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_41( +libcrux_ml_kem_matrix_compute_ring_element_v_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_d5(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_41(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_24( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( error_2, message, result); return result; } @@ -3791,7 +3791,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_88( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3859,8 +3859,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_9c(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_88( +libcrux_ml_kem_vector_avx2_compress_09_92(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( vector); } @@ -3872,15 +3872,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_43( +libcrux_ml_kem_serialize_compress_then_serialize_10_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_9c( - libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( + libcrux_ml_kem_vector_avx2_compress_09_92( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3900,7 +3900,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_880( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3968,8 +3968,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_9c0(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_880( +libcrux_ml_kem_vector_avx2_compress_09_920(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( vector); } @@ -3981,15 +3981,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_b6( +libcrux_ml_kem_serialize_compress_then_serialize_11_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_9c0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( + libcrux_ml_kem_vector_avx2_compress_09_920( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -4010,10 +4010,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_610( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_43(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_a8(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4027,7 +4027,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4043,8 +4043,8 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_610(&re, - ret); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, + ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -4058,7 +4058,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_881( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4126,8 +4126,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_9c1(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_881( +libcrux_ml_kem_vector_avx2_compress_09_921(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( vector); } @@ -4139,7 +4139,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f8( +libcrux_ml_kem_serialize_compress_then_serialize_4_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4148,8 +4148,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_f8( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_9c1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( + libcrux_ml_kem_vector_avx2_compress_09_921( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -4168,7 +4168,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_882( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4236,8 +4236,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_9c2(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_882( +libcrux_ml_kem_vector_avx2_compress_09_922(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( vector); } @@ -4249,7 +4249,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_e0( +libcrux_ml_kem_serialize_compress_then_serialize_5_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4258,8 +4258,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_e0( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_09_9c2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( + libcrux_ml_kem_vector_avx2_compress_09_922( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -4279,9 +4279,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f8(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_42(re, out); } /** @@ -4302,7 +4302,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4310,7 +4310,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4320,7 +4320,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_4f( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4332,30 +4332,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_92( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_4f(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_48( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_41( + libcrux_ml_kem_matrix_compute_ring_element_v_6c( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4379,12 +4379,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4392,7 +4392,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_43(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4426,7 +4426,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4443,7 +4443,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_35( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_11( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -4474,7 +4474,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_99( +static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4492,7 +4492,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_99( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_20(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4516,7 +4516,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_99( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -4527,18 +4527,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_99( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_35( + libcrux_ml_kem_ind_cca_kdf_43_11( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_35(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4570,10 +4570,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_b9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_99(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_f5(private_key, ciphertext, ret); } /** @@ -4587,7 +4587,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_b9(private_key, ciphertext, ret); } @@ -4647,11 +4647,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_28( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4681,7 +4681,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -4693,11 +4693,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4734,10 +4734,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_38( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e(key_pair, ciphertext, ret); } @@ -4752,7 +4752,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_38( private_key, ciphertext, ret); } @@ -4767,7 +4767,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4809,11 +4809,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_a5( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4824,7 +4824,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_fe(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4839,20 +4839,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_35(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4885,14 +4885,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6d(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); } /** @@ -4910,7 +4910,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f7( uu____0, copy_of_randomness); } @@ -4933,7 +4933,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e6( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4961,7 +4961,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_cb(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4971,7 +4971,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e6( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5005,7 +5005,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_17( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5013,7 +5013,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_e6( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uu____0, copy_of_randomness); } @@ -5034,7 +5034,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_17( uu____0, copy_of_randomness); } @@ -5059,8 +5059,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_1f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_02(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -5071,7 +5071,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_f0( +libcrux_ml_kem_vector_traits_to_standard_domain_6b( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5089,14 +5089,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a5( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; core_core_arch_x86___m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_f0( + libcrux_ml_kem_vector_traits_to_standard_domain_6b( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -5111,14 +5111,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_bb( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5140,12 +5140,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_41(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_87(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a5( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -5166,7 +5166,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); @@ -5178,14 +5178,14 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_43(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5198,12 +5198,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_70(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_bb(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5251,14 +5251,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_d7( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_d4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -5278,7 +5278,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5296,7 +5296,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_a8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_d7(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5312,14 +5312,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_fb( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_a8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5344,17 +5344,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_4f(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_f8(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_fb( + libcrux_ml_kem_ind_cpa_serialize_public_key_ac( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_a8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5380,7 +5380,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5436,7 +5436,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_11(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5445,13 +5445,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_11(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_4f(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_f8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_9a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5460,13 +5460,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_11(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_67( - uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -5482,12 +5482,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_56( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_11(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); } /** @@ -5499,7 +5499,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_56( copy_of_randomness); } @@ -5518,9 +5518,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_39( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_87( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_d5(); + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -5538,10 +5538,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_9b( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } } @@ -5557,7 +5557,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_47( +libcrux_ml_kem_polynomial_clone_3a_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5583,7 +5583,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5592,7 +5592,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_75( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5600,7 +5600,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_9b(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5608,7 +5608,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_47(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_4f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5620,7 +5620,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_fb( + libcrux_ml_kem_ind_cpa_serialize_public_key_ac( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5675,12 +5675,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_87( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_7e( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( copy_of_randomness); } @@ -5694,7 +5694,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_87( copy_of_randomness); } @@ -5710,7 +5710,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_e5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_2f( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5721,7 +5721,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_e5( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_69(ciphertext), + libcrux_ml_kem_types_as_slice_a8_14(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5755,7 +5755,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_990( +static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5773,7 +5773,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_990( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_20(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5797,7 +5797,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_990( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( @@ -5808,18 +5808,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_990( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_e5( + libcrux_ml_kem_ind_cca_kdf_6c_2f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_e5(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5855,10 +5855,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_990(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_f50(private_key, ciphertext, ret); } /** @@ -5872,7 +5872,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_a6( private_key, ciphertext, ret); } @@ -5887,7 +5887,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_76( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); } @@ -5912,11 +5912,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_76( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5927,7 +5927,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_fe(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5942,20 +5942,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_e5(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5991,14 +5991,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_fc( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6d0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); } /** @@ -6016,7 +6016,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_fc( uu____0, copy_of_randomness); } @@ -6029,16 +6029,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_15( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_fb( + libcrux_ml_kem_ind_cpa_serialize_public_key_ac( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6057,9 +6057,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_16( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_15(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); } /** @@ -6072,7 +6072,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_16( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 4ac1f96bf..6d265b102 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_mlkem768_portable_H @@ -962,8 +962,8 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; + lhs.elements[i0] = + core_num__i16_1__wrapping_add(lhs.elements[i0], rhs->elements[i0]); } return lhs; } @@ -986,8 +986,9 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - size_t uu____0 = i0; - lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; + int16_t uu____0 = + core_num__i16_1__wrapping_sub(lhs.elements[i0], rhs->elements[i0]); + lhs.elements[i0] = uu____0; } return lhs; } @@ -1009,8 +1010,8 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] * c; + int16_t uu____0 = core_num__i16_1__wrapping_mul(v.elements[i0], c); + v.elements[i0] = uu____0; } return v; } @@ -1051,26 +1052,15 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } - continue; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + if (v.elements[i0] >= (int16_t)3329) { + size_t uu____0 = i0; + v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; } - return v; } + return v; } /** @@ -1102,7 +1092,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. + Note: The input bound is 28296 to prevent overflow in the multiplication of + quotient by FIELD_MODULUS + */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( @@ -1117,15 +1109,15 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v.elements[i0]); + vec.elements[i0]); } - return v; + return vec; } /** @@ -1153,10 +1145,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 + + In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= + FIELD_MODULUS + 1664 - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( @@ -1191,8 +1185,9 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { + int32_t product = (int32_t)fe * (int32_t)fer; return libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)fe * (int32_t)fer); + product); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2443,7 +2438,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_39(void) { +libcrux_ml_kem_polynomial_ZERO_20_9a(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2471,8 +2466,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b7(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_c8(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -2482,10 +2477,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_f5( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2504,12 +2499,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2522,7 +2517,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a8( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_f5( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2554,8 +2549,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ab(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_32(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -2565,7 +2560,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2590,9 +2585,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( v); } @@ -2603,10 +2598,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_3e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2622,7 +2617,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( coefficient); re.coefficients[i0] = uu____0; } @@ -2636,7 +2631,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2661,9 +2656,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( v); } @@ -2674,10 +2669,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_26( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2686,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_26( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( coefficient); re.coefficients[i0] = uu____0; } @@ -2700,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_3e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2717,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2731,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9f( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2750,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2763,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_9f( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2780,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_db( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2800,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2822,7 +2817,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_e0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2852,7 +2847,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2870,21 +2865,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_31( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); } /** @@ -2896,12 +2891,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dd( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2921,9 +2916,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dd( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_c2( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_31(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_d3(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2937,7 +2932,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2962,9 +2957,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( v); } @@ -2975,10 +2970,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_7f( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2987,7 +2982,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_7f( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( coefficient); re.coefficients[i0] = uu____0; } @@ -3001,7 +2996,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3026,9 +3021,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( v); } @@ -3039,10 +3034,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d7( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3051,7 +3046,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d7( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3065,9 +3060,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_7f(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_70(serialized); } /** @@ -3081,11 +3076,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_64( +libcrux_ml_kem_polynomial_ntt_multiply_20_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3118,7 +3113,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_52( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3142,7 +3137,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_0d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3168,7 +3163,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_87( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3190,7 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_eb( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3212,7 +3207,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_70( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3220,7 +3215,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3233,7 +3228,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3248,7 +3243,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_70( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3265,22 +3260,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_0d(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_87(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_eb(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); } /** @@ -3294,7 +3289,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_78( +libcrux_ml_kem_polynomial_subtract_reduce_20_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,21 +3315,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_c2( +libcrux_ml_kem_matrix_compute_message_29( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_64(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_78(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_56(v, result); return result; } @@ -3344,7 +3339,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_53( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3364,9 +3359,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_e7( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_53(v); } /** @@ -3376,10 +3371,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_23( +libcrux_ml_kem_vector_traits_to_unsigned_representative_39( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_e7(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3393,13 +3388,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_db( +libcrux_ml_kem_serialize_compress_then_serialize_message_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_23( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3425,20 +3420,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_dd(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e1( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_c2(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_29(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_7d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3452,11 +3447,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_6d(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_a8(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_74(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3468,7 +3463,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_6d(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_89(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3522,9 +3517,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_af( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -3534,10 +3529,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3559,12 +3554,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3577,7 +3572,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_0c( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( ring_element); deserialized_pk[i0] = uu____0; } @@ -3594,8 +3589,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_0f(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -3605,10 +3600,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_44( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } } @@ -3757,7 +3752,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3879,7 +3874,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3925,9 +3920,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_8d(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3948,8 +3943,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_6b( +libcrux_ml_kem_sampling_sample_from_xof_closure_6a(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3960,7 +3955,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3977,7 +3972,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -3990,7 +3985,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( copy_of_randomness, sampled_coefficients, out); } } @@ -4000,7 +3995,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_6a(copy_of_out[i]); } memcpy( ret, ret0, @@ -4014,12 +4009,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_44(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4039,7 +4034,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_61(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4099,8 +4094,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_fc(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_49(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -4192,7 +4187,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_76( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4227,7 +4222,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_76( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_6b( + return libcrux_ml_kem_polynomial_from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4238,7 +4233,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_e7( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4272,7 +4267,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_e7( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_6b( + return libcrux_ml_kem_polynomial_from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4283,9 +4278,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_76( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( randomness); } @@ -4295,7 +4290,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_62( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4318,20 +4313,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f7( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_62(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_3e(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_e5(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_cf(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_fd(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); } /** @@ -4344,11 +4339,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4367,9 +4362,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f7(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4394,8 +4389,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_69(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -4408,11 +4403,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bd(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4431,7 +4426,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bd(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4483,8 +4478,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_9a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_e0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -4497,7 +4492,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4521,14 +4516,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_63( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4549,12 +4544,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_63( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_64(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_8e(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4573,7 +4568,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_db( +libcrux_ml_kem_vector_traits_decompress_1_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4588,10 +4583,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_11( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4601,7 +4596,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_11( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_db(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_5f(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4618,7 +4613,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_47( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4648,22 +4643,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_99( +libcrux_ml_kem_matrix_compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_39(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_64(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_06(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_47( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( error_2, message, result); return result; } @@ -4674,7 +4669,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4697,9 +4692,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f(v); } /** @@ -4709,15 +4704,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_6a( +libcrux_ml_kem_serialize_compress_then_serialize_10_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_23( + libcrux_ml_kem_vector_portable_compress_0d_73( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4735,7 +4730,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_5f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4758,9 +4753,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_730( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f0(v); } /** @@ -4770,15 +4765,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_bd( +libcrux_ml_kem_serialize_compress_then_serialize_11_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_23( + libcrux_ml_kem_vector_portable_compress_0d_730( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4798,10 +4793,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_6a(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_51(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4814,7 +4809,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_44( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4830,7 +4825,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_44( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_61(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4843,7 +4838,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_5f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4866,9 +4861,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_731( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f1(v); } /** @@ -4878,7 +4873,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_4f( +libcrux_ml_kem_serialize_compress_then_serialize_4_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4887,8 +4882,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_4f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_23( + libcrux_ml_kem_vector_portable_compress_0d_731( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4905,7 +4900,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_5f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4928,9 +4923,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_732( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f2(v); } /** @@ -4940,7 +4935,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_0b( +libcrux_ml_kem_serialize_compress_then_serialize_5_94( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4949,8 +4944,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_0b( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_23( + libcrux_ml_kem_vector_portable_compress_0d_732( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4969,9 +4964,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_4f(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_53(re, out); } /** @@ -4992,7 +4987,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5000,7 +4995,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5010,7 +5005,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_bd( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5022,30 +5017,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_91( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_63(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_11( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_99( + libcrux_ml_kem_matrix_compute_ring_element_v_04( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_44( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7b( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5069,12 +5064,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_cc(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5082,7 +5077,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cc(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_45(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5116,7 +5111,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_cc(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5132,7 +5127,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_de( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; @@ -5162,7 +5157,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_96( +static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5180,7 +5175,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_96( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_6d(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5204,7 +5199,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_96( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -5215,18 +5210,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_96( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cc(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_c9( + libcrux_ml_kem_ind_cca_kdf_43_de( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_c9(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5258,10 +5253,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c8( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_96(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ee(private_key, ciphertext, ret); } /** @@ -5274,7 +5269,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c8( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_c8( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( private_key, ciphertext, ret); } @@ -5334,11 +5329,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cd( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5368,7 +5363,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cd( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -5380,11 +5375,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cd( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5420,10 +5415,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cd(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1(key_pair, ciphertext, ret); } @@ -5437,7 +5432,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_d4( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_d4( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( private_key, ciphertext, ret); } @@ -5451,7 +5446,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5491,11 +5486,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_cd( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5506,7 +5501,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_fe(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5521,20 +5516,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cc(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_c9(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5566,14 +5561,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cf( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_be(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -5590,7 +5585,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_cf( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( uu____0, copy_of_randomness); } @@ -5613,7 +5608,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b2( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5641,7 +5636,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b2( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e4(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5651,7 +5646,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b2( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5684,7 +5679,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_46( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5692,7 +5687,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_46( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_b2( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uu____0, copy_of_randomness); } @@ -5712,7 +5707,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_46( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( uu____0, copy_of_randomness); } @@ -5736,8 +5731,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_e9(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -5747,7 +5742,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_0c( +libcrux_ml_kem_vector_traits_to_standard_domain_d6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5764,7 +5759,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_46( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5772,7 +5767,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_46( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_0c( + libcrux_ml_kem_vector_traits_to_standard_domain_d6( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5788,14 +5783,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_97( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5817,12 +5812,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_64(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_52(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_46( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5843,7 +5838,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); @@ -5855,14 +5850,14 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_45(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5875,12 +5870,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_53(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_97(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; @@ -5927,14 +5922,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_62( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_23( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5953,7 +5948,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_c1( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5971,7 +5966,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_c1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_62(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5986,14 +5981,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_4c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_c1(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6018,17 +6013,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_d7(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_c0(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_4c( + libcrux_ml_kem_ind_cpa_serialize_public_key_95( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_c1(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6053,7 +6048,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ee( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6109,7 +6104,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6118,13 +6113,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_d7(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_ee( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6133,13 +6128,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_9a(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_ea(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_67( - uu____2, libcrux_ml_kem_types_from_07_0e(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -6155,12 +6150,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_99( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_9a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); } /** @@ -6171,7 +6166,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_99( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( copy_of_randomness); } @@ -6190,9 +6185,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_f5( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e8( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_39(); + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -6210,10 +6205,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_39( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } } @@ -6228,7 +6223,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_51( +libcrux_ml_kem_polynomial_clone_3a_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6256,7 +6251,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6265,7 +6260,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f6( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6273,7 +6268,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_39(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6281,7 +6276,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_51(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6293,7 +6288,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_4c( + libcrux_ml_kem_ind_cpa_serialize_public_key_95( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6347,12 +6342,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_5a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_09( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( copy_of_randomness); } @@ -6365,7 +6360,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_5a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( copy_of_randomness); } @@ -6380,7 +6375,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_fb( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a8( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6391,7 +6386,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_fb( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_69(ciphertext), + libcrux_ml_kem_types_as_slice_a8_14(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6424,7 +6419,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_960( +static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6442,7 +6437,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_960( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_6d(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6466,7 +6461,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_960( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( @@ -6477,18 +6472,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_960( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cc(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_fb( + libcrux_ml_kem_ind_cca_kdf_6c_a8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_fb(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ef(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6524,10 +6519,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_5b( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_960(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ee0(private_key, ciphertext, ret); } /** @@ -6540,7 +6535,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_5b( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_5b( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( private_key, ciphertext, ret); } @@ -6554,7 +6549,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } @@ -6578,11 +6573,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_c6( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -6593,7 +6588,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_fe(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6608,20 +6603,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_be0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_fe(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_cc(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_58(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_fb(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6657,14 +6652,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5a( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_be0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -6681,7 +6676,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5a( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( uu____0, copy_of_randomness); } @@ -6693,16 +6688,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_36( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_d4( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_4c( + libcrux_ml_kem_ind_cpa_serialize_public_key_95( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6720,9 +6715,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_0f( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); } /** @@ -6734,7 +6729,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_0f( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index e563787cd..2d5e861fa 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index fc4a166a5..c0fcc0c6d 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 293f3b52093c13f3043781d878990c5be6fc4e23 + * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 */ #ifndef __libcrux_sha3_portable_H From 2e5a14259ab574c822ed668b8ba27247cfe37298 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 21:41:20 +0200 Subject: [PATCH 173/348] gitignore --- .gitignore | 12 ++++++----- libcrux-intrinsics/src/avx2_extract.rs | 29 ++++++++++++++++++++++++-- 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 982c75cf3..259daf560 100644 --- a/.gitignore +++ b/.gitignore @@ -2,16 +2,18 @@ .vscode .DS_Store benches/boringssl/build -proofs/fstar/extraction/.depend -proofs/fstar/extraction/#*# -proofs/fstar/extraction/.#* -hax.fst.config.json fuzz/corpus fuzz/artifacts -proofs/fstar/extraction/.cache __pycache__ kyber-crate/ *.llbc # When using sed *.bak + +# F* +.fstar-cache +.depend +**/proofs/fstar/*/#*# +**/proofs/fstar/*/.#* +hax.fst.config.json diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 9159df5b1..c80671ff8 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -6,12 +6,12 @@ #[cfg(hax)] #[derive(Clone, Copy)] #[hax_lib::opaque_type] -#[hax_lib::fstar::after(interface, "val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] +#[hax_lib::fstar::replace(interface, "unfold type $:{Vec256} = bit_vec 256")] pub struct Vec256(u8); #[cfg(hax)] #[derive(Copy, Clone)] -#[hax_lib::fstar::after(interface, "val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] +#[hax_lib::fstar::replace(interface, "unfold type $:{Vec128} = bit_vec 128")] #[hax_lib::opaque_type] pub struct Vec128(u8); @@ -119,6 +119,11 @@ pub fn mm256_set_epi8( pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unimplemented!() } + +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16" +)] pub fn mm256_set_epi16( input15: i16, input14: i16, @@ -239,6 +244,10 @@ pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm256_slli_epi16::<0>} = BitVec.Intrinsics.mm256_slli_epi16" +)] pub fn mm256_slli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unimplemented!() @@ -277,6 +286,10 @@ pub fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm256_castsi256_si128} = BitVec.Intrinsics.mm256_castsi256_si128" +)] pub fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { unimplemented!() } @@ -288,6 +301,10 @@ pub fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm_packs_epi16} = BitVec.Intrinsics.mm_packs_epi16" +)] pub fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -295,6 +312,10 @@ pub fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm256_extracti128_si256::<0>} = BitVec.Intrinsics.mm256_extracti128_si256" +)] pub fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { debug_assert!(CONTROL == 0 || CONTROL == 1); unimplemented!() @@ -310,6 +331,10 @@ pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm_movemask_epi8} = BitVec.Intrinsics.mm_movemask_epi8" +)] pub fn mm_movemask_epi8(vector: Vec128) -> i32 { unimplemented!() } From ff0e6ad28a11b001cdb7e6a2e90381b96b4ef37f Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 21:42:18 +0200 Subject: [PATCH 174/348] intrinsics --- .../fstar-bitvec/BitVec.Equality.fst | 39 +++ .../fstar-bitvec/BitVec.Equality.fsti | 9 + .../fstar-bitvec/BitVec.Intrinsics.fsti | 158 +++++++++++ fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 13 - fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 11 + .../Libcrux_intrinsics.Avx2_extract.fst | 246 ++++++++++++++++++ .../Libcrux_intrinsics.Avx2_extract.fsti | 31 +-- libcrux-intrinsics/src/avx2_extract.rs | 8 + 8 files changed, 483 insertions(+), 32 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/BitVec.Equality.fst create mode 100644 fstar-helpers/fstar-bitvec/BitVec.Equality.fsti create mode 100644 fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti create mode 100644 libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst diff --git a/fstar-helpers/fstar-bitvec/BitVec.Equality.fst b/fstar-helpers/fstar-bitvec/BitVec.Equality.fst new file mode 100644 index 000000000..afbc5a4fa --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Equality.fst @@ -0,0 +1,39 @@ +module BitVec.Equality + +open Core +open Rust_primitives +open FStar.Mul +open FStar.FunctionalExtensionality + +private let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f + +let rec bv_equality'' #n (bv1 bv2: bit_vec n) + : r: bool {r <==> feq bv1 bv2} + = if n = 0 then true + else let n' = n - 1 in + if bv1 n' = bv2 n' + then + ( + let bv1' = mk_bv (fun i -> bv1 i) in + let bv2' = mk_bv (fun i -> bv2 i) in + if bv_equality'' #n' bv1' bv2' + then ( + assert (forall (x: nat{x < n'}). bv1' x == bv1 x); + assert (forall (x: nat{x < n'}). bv2' x == bv2 x); + true + ) + else false + ) + else false + +let bv_equality' #n (bv1 bv2: bit_vec n) + : r: bool {r <==> bv1 == bv2} + = extensionality _ _ bv1 bv2; + bv_equality'' bv1 bv2 + + +let bv_equality #n (bv1 bv2: bit_vec n) = bv_equality' bv1 bv2 + +let rewrite n (bv1: bit_vec n) + : Lemma (bv_equality #n bv1 bv1 == true) + = () diff --git a/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti b/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti new file mode 100644 index 000000000..184202a61 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti @@ -0,0 +1,9 @@ +module BitVec.Equality + +open Core +open Rust_primitives +open FStar.Mul +open FStar.FunctionalExtensionality + +val bv_equality #n (bv1 bv2: bit_vec n): bool +val rewrite n (bv1: bit_vec n): Lemma (bv_equality #n bv1 bv1 == true) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti new file mode 100644 index 000000000..480f19738 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -0,0 +1,158 @@ +module BitVec.Intrinsics + +open Core +open Rust_primitives +open FStar.Mul + +(*** BitVec related utils *) +open FStar.FunctionalExtensionality +open BitVec.Equality {bv_equality} + +let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f + +(*** The intrinsics *) + +let mm256_slli_epi16 (shift: nat {shift <= 16}) (vec: bit_vec 256): bit_vec 256 + = mk_bv (fun i -> let nth_bit = i % 16 in + if nth_bit >= shift + then vec (i - shift) + else 0) + +let mm256_srli_epi16 (shift: nat {shift <= 16}) (vec: bit_vec 256): bit_vec 256 + = mk_bv (fun i -> let nth_bit = i % 16 in + if nth_bit < 16 - shift then vec (i + shift) else 0) + +let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 + = mk_bv (fun i -> vec i) +let mm256_extracti128_si256 (control: nat {control == 1}) (vec: bit_vec 256): bit_vec 128 + = mk_bv (fun i -> vec (i + 128)) + +private let saturate8 (v: bit_vec 16): bit_vec 8 + = let on_upper_bits (+) (f: (n:nat{n >= 8 && n <= 15}) -> _) + = f 8 + f 9 + f 10 + f 11 + f 12 + f 13 + f 14 + f 15 + in + let any1 = on_upper_bits ( || ) (fun i -> v i = 1) in + let all1 = on_upper_bits ( && ) (fun i -> v i = 1) in + let negative = v 15 = 1 in + mk_bv (fun i -> + let last_bit = i = 7 in + if negative + then if last_bit + then 1 + else if all1 + then v i + else 0 + else if any1 + then if last_bit + then 0 + else 1 + else v i + ) + +let mm_movemask_epi8_bv (a: bit_vec 128): bit_vec 128 + = mk_bv (fun j -> + if j < 16 + then a ((j * 8) + 7) + else 0 + ) + +let mm_movemask_epi8 (a: bit_vec 128): i32 + = bit_vec_to_int_t 32 (mk_bv (fun i -> mm_movemask_epi8_bv a i)) + +let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : bit_vec 256 + = mk_bv (fun i -> + let offset = i % 16 in + match i / 16 with + | 0 -> get_bit x15 (sz offset) + | 1 -> get_bit x14 (sz offset) + | 2 -> get_bit x13 (sz offset) + | 3 -> get_bit x12 (sz offset) + | 4 -> get_bit x11 (sz offset) + | 5 -> get_bit x10 (sz offset) + | 6 -> get_bit x9 (sz offset) + | 7 -> get_bit x8 (sz offset) + | 8 -> get_bit x7 (sz offset) + | 9 -> get_bit x6 (sz offset) + | 10 -> get_bit x5 (sz offset) + | 11 -> get_bit x4 (sz offset) + | 12 -> get_bit x3 (sz offset) + | 13 -> get_bit x2 (sz offset) + | 14 -> get_bit x1 (sz offset) + | 15 -> get_bit x0 (sz offset) + ) + +let mm_packs_epi16 (a b: bit_vec 128): bit_vec 128 + = mk_bv (fun i -> + let nth_block = i / 8 in + let offset8 = nth_block * 8 in + let offset16' = nth_block * 16 in + let offset16 = offset16' % 128 in + let vec: bit_vec 128 = if offset16' < 128 then a else b in + saturate8 (mk_bv (fun j -> vec (offset16 + j))) (i - offset8) + ) + + + +// This is a very specialized version of mm256_mullo_epi16 +let specialized_mm256_mullo_epi16 (a: bit_vec 256): bit_vec 256 = + mk_bv (fun i -> + let nth_bit = i % 16 in + let nth_i16 = i / 16 in + let shift = if nth_i16 >= 8 then 23 - nth_i16 else 15 - nth_i16 in + if nth_bit >= shift then a (i - shift) else 0 + ) + +// This term will be stuck, we don't know anything about it +val mm256_mullo_epi16_no_semantics (a count: bit_vec 256): bit_vec 256 + +let mm256_mullo_epi16 (a count: bit_vec 256): bit_vec 256 = + if count `bv_equality` mm256_set_epi16 (1s < bv i)) + +let bv_of_string #len (s: string): Tac (bit_vec len) + = let l = FStar.String.list_of_string s + |> filter (function ' ' | '\n' -> false | _ -> true) + |> map #_ #bit (function '1' -> 1 <: bit | '0' -> 0 | c -> fail ("expected 0 or 1, got [" ^ String.string_of_char c ^ "]")) in + if FStar.List.Tot.length l = len + then mk_bv (fun (i: nat {i < len}) -> List.Tot.index l i) + else fail ("expected a bv of length " ^ string_of_int len ^ ", got a bv of length " ^ string_of_int (FStar.List.Tot.length l)) + +let call_native_intrinsic' #ilen name raw_args (bitvecs: list (bit_vec ilen)) : Tac string = + let bitvecs = List.Tot.map bv_to_string bitvecs in + let args = List.Tot.append raw_args bitvecs in + let result = launch_process "bash" ("/tmp/run.sh"::name::args) "" in + print ("process stdout is [" ^ result ^ "]"); + FStar.String.list_of_string result + |> filter (function ' ' | '\n' -> false | _ -> true) + |> String.string_of_list + +let call_native_intrinsic #ilen olen name raw_args (bitvecs: list (bit_vec ilen)) : Tac (bit_vec olen) = + bv_of_string (call_native_intrinsic' #ilen name raw_args bitvecs) + +let random_bv len: Tac (bit_vec len) + = call_native_intrinsic #1 _ "rand" [string_of_int len] [] + +let tassert (x: bool): Tac unit + = if x then () else fail "tassert" + + +private let example: bit_vec 256 = mk_bv (fun i -> if i % 16 = 15 then 1 else 0) + +private let x = bv_to_string example +private let y = bv_to_string (mm256_srli_epi16 15 example) + diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 6a7da3303..e79d70661 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -38,19 +38,6 @@ let compute_one_round (): Tac _ = /// Normalizes up to `get_bit` let compute': unit -> Tac unit = goal_fixpoint compute_one_round -private let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) - = let time0 = curms () in - let result = t x in - let time1 = curms () in - (result, time1 - time0) - -private let print_time prefix (t: 'a -> Tac 'b) (x: 'a): Tac 'b - = let (result, time) = time_tactic_ms t x in - print (prefix ^ string_of_int (time / 1000) ^ "." ^ string_of_int ((time/100)%10) ^ "s"); - result - - - /// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) let prove_bit_vector_equality' (): Tac unit = norm [ diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 7a48823d9..46f9f507f 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -204,6 +204,17 @@ let rewrite_rhs (): Tac _ = let uvar = fresh_uvar (Some (tc (cur_env ()) rhs)) in tcut (`squash (`#rhs == `#uvar)) +(*** Logging and time *) +let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) + = let time0 = curms () in + let result = t x in + let time1 = curms () in + (result, time1 - time0) + +let print_time prefix (t: 'a -> Tac 'b) (x: 'a): Tac 'b + = let (result, time) = time_tactic_ms t x in + print (prefix ^ string_of_int (time / 1000) ^ "." ^ string_of_int ((time/100)%10) ^ "s"); + result (*** Unroll forall goals *) let _split_forall_nat diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst new file mode 100644 index 000000000..b8f362555 --- /dev/null +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -0,0 +1,246 @@ +module Libcrux_intrinsics.Avx2_extract +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 2117; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 313 }; + lo = { Span.Imported.col = 0; line = 310 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 2117; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 313 }; + lo = { Span.Imported.col = 0; line = 310 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"313\" };\n lo = { Types.col = \"0\"; line = \"310\" } };\n ty = Types.Never }")); + span = + { Span.id = 2117; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 313 }; + lo = { Span.Imported.col = 0; line = 310 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 2117; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 313 }; + lo = { Span.Imported.col = 0; line = 310 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_extracti128_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 1837; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 245 }; + lo = { Span.Imported.col = 0; line = 242 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 1837; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 245 }; + lo = { Span.Imported.col = 0; line = 242 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"245\" };\n lo = { Types.col = \"0\"; line = \"242\" } };\n ty = Types.Never }")); + span = + { Span.id = 1837; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 245 }; + lo = { Span.Imported.col = 0; line = 242 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 1837; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 2; line = 245 }; + lo = { Span.Imported.col = 0; line = 242 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_slli_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 83143b404..b3cbb19e4 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -3,13 +3,9 @@ module Libcrux_intrinsics.Avx2_extract open Core open FStar.Mul -val t_Vec128:Type0 +unfold type t_Vec128 = bit_vec 128 -val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) - -val t_Vec256:Type0 - -val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) +unfold type t_Vec256 = bit_vec 256 val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -25,17 +21,11 @@ val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) val mm256_castsi128_si256 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_castsi256_si128 (vector: t_Vec256) - : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_extracti128_si256 (v_CONTROL: i32) (vector: t_Vec256) - : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -93,9 +83,6 @@ val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) val mm256_shuffle_epi8 (vector control: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_slli_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -145,14 +132,10 @@ val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ - val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_movemask_epi8 (vector: t_Vec128) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) - val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_packs_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) val mm_set_epi8 @@ -170,3 +153,13 @@ val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) + +unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 + +unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 + +unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 + +unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 + +unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index c80671ff8..f0bdbe34e 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -185,6 +185,10 @@ pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16" +)] pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -230,6 +234,10 @@ pub fn mm256_srai_epi32(vector: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "unfold let ${mm256_srli_epi16} = BitVec.Intrinsics.mm256_srli_epi16" +)] pub fn mm256_srli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unimplemented!() From bfeeda35fbb670de05aca004f42319fc7e4f7022 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 21:42:28 +0200 Subject: [PATCH 175/348] partial proofs --- .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 351 ++++++++++++++++++ 1 file changed, 351 insertions(+) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst new file mode 100644 index 000000000..acdcf619b --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst @@ -0,0 +1,351 @@ +module Libcrux_ml_kem.Vector.Avx2.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let deserialize_11_int (bytes: t_Slice u8) = + let r0:i16 = + (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) + in + let r2:i16 = + ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) + in + let r3:i16 = + (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) + in + let r4:i16 = + (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) + in + let r5:i16 = + ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) + in + let r6:i16 = + (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) + in + let r7:i16 = + ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) + in + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + +let serialize_11_int (v: t_Slice i16) = + let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in + let r1:u8 = + ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) + in + let r2:u8 = + ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) + in + let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in + let r4:u8 = + ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) + in + let r5:u8 = + ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) + in + let r6:u8 = + ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) + in + let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in + let r8:u8 = + ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) + in + let r9:u8 = + ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) + in + let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + +let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector + +let serialize_11_ (v: t_PortableVector) = + let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_10_._1 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_10_._2 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_10_._3 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_10_._4 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_10_._5 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r0_10_._6 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r0_10_._7 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r0_10_._8 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r0_10_._9 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r0_10_._10 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r0_10_._11 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r11_21_._1 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r11_21_._2 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r11_21_._3 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r11_21_._4 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r11_21_._5 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r11_21_._6 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r11_21_._7 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r11_21_._8 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r11_21_._9 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 20) r11_21_._10 + in + let result:t_Array u8 (sz 22) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 21) r11_21_._11 + in + result + +let to_i16_array (v: t_PortableVector) = v.f_elements + +let zero (_: Prims.unit) = + { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector + +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v:t_PortableVector = zero () in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 0) v0_7_._1 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 1) v0_7_._2 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 2) v0_7_._3 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 3) v0_7_._4 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 4) v0_7_._5 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 5) v0_7_._6 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 6) v0_7_._7 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 7) v0_7_._8 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 8) v8_15_._1 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 9) v8_15_._2 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 10) v8_15_._3 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 11) v8_15_._4 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 12) v8_15_._5 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 13) v8_15_._6 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 14) v8_15_._7 + } + <: + t_PortableVector + in + let v:t_PortableVector = + { + v with + f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 15) v8_15_._8 + } + <: + t_PortableVector + in + v From 7c4e54b416794fe192be8c44bbbf4de1d5ccee99 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 21:44:03 +0200 Subject: [PATCH 176/348] avx2: serialize: manual proofs --- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 132 +++++++++++++++--- 1 file changed, 113 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 6d9f7f800..4405a49d6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -3,15 +3,57 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize open Core open FStar.Mul +module _ = Tactics.Utils +module _ = Tactics.Seq +module _ = BitVecEq + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in () +open BitVec.Intrinsics {mk_bv, specialized_mm256_mullo_epi16, mm256_srli_epi16, mm256_set_epi16, mm256_mullo_epi16} + +open FStar.Tactics.V2 +open Tactics.Utils + +let rw_get_bit_cast #t #u + (x: int_t t) (nth: usize) + : Lemma (requires v nth < bits u /\ v nth < bits u) + (ensures eq2 #bit (get_bit (cast_mod #t #u x) nth) (if v nth < bits t then get_bit x nth else 0)) + [SMTPat (get_bit (cast_mod #t #u x) nth)] + = () + +let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t) + (ensures eq2 #bit (get_bit (x >>! y) i ) + (if v i < bits t - v y + then get_bit x (mk_int (v i + v y)) + else if signed t + then get_bit x (mk_int (bits t - 1)) + else 0)) + = () + +open Tactics.Utils + +/// This lemma takes care of specializing `mm256_mullo_epi16` +let mm256_mullo_epi16_rewrite () = + norm [primops; iota; zeta; delta_only [`%mm256_mullo_epi16]]; + pointwise_or_refl (fun _ -> + let?# (lhs, _, _) = expect_lhs_eq_rhs () in + let?# (f, _) = expect_app_n lhs 3 in + let?# _ = expect_free_var f (`%BitVec.Equality.bv_equality) in + apply_lemma_rw_eqtype (`BitVec.Equality.rewrite); + Some () + ) + +#push-options "--compat_pre_core 2" let deserialize_1_ (bytes: t_Slice u8) = + assume (Seq.length bytes == 2); let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) + // WARNING: using `BitVec.Intrinsics.mm256_set_epi16` here for now, we need to bind it in extract_avx2.rs + mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) @@ -22,15 +64,34 @@ let deserialize_1_ (bytes: t_Slice u8) = (cast (bytes.[ sz 0 ] <: u8) <: i16) in let shift_lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + mm256_mullo_epi16_rewrite (); + let light_norm () = norm [ iota; primops; zeta_full + ; delta_only [`%bit_vec_of_int_t_array;`%bits;`%Lib.IntTypes.bits] + ; delta_namespace ["FStar"] + ] in + light_norm (); + Tactics.Seq.norm_index (); + Tactics.MachineInts.(transform norm_machine_int_term); + light_norm (); + norm [primops; iota; zeta_full; delta_namespace ["Libcrux_intrinsics.Avx2_extract";"BitVec.Intrinsics"; implode_qn (cur_module ()); "FStar"]]; + print ("Ask SMT: " ^ term_to_string (cur_goal ())); + smt_sync () + )) + ); + result let deserialize_10_ (bytes: t_Slice u8) = let shift_lsbs_to_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -210,32 +271,65 @@ let deserialize_5_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 11l coefficients +#push-options "--compat_pre_core 0" +#push-options "--z3rlimit 90" let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15l vector + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15 vector in let low_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 lsb_to_msb in let high_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l lsb_to_msb + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1 lsb_to_msb in let msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_packs_epi16 low_msbs high_msbs in let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in - let serialized:t_Array u8 (sz 2) = Rust_primitives.Hax.repeat 0uy (sz 2) in - let serialized:t_Array u8 (sz 2) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 0) - (cast (bits_packed <: i32) <: u8) - in - let serialized:t_Array u8 (sz 2) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize serialized - (sz 1) - (cast (bits_packed >>! 8l <: i32) <: u8) - in - serialized + let x = cast (bits_packed <: i32) <: u8 in + let y = cast (bits_packed >>! 8l <: i32) <: u8 in + let l = [x; y] in + assert_norm (List.length l == 2); + let arr: t_Array u8 (sz 2) = Seq.seq_of_list l in + let ll = bit_vec_of_int_t_array arr 8 in + assume (forall (i: nat {i < 256}). vector i == (if i % 16 = 0 then vector i else 0)); + // HERE: the bound should be 16, not 8 + let _ = (forall (i: nat {i < 16}). ll i == vector (i * 16)) in + // assert (forall (i: nat {i < 16}). get_bit y (sz 7) == vector (i * 16)) by ( + assert (forall (i: nat {i < 16}). ll i == vector (i * 16)) by ( + Tactics.Utils.prove_forall_nat_pointwise (fun _ -> + norm [iota; primops; delta_only [`%cast; `%cast_tc_integers]]; + l_to_r [`rw_get_bit_cast]; + let light_norm () = norm [ iota; primops; zeta_full + ; delta_only [`%bit_vec_of_int_t_array;`%bits;`%Lib.IntTypes.bits] + ; delta_namespace ["FStar"] + ] in + light_norm (); + Tactics.Seq.norm_index (); + l_to_r[`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `get_bit_shr]; + Tactics.MachineInts.(transform norm_machine_int_term); + light_norm (); + norm [primops; iota; zeta_full; delta_only [ + `%Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8; + `%BitVec.Intrinsics.mm_movemask_epi8; + ]]; + l_to_r [`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `get_bit_shr]; + let _ = rewrite_lhs () in + flip (); + trefl (); + l_to_r [`rw_get_bit_shr]; + Tactics.MachineInts.(transform norm_machine_int_term); + l_to_r [`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `get_bit_shr]; + light_norm (); + norm [primops; iota; zeta_full; delta_namespace ["Libcrux_intrinsics.Avx2_extract";"BitVec.Intrinsics"; "FStar"]]; + dump' "Goal:"; + smt_sync (); + dump' "Success"; + smt () + ) + ); + Seq.seq_of_list l let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in From dd063cc445547b045033a5d359a222bf0db847e7 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 21:44:31 +0200 Subject: [PATCH 177/348] portable: serialize: manual proofs --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 233 ++++++++++-------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 80 ++++-- 2 files changed, 199 insertions(+), 114 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 9a88facf7..1b0e7f569 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -36,7 +36,12 @@ let deserialize_10_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = @@ -77,7 +82,12 @@ let deserialize_11_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_12_int (bytes: t_Slice u8) = let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in @@ -85,7 +95,10 @@ let deserialize_12_int (bytes: t_Slice u8) = let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in - r0, r1 <: (i16 & i16) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16) = r0, r1 <: (i16 & i16) in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in @@ -96,7 +109,12 @@ let deserialize_4_int (bytes: t_Slice u8) = let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in @@ -135,7 +153,13 @@ let deserialize_5_int (bytes: t_Slice u8) = i16 in let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +#push-options "--z3rlimit 480 --split_queries always" let serialize_10_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -152,7 +176,12 @@ let serialize_10_int (v: t_Slice i16) = (cast (((v.[ sz 2 ] <: i16) >>! 4l <: i16) &. 63s <: i16) <: u8) in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8 & u8 & u8) = r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +#pop-options let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in @@ -187,9 +216,14 @@ let serialize_11_int (v: t_Slice i16) = (cast ((v.[ sz 6 ] <: i16) >>! 6l <: i16) <: u8) in let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -201,7 +235,10 @@ let serialize_12_int (v: t_Slice i16) = u8 in let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in - r0, r1, r2 <: (u8 & u8 & u8) + let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in + let result:(u8 & u8 & u8) = r0, r1, r2 <: (u8 & u8 & u8) in + let _:Prims.unit = admit () (* Panic freedom *) in + result let serialize_4_int (v: t_Slice i16) = let result0:u8 = @@ -216,7 +253,20 @@ let serialize_4_int (v: t_Slice i16) = let result3:u8 = ((cast (v.[ sz 7 ] <: i16) <: u8) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 10) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 10)) 8 (MkSeq.create8 tuple) 10 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 10)) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 11) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 11)) 8 (MkSeq.create8 tuple) 11 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 11)) val deserialize_12_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (i16 & i16) + (requires Core.Slice.impl__len #u8 bytes =. sz 3) + (ensures + fun tuple -> + let tuple:(i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 3)) 8 (MkSeq.create2 tuple) 12 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 tuple) i) 12)) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 4) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 4)) 8 (MkSeq.create8 tuple) 4 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - Prims.l_True - (fun _ -> Prims.l_True) + (requires Core.Slice.impl__len #u8 bytes =. sz 5) + (ensures + fun tuple -> + let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in + BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 5)) 8 (MkSeq.create8 tuple) 5 /\ + (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) val serialize_10_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) + (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 4)) 10 (MkSeq.create5 tuple) 8) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ + (forall i. Rust_primitives.bounded (Seq.index v i) 11)) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 11 (MkSeq.create11 tuple) 8) val serialize_12_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 2 /\ + (forall i. Rust_primitives.bounded (Seq.index v i) 12)) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 2)) 12 (MkSeq.create3 tuple) 8) val serialize_4_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) + ) + (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) + (requires + Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) + ) + (ensures + fun tuple -> + let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in + BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 5 (MkSeq.create5 tuple) 8) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) From 64a27324dc232b29eabb71b8e24cd0a94706f0e1 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Fri, 30 Aug 2024 21:45:22 +0200 Subject: [PATCH 178/348] makefile, more fixes --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 4 +--- libcrux-ml-kem/proofs/fstar/spec/Makefile | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index d493ba7e5..c80431897 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -27,6 +27,4 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Traits.fst -OTHERFLAGS="--query_stats" -FSTAR_INCLUDE_DIRS_EXTRA = $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-ml-kem/proofs/fstar/spec/Makefile b/libcrux-ml-kem/proofs/fstar/spec/Makefile index ec420d509..b4ce70a38 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Makefile +++ b/libcrux-ml-kem/proofs/fstar/spec/Makefile @@ -1 +1 @@ -include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.template +include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From bab1d08aa4b226dfc299c0d7a454869197c19249 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 30 Aug 2024 19:45:25 +0000 Subject: [PATCH 179/348] c code --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 18 + libcrux-ml-kem/c/internal/libcrux_core.h | 68 +- .../c/internal/libcrux_mlkem_avx2.h | 52 +- .../c/internal/libcrux_mlkem_portable.h | 52 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 31 +- .../c/internal/libcrux_sha3_internal.h | 48 +- .../c/karamel/include/krml/c_endianness.h | 2 +- .../c/karamel/include/krml/internal/builtin.h | 2 +- .../karamel/include/krml/internal/callconv.h | 2 +- .../c/karamel/include/krml/internal/compat.h | 2 +- .../c/karamel/include/krml/internal/debug.h | 2 +- .../c/karamel/include/krml/internal/target.h | 2 +- .../c/karamel/include/krml/internal/types.h | 2 +- .../include/krml/internal/wasmsupport.h | 2 +- .../karamel/include/krml/lowstar_endianness.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 70 +- libcrux-ml-kem/c/libcrux_core.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 56 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1430 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1426 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 22 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 466 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 756 ++++----- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- libcrux-ml-kem/cg/code_gen.txt | 10 +- libcrux-ml-kem/cg/libcrux_core.h | 44 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 10 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 790 ++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 784 ++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 466 +++--- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 806 +++++----- 52 files changed, 3931 insertions(+), 3934 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 76cd050f0..7a7fb98ac 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 0576bfc67e99aae86c51930421072688138b672b -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb +Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..7f7dd62b3 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -95,6 +102,9 @@ typedef struct { #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__0___Slice_U____for__Array_T__N___3__eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ @@ -127,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -134,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -185,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 37b4942e2..5f115384f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __internal_libcrux_core_H @@ -81,7 +81,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_781( uint8_t value[1568U]); /** @@ -94,7 +94,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_001( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_1d1( uint8_t value[3168U]); /** @@ -119,7 +119,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_891( uint8_t value[1568U]); /** @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_941( +uint8_t *libcrux_ml_kem_types_as_slice_f6_7b1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -153,7 +153,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, uint8_t ret[1600U]); /** @@ -165,7 +165,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_780( uint8_t value[1184U]); /** @@ -178,7 +178,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_000( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -191,7 +191,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_1d0( uint8_t value[2400U]); /** @@ -203,7 +203,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_890( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_940( +uint8_t *libcrux_ml_kem_types_as_slice_f6_7b0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, uint8_t ret[1120U]); /** @@ -249,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_78( uint8_t value[800U]); /** @@ -262,7 +262,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_00( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_1d( uint8_t value[1632U]); /** @@ -287,7 +287,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_89( uint8_t value[768U]); /** @@ -298,7 +298,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +uint8_t *libcrux_ml_kem_types_as_slice_f6_7b( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -309,7 +309,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -333,7 +333,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -343,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -355,7 +355,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -366,7 +366,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, uint8_t ret[800U]); /** @@ -377,7 +377,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -401,7 +401,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -424,7 +424,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -447,7 +447,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -470,7 +470,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ecb75ad66..e93ae1ee8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_d21(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_101( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_251( +void libcrux_ml_kem_ind_cca_decapsulate_311( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_d20(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_100( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_250( +void libcrux_ml_kem_ind_cca_decapsulate_310( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_d2(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_25( +void libcrux_ml_kem_ind_cca_decapsulate_31( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 16ffd7952..8e73b3cb1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_141(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_011(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6b1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_531( +void libcrux_ml_kem_ind_cca_decapsulate_c51( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_140(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_010(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6b0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_530( +void libcrux_ml_kem_ind_cca_decapsulate_c50( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_14(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_53( +void libcrux_ml_kem_ind_cca_decapsulate_c5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 6eb1bbfa3..138336886 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -23,30 +23,9 @@ extern "C" { #include "internal/libcrux_core.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); - typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 3c29ac3c3..0f71ab9de 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f3(s, buf); } /** @@ -50,7 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -58,15 +58,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); } /** @@ -76,7 +76,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f30(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); } /** diff --git a/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h index 21d7e1b4f..937d8d109 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/c_endianness.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_ENDIAN_H #define __KRML_ENDIAN_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h index 07ff15678..b8d2bdfec 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/builtin.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_BUILTIN_H #define __KRML_BUILTIN_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h index aeca0ba71..4bc0f878d 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/callconv.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_CALLCONV_H #define __KRML_CALLCONV_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h index 98b5d117a..94c6f948f 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/compat.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef KRML_COMPAT_H #define KRML_COMPAT_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h index 6c209d947..74588fa95 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/debug.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_DEBUG_H #define __KRML_DEBUG_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h index e5d59d9f8..dbe3aec09 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/target.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/target.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __KRML_TARGET_H #define __KRML_TARGET_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h index a41c64bc0..37ceb2bd8 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/types.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/types.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef KRML_TYPES_H #define KRML_TYPES_H diff --git a/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h index b44fa3f75..5aba97565 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h +++ b/libcrux-ml-kem/c/karamel/include/krml/internal/wasmsupport.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ /* This file is automatically included when compiling with -wasm -d force-c */ #define WasmSupport_check_buffer_size(X) diff --git a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h index 3e92cdc8a..d59d9854d 100644 --- a/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h +++ b/libcrux-ml-kem/c/karamel/include/krml/lowstar_endianness.h @@ -1,5 +1,5 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + Licensed under the Apache 2.0 and MIT Licenses. */ #ifndef __LOWSTAR_ENDIANNESS_H #define __LOWSTAR_ENDIANNESS_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index aa0fcdaad..88b08d8e5 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_781( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_001( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_1d1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_891( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_941( +uint8_t *libcrux_ml_kem_types_as_slice_f6_7b1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -196,7 +196,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_780( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_000( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_1d0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_890( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_940( +uint8_t *libcrux_ml_kem_types_as_slice_f6_7b0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -316,7 +316,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_78( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_00( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_1d( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_89( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +uint8_t *libcrux_ml_kem_types_as_slice_f6_7b( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -421,7 +421,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -440,7 +440,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -460,7 +460,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; @@ -512,7 +512,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -531,7 +531,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -551,7 +551,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -571,7 +571,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -591,7 +591,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -611,7 +611,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 899863274..1e71a9e61 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_core_H @@ -229,7 +229,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 56091a76a..acf089dba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 0e62ab674..e0a7b2465 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_5e( +static void decapsulate_5b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_250(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_310(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_5e(private_key, ciphertext, ret); + decapsulate_5b0(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_0c( +static void decapsulate_unpacked_ee0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0c(private_key, ciphertext, ret); + decapsulate_unpacked_ee0(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_53( +static tuple_21 encapsulate_3d0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_100(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_53(uu____0, copy_of_randomness); + return encapsulate_3d0(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_7d( +static tuple_21 encapsulate_unpacked_370( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_7d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_7d(uu____0, copy_of_randomness); + return encapsulate_unpacked_370(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ed( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_070( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_210(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f70(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ed(copy_of_randomness); + return generate_keypair_070(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_1f(uint8_t randomness[64U]) { +generate_keypair_unpacked_910(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_1f(copy_of_randomness); + return generate_keypair_unpacked_910(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_6b0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a0(public_key); +static bool validate_public_key_c60(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_d20(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_6b0(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_6b0(public_key.value)) { + if (validate_public_key_c60(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 50f971f65..d29a9d6c7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 60a1e0f8b..83b2de6c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_aa( +static void decapsulate_f71( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_531(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c51(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_aa(private_key, ciphertext, ret); + decapsulate_f71(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_0b( +static void decapsulate_unpacked_661( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0b(private_key, ciphertext, ret); + decapsulate_unpacked_661(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_07( +static tuple_21 encapsulate_ae1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6b1(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_07(uu____0, copy_of_randomness); + return encapsulate_ae1(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_7c( +static tuple_21 encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_7c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_7c(uu____0, copy_of_randomness); + return encapsulate_unpacked_861(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_99( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_141( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_651(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_011(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_99(copy_of_randomness); + return generate_keypair_141(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_60(uint8_t randomness[64U]) { +generate_keypair_unpacked_f51(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_60(copy_of_randomness); + return generate_keypair_unpacked_f51(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_931(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_361(public_key); +static bool validate_public_key_521(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_141(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_931(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_931(public_key.value)) { + if (validate_public_key_521(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 498b356d4..b11dd9849 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a5da3cc7d..8f5c0d2ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index b23590730..d7123d46b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_25(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_5b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_25(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_31(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_25(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_25(private_key, ciphertext, ret); + decapsulate_5b(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4a( +static void decapsulate_unpacked_ee( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_4a( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4a(private_key, ciphertext, ret); + decapsulate_unpacked_ee(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_79( +static tuple_ec encapsulate_3d( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_10(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_79(uu____0, copy_of_randomness); + return encapsulate_3d(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_e6( +static tuple_ec encapsulate_unpacked_37( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_e6( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e6(uu____0, copy_of_randomness); + return encapsulate_unpacked_37(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_9f( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_07( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_9f(copy_of_randomness); + return generate_keypair_07(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_8e(uint8_t randomness[64U]) { +generate_keypair_unpacked_91(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_8e(copy_of_randomness); + return generate_keypair_unpacked_91(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_6b(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); +static bool validate_public_key_c6(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_d2(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_6b(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_6b(public_key.value)) { + if (validate_public_key_c6(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 68a5a2896..501ed46db 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 86a68b433..0392adb8d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_530(private_key, ciphertext, ret); +static void decapsulate_f70( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_c50(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_f70(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_0e( +static void decapsulate_unpacked_660( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_0e( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0e(private_key, ciphertext, ret); + decapsulate_unpacked_660(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_d8( +static tuple_ec encapsulate_ae0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6b0(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d8(uu____0, copy_of_randomness); + return encapsulate_ae0(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_d7( +static tuple_ec encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_d7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d7(uu____0, copy_of_randomness); + return encapsulate_unpacked_860(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_140( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_650(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_010(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_25(copy_of_randomness); + return generate_keypair_140(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d1(uint8_t randomness[64U]) { +generate_keypair_unpacked_f50(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d1(copy_of_randomness); + return generate_keypair_unpacked_f50(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_930(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_360(public_key); +static bool validate_public_key_520(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_140(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_930(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_930(public_key.value)) { + if (validate_public_key_520(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 97ba0332c..d9ad3d85d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 54ff3c780..83d4cec1b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 19ce04aee..d6a6579c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_0a( +static void decapsulate_5b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_251(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_311(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_0a( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0a(private_key, ciphertext, ret); + decapsulate_5b1(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_fc( +static void decapsulate_unpacked_ee1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_fc( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fc(private_key, ciphertext, ret); + decapsulate_unpacked_ee1(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_1c( +static tuple_3c encapsulate_3d1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e91(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_101(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_1c(uu____0, copy_of_randomness); + return encapsulate_3d1(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_49( +static tuple_3c encapsulate_unpacked_371( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_49( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, copy_of_randomness); + return encapsulate_unpacked_371(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_54( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_071( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_211(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f71(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_54(copy_of_randomness); + return generate_keypair_071(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_52(uint8_t randomness[64U]) { +generate_keypair_unpacked_911(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_52(copy_of_randomness); + return generate_keypair_unpacked_911(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_6b1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a1(public_key); +static bool validate_public_key_c61(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_d21(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_6b1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_6b1(public_key.value)) { + if (validate_public_key_c61(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index b51cad8ef..1619dc8e4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 02189bb2e..93bcd6386 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_64( +static void decapsulate_f7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_53(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_c5(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_64( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_64(private_key, ciphertext, ret); + decapsulate_f7(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_87( +static void decapsulate_unpacked_66( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_87( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_87(private_key, ciphertext, ret); + decapsulate_unpacked_66(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_eb( +static tuple_3c encapsulate_ae( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6b(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_eb(uu____0, copy_of_randomness); + return encapsulate_ae(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_d0( +static tuple_3c encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_d0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d0(uu____0, copy_of_randomness); + return encapsulate_unpacked_86(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_0a( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_14( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_01(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0a(copy_of_randomness); + return generate_keypair_14(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_0f(uint8_t randomness[64U]) { +generate_keypair_unpacked_f5(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0f(copy_of_randomness); + return generate_keypair_unpacked_f5(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_93(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); +static bool validate_public_key_52(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_14(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_93(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_93(public_key.value)) { + if (validate_public_key_52(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 229cdc944..c53c50b62 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 267a9ff3d..8cbdaaea9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "internal/libcrux_mlkem_avx2.h" @@ -733,7 +733,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, ret0); + core_result_unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -843,7 +843,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_e8(dst, ret0); + core_result_unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -963,7 +963,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_34(dst, ret0); + core_result_unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1118,7 +1118,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_1c(dst, ret0); + core_result_unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1261,7 +1261,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_98(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_28(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1289,8 +1289,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_ce(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_to_reduced_ring_element_60(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1310,12 +1310,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_031( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1327,7 +1327,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_60(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1341,7 +1341,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_fb(core_core_arch_x86___m256i vector) { +shift_right_cf(core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); } @@ -1355,9 +1355,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_09_cf( +static core_core_arch_x86___m256i shift_right_09_73( core_core_arch_x86___m256i vector) { - return shift_right_fb(vector); + return shift_right_cf(vector); } /** @@ -1366,9 +1366,9 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_4b( +static core_core_arch_x86___m256i to_unsigned_representative_0b( core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_09_cf(a); + core_core_arch_x86___m256i t = shift_right_09_73(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1381,14 +1381,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - to_unsigned_representative_4b(re->coefficients[i0]); + to_unsigned_representative_0b(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1406,7 +1406,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_801( +static KRML_MUSTINLINE void serialize_secret_key_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1424,7 +1424,7 @@ static KRML_MUSTINLINE void serialize_secret_key_801( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_44(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1439,14 +1439,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_ac1( +static KRML_MUSTINLINE void serialize_public_key_c41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_801(t_as_ntt, ret0); + serialize_secret_key_d81(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1466,15 +1466,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_d21(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_f51( + deserialize_ring_elements_reduced_031( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_c41( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1505,7 +1505,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1515,10 +1515,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_d61( +static void closure_fb1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_28();); } /** @@ -1528,7 +1528,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_501(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1550,11 +1550,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_3f1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(copy_of_input); + return shake128_init_absorb_final_501(copy_of_input); } /** @@ -1563,7 +1563,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_001( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1597,9 +1597,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_941( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_6b1(self, ret); + shake128_squeeze_first_three_blocks_001(self, ret); } /** @@ -1650,7 +1650,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_973( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c3( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1688,7 +1688,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1722,9 +1722,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_1b1(self, ret); + shake128_squeeze_next_block_dd1(self, ret); } /** @@ -1775,7 +1775,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_974( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c4( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1818,8 +1818,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_84(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); +from_i16_array_20_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1836,9 +1836,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e91( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_061( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1848,7 +1848,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_0c1( +static KRML_MUSTINLINE void sample_from_xof_f81( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1857,25 +1857,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(copy_of_seeds); + shake128_init_absorb_final_a9_3f1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_941(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_973( + bool done = sample_from_uniform_distribution_next_6c3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_974( + done = sample_from_uniform_distribution_next_6c4( copy_of_randomness, sampled_coefficients, out); } } @@ -1884,7 +1884,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_e91(copy_of_out[i]);); + ret0[i] = closure_061(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1896,12 +1896,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_431( +static KRML_MUSTINLINE void sample_matrix_A_1c1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_d61(A_transpose[i]);); + closure_fb1(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1916,7 +1916,7 @@ static KRML_MUSTINLINE void sample_matrix_A_431( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_0c1(copy_of_seeds, sampled); + sample_from_xof_f81(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1960,7 +1960,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1998,9 +1998,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_412(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); + PRFxN_ef2(input, ret); } /** @@ -2059,7 +2059,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_53(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2093,7 +2093,7 @@ sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2104,7 +2104,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_04(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2137,7 +2137,7 @@ sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2148,8 +2148,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_cf0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_9b(randomness); +sample_from_binomial_distribution_fb0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_53(randomness); } /** @@ -2158,7 +2158,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_68( +static KRML_MUSTINLINE void ntt_at_layer_7_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2184,7 +2184,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_7b( +static core_core_arch_x86___m256i montgomery_multiply_fe_99( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -2196,9 +2196,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_c5(core_core_arch_x86___m256i a, +ntt_layer_int_vec_step_86(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_7b(b, zeta_r); + core_core_arch_x86___m256i t = montgomery_multiply_fe_99(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2211,7 +2211,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2224,7 +2224,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_c5( + ntt_layer_int_vec_step_86( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2241,7 +2241,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2257,7 +2257,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_70( +static KRML_MUSTINLINE void ntt_at_layer_2_52( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2276,7 +2276,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_7e( +static KRML_MUSTINLINE void ntt_at_layer_1_03( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2303,7 +2303,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_78( +static KRML_MUSTINLINE void poly_barrett_reduce_20_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2319,17 +2319,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c7( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_68(re); + ntt_at_layer_7_cd(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_6e(&zeta_i, re); + ntt_at_layer_2_52(&zeta_i, re); + ntt_at_layer_1_03(&zeta_i, re); + poly_barrett_reduce_20_a0(re); } /** @@ -2340,11 +2340,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_821( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_20_28();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2356,12 +2356,12 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf0( + re_as_ntt[i0] = sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2386,9 +2386,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_15(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_8b(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_28(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2419,7 +2419,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f31( +static KRML_MUSTINLINE void add_to_ring_element_20_021( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2456,7 +2456,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_a1( +static KRML_MUSTINLINE void add_standard_error_reduce_20_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2476,14 +2476,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b1( +static KRML_MUSTINLINE void compute_As_plus_e_251( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_28();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2504,10 +2504,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f31(&result0[i1], &product); + ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_021(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_2c(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2526,10 +2526,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_f81( +static tuple_9b0 generate_keypair_unpacked_fe1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); + G_a9_ab1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2537,15 +2537,15 @@ static tuple_9b0 generate_keypair_unpacked_f81( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_431(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_1c1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_821(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2557,14 +2557,14 @@ static tuple_9b0 generate_keypair_unpacked_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_571(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_821(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_4b1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_251(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -2612,10 +2612,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1c1( +static void closure_4e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_28();); } /** @@ -2628,7 +2628,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_4a( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -2648,7 +2648,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_311(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2666,7 +2666,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2675,18 +2675,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_f81(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_fe1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_4e1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_3a_94(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2696,19 +2696,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_c41( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_a9_311(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -2744,17 +2744,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_f81( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_f81(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_fe1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_c41( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_801(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_d81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2778,7 +2778,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c91( +static KRML_MUSTINLINE void serialize_kem_secret_key_561( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2804,7 +2804,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c91( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_651(public_key, ret0); + H_a9_311(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2833,7 +2833,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2842,13 +2842,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_f81(ind_cpa_keypair_randomness); + generate_keypair_1c1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_c91( + serialize_kem_secret_key_561( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2857,13 +2857,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_750( - uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_000( + uu____2, libcrux_ml_kem_types_from_07_780(copy_of_public_key)); } /** @@ -2875,10 +2875,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_611(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_20_28();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2890,11 +2890,11 @@ sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2915,7 +2915,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_c90(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2932,9 +2932,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_264(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -2943,7 +2943,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2967,7 +2967,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2987,7 +2987,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3005,14 +3005,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_e9(core_core_arch_x86___m256i a, +inv_ntt_layer_int_vec_step_reduce_76(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_7b(a_minus_b, zeta_r); + b = montgomery_multiply_fe_99(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -3023,7 +3023,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_44( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3038,7 +3038,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_e9( + inv_ntt_layer_int_vec_step_reduce_76( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -3055,18 +3055,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c51( +static KRML_MUSTINLINE void invert_ntt_montgomery_321( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_18(&zeta_i, re); + invert_ntt_at_layer_2_38(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_a0(re); } /** @@ -3079,7 +3079,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_87( +static KRML_MUSTINLINE void add_error_reduce_20_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3100,14 +3100,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_641( +static KRML_MUSTINLINE void compute_vector_u_921( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_28();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3127,11 +3127,11 @@ static KRML_MUSTINLINE void compute_vector_u_641( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f31(&result0[i1], &product); + ntt_multiply_20_8b(a_element, &r_as_ntt[j]); + add_to_ring_element_20_021(&result0[i1], &product); } - invert_ntt_montgomery_c51(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_321(&result0[i1]); + add_error_reduce_20_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -3148,7 +3148,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_05( +static core_core_arch_x86___m256i decompress_1_ac( core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), @@ -3163,8 +3163,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_message_b3(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3172,7 +3172,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_05(coefficient_compressed);); + re.coefficients[i0] = decompress_1_ac(coefficient_compressed);); return re; } @@ -3187,7 +3187,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_86( +add_message_error_reduce_20_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3214,18 +3214,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c1( +compute_ring_element_v_871( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f31(&result, &product);); - invert_ntt_montgomery_c51(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_021(&result, &product);); + invert_ntt_montgomery_321(&result); + result = add_message_error_reduce_20_25(error_2, message, result); return result; } @@ -3236,7 +3236,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_a7(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_33(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3301,9 +3301,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_09_b5( +static core_core_arch_x86___m256i compress_09_f2( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_a7(vector); + return compress_ciphertext_coefficient_33(vector); } /** @@ -3312,14 +3312,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_a8( +static KRML_MUSTINLINE void compress_then_serialize_10_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_09_b5(to_unsigned_representative_4b(re->coefficients[i0])); + compress_09_f2(to_unsigned_representative_0b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3337,7 +3337,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_a70(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_330(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3402,9 +3402,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_09_b50( +static core_core_arch_x86___m256i compress_09_f20( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_a70(vector); + return compress_ciphertext_coefficient_330(vector); } /** @@ -3414,10 +3414,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_a8(re, uu____0); + compress_then_serialize_10_2f(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3430,7 +3430,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_521( +static void compress_then_serialize_u_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3446,7 +3446,7 @@ static void compress_then_serialize_u_521( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); + compress_then_serialize_ring_element_u_d3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3459,7 +3459,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_a71(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_331(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3524,9 +3524,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_09_b51( +static core_core_arch_x86___m256i compress_09_f21( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_a71(vector); + return compress_ciphertext_coefficient_331(vector); } /** @@ -3535,7 +3535,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_42( +static KRML_MUSTINLINE void compress_then_serialize_4_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3544,7 +3544,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_42( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_09_b51(to_unsigned_representative_4b(re.coefficients[i0])); + compress_09_f21(to_unsigned_representative_0b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3561,7 +3561,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_a72(core_core_arch_x86___m256i vector) { +compress_ciphertext_coefficient_332(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3626,9 +3626,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_09_b52( +static core_core_arch_x86___m256i compress_09_f22( core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_a72(vector); + return compress_ciphertext_coefficient_332(vector); } /** @@ -3637,7 +3637,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8a( +static KRML_MUSTINLINE void compress_then_serialize_5_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3646,7 +3646,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8a( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - compress_09_b52(to_unsigned_representative_4b(re.coefficients[i0])); + compress_09_f22(to_unsigned_representative_0b(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3665,7 +3665,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_42(re, out); + compress_then_serialize_4_f8(re, out); } /** @@ -3685,15 +3685,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac1( +static void encrypt_unpacked_751( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_821(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3703,7 +3703,7 @@ static void encrypt_unpacked_ac1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_b31(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_611(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3711,27 +3711,27 @@ static void encrypt_unpacked_ac1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_641(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_921(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_b3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_871(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_521( + compress_then_serialize_u_a91( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -3759,11 +3759,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -3773,7 +3773,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3786,7 +3786,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_ac1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_751(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3796,7 +3796,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3817,11 +3817,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_831(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -3841,22 +3841,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_c31(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_f51( + deserialize_ring_elements_reduced_031( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_431(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_1c1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -3886,7 +3886,7 @@ static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_ac1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_751(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3901,11 +3901,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_7c1(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -3927,27 +3927,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_101( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d1( + entropy_preprocess_af_831( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), + H_a9_311(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3955,19 +3955,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_c31(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e51(shared_secret, shared_secret_array); + kdf_af_7c1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3987,7 +3987,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_2f(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_ee(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4050,9 +4050,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_19( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_2f(vector); + return decompress_ciphertext_coefficient_ee(vector); } /** @@ -4062,8 +4062,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_04(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_10_9f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); LowStar_Ignore_ignore( Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, core_core_arch_x86___m256i), @@ -4076,7 +4076,7 @@ deserialize_then_decompress_10_04(Eurydice_slice serialized) { serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_19(coefficient); } return re; } @@ -4088,7 +4088,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_2f0(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_ee0(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4151,9 +4151,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab0( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_190( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_2f0(vector); + return decompress_ciphertext_coefficient_ee0(vector); } /** @@ -4163,8 +4163,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_0a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_11_3c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4172,7 +4172,7 @@ deserialize_then_decompress_11_0a(Eurydice_slice serialized) { serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_190(coefficient); } return re; } @@ -4184,8 +4184,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_07(Eurydice_slice serialized) { - return deserialize_then_decompress_10_04(serialized); +deserialize_then_decompress_ring_element_u_88(Eurydice_slice serialized) { + return deserialize_then_decompress_10_9f(serialized); } /** @@ -4194,17 +4194,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_bf( +static KRML_MUSTINLINE void ntt_vector_u_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_6e(&zeta_i, re); + ntt_at_layer_2_52(&zeta_i, re); + ntt_at_layer_1_03(&zeta_i, re); + poly_barrett_reduce_20_a0(re); } /** @@ -4215,12 +4215,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -4238,8 +4238,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); - ntt_vector_u_bf(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_88(u_bytes); + ntt_vector_u_fd(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4253,7 +4253,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_2f1(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_ee1(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4316,9 +4316,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab1( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_191( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_2f1(vector); + return decompress_ciphertext_coefficient_ee1(vector); } /** @@ -4328,8 +4328,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_4_4d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -4337,7 +4337,7 @@ deserialize_then_decompress_4_f0(Eurydice_slice serialized) { serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_191(coefficient); } return re; } @@ -4349,7 +4349,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_2f2(core_core_arch_x86___m256i vector) { +decompress_ciphertext_coefficient_ee2(core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4412,9 +4412,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_ab2( +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_192( core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_2f2(vector); + return decompress_ciphertext_coefficient_ee2(vector); } /** @@ -4424,8 +4424,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_5_67(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4433,7 +4433,7 @@ deserialize_then_decompress_5_fe(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_ab2(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_192(re.coefficients[i0]); } return re; } @@ -4445,8 +4445,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_bb(Eurydice_slice serialized) { - return deserialize_then_decompress_4_f0(serialized); +deserialize_then_decompress_ring_element_v_3d(Eurydice_slice serialized) { + return deserialize_then_decompress_4_4d(serialized); } /** @@ -4460,7 +4460,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_45(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4482,17 +4482,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c81( +compute_message_c31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f31(&result, &product);); - invert_ntt_montgomery_c51(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_021(&result, &product);); + invert_ntt_montgomery_321(&result); + result = subtract_reduce_20_f9(v, result); return result; } @@ -4502,13 +4502,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_fc( +static KRML_MUSTINLINE void compress_then_serialize_message_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; core_core_arch_x86___m256i coefficient = - to_unsigned_representative_4b(re.coefficients[i0]); + to_unsigned_representative_0b(re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4531,19 +4531,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_071( +static void decrypt_unpacked_041( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb( + deserialize_then_decompress_ring_element_v_3d( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c81(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c31(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_6c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4552,7 +4552,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_c9(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4569,8 +4569,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_263(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -4594,14 +4594,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_071(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_041(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4612,7 +4612,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4620,17 +4620,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_173( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -4638,11 +4638,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_ac1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_751(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4660,8 +4660,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_to_uncompressed_ring_element_03(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4678,12 +4678,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a21( +static KRML_MUSTINLINE void deserialize_secret_key_c11( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4695,7 +4695,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a21( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_03(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4717,10 +4717,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_951(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_a21(secret_key, secret_as_ntt); + deserialize_secret_key_c11(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4732,7 +4732,7 @@ static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_071(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_041(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4758,7 +4758,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_251( +void libcrux_ml_kem_ind_cca_decapsulate_311( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4776,9 +4776,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_951(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4786,7 +4786,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4794,31 +4794,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f01(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_c31(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e51(Eurydice_array_to_slice( + kdf_af_7c1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e51(shared_secret0, shared_secret1); + kdf_af_7c1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4835,12 +4835,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_030( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4852,7 +4852,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_60(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4867,7 +4867,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_800( +static KRML_MUSTINLINE void serialize_secret_key_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4885,7 +4885,7 @@ static KRML_MUSTINLINE void serialize_secret_key_800( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_44(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4900,14 +4900,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_ac0( +static KRML_MUSTINLINE void serialize_public_key_c40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_800(t_as_ntt, ret0); + serialize_secret_key_d80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4927,15 +4927,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_d20(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_f50( + deserialize_ring_elements_reduced_030( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_c40( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4966,7 +4966,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4976,10 +4976,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_d60( +static void closure_fb0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_28();); } /** @@ -4989,7 +4989,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_500(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -5011,11 +5011,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_3f0(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(copy_of_input); + return shake128_init_absorb_final_500(copy_of_input); } /** @@ -5024,7 +5024,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_000( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -5061,9 +5061,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_940( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_6b0(self, ret); + shake128_squeeze_first_three_blocks_000(self, ret); } /** @@ -5114,7 +5114,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_971( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c1( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5152,7 +5152,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -5189,9 +5189,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_1b0(self, ret); + shake128_squeeze_next_block_dd0(self, ret); } /** @@ -5242,7 +5242,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_972( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c2( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5280,9 +5280,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e90( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_060( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5292,7 +5292,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_0c0( +static KRML_MUSTINLINE void sample_from_xof_f80( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -5301,25 +5301,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(copy_of_seeds); + shake128_init_absorb_final_a9_3f0(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_940(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_971( + bool done = sample_from_uniform_distribution_next_6c1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_972( + done = sample_from_uniform_distribution_next_6c2( copy_of_randomness, sampled_coefficients, out); } } @@ -5328,7 +5328,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_e90(copy_of_out[i]);); + ret0[i] = closure_060(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5340,12 +5340,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_430( +static KRML_MUSTINLINE void sample_matrix_A_1c0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_d60(A_transpose[i]);); + closure_fb0(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5360,7 +5360,7 @@ static KRML_MUSTINLINE void sample_matrix_A_430( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_0c0(copy_of_seeds, sampled); + sample_from_xof_f80(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5404,7 +5404,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef1(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5445,9 +5445,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_411(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); + PRFxN_ef1(input, ret); } /** @@ -5458,11 +5458,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_820( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_20_28();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5474,12 +5474,12 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf0( + re_as_ntt[i0] = sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5503,7 +5503,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f30( +static KRML_MUSTINLINE void add_to_ring_element_20_020( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5524,14 +5524,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b0( +static KRML_MUSTINLINE void compute_As_plus_e_250( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_28();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5552,10 +5552,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f30(&result0[i1], &product); + ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_020(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_2c(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5574,10 +5574,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_f80( +static tuple_54 generate_keypair_unpacked_fe0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); + G_a9_ab0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5585,15 +5585,15 @@ static tuple_54 generate_keypair_unpacked_f80( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_430(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_1c0(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_820(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5605,14 +5605,14 @@ static tuple_54 generate_keypair_unpacked_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_570(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_820(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_4b0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_250(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5660,10 +5660,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1c0( +static void closure_4e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_28();); } /** @@ -5675,7 +5675,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_310(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5693,7 +5693,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5702,18 +5702,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_f80(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_fe0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_4e0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_3a_94(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5723,19 +5723,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_c40( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_a9_310(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5771,17 +5771,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_f80( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_f80(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_fe0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_c40( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_800(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_d80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5805,7 +5805,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c90( +static KRML_MUSTINLINE void serialize_kem_secret_key_560( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5831,7 +5831,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c90( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_650(public_key, ret0); + H_a9_310(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5860,7 +5860,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5869,13 +5869,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_f80(ind_cpa_keypair_randomness); + generate_keypair_1c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_c90( + serialize_kem_secret_key_560( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5884,13 +5884,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_751( - uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_001( + uu____2, libcrux_ml_kem_types_from_07_781(copy_of_public_key)); } /** @@ -5902,10 +5902,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_610(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_20_28();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5917,11 +5917,11 @@ sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5947,9 +5947,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_262(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -5958,18 +5958,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c50( +static KRML_MUSTINLINE void invert_ntt_montgomery_320( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_18(&zeta_i, re); + invert_ntt_at_layer_2_38(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_a0(re); } /** @@ -5978,14 +5978,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_640( +static KRML_MUSTINLINE void compute_vector_u_920( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_28();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6005,11 +6005,11 @@ static KRML_MUSTINLINE void compute_vector_u_640( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f30(&result0[i1], &product); + ntt_multiply_20_8b(a_element, &r_as_ntt[j]); + add_to_ring_element_20_020(&result0[i1], &product); } - invert_ntt_montgomery_c50(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_320(&result0[i1]); + add_error_reduce_20_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -6027,18 +6027,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c0( +compute_ring_element_v_870( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f30(&result, &product);); - invert_ntt_montgomery_c50(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_020(&result, &product);); + invert_ntt_montgomery_320(&result); + result = add_message_error_reduce_20_25(error_2, message, result); return result; } @@ -6048,14 +6048,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_a50( +static KRML_MUSTINLINE void compress_then_serialize_11_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - compress_09_b50(to_unsigned_representative_4b(re->coefficients[i0])); + compress_09_f20(to_unsigned_representative_0b(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6073,10 +6073,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_a50(re, uu____0); + compress_then_serialize_11_d60(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6089,7 +6089,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_520( +static void compress_then_serialize_u_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6105,7 +6105,7 @@ static void compress_then_serialize_u_520( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_970(&re, ret); + compress_then_serialize_ring_element_u_d30(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -6120,7 +6120,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_8a(re, out); + compress_then_serialize_5_a5(re, out); } /** @@ -6140,15 +6140,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac0( +static void encrypt_unpacked_750( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_820(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6158,7 +6158,7 @@ static void encrypt_unpacked_ac0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_b30(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_610(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6166,27 +6166,27 @@ static void encrypt_unpacked_ac0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_640(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_920(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_b3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_870(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_520( + compress_then_serialize_u_a90( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -6214,11 +6214,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6228,7 +6228,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6241,7 +6241,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_ac0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_750(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6251,7 +6251,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6272,11 +6272,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_830(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -6296,22 +6296,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_c30(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_f50( + deserialize_ring_elements_reduced_030( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_430(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_1c0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -6341,7 +6341,7 @@ static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_ac0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_750(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -6356,11 +6356,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_7c0(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -6382,27 +6382,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_100( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d0( + entropy_preprocess_af_830( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), + H_a9_310(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6410,19 +6410,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_c30(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e50(shared_secret, shared_secret_array); + kdf_af_7c0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6442,8 +6442,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_070(Eurydice_slice serialized) { - return deserialize_then_decompress_11_0a(serialized); +deserialize_then_decompress_ring_element_u_880(Eurydice_slice serialized) { + return deserialize_then_decompress_11_3c(serialized); } /** @@ -6452,17 +6452,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_bf0( +static KRML_MUSTINLINE void ntt_vector_u_fd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_6e(&zeta_i, re); + ntt_at_layer_2_52(&zeta_i, re); + ntt_at_layer_1_03(&zeta_i, re); + poly_barrett_reduce_20_a0(re); } /** @@ -6473,12 +6473,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6496,8 +6496,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_070(u_bytes); - ntt_vector_u_bf0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_880(u_bytes); + ntt_vector_u_fd0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6511,8 +6511,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_bb0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_fe(serialized); +deserialize_then_decompress_ring_element_v_3d0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_67(serialized); } /** @@ -6522,17 +6522,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c80( +compute_message_c30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f30(&result, &product);); - invert_ntt_montgomery_c50(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_020(&result, &product);); + invert_ntt_montgomery_320(&result); + result = subtract_reduce_20_f9(v, result); return result; } @@ -6546,19 +6546,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_070( +static void decrypt_unpacked_040( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb0( + deserialize_then_decompress_ring_element_v_3d0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c80(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c30(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_6c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6572,8 +6572,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_261(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -6597,15 +6597,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_070(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_040(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -6616,7 +6616,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6624,17 +6624,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_174( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -6642,11 +6642,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_ac0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_750(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6663,12 +6663,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a20( +static KRML_MUSTINLINE void deserialize_secret_key_c10( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6680,7 +6680,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a20( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_03(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6702,10 +6702,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_950(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_a20(secret_key, secret_as_ntt); + deserialize_secret_key_c10(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6717,7 +6717,7 @@ static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_070(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_040(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6743,7 +6743,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_250( +void libcrux_ml_kem_ind_cca_decapsulate_310( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6762,9 +6762,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_950(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6772,7 +6772,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6780,31 +6780,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f00(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_c30(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e50(Eurydice_array_to_slice( + kdf_af_7c0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e50(shared_secret0, shared_secret1); + kdf_af_7c0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6821,12 +6821,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_03( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6838,7 +6838,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_60(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6853,7 +6853,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_80( +static KRML_MUSTINLINE void serialize_secret_key_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6871,7 +6871,7 @@ static KRML_MUSTINLINE void serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_44(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6886,14 +6886,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_ac( +static KRML_MUSTINLINE void serialize_public_key_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_80(t_as_ntt, ret0); + serialize_secret_key_d8(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6913,15 +6913,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_d2(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_f5( + deserialize_ring_elements_reduced_03( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_c4( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6952,7 +6952,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6962,10 +6962,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_d6( +static void closure_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_28();); } /** @@ -6975,7 +6975,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { +shake128_init_absorb_final_50(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6997,11 +6997,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_3f(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(copy_of_input); + return shake128_init_absorb_final_50(copy_of_input); } /** @@ -7010,7 +7010,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_00( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -7041,9 +7041,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_94( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_6b(self, ret); + shake128_squeeze_first_three_blocks_00(self, ret); } /** @@ -7094,7 +7094,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_97( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7132,7 +7132,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -7163,9 +7163,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_1b(self, ret); + shake128_squeeze_next_block_dd(self, ret); } /** @@ -7216,7 +7216,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_970( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c0( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7254,9 +7254,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e9( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_06( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7266,7 +7266,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_0c( +static KRML_MUSTINLINE void sample_from_xof_f8( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -7275,25 +7275,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(copy_of_seeds); + shake128_init_absorb_final_a9_3f(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_94(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_97( + bool done = sample_from_uniform_distribution_next_6c( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_970( + done = sample_from_uniform_distribution_next_6c0( copy_of_randomness, sampled_coefficients, out); } } @@ -7302,7 +7302,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_e9(copy_of_out[i]);); + ret0[i] = closure_06(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7314,12 +7314,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_43( +static KRML_MUSTINLINE void sample_matrix_A_1c( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_d6(A_transpose[i]);); + closure_fb(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7334,7 +7334,7 @@ static KRML_MUSTINLINE void sample_matrix_A_43( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_0c(copy_of_seeds, sampled); + sample_from_xof_f8(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7378,7 +7378,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -7413,9 +7413,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); + PRFxN_ef(input, ret); } /** @@ -7425,8 +7425,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_cf(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_41(randomness); +sample_from_binomial_distribution_fb(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_04(randomness); } /** @@ -7437,11 +7437,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_82( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_20_28();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7453,12 +7453,12 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); + PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf( + re_as_ntt[i0] = sample_from_binomial_distribution_fb( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7482,7 +7482,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f3( +static KRML_MUSTINLINE void add_to_ring_element_20_02( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7503,14 +7503,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b( +static KRML_MUSTINLINE void compute_As_plus_e_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_28();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7531,10 +7531,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f3(&result0[i1], &product); + ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_02(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_2c(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7553,10 +7553,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_f8( +static tuple_4c generate_keypair_unpacked_fe( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); + G_a9_ab(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7564,15 +7564,15 @@ static tuple_4c generate_keypair_unpacked_f8( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_43(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_1c(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_82(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7584,14 +7584,14 @@ static tuple_4c generate_keypair_unpacked_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_82(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_25(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7639,10 +7639,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_1c( +static void closure_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_20_28();); } /** @@ -7654,7 +7654,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_31(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -7672,7 +7672,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7681,18 +7681,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_f8(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_fe(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_4e(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_3a_94(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7702,19 +7702,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_c4( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_a9_31(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -7750,17 +7750,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_f8( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_f8(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_fe(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_c4( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_d8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7784,7 +7784,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c9( +static KRML_MUSTINLINE void serialize_kem_secret_key_56( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7810,7 +7810,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_65(public_key, ret0); + H_a9_31(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7838,7 +7838,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7848,13 +7848,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_f8(ind_cpa_keypair_randomness); + generate_keypair_1c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_c9( + serialize_kem_secret_key_56( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7863,13 +7863,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_00( + uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); } /** @@ -7878,7 +7878,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef0(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7913,9 +7913,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_410(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); + PRFxN_ef0(input, ret); } /** @@ -7927,10 +7927,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_61(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_20_28();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7942,11 +7942,11 @@ sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); + PRFxN_a9_410(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7972,9 +7972,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_260(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -7983,18 +7983,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c5( +static KRML_MUSTINLINE void invert_ntt_montgomery_32( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_18(&zeta_i, re); + invert_ntt_at_layer_2_38(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_a0(re); } /** @@ -8003,14 +8003,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_64( +static KRML_MUSTINLINE void compute_vector_u_92( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_20_28();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8030,11 +8030,11 @@ static KRML_MUSTINLINE void compute_vector_u_64( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f3(&result0[i1], &product); + ntt_multiply_20_8b(a_element, &r_as_ntt[j]); + add_to_ring_element_20_02(&result0[i1], &product); } - invert_ntt_montgomery_c5(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_32(&result0[i1]); + add_error_reduce_20_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -8052,18 +8052,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c( +compute_ring_element_v_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f3(&result, &product);); - invert_ntt_montgomery_c5(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_02(&result, &product);); + invert_ntt_montgomery_32(&result); + result = add_message_error_reduce_20_25(error_2, message, result); return result; } @@ -8076,7 +8076,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_52( +static void compress_then_serialize_u_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8092,7 +8092,7 @@ static void compress_then_serialize_u_52( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); + compress_then_serialize_ring_element_u_d3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8115,15 +8115,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac( +static void encrypt_unpacked_75( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_82(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -8133,7 +8133,7 @@ static void encrypt_unpacked_ac( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_b3(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_61(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8141,27 +8141,27 @@ static void encrypt_unpacked_ac( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_fb0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_92(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_b3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_87(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_52( + compress_then_serialize_u_a9( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -8189,11 +8189,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -8203,7 +8203,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8216,7 +8216,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_75(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8226,7 +8226,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8247,11 +8247,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_83(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -8271,22 +8271,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_c3(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_f5( + deserialize_ring_elements_reduced_03( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_43(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_1c(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -8316,7 +8316,7 @@ static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_75(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -8331,11 +8331,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_7c(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -8357,27 +8357,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d( + entropy_preprocess_af_83( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), + H_a9_31(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8385,19 +8385,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_c3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e5(shared_secret, shared_secret_array); + kdf_af_7c(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8418,12 +8418,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8441,8 +8441,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); - ntt_vector_u_bf(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_88(u_bytes); + ntt_vector_u_fd(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8456,17 +8456,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c8( +compute_message_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f3(&result, &product);); - invert_ntt_montgomery_c5(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_02(&result, &product);); + invert_ntt_montgomery_32(&result); + result = subtract_reduce_20_f9(v, result); return result; } @@ -8480,19 +8480,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_07( +static void decrypt_unpacked_04( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb( + deserialize_then_decompress_ring_element_v_3d( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c8(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c3(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_6c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8506,8 +8506,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_26(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -8531,14 +8531,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_07(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_04(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -8549,7 +8549,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8557,17 +8557,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -8575,11 +8575,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_ac(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_75(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8596,12 +8596,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a2( +static KRML_MUSTINLINE void deserialize_secret_key_c1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_20_28();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8613,7 +8613,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_03(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8635,10 +8635,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_95(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_a2(secret_key, secret_as_ntt); + deserialize_secret_key_c1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8650,7 +8650,7 @@ static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_07(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_04(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8676,7 +8676,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_25( +void libcrux_ml_kem_ind_cca_decapsulate_31( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8694,9 +8694,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_95(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8704,7 +8704,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8712,30 +8712,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_c3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e5(Eurydice_array_to_slice((size_t)32U, + kdf_af_7c(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e5(shared_secret0, shared_secret1); + kdf_af_7c(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 8fe2c54bf..4db3bdb2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 9c19313ab..3713c3f99 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 314d97b10..571bf315c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 67e234ab7..2972eda7b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_f9(dst, ret); + core_result_unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2234,7 +2234,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_9a(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_7f(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,8 +2262,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_to_reduced_ring_element_87(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2284,12 +2284,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_841( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2301,7 +2301,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_87(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2315,7 +2315,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2334,8 +2334,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_53(v); +shift_right_0d_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f1(v); } /** @@ -2345,10 +2345,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_39( +to_unsigned_representative_19( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_e7(a); + shift_right_0d_be(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2361,14 +2361,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_a6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_39(re->coefficients[i0]); + to_unsigned_representative_19(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2386,7 +2386,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f01( +static KRML_MUSTINLINE void serialize_secret_key_8b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2404,7 +2404,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f01( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2419,14 +2419,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_951( +static KRML_MUSTINLINE void serialize_public_key_eb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_f01(t_as_ntt, ret0); + serialize_secret_key_8b1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2446,15 +2446,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_141(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_c71( + deserialize_ring_elements_reduced_841( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_eb1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2485,7 +2485,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d01(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2496,10 +2496,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_441( +static void closure_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_7f();); } /** @@ -2518,7 +2518,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_401(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2549,11 +2549,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_831(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(copy_of_input); + return shake128_init_absorb_final_401(copy_of_input); } /** @@ -2562,7 +2562,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a1( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2583,9 +2583,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_201( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_101(self, ret); + shake128_squeeze_first_three_blocks_9a1(self, ret); } /** @@ -2636,7 +2636,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_833( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f63( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2674,7 +2674,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2695,9 +2695,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_041( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ed1(self, ret); + shake128_squeeze_next_block_ea1(self, ret); } /** @@ -2748,7 +2748,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_834( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f64( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2791,8 +2791,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_8d(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); +from_i16_array_20_b2(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2812,9 +2812,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_d41( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_20_b2( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2833,25 +2833,25 @@ static KRML_MUSTINLINE void sample_from_xof_611( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_831(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_201(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_833( + bool done = sample_from_uniform_distribution_next_f63( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_c11(&xof_state, randomness); + shake128_squeeze_next_block_f1_041(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_834( + done = sample_from_uniform_distribution_next_f64( copy_of_randomness, sampled_coefficients, out); } } @@ -2860,7 +2860,7 @@ static KRML_MUSTINLINE void sample_from_xof_611( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_6a1(copy_of_out[i]);); + ret0[i] = closure_d41(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2873,12 +2873,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_451( +static KRML_MUSTINLINE void sample_matrix_A_b61( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_441(A_transpose[i]);); + closure_9a1(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2937,7 +2937,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d32(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2958,9 +2958,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_d32(input, ret); } /** @@ -3019,7 +3019,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_0e(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3053,7 +3053,7 @@ sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_8d( + return from_i16_array_20_b2( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3064,7 +3064,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_44(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3097,7 +3097,7 @@ sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_8d( + return from_i16_array_20_b2( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3108,8 +3108,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_b3(randomness); +sample_from_binomial_distribution_97(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_0e(randomness); } /** @@ -3118,7 +3118,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_3e( +static KRML_MUSTINLINE void ntt_at_layer_7_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3146,7 +3146,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_10( +montgomery_multiply_fe_1e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3160,12 +3160,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_10(b, zeta_r); + montgomery_multiply_fe_1e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3179,7 +3179,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_3a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3192,7 +3192,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_a1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3209,7 +3209,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_9c( +static KRML_MUSTINLINE void ntt_at_layer_3_4c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3227,7 +3227,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_6b( +static KRML_MUSTINLINE void ntt_at_layer_2_68( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3247,7 +3247,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_37( +static KRML_MUSTINLINE void ntt_at_layer_1_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3275,7 +3275,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_8e( +static KRML_MUSTINLINE void poly_barrett_reduce_20_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3293,17 +3293,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_37( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_3e(re); + ntt_at_layer_7_9e(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_4c(&zeta_i, re); + ntt_at_layer_2_68(&zeta_i, re); + ntt_at_layer_1_9d(&zeta_i, re); + poly_barrett_reduce_20_42(re); } /** @@ -3315,11 +3315,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_c01( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_20_7f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3331,12 +3331,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c3( + re_as_ntt[i0] = sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3361,9 +3361,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_e9(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_7f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3396,7 +3396,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e1( +static KRML_MUSTINLINE void add_to_ring_element_20_671( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3421,7 +3421,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_d6( +to_standard_domain_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3437,14 +3437,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_7d( +static KRML_MUSTINLINE void add_standard_error_reduce_20_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_d6(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_5f(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3459,14 +3459,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e1( +static KRML_MUSTINLINE void compute_As_plus_e_ea1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_7f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3487,10 +3487,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e1(&result0[i1], &product); + ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_671(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_5c(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3510,10 +3510,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a11( +static tuple_540 generate_keypair_unpacked_6e1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_d01(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3521,15 +3521,15 @@ static tuple_540 generate_keypair_unpacked_a11( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_451(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_b61(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_c01(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3541,14 +3541,14 @@ static tuple_540 generate_keypair_unpacked_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_561(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_c01(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_0e1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ea1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -3597,10 +3597,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a11( +static void closure_481( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_7f();); } /** @@ -3613,7 +3613,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_20( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_6e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3635,7 +3635,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3654,7 +3654,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3663,18 +3663,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_a11(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_6e1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a11(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_481(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_3a_6e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3684,19 +3684,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_eb1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_fd1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -3733,17 +3733,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c01( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d81( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a11(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_6e1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_eb1( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f01(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_8b1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3767,7 +3767,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_50( +static KRML_MUSTINLINE void serialize_kem_secret_key_b0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3793,7 +3793,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_fd1(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3823,7 +3823,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_011(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3832,13 +3832,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_c01(ind_cpa_keypair_randomness); + generate_keypair_d81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_50( + serialize_kem_secret_key_b0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3847,13 +3847,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_751( - uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_001( + uu____2, libcrux_ml_kem_types_from_07_781(copy_of_public_key)); } /** @@ -3866,10 +3866,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_781(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_20_7f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3881,11 +3881,11 @@ sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3906,7 +3906,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_030(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3923,9 +3923,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c84(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -3934,7 +3934,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_1f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3958,7 +3958,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_12( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3978,7 +3978,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_72( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3998,7 +3998,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_ee( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4006,7 +4006,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_10(a_minus_b, zeta_r); + b = montgomery_multiply_fe_1e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4018,7 +4018,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4033,7 +4033,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_ee( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4050,18 +4050,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_271( +static KRML_MUSTINLINE void invert_ntt_montgomery_021( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_1f(&zeta_i, re); + invert_ntt_at_layer_2_ea(&zeta_i, re); + invert_ntt_at_layer_3_2a(&zeta_i, re); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_42(re); } /** @@ -4074,7 +4074,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_fc( +static KRML_MUSTINLINE void add_error_reduce_20_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4098,14 +4098,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a21( +static KRML_MUSTINLINE void compute_vector_u_2e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_7f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4125,11 +4125,11 @@ static KRML_MUSTINLINE void compute_vector_u_a21( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e1(&result0[i1], &product); + ntt_multiply_20_e9(a_element, &r_as_ntt[j]); + add_to_ring_element_20_671(&result0[i1], &product); } - invert_ntt_montgomery_271(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_021(&result0[i1]); + add_error_reduce_20_07(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4147,7 +4147,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_11(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4161,8 +4161,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_08(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_message_34(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4172,7 +4172,7 @@ deserialize_then_decompress_message_08(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5f(coefficient_compressed); + decompress_1_11(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4188,7 +4188,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_0f( +add_message_error_reduce_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4218,18 +4218,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_041( +compute_ring_element_v_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e1(&result, &product);); - invert_ntt_montgomery_271(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_671(&result, &product);); + invert_ntt_montgomery_021(&result); + result = add_message_error_reduce_20_31(error_2, message, result); return result; } @@ -4239,7 +4239,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4260,9 +4260,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_73( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_17( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f(v); + return compress_0e(v); } /** @@ -4271,7 +4271,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4293,8 +4293,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_730(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f0(v); +compress_0d_170(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0e0(v); } /** @@ -4303,14 +4303,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_250( +static KRML_MUSTINLINE void compress_then_serialize_11_e40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_730(to_unsigned_representative_39(re->coefficients[i0])); + compress_0d_170(to_unsigned_representative_19(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4328,10 +4328,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_250(re, uu____0); + compress_then_serialize_11_e40(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4344,7 +4344,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_a41( +static void compress_then_serialize_u_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4360,7 +4360,7 @@ static void compress_then_serialize_u_a41( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4c0(&re, ret); + compress_then_serialize_ring_element_u_f30(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4372,7 +4372,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4394,8 +4394,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_731(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f1(v); +compress_0d_171(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0e1(v); } /** @@ -4404,7 +4404,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_53( +static KRML_MUSTINLINE void compress_then_serialize_4_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4413,7 +4413,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_53( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_731(to_unsigned_representative_39(re.coefficients[i0])); + compress_0d_171(to_unsigned_representative_19(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4429,7 +4429,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4451,8 +4451,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_732(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f2(v); +compress_0d_172(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0e2(v); } /** @@ -4461,7 +4461,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_94( +static KRML_MUSTINLINE void compress_then_serialize_5_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4470,7 +4470,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_732(to_unsigned_representative_39(re.coefficients[i0])); + compress_0d_172(to_unsigned_representative_19(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_94(re, out); + compress_then_serialize_5_59(re, out); } /** @@ -4510,15 +4510,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e1( +static void encrypt_unpacked_b01( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_c01(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4528,7 +4528,7 @@ static void encrypt_unpacked_8e1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_151(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_781(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4536,31 +4536,31 @@ static void encrypt_unpacked_8e1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a21(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_2e1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_34(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_5d1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a41( + compress_then_serialize_u_fc1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc0( + compress_then_serialize_ring_element_v_2f0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4585,11 +4585,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4599,7 +4599,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4612,7 +4612,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_8e1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_b01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4622,7 +4622,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4643,11 +4643,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_9b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_e5(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4668,22 +4668,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d91(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_c71( + deserialize_ring_elements_reduced_841( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_451(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_b61(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -4713,7 +4713,7 @@ static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_8e1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_b01(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4728,11 +4728,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_4a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_66(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4754,27 +4754,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6b1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_9b( + entropy_preprocess_af_e5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), + H_f1_fd1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4782,19 +4782,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_971(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_d91(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_4a(shared_secret, shared_secret_array); + kdf_af_66(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4814,7 +4814,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_63( +decompress_ciphertext_coefficient_e3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4839,9 +4839,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_80( +decompress_ciphertext_coefficient_0d_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_63(v); + return decompress_ciphertext_coefficient_e3(v); } /** @@ -4851,8 +4851,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_26(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_10_a9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4868,7 +4868,7 @@ deserialize_then_decompress_10_26(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_80(coefficient); + decompress_ciphertext_coefficient_0d_9f(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4881,7 +4881,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_630( +decompress_ciphertext_coefficient_e30( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4906,9 +4906,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_800( +decompress_ciphertext_coefficient_0d_9f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_630(v); + return decompress_ciphertext_coefficient_e30(v); } /** @@ -4918,8 +4918,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_11_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4928,7 +4928,7 @@ deserialize_then_decompress_11_fe(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_800(coefficient); + decompress_ciphertext_coefficient_0d_9f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4941,8 +4941,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_110(Eurydice_slice serialized) { - return deserialize_then_decompress_11_fe(serialized); +deserialize_then_decompress_ring_element_u_900(Eurydice_slice serialized) { + return deserialize_then_decompress_11_34(serialized); } /** @@ -4951,17 +4951,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2e0( +static KRML_MUSTINLINE void ntt_vector_u_850( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_4c(&zeta_i, re); + ntt_at_layer_2_68(&zeta_i, re); + ntt_at_layer_1_9d(&zeta_i, re); + poly_barrett_reduce_20_42(re); } /** @@ -4972,12 +4972,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_031( +static KRML_MUSTINLINE void deserialize_then_decompress_u_f21( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4995,8 +4995,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_031( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_110(u_bytes); - ntt_vector_u_2e0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_900(u_bytes); + ntt_vector_u_850(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5010,7 +5010,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_631( +decompress_ciphertext_coefficient_e31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5035,9 +5035,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_801( +decompress_ciphertext_coefficient_0d_9f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_631(v); + return decompress_ciphertext_coefficient_e31(v); } /** @@ -5047,8 +5047,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_ab(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_4_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5057,7 +5057,7 @@ deserialize_then_decompress_4_ab(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_801(coefficient); + decompress_ciphertext_coefficient_0d_9f1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5070,7 +5070,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_632( +decompress_ciphertext_coefficient_e32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5095,9 +5095,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_802( +decompress_ciphertext_coefficient_0d_9f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_632(v); + return decompress_ciphertext_coefficient_e32(v); } /** @@ -5107,8 +5107,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_5c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_5_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5117,7 +5117,7 @@ deserialize_then_decompress_5_5c(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_802(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_9f2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5130,8 +5130,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_9f0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_5c(serialized); +deserialize_then_decompress_ring_element_v_c10(Eurydice_slice serialized) { + return deserialize_then_decompress_5_53(serialized); } /** @@ -5145,7 +5145,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_4b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_37(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5170,17 +5170,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a1( +compute_message_5e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e1(&result, &product);); - invert_ntt_montgomery_271(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_671(&result, &product);); + invert_ntt_montgomery_021(&result); + result = subtract_reduce_20_37(v, result); return result; } @@ -5190,13 +5190,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_80( +static KRML_MUSTINLINE void compress_then_serialize_message_44( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_39(re.coefficients[i0]); + to_unsigned_representative_19(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5220,19 +5220,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_681( +static void decrypt_unpacked_281( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_031(ciphertext, u_as_ntt); + deserialize_then_decompress_u_f21(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f0( + deserialize_then_decompress_ring_element_v_c10( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_5e1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_44(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5241,7 +5241,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_03(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5258,8 +5258,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c83(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -5284,15 +5284,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_681(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_281(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5303,7 +5303,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5311,17 +5311,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_174( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -5329,11 +5329,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_8e1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_b01(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5351,8 +5351,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_30(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_to_uncompressed_ring_element_ff(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5371,12 +5371,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_681( +static KRML_MUSTINLINE void deserialize_secret_key_d81( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5388,7 +5388,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_681( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_ff(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5410,10 +5410,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_421(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_681(secret_key, secret_as_ntt); + deserialize_secret_key_d81(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5425,7 +5425,7 @@ static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_681(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_281(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5451,7 +5451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_531( +void libcrux_ml_kem_ind_cca_decapsulate_c51( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5470,9 +5470,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b41(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_421(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5480,7 +5480,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5488,31 +5488,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_971(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_d91(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4a(Eurydice_array_to_slice((size_t)32U, + kdf_af_66(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_4a(shared_secret0, shared_secret1); + kdf_af_66(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5529,12 +5529,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_840( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5546,7 +5546,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_87(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5561,7 +5561,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f00( +static KRML_MUSTINLINE void serialize_secret_key_8b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5579,7 +5579,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f00( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5594,14 +5594,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_950( +static KRML_MUSTINLINE void serialize_public_key_eb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_f00(t_as_ntt, ret0); + serialize_secret_key_8b0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5621,15 +5621,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_140(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_c70( + deserialize_ring_elements_reduced_840( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_950( + serialize_public_key_eb0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5660,7 +5660,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d00(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5671,10 +5671,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_440( +static void closure_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_7f();); } /** @@ -5693,7 +5693,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_400(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5724,11 +5724,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_830(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(copy_of_input); + return shake128_init_absorb_final_400(copy_of_input); } /** @@ -5737,7 +5737,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a0( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5758,9 +5758,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_200( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_100(self, ret); + shake128_squeeze_first_three_blocks_9a0(self, ret); } /** @@ -5811,7 +5811,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_831( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f61( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5849,7 +5849,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5870,9 +5870,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_040( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ed0(self, ret); + shake128_squeeze_next_block_ea0(self, ret); } /** @@ -5923,7 +5923,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_832( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f62( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5962,9 +5962,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_d40( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_20_b2( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5983,25 +5983,25 @@ static KRML_MUSTINLINE void sample_from_xof_610( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_830(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_200(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_831( + bool done = sample_from_uniform_distribution_next_f61( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_c10(&xof_state, randomness); + shake128_squeeze_next_block_f1_040(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_832( + done = sample_from_uniform_distribution_next_f62( copy_of_randomness, sampled_coefficients, out); } } @@ -6010,7 +6010,7 @@ static KRML_MUSTINLINE void sample_from_xof_610( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_6a0(copy_of_out[i]);); + ret0[i] = closure_d40(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6023,12 +6023,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_450( +static KRML_MUSTINLINE void sample_matrix_A_b60( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_440(A_transpose[i]);); + closure_9a0(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6087,7 +6087,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d30(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6108,9 +6108,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_d30(input, ret); } /** @@ -6120,8 +6120,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_25(randomness); +sample_from_binomial_distribution_970(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_44(randomness); } /** @@ -6133,11 +6133,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_c00( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_20_7f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6149,12 +6149,12 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_bf0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c30( + re_as_ntt[i0] = sample_from_binomial_distribution_970( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6178,7 +6178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e0( +static KRML_MUSTINLINE void add_to_ring_element_20_670( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6202,14 +6202,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e0( +static KRML_MUSTINLINE void compute_As_plus_e_ea0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_7f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6230,10 +6230,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e0(&result0[i1], &product); + ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_670(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_5c(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6253,10 +6253,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_a10( +static tuple_4c0 generate_keypair_unpacked_6e0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_d00(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6264,15 +6264,15 @@ static tuple_4c0 generate_keypair_unpacked_a10( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_450(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_b60(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_c00(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6284,14 +6284,14 @@ static tuple_4c0 generate_keypair_unpacked_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_560(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_c00(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_0e0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ea0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -6340,10 +6340,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_a10( +static void closure_480( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_7f();); } /** @@ -6355,7 +6355,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6374,7 +6374,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6383,18 +6383,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_a10(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_6e0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a10(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_480(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_3a_6e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6404,19 +6404,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_950( + serialize_public_key_eb0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_fd0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6453,17 +6453,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c00( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_d80( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_a10(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_6e0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_950( + serialize_public_key_eb0( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f00(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_8b0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6487,7 +6487,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_fb( +static KRML_MUSTINLINE void serialize_kem_secret_key_b9( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6513,7 +6513,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_fb( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_fd0(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6543,7 +6543,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_010(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6552,13 +6552,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_c00(ind_cpa_keypair_randomness); + generate_keypair_d80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_fb( + serialize_kem_secret_key_b9( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6567,13 +6567,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_00( + uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); } /** @@ -6582,7 +6582,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d31(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6603,9 +6603,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_d31(input, ret); } /** @@ -6618,10 +6618,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_780(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_20_7f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6633,11 +6633,11 @@ sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_bf1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6663,9 +6663,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c82(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -6674,18 +6674,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_270( +static KRML_MUSTINLINE void invert_ntt_montgomery_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_1f(&zeta_i, re); + invert_ntt_at_layer_2_ea(&zeta_i, re); + invert_ntt_at_layer_3_2a(&zeta_i, re); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_42(re); } /** @@ -6694,14 +6694,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a20( +static KRML_MUSTINLINE void compute_vector_u_2e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_7f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6721,11 +6721,11 @@ static KRML_MUSTINLINE void compute_vector_u_a20( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e0(&result0[i1], &product); + ntt_multiply_20_e9(a_element, &r_as_ntt[j]); + add_to_ring_element_20_670(&result0[i1], &product); } - invert_ntt_montgomery_270(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_020(&result0[i1]); + add_error_reduce_20_07(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6743,18 +6743,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_040( +compute_ring_element_v_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e0(&result, &product);); - invert_ntt_montgomery_270(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_670(&result, &product);); + invert_ntt_montgomery_020(&result); + result = add_message_error_reduce_20_31(error_2, message, result); return result; } @@ -6764,14 +6764,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_51( +static KRML_MUSTINLINE void compress_then_serialize_10_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_73(to_unsigned_representative_39(re->coefficients[i0])); + compress_0d_17(to_unsigned_representative_19(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6789,10 +6789,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_51(re, uu____0); + compress_then_serialize_10_f4(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6805,7 +6805,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a40( +static void compress_then_serialize_u_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6821,7 +6821,7 @@ static void compress_then_serialize_u_a40( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4c(&re, ret); + compress_then_serialize_ring_element_u_f3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6834,9 +6834,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_53(re, out); + compress_then_serialize_4_d4(re, out); } /** @@ -6857,15 +6857,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e0( +static void encrypt_unpacked_b00( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_c00(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6875,7 +6875,7 @@ static void encrypt_unpacked_8e0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_150(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_780(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6883,31 +6883,31 @@ static void encrypt_unpacked_8e0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a20(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_2e0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_34(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_5d0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a40( + compress_then_serialize_u_fc0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc( + compress_then_serialize_ring_element_v_2f( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6932,11 +6932,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6946,7 +6946,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6959,7 +6959,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_8e0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_b00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6969,7 +6969,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6990,11 +6990,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_b2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5e(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7015,22 +7015,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d90(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_c70( + deserialize_ring_elements_reduced_840( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_450(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_b60(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -7060,7 +7060,7 @@ static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_8e0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_b00(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7075,11 +7075,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_97(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7101,27 +7101,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6b0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_b2( + entropy_preprocess_af_5e( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), + H_f1_fd0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7129,19 +7129,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_970(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_d90(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ff(shared_secret, shared_secret_array); + kdf_af_97(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7161,8 +7161,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_11(Eurydice_slice serialized) { - return deserialize_then_decompress_10_26(serialized); +deserialize_then_decompress_ring_element_u_90(Eurydice_slice serialized) { + return deserialize_then_decompress_10_a9(serialized); } /** @@ -7171,17 +7171,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2e( +static KRML_MUSTINLINE void ntt_vector_u_85( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_4c(&zeta_i, re); + ntt_at_layer_2_68(&zeta_i, re); + ntt_at_layer_1_9d(&zeta_i, re); + poly_barrett_reduce_20_42(re); } /** @@ -7192,12 +7192,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_030( +static KRML_MUSTINLINE void deserialize_then_decompress_u_f20( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7215,8 +7215,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_030( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); - ntt_vector_u_2e(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_90(u_bytes); + ntt_vector_u_85(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7230,8 +7230,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ab(serialized); +deserialize_then_decompress_ring_element_v_c1(Eurydice_slice serialized) { + return deserialize_then_decompress_4_e9(serialized); } /** @@ -7241,17 +7241,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a0( +compute_message_5e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e0(&result, &product);); - invert_ntt_montgomery_270(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_670(&result, &product);); + invert_ntt_montgomery_020(&result); + result = subtract_reduce_20_37(v, result); return result; } @@ -7265,19 +7265,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_680( +static void decrypt_unpacked_280( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_030(ciphertext, u_as_ntt); + deserialize_then_decompress_u_f20(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f( + deserialize_then_decompress_ring_element_v_c1( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_5e0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_44(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7291,8 +7291,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c81(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -7317,14 +7317,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_680(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_280(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -7335,7 +7335,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7343,17 +7343,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -7361,11 +7361,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_8e0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_b00(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7382,12 +7382,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_680( +static KRML_MUSTINLINE void deserialize_secret_key_d80( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7399,7 +7399,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_680( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_ff(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7421,10 +7421,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_420(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_680(secret_key, secret_as_ntt); + deserialize_secret_key_d80(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7436,7 +7436,7 @@ static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_680(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_280(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7462,7 +7462,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_530( +void libcrux_ml_kem_ind_cca_decapsulate_c50( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7480,9 +7480,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b40(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_420(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7490,7 +7490,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7498,31 +7498,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_970(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_d90(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ff(Eurydice_array_to_slice((size_t)32U, + kdf_af_97(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_ff(shared_secret0, shared_secret1); + kdf_af_97(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7539,12 +7539,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_84( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7556,7 +7556,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_87(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7571,7 +7571,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f0( +static KRML_MUSTINLINE void serialize_secret_key_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7589,7 +7589,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7604,14 +7604,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_95( +static KRML_MUSTINLINE void serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_f0(t_as_ntt, ret0); + serialize_secret_key_8b(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7631,15 +7631,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_14(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_c7( + deserialize_ring_elements_reduced_84( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7670,7 +7670,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7681,10 +7681,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_44( +static void closure_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_7f();); } /** @@ -7703,7 +7703,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_40(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7734,11 +7734,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_83(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(copy_of_input); + return shake128_init_absorb_final_40(copy_of_input); } /** @@ -7747,7 +7747,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7768,9 +7768,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_20( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_10(self, ret); + shake128_squeeze_first_three_blocks_9a(self, ret); } /** @@ -7821,7 +7821,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_83( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f6( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7859,7 +7859,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7880,9 +7880,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_04( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ed(self, ret); + shake128_squeeze_next_block_ea(self, ret); } /** @@ -7933,7 +7933,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_830( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f60( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7972,9 +7972,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_d4( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_20_b2( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7993,25 +7993,25 @@ static KRML_MUSTINLINE void sample_from_xof_61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_83(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_20(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_83( + bool done = sample_from_uniform_distribution_next_f6( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_c1(&xof_state, randomness); + shake128_squeeze_next_block_f1_04(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_830( + done = sample_from_uniform_distribution_next_f60( copy_of_randomness, sampled_coefficients, out); } } @@ -8020,7 +8020,7 @@ static KRML_MUSTINLINE void sample_from_xof_61( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_6a(copy_of_out[i]);); + ret0[i] = closure_d4(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8033,12 +8033,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_45( +static KRML_MUSTINLINE void sample_matrix_A_b6( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_44(A_transpose[i]);); + closure_9a(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8097,7 +8097,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d3(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -8118,9 +8118,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_d3(input, ret); } /** @@ -8132,11 +8132,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_c0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_20_7f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8148,12 +8148,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c3( + re_as_ntt[i0] = sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8177,7 +8177,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e( +static KRML_MUSTINLINE void add_to_ring_element_20_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8201,14 +8201,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e( +static KRML_MUSTINLINE void compute_As_plus_e_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_7f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8229,10 +8229,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e(&result0[i1], &product); + ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_67(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_5c(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8252,10 +8252,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a1( +static tuple_9b generate_keypair_unpacked_6e( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8263,15 +8263,15 @@ static tuple_9b generate_keypair_unpacked_a1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_45(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_b6(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_c0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8283,14 +8283,14 @@ static tuple_9b generate_keypair_unpacked_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_c0(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ea(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8339,10 +8339,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a1( +static void closure_48( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_20_7f();); } /** @@ -8354,7 +8354,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8373,7 +8373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8382,18 +8382,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_a1(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_6e(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_48(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_3a_6e(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8403,19 +8403,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_eb( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_fd(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -8452,17 +8452,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c0( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_d8( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a1(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_6e(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_eb( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_8b(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8486,7 +8486,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_cd( +static KRML_MUSTINLINE void serialize_kem_secret_key_91( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8512,7 +8512,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_cd( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8542,7 +8542,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8551,13 +8551,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_c0(ind_cpa_keypair_randomness); + generate_keypair_d8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_cd( + serialize_kem_secret_key_91( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8566,13 +8566,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_750( - uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_000( + uu____2, libcrux_ml_kem_types_from_07_780(copy_of_public_key)); } /** @@ -8585,10 +8585,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_78(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_20_7f();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8600,11 +8600,11 @@ sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8630,9 +8630,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c80(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -8641,18 +8641,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_27( +static KRML_MUSTINLINE void invert_ntt_montgomery_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_1f(&zeta_i, re); + invert_ntt_at_layer_2_ea(&zeta_i, re); + invert_ntt_at_layer_3_2a(&zeta_i, re); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_42(re); } /** @@ -8661,14 +8661,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a2( +static KRML_MUSTINLINE void compute_vector_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_20_7f();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8688,11 +8688,11 @@ static KRML_MUSTINLINE void compute_vector_u_a2( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e(&result0[i1], &product); + ntt_multiply_20_e9(a_element, &r_as_ntt[j]); + add_to_ring_element_20_67(&result0[i1], &product); } - invert_ntt_montgomery_27(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_02(&result0[i1]); + add_error_reduce_20_07(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8710,18 +8710,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_04( +compute_ring_element_v_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e(&result, &product);); - invert_ntt_montgomery_27(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_67(&result, &product);); + invert_ntt_montgomery_02(&result); + result = add_message_error_reduce_20_31(error_2, message, result); return result; } @@ -8734,7 +8734,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a4( +static void compress_then_serialize_u_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8750,7 +8750,7 @@ static void compress_then_serialize_u_a4( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4c(&re, ret); + compress_then_serialize_ring_element_u_f3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8774,15 +8774,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e( +static void encrypt_unpacked_b0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_c0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8792,7 +8792,7 @@ static void encrypt_unpacked_8e( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_15(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_78(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8800,31 +8800,31 @@ static void encrypt_unpacked_8e( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_2e(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_34(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_5d(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a4( + compress_then_serialize_u_fc( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc( + compress_then_serialize_ring_element_v_2f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8849,11 +8849,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -8863,7 +8863,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8876,7 +8876,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8886,7 +8886,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8907,11 +8907,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_ac(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_ec(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -8932,22 +8932,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_d9(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_c7( + deserialize_ring_elements_reduced_84( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_45(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_b6(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8977,7 +8977,7 @@ static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_b0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8992,11 +8992,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_3f(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_62(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -9018,27 +9018,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_ac( + entropy_preprocess_af_ec( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), + H_f1_fd(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9046,19 +9046,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_d9(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_3f(shared_secret, shared_secret_array); + kdf_af_62(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9079,12 +9079,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_03( +static KRML_MUSTINLINE void deserialize_then_decompress_u_f2( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9102,8 +9102,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_03( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); - ntt_vector_u_2e(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_90(u_bytes); + ntt_vector_u_85(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9117,17 +9117,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a( +compute_message_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e(&result, &product);); - invert_ntt_montgomery_27(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_67(&result, &product);); + invert_ntt_montgomery_02(&result); + result = subtract_reduce_20_37(v, result); return result; } @@ -9141,19 +9141,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_68( +static void decrypt_unpacked_28( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_03(ciphertext, u_as_ntt); + deserialize_then_decompress_u_f2(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f( + deserialize_then_decompress_ring_element_v_c1( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_5e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_44(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9167,8 +9167,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c8(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -9193,14 +9193,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_68(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_28(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -9211,7 +9211,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9219,17 +9219,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_173( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -9237,11 +9237,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_8e(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_b0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9258,12 +9258,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_68( +static KRML_MUSTINLINE void deserialize_secret_key_d8( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_20_7f();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9275,7 +9275,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_68( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_ff(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9297,10 +9297,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_68(secret_key, secret_as_ntt); + deserialize_secret_key_d8(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9312,7 +9312,7 @@ static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_68(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_28(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9338,7 +9338,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_53( +void libcrux_ml_kem_ind_cca_decapsulate_c5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9356,9 +9356,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9366,7 +9366,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9374,30 +9374,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_d9(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3f(Eurydice_array_to_slice((size_t)32U, + kdf_af_62(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3f(shared_secret0, shared_secret1); + kdf_af_62(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6bf72c982..bc60a3c22 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3d85b72ab..5c938e202 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_97(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_970(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_971(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_972(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_973(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_974(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index efded9269..5ef98a0d0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "internal/libcrux_sha3_avx2.h" @@ -52,7 +52,7 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { +rotate_left_21(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i), @@ -63,7 +63,7 @@ rotate_left_58(core_core_arch_x86___m256i x) { static KRML_MUSTINLINE core_core_arch_x86___m256i _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_21(b)); } /** @@ -196,7 +196,7 @@ with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { +new_1e_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -231,7 +231,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -373,13 +373,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a( +static KRML_MUSTINLINE void load_block_ef_16( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); + load_block_fe(uu____0, copy_of_b); } /** @@ -389,7 +389,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { +rotate_left_210(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i), @@ -404,9 +404,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); + return rotate_left_210(ab); } /** @@ -419,9 +419,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c1(a, b); + return _vxarq_u64_13(a, b); } /** @@ -431,7 +431,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { +rotate_left_211(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i), @@ -446,9 +446,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_130(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); + return rotate_left_211(ab); } /** @@ -461,9 +461,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c0( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c10(a, b); + return _vxarq_u64_130(a, b); } /** @@ -473,7 +473,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { +rotate_left_212(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i), @@ -488,9 +488,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_131(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); + return rotate_left_212(ab); } /** @@ -503,9 +503,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c1( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c11(a, b); + return _vxarq_u64_131(a, b); } /** @@ -515,7 +515,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { +rotate_left_213(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i), @@ -530,9 +530,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_132(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); + return rotate_left_213(ab); } /** @@ -545,9 +545,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c2( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c12(a, b); + return _vxarq_u64_132(a, b); } /** @@ -557,9 +557,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_133(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); + return rotate_left_21(ab); } /** @@ -572,9 +572,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c3( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c13(a, b); + return _vxarq_u64_133(a, b); } /** @@ -584,7 +584,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { +rotate_left_214(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i), @@ -599,9 +599,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_134(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); + return rotate_left_214(ab); } /** @@ -614,9 +614,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c4( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c14(a, b); + return _vxarq_u64_134(a, b); } /** @@ -626,7 +626,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { +rotate_left_215(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i), @@ -641,9 +641,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_135(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); + return rotate_left_215(ab); } /** @@ -656,9 +656,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c5( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c15(a, b); + return _vxarq_u64_135(a, b); } /** @@ -668,7 +668,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { +rotate_left_216(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i), @@ -683,9 +683,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_136(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); + return rotate_left_216(ab); } /** @@ -698,9 +698,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c6( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c16(a, b); + return _vxarq_u64_136(a, b); } /** @@ -710,7 +710,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { +rotate_left_217(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i), @@ -725,9 +725,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_137(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); + return rotate_left_217(ab); } /** @@ -740,9 +740,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c7( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c17(a, b); + return _vxarq_u64_137(a, b); } /** @@ -752,7 +752,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { +rotate_left_218(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i), @@ -767,9 +767,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_138(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); + return rotate_left_218(ab); } /** @@ -782,9 +782,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c8( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c18(a, b); + return _vxarq_u64_138(a, b); } /** @@ -794,7 +794,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { +rotate_left_219(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i), @@ -809,9 +809,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_139(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); + return rotate_left_219(ab); } /** @@ -824,9 +824,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c9( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c19(a, b); + return _vxarq_u64_139(a, b); } /** @@ -836,7 +836,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { +rotate_left_2110(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i), @@ -851,9 +851,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1310(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); + return rotate_left_2110(ab); } /** @@ -866,9 +866,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c10( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c110(a, b); + return _vxarq_u64_1310(a, b); } /** @@ -878,7 +878,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { +rotate_left_2111(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i), @@ -893,9 +893,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1311(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); + return rotate_left_2111(ab); } /** @@ -908,9 +908,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c11( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c111(a, b); + return _vxarq_u64_1311(a, b); } /** @@ -920,7 +920,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { +rotate_left_2112(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i), @@ -935,9 +935,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1312(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); + return rotate_left_2112(ab); } /** @@ -950,9 +950,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c12( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c112(a, b); + return _vxarq_u64_1312(a, b); } /** @@ -962,7 +962,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { +rotate_left_2113(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i), @@ -977,9 +977,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1313(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); + return rotate_left_2113(ab); } /** @@ -992,9 +992,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c13( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c113(a, b); + return _vxarq_u64_1313(a, b); } /** @@ -1004,7 +1004,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { +rotate_left_2114(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i), @@ -1019,9 +1019,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1314(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); + return rotate_left_2114(ab); } /** @@ -1034,9 +1034,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c14( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c114(a, b); + return _vxarq_u64_1314(a, b); } /** @@ -1046,7 +1046,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { +rotate_left_2115(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i), @@ -1061,9 +1061,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1315(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); + return rotate_left_2115(ab); } /** @@ -1076,9 +1076,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c15( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c115(a, b); + return _vxarq_u64_1315(a, b); } /** @@ -1088,7 +1088,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { +rotate_left_2116(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i), @@ -1103,9 +1103,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1316(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); + return rotate_left_2116(ab); } /** @@ -1118,9 +1118,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c16( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c116(a, b); + return _vxarq_u64_1316(a, b); } /** @@ -1130,7 +1130,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { +rotate_left_2117(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i), @@ -1145,9 +1145,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1317(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); + return rotate_left_2117(ab); } /** @@ -1160,9 +1160,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c17( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c117(a, b); + return _vxarq_u64_1317(a, b); } /** @@ -1172,7 +1172,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { +rotate_left_2118(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i), @@ -1187,9 +1187,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1318(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); + return rotate_left_2118(ab); } /** @@ -1202,9 +1202,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c18( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c118(a, b); + return _vxarq_u64_1318(a, b); } /** @@ -1214,7 +1214,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { +rotate_left_2119(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i), @@ -1229,9 +1229,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1319(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); + return rotate_left_2119(ab); } /** @@ -1244,9 +1244,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c19( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c119(a, b); + return _vxarq_u64_1319(a, b); } /** @@ -1256,7 +1256,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { +rotate_left_2120(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i), @@ -1271,9 +1271,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1320(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); + return rotate_left_2120(ab); } /** @@ -1286,9 +1286,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c20( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c120(a, b); + return _vxarq_u64_1320(a, b); } /** @@ -1298,7 +1298,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { +rotate_left_2121(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i), @@ -1313,9 +1313,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1321(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); + return rotate_left_2121(ab); } /** @@ -1328,9 +1328,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c21( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c121(a, b); + return _vxarq_u64_1321(a, b); } /** @@ -1340,7 +1340,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { +rotate_left_2122(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i), @@ -1355,9 +1355,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +_vxarq_u64_1322(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); + return rotate_left_2122(ab); } /** @@ -1370,9 +1370,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c22( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_c122(a, b); + return _vxarq_u64_1322(a, b); } /** @@ -1381,7 +1381,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_71( +static KRML_MUSTINLINE void theta_rho_3f( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i c[5U] = { xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1411,31 +1411,31 @@ static KRML_MUSTINLINE void theta_rho_71( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1445,7 +1445,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_01( +static KRML_MUSTINLINE void pi_d8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); @@ -1481,7 +1481,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_9b( +static KRML_MUSTINLINE void chi_95( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); @@ -1499,7 +1499,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_09( +static KRML_MUSTINLINE void iota_c9( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1511,14 +1511,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_07( +static KRML_MUSTINLINE void keccakf1600_4e( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); + theta_rho_3f(s); + pi_d8(s); + chi_95(s); + iota_c9(s, i0); } } @@ -1529,13 +1529,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_37( +static KRML_MUSTINLINE void absorb_block_26( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); + load_block_ef_16(uu____0, uu____1); + keccakf1600_4e(s); } /** @@ -1543,14 +1543,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91( +static KRML_MUSTINLINE void load_block_full_1d( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c7(s, buf); + load_block_fe(s, buf); } /** @@ -1562,13 +1562,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05( +static KRML_MUSTINLINE void load_block_full_ef_40( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); + load_block_full_1d(uu____0, copy_of_b); } /** @@ -1579,7 +1579,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1595,8 +1595,8 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_40(uu____3, uu____4); + keccakf1600_4e(s); } /** @@ -1604,7 +1604,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_78(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1734,7 +1734,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b( +static KRML_MUSTINLINE void store_block_full_61( core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1745,7 +1745,7 @@ static KRML_MUSTINLINE void store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_e9(s, buf); + store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1772,9 +1772,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99( +static KRML_MUSTINLINE void store_block_full_ef_83( core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); + store_block_full_61(a, ret); } /** @@ -1784,10 +1784,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( +static KRML_MUSTINLINE void squeeze_first_and_last_ac( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); + store_block_full_ef_83(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1808,9 +1808,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6( +static KRML_MUSTINLINE void store_block_ef_aa( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); + store_block_78(a, b); } /** @@ -1820,9 +1820,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_e9( +static KRML_MUSTINLINE void squeeze_first_block_b7( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); + store_block_ef_aa(s->st, out); } /** @@ -1832,10 +1832,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_1c( +static KRML_MUSTINLINE void squeeze_next_block_ff( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); + keccakf1600_4e(s); + store_block_ef_aa(s->st, out); } /** @@ -1845,11 +1845,11 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_77( +static KRML_MUSTINLINE void squeeze_last_0a( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); + keccakf1600_4e(&s); uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); + store_block_full_ef_83(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1869,9 +1869,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1881,7 +1881,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); + absorb_block_26(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1891,12 +1891,12 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); + squeeze_first_and_last_ac(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1904,7 +1904,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); + squeeze_first_block_b7(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1922,12 +1922,12 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); + squeeze_next_block_ff(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_77(s, o1); + squeeze_last_0a(s, o1); } } } @@ -1941,7 +1941,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); + keccak_9b(buf0, buf); } /** @@ -1949,7 +1949,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); + return new_1e_fa(); } /** @@ -1957,7 +1957,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe0(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2095,14 +2095,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910( +static KRML_MUSTINLINE void load_block_full_1d0( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c70(s, buf); + load_block_fe0(s, buf); } /** @@ -2114,13 +2114,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050( +static KRML_MUSTINLINE void load_block_full_ef_400( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); + load_block_full_1d0(uu____0, copy_of_b); } /** @@ -2131,7 +2131,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e0( +static KRML_MUSTINLINE void absorb_final_800( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2147,8 +2147,8 @@ static KRML_MUSTINLINE void absorb_final_5e0( core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_400(uu____3, uu____4); + keccakf1600_4e(s); } /** @@ -2158,7 +2158,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + absorb_final_800(s, buf); } /** @@ -2166,7 +2166,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_780(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2300,9 +2300,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60( +static KRML_MUSTINLINE void store_block_ef_aa0( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); + store_block_780(a, b); } /** @@ -2312,9 +2312,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_e90( +static KRML_MUSTINLINE void squeeze_first_block_b70( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); + store_block_ef_aa0(s->st, out); } /** @@ -2324,10 +2324,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_1c0( +static KRML_MUSTINLINE void squeeze_next_block_ff0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + keccakf1600_4e(s); + store_block_ef_aa0(s->st, out); } /** @@ -2337,7 +2337,7 @@ with const generics - N= 4 - RATE= 168 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +static KRML_MUSTINLINE void squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2345,15 +2345,15 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_ff0(s, o1); + squeeze_next_block_ff0(s, o2); } /** @@ -2363,7 +2363,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + squeeze_first_three_blocks_6d(s, buf); } /** @@ -2373,7 +2373,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); + squeeze_next_block_ff0(s, buf); } /** @@ -2383,7 +2383,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( +static KRML_MUSTINLINE void squeeze_first_five_blocks_58( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2391,29 +2391,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); + squeeze_next_block_ff0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_ff0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + squeeze_next_block_ff0(s, o3); + squeeze_next_block_ff0(s, o4); } /** @@ -2424,7 +2424,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + squeeze_first_five_blocks_58(s, buf); } /** @@ -2434,7 +2434,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + absorb_final_80(s, buf); } /** @@ -2445,7 +2445,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + squeeze_first_block_b7(s, buf); } /** @@ -2456,5 +2456,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + squeeze_next_block_ff(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6343f4989..c05a20f4c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index aad0794d0..fac672712 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_28(s, buf); } /** @@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_0d(s); + libcrux_sha3_generic_keccak_pi_f0(s); + libcrux_sha3_generic_keccak_chi_e2(s); + libcrux_sha3_generic_keccak_iota_ae(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_3d(a, b); } /** @@ -1431,9 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1443,10 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1454,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_280(s, buf); } /** @@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); } /** @@ -1511,7 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_3d0(a, b); } /** @@ -1573,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1585,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); } /** @@ -1616,13 +1616,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1630,12 +1630,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_3d(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1652,9 +1652,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_853(a, ret); } /** @@ -1665,10 +1665,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1691,11 +1691,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1719,10 +1719,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1733,7 +1733,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1743,12 +1743,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,7 +1756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1774,12 +1774,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); } } } @@ -1790,12 +1790,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); } /** @@ -1803,7 +1803,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1814,7 +1814,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1831,13 +1831,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); } /** @@ -1847,13 +1847,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1861,11 +1861,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_283(s, buf); } /** @@ -1877,13 +1877,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); } /** @@ -1894,7 +1894,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1913,8 +1913,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1922,7 +1922,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1940,12 +1940,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_3d3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1962,9 +1962,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_852(a, ret); } /** @@ -1975,10 +1975,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2003,9 +2003,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_3d3(a, b); } /** @@ -2015,9 +2015,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -2027,10 +2027,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -2040,11 +2040,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2068,10 +2068,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2082,7 +2082,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2092,12 +2092,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,7 +2105,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2123,12 +2123,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); } } } @@ -2139,12 +2139,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2163,7 +2163,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2180,13 +2180,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); } /** @@ -2196,13 +2196,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2210,11 +2210,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_282(s, buf); } /** @@ -2226,13 +2226,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); } /** @@ -2243,7 +2243,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2262,8 +2262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2271,7 +2271,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2289,12 +2289,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_3d2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2311,9 +2311,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_851(a, ret); } /** @@ -2324,10 +2324,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2352,9 +2352,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_3d2(a, b); } /** @@ -2364,9 +2364,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2376,10 +2376,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2389,11 +2389,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2417,10 +2417,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2431,7 +2431,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2441,12 +2441,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,7 +2454,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2472,12 +2472,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); } } } @@ -2488,12 +2488,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); } /** @@ -2505,13 +2505,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); } /** @@ -2521,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2535,12 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_3d0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2557,9 +2557,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_850(a, ret); } /** @@ -2570,10 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2596,11 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2624,10 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2638,7 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2648,12 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2661,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2695,12 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); } /** @@ -2711,7 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2730,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2742,10 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2756,7 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2766,12 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2779,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2813,12 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); } /** @@ -2826,7 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2854,13 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); } /** @@ -2870,13 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2884,11 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_281(s, buf); } /** @@ -2900,13 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); } /** @@ -2917,7 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2936,8 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2945,7 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2963,12 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_3d1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2984,9 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_85(a, ret); } /** @@ -2997,10 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3025,9 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_3d1(a, b); } /** @@ -3037,9 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -3049,10 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -3062,11 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3090,10 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3104,7 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3114,12 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3127,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); } } } @@ -3161,12 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index da552ce57..7fe004fad 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 11459ad8b..183656227 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 76cd050f0..7a7fb98ac 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 0576bfc67e99aae86c51930421072688138b672b -Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 -Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a -F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 -Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb +Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index d7b256985..49fa52216 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_core_H @@ -110,7 +110,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_1c(core_result_Result_6f self, +static inline void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; @@ -144,7 +144,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_34(core_result_Result_7a self, +static inline void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; @@ -178,7 +178,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_e8(core_result_Result_cd self, +static inline void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; @@ -227,7 +227,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_14( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_2f( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -242,7 +242,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_3a(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_78(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -276,7 +276,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_75(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_00(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -292,7 +292,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_20(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_1d(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -322,7 +322,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_30(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_89(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_7b( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -352,7 +352,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_172( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -384,7 +384,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_83(core_result_Result_00 self, +static inline void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; @@ -405,7 +405,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_171( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -425,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_49( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_f1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_170( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -457,7 +457,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_17( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -489,7 +489,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, +static inline void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; @@ -523,7 +523,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_ac(core_result_Result_56 self, +static inline void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 27cb005ca..b129ea5bd 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 54143cfb1..de5d59623 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem768_avx2_H @@ -804,7 +804,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, ret0); + core_result_unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -918,7 +918,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_e8(dst, ret0); + core_result_unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -1042,7 +1042,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_34(dst, ret0); + core_result_unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1205,7 +1205,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_1c(dst, ret0); + core_result_unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1356,7 +1356,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_98(void) { +libcrux_ml_kem_polynomial_ZERO_20_28(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1385,8 +1385,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -1397,10 +1397,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_05( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1418,12 +1418,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e4( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1436,7 +1436,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_05( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1469,8 +1469,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_98(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -1481,7 +1481,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_43( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1547,9 +1547,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_43( vector); } @@ -1561,10 +1561,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_b7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); LowStar_Ignore_ignore( Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, core_core_arch_x86___m256i), @@ -1578,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae( coefficient); } return re; @@ -1592,7 +1592,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_430( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -1658,9 +1658,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae0( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_430( vector); } @@ -1672,10 +1672,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_16( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1684,7 +1684,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae0( coefficient); } return re; @@ -1698,9 +1698,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_61( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_b7(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1716,7 +1716,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99( core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1729,11 +1729,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5(core_core_arch_x86___m256i a, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_86(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1747,7 +1747,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1760,7 +1760,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_86( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -1778,7 +1778,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1797,7 +1797,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_70( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_52( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1819,7 +1819,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_03( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1849,7 +1849,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1866,21 +1866,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_6e(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_52(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_03(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0(re); } /** @@ -1893,12 +1893,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1918,9 +1918,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_61( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b5(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1935,7 +1935,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_431( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2001,9 +2001,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae1( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_431( vector); } @@ -2015,10 +2015,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_45( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2027,7 +2027,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( core_core_arch_x86___m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae1( coefficient); } return re; @@ -2041,7 +2041,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_432( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -2107,9 +2107,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae2( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_432( vector); } @@ -2121,10 +2121,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_7e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -2132,7 +2132,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae2( re.coefficients[i0]); } return re; @@ -2146,9 +2146,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_82( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_58(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_45(serialized); } /** @@ -2163,11 +2163,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_15( +libcrux_ml_kem_polynomial_ntt_multiply_20_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2199,7 +2199,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_f3( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_02( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2221,7 +2221,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2248,7 +2248,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2271,7 +2271,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2292,14 +2292,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_76( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, int16_t zeta_r) { core_core_arch_x86___m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2312,7 +2312,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2327,7 +2327,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_76( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); core_core_arch_x86___m256i x = uu____0.fst; @@ -2345,22 +2345,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_18(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0(re); } /** @@ -2375,7 +2375,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_c4( +libcrux_ml_kem_polynomial_subtract_reduce_20_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2399,21 +2399,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_12( +libcrux_ml_kem_matrix_compute_message_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_c4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_a4(v, result); return result; } @@ -2424,7 +2424,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da( +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_88( core_core_arch_x86___m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, core_core_arch_x86___m256i); @@ -2441,9 +2441,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_09_06( +libcrux_ml_kem_vector_avx2_shift_right_09_14( core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_88(vector); } /** @@ -2454,10 +2454,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( +libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( core_core_arch_x86___m256i a) { core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_09_06(a); + libcrux_ml_kem_vector_avx2_shift_right_09_14(a); core_core_arch_x86___m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2472,13 +2472,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_33( +libcrux_ml_kem_serialize_compress_then_serialize_message_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( re.coefficients[i0]); core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2503,20 +2503,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_82( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_12(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_d4(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_33(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2531,11 +2531,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_a9(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_e4(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2547,7 +2547,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_02(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_6b(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2562,7 +2562,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2573,7 +2573,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c9( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2592,9 +2592,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_c9(input, ret); } /** @@ -2605,9 +2605,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9a( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b2( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -2618,10 +2618,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_60( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2643,12 +2643,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2661,7 +2661,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_60( ring_element); deserialized_pk[i0] = uu____0; } @@ -2678,8 +2678,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a1(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -2689,10 +2689,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d6( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fb( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } } @@ -2707,7 +2707,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2731,12 +2731,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( copy_of_input); } @@ -2748,7 +2748,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2784,9 +2784,9 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( self, ret); } @@ -2840,7 +2840,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2883,7 +2883,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2919,9 +2919,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd(self, ret); } /** @@ -2974,7 +2974,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3021,9 +3021,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3042,8 +3042,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_e9(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_84( +libcrux_ml_kem_sampling_sample_from_xof_closure_06(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3054,7 +3054,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f8( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3063,28 +3063,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c0( copy_of_randomness, sampled_coefficients, out); } } @@ -3094,7 +3094,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_e9(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_06(copy_of_out[i]); } memcpy( ret, ret0, @@ -3108,12 +3108,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_1c( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_d6(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_fb(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3133,7 +3133,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_0c(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_f8(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3193,8 +3193,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_48(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_80(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -3204,7 +3204,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_ef( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3243,9 +3243,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_ef(input, ret); } /** @@ -3305,7 +3305,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_53( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3340,7 +3340,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3352,7 +3352,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_04( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3386,7 +3386,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3398,9 +3398,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_53( randomness); } @@ -3411,7 +3411,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_68( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3434,20 +3434,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_68(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_cd(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_6e(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_52(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_03(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0(re); } /** @@ -3460,11 +3460,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3479,13 +3479,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3510,8 +3510,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_46(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -3524,11 +3524,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3543,11 +3543,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3570,7 +3570,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c90( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3589,9 +3589,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_c90(input, ret); } /** @@ -3602,8 +3602,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_73(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_compute_vector_u_closure_63(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -3617,7 +3617,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_87( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3639,14 +3639,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_92( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3667,12 +3667,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_8b(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_87(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3692,7 +3692,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_05(core_core_arch_x86___m256i v) { +libcrux_ml_kem_vector_traits_decompress_1_ac(core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -3707,10 +3707,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b3( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient_compressed = @@ -3718,7 +3718,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_05(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_ac(coefficient_compressed); } return re; } @@ -3735,7 +3735,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3763,22 +3763,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_6c( +libcrux_ml_kem_matrix_compute_ring_element_v_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_20_28(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_25( error_2, message, result); return result; } @@ -3791,7 +3791,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_16( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3859,8 +3859,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_92(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( +libcrux_ml_kem_vector_avx2_compress_09_d7(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_16( vector); } @@ -3872,15 +3872,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_a8( +libcrux_ml_kem_serialize_compress_then_serialize_10_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_92( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_avx2_compress_09_d7( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3900,7 +3900,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_160( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -3968,8 +3968,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_920(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( +libcrux_ml_kem_vector_avx2_compress_09_d70(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_160( vector); } @@ -3981,15 +3981,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_a5( +libcrux_ml_kem_serialize_compress_then_serialize_11_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_920( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_avx2_compress_09_d70( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -4010,10 +4010,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a8(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4027,7 +4027,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4043,7 +4043,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4058,7 +4058,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_161( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4126,8 +4126,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_921(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( +libcrux_ml_kem_vector_avx2_compress_09_d71(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_161( vector); } @@ -4139,7 +4139,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_42( +libcrux_ml_kem_serialize_compress_then_serialize_4_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4148,8 +4148,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_42( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_921( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_avx2_compress_09_d71( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -4168,7 +4168,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_162( core_core_arch_x86___m256i vector) { core_core_arch_x86___m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( @@ -4236,8 +4236,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_922(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( +libcrux_ml_kem_vector_avx2_compress_09_d72(core_core_arch_x86___m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_162( vector); } @@ -4249,7 +4249,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_8a( +libcrux_ml_kem_serialize_compress_then_serialize_5_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4258,8 +4258,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8a( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_09_922( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_avx2_compress_09_d72( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -4281,7 +4281,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_42(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f8(re, out); } /** @@ -4302,15 +4302,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_75( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4320,7 +4320,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4329,29 +4329,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_64(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_92(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_6c( + libcrux_ml_kem_matrix_compute_ring_element_v_87( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a9( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -4379,24 +4379,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_c3(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_43(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_1c(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4426,7 +4426,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_75(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4443,12 +4443,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_11( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_6e( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4474,7 +4474,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_ab( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4492,10 +4492,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_a9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4503,7 +4503,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4512,14 +4512,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4527,18 +4527,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_c3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11( + libcrux_ml_kem_ind_cca_kdf_43_6e( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_6e(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4570,10 +4570,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_b9( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_80( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_f5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab(private_key, ciphertext, ret); } /** @@ -4587,7 +4587,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_b9(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_80(private_key, ciphertext, ret); } @@ -4647,14 +4647,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_6b( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4665,7 +4665,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4674,17 +4674,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = @@ -4693,11 +4693,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_75( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4734,10 +4734,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_38( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_af( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2(key_pair, ciphertext, ret); } @@ -4752,7 +4752,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_38( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_af( private_key, ciphertext, ret); } @@ -4767,11 +4767,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4784,7 +4784,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4809,28 +4809,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4839,20 +4839,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_c3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_6e(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4885,14 +4885,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f7( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_34( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_10(uu____0, copy_of_randomness); } /** @@ -4910,7 +4910,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_f7( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_34( uu____0, copy_of_randomness); } @@ -4933,11 +4933,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4947,7 +4947,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4961,7 +4961,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_75(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4971,7 +4971,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5005,7 +5005,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_17( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5013,7 +5013,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_17( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( uu____0, copy_of_randomness); } @@ -5034,7 +5034,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_17( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_72( uu____0, copy_of_randomness); } @@ -5059,8 +5059,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_02(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_5a(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -5089,7 +5089,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -5111,14 +5111,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5140,12 +5140,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_2c( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -5166,10 +5166,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5177,15 +5177,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_43(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_1c(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5198,17 +5198,17 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_4b(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_25(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -5251,14 +5251,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -5278,7 +5278,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5296,7 +5296,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_44(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5312,14 +5312,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5344,17 +5344,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_f8(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_c4( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5380,7 +5380,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_56( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5406,7 +5406,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_31(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5436,7 +5436,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5445,13 +5445,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_f8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_1c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_56( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5460,13 +5460,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_00( + uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); } /** @@ -5482,12 +5482,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_56( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_47( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); } /** @@ -5499,7 +5499,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_56( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_47( copy_of_randomness); } @@ -5518,9 +5518,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_87( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_0c( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); + return libcrux_ml_kem_polynomial_ZERO_20_28(); } /** @@ -5538,10 +5538,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_e5( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); } } @@ -5557,7 +5557,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_4f( +libcrux_ml_kem_polynomial_clone_3a_e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; core_core_arch_x86___m256i ret[16U]; @@ -5583,7 +5583,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5592,7 +5592,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5600,7 +5600,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_e5(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5608,7 +5608,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_4f(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_e0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5620,20 +5620,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_c4( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5675,12 +5675,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_87( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_41( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( copy_of_randomness); } @@ -5694,7 +5694,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_87( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_41( copy_of_randomness); } @@ -5710,24 +5710,24 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_0a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_14(ciphertext), + libcrux_ml_kem_types_as_slice_a8_2f(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5755,7 +5755,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_ab0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5773,10 +5773,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_a9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5784,7 +5784,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5793,14 +5793,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5808,18 +5808,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_c3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f( + libcrux_ml_kem_ind_cca_kdf_6c_0a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_0a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5855,10 +5855,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_a6( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_f50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab0(private_key, ciphertext, ret); } /** @@ -5872,7 +5872,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_a6( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_71( private_key, ciphertext, ret); } @@ -5887,9 +5887,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_19( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); } /** @@ -5912,28 +5912,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_100( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_19( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5942,20 +5942,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_c3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_0a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5991,14 +5991,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_fc( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_53( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_100(uu____0, copy_of_randomness); } /** @@ -6016,7 +6016,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_fc( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_53( uu____0, copy_of_randomness); } @@ -6029,16 +6029,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_d2( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_c4( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6057,9 +6057,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_16( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_90( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_d2(public_key); } /** @@ -6072,7 +6072,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_16( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_90( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 6d265b102..7c6d62c24 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_mlkem768_portable_H @@ -134,7 +134,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_f9(dst, ret); + core_result_unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2438,7 +2438,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_9a(void) { +libcrux_ml_kem_polynomial_ZERO_20_7f(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2466,8 +2466,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_c8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_81(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -2477,10 +2477,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2499,12 +2499,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_6b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2517,7 +2517,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e4( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2549,8 +2549,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_32(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_2c(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -2560,7 +2560,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2585,9 +2585,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( v); } @@ -2598,10 +2598,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_e3( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2617,7 +2617,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( coefficient); re.coefficients[i0] = uu____0; } @@ -2631,7 +2631,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2656,9 +2656,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( v); } @@ -2669,10 +2669,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_60( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2681,7 +2681,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( coefficient); re.coefficients[i0] = uu____0; } @@ -2695,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_2b( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_e3(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_1e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_1e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_4c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_68( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2817,7 +2817,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2847,7 +2847,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2865,21 +2865,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_d3( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_4c(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_68(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_9d(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42(re); } /** @@ -2891,12 +2891,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ec( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2916,9 +2916,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_2b( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_d3(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_8d(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2932,7 +2932,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2957,9 +2957,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( v); } @@ -2970,10 +2970,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_e7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2982,7 +2982,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( coefficient); re.coefficients[i0] = uu____0; } @@ -2996,7 +2996,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3021,9 +3021,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( v); } @@ -3034,10 +3034,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_96( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3046,7 +3046,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3060,9 +3060,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6f( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_70(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_e7(serialized); } /** @@ -3076,11 +3076,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_ff( +libcrux_ml_kem_polynomial_ntt_multiply_20_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3113,7 +3113,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3137,7 +3137,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3163,7 +3163,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3185,7 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3207,7 +3207,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ee( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3215,7 +3215,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_1e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3228,7 +3228,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3243,7 +3243,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ee( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3260,22 +3260,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1f(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2a(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42(re); } /** @@ -3289,7 +3289,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_56( +libcrux_ml_kem_polynomial_subtract_reduce_20_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3315,21 +3315,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_29( +libcrux_ml_kem_matrix_compute_message_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_56(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_a2(v, result); return result; } @@ -3339,7 +3339,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_53( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3359,9 +3359,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_e7( +libcrux_ml_kem_vector_portable_shift_right_0d_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_53(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1(v); } /** @@ -3371,10 +3371,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_39( +libcrux_ml_kem_vector_traits_to_unsigned_representative_19( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_e7(a); + libcrux_ml_kem_vector_portable_shift_right_0d_be(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3388,13 +3388,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_7d( +libcrux_ml_kem_serialize_compress_then_serialize_message_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_traits_to_unsigned_representative_19( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3420,20 +3420,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ec( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ec(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_29(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_f7(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_7d(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_a1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3447,11 +3447,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_0f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_74(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_6b(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3463,7 +3463,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ec(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3477,7 +3477,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3487,7 +3487,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_03( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3505,9 +3505,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_03(input, ret); } /** @@ -3517,9 +3517,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_94( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -3529,10 +3529,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3554,12 +3554,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3572,7 +3572,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( ring_element); deserialized_pk[i0] = uu____0; } @@ -3589,8 +3589,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_0f(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_d2(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -3600,10 +3600,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_44( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_9a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } } @@ -3623,7 +3623,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3656,12 +3656,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( copy_of_input); } @@ -3672,7 +3672,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3696,10 +3696,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( self, ret); } @@ -3752,7 +3752,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f6( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3794,7 +3794,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3818,10 +3818,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea(self, ret); } @@ -3874,7 +3874,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f60( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3920,9 +3920,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_8d(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_b2(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3943,8 +3943,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_6a(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( +libcrux_ml_kem_sampling_sample_from_xof_closure_d4(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_b2( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3964,28 +3964,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f6( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f60( copy_of_randomness, sampled_coefficients, out); } } @@ -3995,7 +3995,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_6a(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_d4(copy_of_out[i]); } memcpy( ret, ret0, @@ -4009,12 +4009,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b6( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_44(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_9a(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4094,8 +4094,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_49(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_b1(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -4104,7 +4104,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d3( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4126,9 +4126,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_d3(input, ret); } /** @@ -4187,7 +4187,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0e( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4222,7 +4222,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( + return libcrux_ml_kem_polynomial_from_i16_array_20_b2( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4233,7 +4233,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_44( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4267,7 +4267,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( + return libcrux_ml_kem_polynomial_from_i16_array_20_b2( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4278,9 +4278,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0e( randomness); } @@ -4290,7 +4290,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4313,20 +4313,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_3e(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_9e(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_4c(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_68(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_9d(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42(re); } /** @@ -4339,11 +4339,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4358,13 +4358,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4389,8 +4389,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_69(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_72(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -4403,11 +4403,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_78(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4422,11 +4422,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4448,7 +4448,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_030( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4466,9 +4466,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_030(input, ret); } /** @@ -4478,8 +4478,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_e0(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ba(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -4492,7 +4492,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_fc( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4516,14 +4516,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4544,12 +4544,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_e9(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_fc(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_07(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4568,7 +4568,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_5f( +libcrux_ml_kem_vector_traits_decompress_1_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4583,10 +4583,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_34( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4596,7 +4596,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_5f(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_11(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4613,7 +4613,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4643,22 +4643,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_04( +libcrux_ml_kem_matrix_compute_ring_element_v_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_20_7f(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_31( error_2, message, result); return result; } @@ -4669,7 +4669,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f( +libcrux_ml_kem_vector_portable_compress_compress_0e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4692,9 +4692,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_73( +libcrux_ml_kem_vector_portable_compress_0d_17( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e(v); } /** @@ -4704,15 +4704,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_51( +libcrux_ml_kem_serialize_compress_then_serialize_10_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_73( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_17( + libcrux_ml_kem_vector_traits_to_unsigned_representative_19( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4730,7 +4730,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f0( +libcrux_ml_kem_vector_portable_compress_compress_0e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4753,9 +4753,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_730( +libcrux_ml_kem_vector_portable_compress_0d_170( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f0(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e0(v); } /** @@ -4765,15 +4765,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_25( +libcrux_ml_kem_serialize_compress_then_serialize_11_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_730( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_170( + libcrux_ml_kem_vector_traits_to_unsigned_representative_19( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4793,10 +4793,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_51(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_f4(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4809,7 +4809,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4825,7 +4825,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4838,7 +4838,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f1( +libcrux_ml_kem_vector_portable_compress_compress_0e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4861,9 +4861,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_731( +libcrux_ml_kem_vector_portable_compress_0d_171( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f1(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e1(v); } /** @@ -4873,7 +4873,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_53( +libcrux_ml_kem_serialize_compress_then_serialize_4_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4882,8 +4882,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_53( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_731( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_171( + libcrux_ml_kem_vector_traits_to_unsigned_representative_19( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4900,7 +4900,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f2( +libcrux_ml_kem_vector_portable_compress_compress_0e2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4923,9 +4923,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_732( +libcrux_ml_kem_vector_portable_compress_0d_172( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f2(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e2(v); } /** @@ -4935,7 +4935,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_94( +libcrux_ml_kem_serialize_compress_then_serialize_5_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4944,8 +4944,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_732( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_172( + libcrux_ml_kem_vector_traits_to_unsigned_representative_19( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4964,9 +4964,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_53(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_d4(re, out); } /** @@ -4987,15 +4987,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5005,7 +5005,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_78( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5014,33 +5014,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a2(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_2e(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_34( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( + libcrux_ml_kem_matrix_compute_ring_element_v_5d( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fc( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2f( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5064,24 +5064,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_d9(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_45(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_b6(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5111,7 +5111,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5127,12 +5127,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_dd( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -5157,7 +5157,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5175,10 +5175,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5186,7 +5186,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5195,14 +5195,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5210,18 +5210,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d9(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de( + libcrux_ml_kem_ind_cca_kdf_43_dd( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_dd(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5253,10 +5253,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_bc( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ee(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); } /** @@ -5269,7 +5269,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_bc( private_key, ciphertext, ret); } @@ -5333,10 +5333,10 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ec( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5347,7 +5347,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5356,17 +5356,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5375,11 +5375,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5415,7 +5415,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_e4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1(key_pair, ciphertext, @@ -5432,7 +5432,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_e4( private_key, ciphertext, ret); } @@ -5446,11 +5446,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b0( Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -5462,7 +5462,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5486,28 +5486,28 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5516,20 +5516,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d9(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_dd(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5561,14 +5561,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_74( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6b(uu____0, copy_of_randomness); } /** @@ -5585,7 +5585,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_74( uu____0, copy_of_randomness); } @@ -5608,11 +5608,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -5622,7 +5622,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5636,7 +5636,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5646,7 +5646,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5679,7 +5679,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_51( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5687,7 +5687,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uu____0, copy_of_randomness); } @@ -5707,7 +5707,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_51( uu____0, copy_of_randomness); } @@ -5731,8 +5731,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_47(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -5742,7 +5742,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_d6( +libcrux_ml_kem_vector_traits_to_standard_domain_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5759,7 +5759,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5767,7 +5767,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_d6( + libcrux_ml_kem_vector_traits_to_standard_domain_5f( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5783,14 +5783,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5812,12 +5812,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_5c( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5838,10 +5838,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5849,15 +5849,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_45(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_b6(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5870,17 +5870,17 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_0e(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_ea(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5922,14 +5922,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_traits_to_unsigned_representative_19( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5948,7 +5948,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5966,7 +5966,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5981,14 +5981,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_8b(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6013,17 +6013,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c0(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_d8(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_8b(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6048,7 +6048,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_91( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6074,7 +6074,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6104,7 +6104,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6113,13 +6113,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_d8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_91( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6128,13 +6128,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_00( + uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); } /** @@ -6150,12 +6150,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_14( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_01(copy_of_randomness); } /** @@ -6166,7 +6166,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_14( copy_of_randomness); } @@ -6185,9 +6185,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_bc( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); + return libcrux_ml_kem_polynomial_ZERO_20_7f(); } /** @@ -6205,10 +6205,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); } } @@ -6223,7 +6223,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_78( +libcrux_ml_kem_polynomial_clone_3a_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6251,7 +6251,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6260,7 +6260,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6268,7 +6268,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6276,7 +6276,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_58(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6288,20 +6288,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6342,12 +6342,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_f5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( copy_of_randomness); } @@ -6360,7 +6360,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_f5( copy_of_randomness); } @@ -6375,24 +6375,24 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_cc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_14(ciphertext), + libcrux_ml_kem_types_as_slice_a8_2f(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6419,7 +6419,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6437,10 +6437,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6448,7 +6448,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6457,14 +6457,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -6472,18 +6472,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_d9(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8( + libcrux_ml_kem_ind_cca_kdf_6c_cc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_cc(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6519,10 +6519,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_be( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ee0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); } /** @@ -6535,7 +6535,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_be( private_key, ciphertext, ret); } @@ -6549,9 +6549,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_05( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); } /** @@ -6573,28 +6573,28 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_05( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6603,20 +6603,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_d9(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_cc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6652,14 +6652,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f9( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_6b0(uu____0, copy_of_randomness); } /** @@ -6676,7 +6676,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f9( uu____0, copy_of_randomness); } @@ -6688,16 +6688,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_36( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_14( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6715,9 +6715,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_52( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_14(public_key); } /** @@ -6729,7 +6729,7 @@ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_52( public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2d5e861fa..e5ecc42d1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_sha3_avx2_H @@ -69,7 +69,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_21(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, core_core_arch_x86___m256i), @@ -83,7 +83,7 @@ libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); + uu____0, libcrux_sha3_simd_avx2_rotate_left_21(b)); } /** @@ -241,7 +241,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { +libcrux_sha3_generic_keccak_new_1e_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -277,7 +277,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -420,13 +420,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_16( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_fe(uu____0, copy_of_b); } /** @@ -437,7 +437,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_210(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, core_core_arch_x86___m256i), @@ -453,10 +453,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); + return libcrux_sha3_simd_avx2_rotate_left_210(ab); } /** @@ -471,9 +471,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_13(a, b); } /** @@ -484,7 +484,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_211(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, core_core_arch_x86___m256i), @@ -500,10 +500,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_130(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); + return libcrux_sha3_simd_avx2_rotate_left_211(ab); } /** @@ -518,9 +518,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_130(a, b); } /** @@ -531,7 +531,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_212(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, core_core_arch_x86___m256i), @@ -547,10 +547,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_131(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); + return libcrux_sha3_simd_avx2_rotate_left_212(ab); } /** @@ -565,9 +565,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_131(a, b); } /** @@ -578,7 +578,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_213(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, core_core_arch_x86___m256i), @@ -594,10 +594,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_132(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); + return libcrux_sha3_simd_avx2_rotate_left_213(ab); } /** @@ -612,9 +612,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_132(a, b); } /** @@ -625,10 +625,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_133(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); + return libcrux_sha3_simd_avx2_rotate_left_21(ab); } /** @@ -643,9 +643,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_133(a, b); } /** @@ -656,7 +656,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_214(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, core_core_arch_x86___m256i), @@ -672,10 +672,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_134(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); + return libcrux_sha3_simd_avx2_rotate_left_214(ab); } /** @@ -690,9 +690,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_134(a, b); } /** @@ -703,7 +703,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_215(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, core_core_arch_x86___m256i), @@ -719,10 +719,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_135(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); + return libcrux_sha3_simd_avx2_rotate_left_215(ab); } /** @@ -737,9 +737,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_135(a, b); } /** @@ -750,7 +750,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_216(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, core_core_arch_x86___m256i), @@ -766,10 +766,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_136(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); + return libcrux_sha3_simd_avx2_rotate_left_216(ab); } /** @@ -784,9 +784,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_136(a, b); } /** @@ -797,7 +797,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_217(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, core_core_arch_x86___m256i), @@ -813,10 +813,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_137(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); + return libcrux_sha3_simd_avx2_rotate_left_217(ab); } /** @@ -831,9 +831,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_137(a, b); } /** @@ -844,7 +844,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_218(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, core_core_arch_x86___m256i), @@ -860,10 +860,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_138(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); + return libcrux_sha3_simd_avx2_rotate_left_218(ab); } /** @@ -878,9 +878,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_138(a, b); } /** @@ -891,7 +891,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_219(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, core_core_arch_x86___m256i), @@ -907,10 +907,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_139(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); + return libcrux_sha3_simd_avx2_rotate_left_219(ab); } /** @@ -925,9 +925,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_139(a, b); } /** @@ -938,7 +938,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2110(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, core_core_arch_x86___m256i), @@ -954,10 +954,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1310(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); + return libcrux_sha3_simd_avx2_rotate_left_2110(ab); } /** @@ -972,9 +972,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1310(a, b); } /** @@ -985,7 +985,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2111(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, core_core_arch_x86___m256i), @@ -1001,10 +1001,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1311(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); + return libcrux_sha3_simd_avx2_rotate_left_2111(ab); } /** @@ -1019,9 +1019,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1311(a, b); } /** @@ -1032,7 +1032,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2112(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, core_core_arch_x86___m256i), @@ -1048,10 +1048,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1312(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); + return libcrux_sha3_simd_avx2_rotate_left_2112(ab); } /** @@ -1066,9 +1066,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1312(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2113(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, core_core_arch_x86___m256i), @@ -1095,10 +1095,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1313(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); + return libcrux_sha3_simd_avx2_rotate_left_2113(ab); } /** @@ -1113,9 +1113,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1313(a, b); } /** @@ -1126,7 +1126,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2114(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, core_core_arch_x86___m256i), @@ -1142,10 +1142,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1314(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); + return libcrux_sha3_simd_avx2_rotate_left_2114(ab); } /** @@ -1160,9 +1160,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1314(a, b); } /** @@ -1173,7 +1173,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2115(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, core_core_arch_x86___m256i), @@ -1189,10 +1189,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1315(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); + return libcrux_sha3_simd_avx2_rotate_left_2115(ab); } /** @@ -1207,9 +1207,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1315(a, b); } /** @@ -1220,7 +1220,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2116(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, core_core_arch_x86___m256i), @@ -1236,10 +1236,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1316(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); + return libcrux_sha3_simd_avx2_rotate_left_2116(ab); } /** @@ -1254,9 +1254,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1316(a, b); } /** @@ -1267,7 +1267,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2117(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, core_core_arch_x86___m256i), @@ -1283,10 +1283,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1317(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); + return libcrux_sha3_simd_avx2_rotate_left_2117(ab); } /** @@ -1301,9 +1301,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1317(a, b); } /** @@ -1314,7 +1314,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2118(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, core_core_arch_x86___m256i), @@ -1330,10 +1330,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1318(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); + return libcrux_sha3_simd_avx2_rotate_left_2118(ab); } /** @@ -1348,9 +1348,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1318(a, b); } /** @@ -1361,7 +1361,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2119(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, core_core_arch_x86___m256i), @@ -1377,10 +1377,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1319(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); + return libcrux_sha3_simd_avx2_rotate_left_2119(ab); } /** @@ -1395,9 +1395,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1319(a, b); } /** @@ -1408,7 +1408,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2120(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, core_core_arch_x86___m256i), @@ -1424,10 +1424,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1320(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); + return libcrux_sha3_simd_avx2_rotate_left_2120(ab); } /** @@ -1442,9 +1442,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1320(a, b); } /** @@ -1455,7 +1455,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2121(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, core_core_arch_x86___m256i), @@ -1471,10 +1471,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1321(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); + return libcrux_sha3_simd_avx2_rotate_left_2121(ab); } /** @@ -1489,9 +1489,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1321(a, b); } /** @@ -1502,7 +1502,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2122(core_core_arch_x86___m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, core_core_arch_x86___m256i), @@ -1518,10 +1518,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2__vxarq_u64_1322(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); + return libcrux_sha3_simd_avx2_rotate_left_2122(ab); } /** @@ -1536,9 +1536,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); + return libcrux_sha3_simd_avx2__vxarq_u64_1322(a, b); } /** @@ -1548,7 +1548,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_3f( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i c[5U] = { libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], @@ -1589,53 +1589,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); core_core_arch_x86___m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1646,7 +1646,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); @@ -1683,7 +1683,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_95( libcrux_sha3_generic_keccak_KeccakState_29 *s) { core_core_arch_x86___m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); @@ -1705,7 +1705,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_c9( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1718,14 +1718,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_4e( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); + libcrux_sha3_generic_keccak_theta_rho_3f(s); + libcrux_sha3_generic_keccak_pi_d8(s); + libcrux_sha3_generic_keccak_chi_95(s); + libcrux_sha3_generic_keccak_iota_c9(s, i0); } } @@ -1737,13 +1737,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_26( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { core_core_arch_x86___m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_ef_16(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -1752,14 +1752,14 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); + libcrux_sha3_simd_avx2_load_block_fe(s, buf); } /** @@ -1772,13 +1772,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_40( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d(uu____0, copy_of_b); } /** @@ -1790,7 +1790,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1809,8 +1809,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_40(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -1819,7 +1819,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_78( core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1950,7 +1950,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61( core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1961,7 +1961,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); + libcrux_sha3_simd_avx2_store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1989,9 +1989,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_83( core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); + libcrux_sha3_simd_avx2_store_block_full_61(a, ret); } /** @@ -2003,10 +2003,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( +libcrux_sha3_generic_keccak_squeeze_first_and_last_ac( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_83(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2032,9 +2032,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); + libcrux_sha3_simd_avx2_store_block_78(a, b); } /** @@ -2045,9 +2045,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b7( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); } /** @@ -2058,10 +2058,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); } /** @@ -2072,11 +2072,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_0a( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); + libcrux_sha3_generic_keccak_keccakf1600_4e(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_83(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2101,10 +2101,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); + libcrux_sha3_generic_keccak_new_1e_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2115,7 +2115,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_26(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -2125,12 +2125,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_ac(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2138,7 +2138,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b7(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2156,12 +2156,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_ff(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_0a(s, o1); } } } @@ -2176,7 +2176,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + libcrux_sha3_generic_keccak_keccak_9b(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2188,7 +2188,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); + return libcrux_sha3_generic_keccak_new_1e_fa(); } /** @@ -2197,7 +2197,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2336,14 +2336,14 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d0( core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); + libcrux_sha3_simd_avx2_load_block_fe0(s, buf); } /** @@ -2356,13 +2356,13 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_400( core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { core_core_arch_x86___m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d0(uu____0, copy_of_b); } /** @@ -2374,7 +2374,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2393,8 +2393,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_400(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -2406,7 +2406,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); + libcrux_sha3_generic_keccak_absorb_final_800(s, buf); } /** @@ -2415,7 +2415,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_780( core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2550,9 +2550,9 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa0( core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); + libcrux_sha3_simd_avx2_store_block_780(a, b); } /** @@ -2563,9 +2563,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b70( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); } /** @@ -2576,10 +2576,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); } /** @@ -2591,7 +2591,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2599,15 +2599,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); } /** @@ -2619,7 +2619,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); } /** @@ -2631,7 +2631,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, buf); } /** @@ -2643,7 +2643,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2651,29 +2651,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o4); } /** @@ -2685,7 +2685,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58(s, buf); } /** @@ -2697,7 +2697,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_80(s, buf); } /** @@ -2709,7 +2709,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_b7(s, buf); } /** @@ -2721,7 +2721,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_ff(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index c0fcc0c6d..da59f6f74 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 0576bfc67e99aae86c51930421072688138b672b - * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 - * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 37cab5179bba258e13e25e12d3d720f8bb922382 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb + * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -264,13 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); } /** @@ -280,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -291,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); } /** @@ -307,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -318,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -329,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); } /** @@ -345,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); } /** @@ -356,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -367,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); } /** @@ -383,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); } /** @@ -394,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -405,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); } /** @@ -421,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); } /** @@ -432,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc(ab); } /** @@ -448,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); } /** @@ -459,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -470,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); } /** @@ -486,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); } /** @@ -497,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -508,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); } /** @@ -524,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); } /** @@ -535,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -546,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); } /** @@ -562,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); } /** @@ -573,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -584,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); } /** @@ -600,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); } /** @@ -611,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -622,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); } /** @@ -638,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); } /** @@ -649,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -660,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); } /** @@ -676,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); } /** @@ -687,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -698,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); } /** @@ -714,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); } /** @@ -725,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -736,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); } /** @@ -752,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); } /** @@ -763,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -774,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); } /** @@ -790,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); } /** @@ -801,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -812,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); } /** @@ -828,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); } /** @@ -839,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -850,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); } /** @@ -866,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); } /** @@ -877,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -888,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); } /** @@ -904,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); } /** @@ -915,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -926,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); } /** @@ -942,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); } /** @@ -953,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -964,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); } /** @@ -980,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); } /** @@ -991,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1002,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); } /** @@ -1018,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); } /** @@ -1029,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1040,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); } /** @@ -1056,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); } /** @@ -1067,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1078,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); } /** @@ -1094,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); } /** @@ -1105,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1116,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); } /** @@ -1132,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); } /** @@ -1143,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1154,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); } /** @@ -1170,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); } /** @@ -1180,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1216,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1272,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1308,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1341,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_0d(s); + libcrux_sha3_generic_keccak_pi_f0(s); + libcrux_sha3_generic_keccak_chi_e2(s); + libcrux_sha3_generic_keccak_iota_ae(s, i0); } } @@ -1359,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1373,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_28(s, buf); } /** @@ -1389,13 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); } /** @@ -1406,7 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1425,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1434,7 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1452,12 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_3d(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1473,9 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_85(a, ret); } /** @@ -1486,10 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_3d(a, b); } /** @@ -1526,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1538,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1551,11 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1579,10 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1593,7 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1603,12 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1616,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1634,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); } } } @@ -1650,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); } /** @@ -1665,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_97(buf0, buf); } /** @@ -1673,7 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1701,13 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); } /** @@ -1717,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1731,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_280(s, buf); } /** @@ -1747,13 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); } /** @@ -1764,7 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1783,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1792,7 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1810,12 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_3d0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1832,9 +1832,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_850(a, ret); } /** @@ -1845,10 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1873,9 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_3d0(a, b); } /** @@ -1885,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1897,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1910,11 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1938,10 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1952,7 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1962,12 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1993,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2009,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); } /** @@ -2024,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_970(buf0, buf); } /** @@ -2035,7 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2054,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2066,10 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2080,7 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2090,12 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2103,7 +2103,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2121,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2137,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_971(buf0, buf); } /** @@ -2249,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -2257,7 +2257,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2268,7 +2268,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2281,11 +2281,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_281(s, buf); } /** @@ -2297,13 +2297,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); } /** @@ -2314,7 +2314,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2333,8 +2333,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2344,7 +2344,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f32(s, buf); } /** @@ -2352,7 +2352,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2374,9 +2374,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_3d1(a, b); } /** @@ -2386,9 +2386,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -2398,10 +2398,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -2412,7 +2412,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2420,15 +2420,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); } /** @@ -2438,7 +2438,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); } /** @@ -2448,7 +2448,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2494,7 +2494,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2505,7 +2505,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2522,13 +2522,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); } /** @@ -2538,13 +2538,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2552,11 +2552,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_282(s, buf); } /** @@ -2568,13 +2568,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); } /** @@ -2585,7 +2585,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2604,8 +2604,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2613,7 +2613,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2631,12 +2631,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_3d2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2653,9 +2653,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_851(a, ret); } /** @@ -2666,10 +2666,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2694,9 +2694,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_3d2(a, b); } /** @@ -2706,9 +2706,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2718,10 +2718,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2731,11 +2731,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2759,10 +2759,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2773,7 +2773,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2783,12 +2783,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2796,7 +2796,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2814,12 +2814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); } } } @@ -2830,12 +2830,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); } /** @@ -2845,7 +2845,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_972(buf0, buf); } /** @@ -2853,7 +2853,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2864,7 +2864,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2881,13 +2881,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); } /** @@ -2897,13 +2897,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2911,11 +2911,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_283(s, buf); } /** @@ -2927,13 +2927,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); } /** @@ -2944,7 +2944,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2963,8 +2963,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2972,7 +2972,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2990,12 +2990,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_3d3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3012,9 +3012,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_852(a, ret); } /** @@ -3025,10 +3025,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3053,9 +3053,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_3d3(a, b); } /** @@ -3065,9 +3065,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -3077,10 +3077,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -3090,11 +3090,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3118,10 +3118,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3132,7 +3132,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3142,12 +3142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3155,7 +3155,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3173,12 +3173,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); } } } @@ -3189,12 +3189,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); } /** @@ -3204,7 +3204,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_973(buf0, buf); } /** @@ -3295,13 +3295,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); } /** @@ -3311,13 +3311,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -3325,12 +3325,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_3d1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3347,9 +3347,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_853(a, ret); } /** @@ -3360,10 +3360,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3386,11 +3386,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3414,10 +3414,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3428,7 +3428,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3438,12 +3438,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3451,7 +3451,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3469,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); } } } @@ -3485,12 +3485,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); } /** @@ -3500,7 +3500,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_974(buf0, buf); } /** @@ -3565,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3573,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o4); } /** @@ -3605,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); } /** @@ -3615,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f31(s, buf); } /** @@ -3623,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -3633,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); } /** @@ -3643,7 +3643,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); } /** From 0de2f9404bb55f6892eddfbb387d5038b0d22356 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 30 Aug 2024 21:06:03 +0000 Subject: [PATCH 180/348] stabilize ind-cca --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 29 +++++++++---------- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 1 + libcrux-ml-kem/src/ind_cca.rs | 3 +- 3 files changed, 17 insertions(+), 16 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a037dd8e4..3bc04ccdc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -188,6 +188,8 @@ let validate_public_key in public_key =. public_key_serialized +#push-options "--admit_smt_queries true" + #push-options "--z3rlimit 500" let decapsulate @@ -312,21 +314,18 @@ let decapsulate shared_secret ciphertext in - let shared_secret:t_Array u8 (sz 32) = - Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref - #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - #(t_Slice u8) - #FStar.Tactics.Typeclasses.solve - ciphertext - <: - t_Slice u8) - (expected_ciphertext <: t_Slice u8) - (shared_secret <: t_Slice u8) - (implicit_rejection_shared_secret <: t_Slice u8) - in - let result:t_Array u8 (sz 32) = shared_secret in - let _:Prims.unit = admit () (* Panic freedom *) in - result + Libcrux_ml_kem.Constant_time_ops.compare_ciphertexts_select_shared_secret_in_constant_time (Core.Convert.f_as_ref + #(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + #(t_Slice u8) + #FStar.Tactics.Typeclasses.solve + ciphertext + <: + t_Slice u8) + (expected_ciphertext <: t_Slice u8) + (shared_secret <: t_Slice u8) + (implicit_rejection_shared_secret <: t_Slice u8) + +#pop-options #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 1ff7c7914..3c0d4a676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -206,6 +206,7 @@ let impl: t_Variant t_MlKem = Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) } +/// This code verifies on some machines, runs out of memory on others val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index dae6d21b5..8fca943a2 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -230,8 +230,9 @@ fn encapsulate< (ciphertext, shared_secret_array) } +/// This code verifies on some machines, runs out of memory on others #[hax_lib::fstar::options("--z3rlimit 500")] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ From bc4581848d529fa56bbd254bc216ece74f6b0657 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 31 Aug 2024 06:05:22 +0200 Subject: [PATCH 181/348] arith --- Cargo.lock | 6 +- fstar-helpers/Makefile.template | 2 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 351 ++++++++++-------- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 16 +- .../proofs/fstar/spec/Spec.Utils.fst | 15 +- .../src/vector/portable/arithmetic.rs | 105 ++++-- 6 files changed, 296 insertions(+), 199 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9625ede51..5f2fba10d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#205ea2636d32bdaf6e260247b7dc01830dba1424" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#205ea2636d32bdaf6e260247b7dc01830dba1424" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#205ea2636d32bdaf6e260247b7dc01830dba1424" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "proc-macro2", "quote", diff --git a/fstar-helpers/Makefile.template b/fstar-helpers/Makefile.template index 9faae3841..21c442597 100644 --- a/fstar-helpers/Makefile.template +++ b/fstar-helpers/Makefile.template @@ -150,7 +150,7 @@ FINDLIBS.sh: include-dirs: $(Q)bash -c '${FINDLIBS}' -FSTAR_FLAGS = --query_stats \ +FSTAR_FLAGS = \ --warn_error -321-331-241-274-239-271 \ --cache_checked_modules --cache_dir $(CACHE_DIR) \ --already_cached "+Prims+FStar+LowStar+C+Spec.Loops+TestLib" \ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index da78ce70c..ad77d31dc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -161,46 +161,62 @@ let montgomery_reduce_element (value: i32) = #pop-options +#push-options "--z3rlimit 100" + let montgomery_multiply_fe_by_fer (fe fer: i16) = let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer in let product:i32 = (cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) in montgomery_reduce_element product +#pop-options + +#push-options "--z3rlimit 150" + let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun lhs temp_1_ -> + (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:usize = temp_1_ in - true) + let i:usize = i in + (forall j. + j < v i ==> + (Seq.index lhs.f_elements j) == + (Seq.index v__lhs0.f_elements j) +. (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let i:usize = i in - { - lhs with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (Core.Num.impl__i16__wrapping_add (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - i16) + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + lhs with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (Core.Num.impl__i16__wrapping_add (lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + lhs) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) ( +. ) v__lhs0.f_elements rhs.f_elements; + Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( +. ) v__lhs0.f_elements rhs.f_elements) + in + lhs + +#pop-options let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -241,62 +257,77 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe result let bitwise_and_with_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) &. c <: i16) + (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j &. c) + ) /\ (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j) + ) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) &. c + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x &. c) v__vec0.f_elements; + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) v__vec0.f_elements) + in + vec -let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - Seq.length v.f_elements == Seq.length v__vec0.f_elements) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (forall j. + j < v i ==> + Seq.index vec.f_elements j == + (let x = Seq.index v__vec0.f_elements j in + if x >=. 3329s then x -! 3329s else x)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in if - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s <: bool + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s + <: + bool then { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s <: i16) <: @@ -304,11 +335,18 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - else v) + else vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map_index #_ + #_ + #(sz 16) + (fun x -> if x >=. 3329s then x -! 3329s else x) + v__vec0.f_elements; + Seq.lemma_eq_intro vec.f_elements + (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) v__vec0.f_elements) + in + vec let montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -347,106 +385,129 @@ let montgomery_multiply_by_constant in v -let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (Core.Num.impl__i16__wrapping_mul (v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - c - <: - i16) + (forall j. + j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *. c) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (Core.Num.impl__i16__wrapping_mul (vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + c + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x *. c) v__vec0.f_elements; + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x *. c) v__vec0.f_elements) + in + vec -let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >>! v_SHIFT_BY - <: - i16) + (forall j. + j < v i ==> + Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j >>! v_SHIFT_BY)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >>! + v_SHIFT_BY + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements; + Seq.lemma_eq_intro vec.f_elements + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements) + in + vec let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun lhs temp_1_ -> + (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:usize = temp_1_ in - true) + let i:usize = i in + (forall j. + j < v i ==> + (Seq.index lhs.f_elements j) == + (Seq.index v__lhs0.f_elements j) -. (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let i:usize = i in - { - lhs with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (Core.Num.impl__i16__wrapping_sub (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - i16) + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + lhs with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (Core.Num.impl__i16__wrapping_sub (lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + lhs) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) ( -. ) v__lhs0.f_elements rhs.f_elements; + Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( -. ) v__lhs0.f_elements rhs.f_elements) + in + lhs diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index d4bb456f7..4461478d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -87,23 +87,23 @@ val barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe Spec.MLKEM.Math.to_spec_array vec.f_elements) val bitwise_and_with_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map_array (fun x -> x &. c) (v.f_elements)) + result.f_elements == Spec.Utils.map_array (fun x -> x &. c) (vec.f_elements)) -val cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +val cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in result.f_elements == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (v.f_elements)) + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (vec.f_elements)) val montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -112,22 +112,22 @@ val montgomery_multiply_by_constant (requires Spec.Utils.is_i16b 3328 c) (fun _ -> Prims.l_True) -val multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) +val multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map_array (fun x -> x *. c) (v.f_elements)) + result.f_elements == Spec.Utils.map_array (fun x -> x *. c) (vec.f_elements)) -val shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +val shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> - result.f_elements == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (v.f_elements)) + result.f_elements == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec.f_elements)) val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 463bb1d5a..1ce80b1e9 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -15,13 +15,22 @@ let map_array #a #b #len (s: t_Array a len): t_Array b len = createi (length s) (fun i -> f (Seq.index s (v i))) -let map2 #a #b #c (#len:usize{v len < pow2 32}) +let map2 #a #b #c #len (f:a -> b -> c) (x: t_Array a len) (y: t_Array b len): t_Array c len - = Lib.Sequence.map2 #a #b #c #(v len) f x y + = createi (length x) (fun i -> f (Seq.index x (v i)) (Seq.index y (v i))) let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 - + +let lemma_create_index #a len f: + Lemma (forall i. Seq.index (createi #a len f) i == f (sz i)) = admit () + +let lemma_map_index #a #b #len f x: + Lemma (forall i. Seq.index (map_array #a #b #len f x) i == f (Seq.index x i)) = admit () + +let lemma_map2_index #a #b #c #len f x y : + Lemma (forall i. Seq.index (map2 #a #b #c #len f x y) i == f (Seq.index x i) (Seq.index y i)) = admit () + #push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 4d72204a3..6483baa0f 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -40,82 +40,108 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::options("--z3rlimit 150")] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (+.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { + let _lhs0 = lhs; for i in 0..FIELD_ELEMENTS_IN_VECTOR { + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == + (Seq.index ${_lhs0}.f_elements j) +. (Seq.index ${rhs}.f_elements j)) /\\ + (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); lhs.elements[i] = lhs.elements[i].wrapping_add(rhs.elements[i]); } - + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (+.) ${_lhs0}.f_elements ${rhs}.f_elements; + Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (+.) ${_lhs0}.f_elements ${rhs}.f_elements)"); lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (-.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { + let _lhs0 = lhs; for i in 0..FIELD_ELEMENTS_IN_VECTOR { + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == + (Seq.index ${_lhs0}.f_elements j) -. (Seq.index ${rhs}.f_elements j)) /\\ + (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); lhs.elements[i] = lhs.elements[i].wrapping_sub(rhs.elements[i]); } - + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (-.) ${_lhs0}.f_elements ${rhs}.f_elements; + Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (-.) ${_lhs0}.f_elements ${rhs}.f_elements)"); lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${v}.f_elements)"))] -pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${vec}.f_elements)"))] +pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = v.elements[i].wrapping_mul(c); + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> (Seq.index ${vec}.f_elements j) == + (Seq.index ${_vec0}.f_elements j) *. c) /\\ + (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); + vec.elements[i] = vec.elements[i].wrapping_mul(c); } - - v + hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x *. c) ${_vec0}.f_elements; + Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x *. c) ${_vec0}.f_elements)"); + vec } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${v}.f_elements)"))] -pub fn bitwise_and_with_constant(mut v: PortableVector, c: i16) -> PortableVector { +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x &. c) (${vec}.f_elements)"))] +pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] &= c; + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> Seq.index ${vec}.f_elements j == + (Seq.index ${_vec0}.f_elements j &. c)) /\\ + (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); + vec.elements[i] &= c; } - - v + hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x &. c) ${_vec0}.f_elements; + Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)"); + vec } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] -#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${v}.f_elements)"))] -pub fn shift_right(mut v: PortableVector) -> PortableVector { +#[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> + ${result}.f_elements == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (${vec}.f_elements)"))] +pub fn shift_right(mut vec: PortableVector) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = v.elements[i] >> SHIFT_BY; + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> Seq.index ${vec}.f_elements j == + (Seq.index ${_vec0}.f_elements j >>! ${SHIFT_BY})) /\\ + (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); + vec.elements[i] = vec.elements[i] >> SHIFT_BY; } - - v + hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements; + Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)"); + vec } -// #[inline(always)] -// pub fn shift_left(mut lhs: PortableVector) -> PortableVector { -// for i in 0..FIELD_ELEMENTS_IN_VECTOR { -// lhs.elements[i] = lhs.elements[i] << SHIFT_BY; -// } - -// lhs -// } - #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (${v}.f_elements)"))] - pub fn cond_subtract_3329(mut v: PortableVector) -> PortableVector { - let _vec0 = v; +#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array + (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"))] + pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - hax_lib::loop_invariant!(|i: usize| { fstar!("Seq.length ${v}.f_elements == Seq.length ${_vec0}.f_elements")}); - if v.elements[i] >= 3329 { - v.elements[i] -= 3329 + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> Seq.index ${vec}.f_elements j == + (let x = Seq.index ${_vec0}.f_elements j in + if x >=. 3329s then x -! 3329s else x)) /\\ + (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); + if vec.elements[i] >= 3329 { + vec.elements[i] -= 3329 } } - v + hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) + (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements; + Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array + (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"); + vec } /// Signed Barrett Reduction @@ -270,6 +296,7 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { /// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 100")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 fer")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ v result % 3329 == (v fe * v fer * 169) % 3329")))] From 7b03687d0c7fee7fe6ca531cdd21f0dc7f8dc54b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 31 Aug 2024 13:13:08 +0200 Subject: [PATCH 182/348] portable/arithmetic --- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 17 ++++++++++---- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 5 ++-- .../src/vector/portable/arithmetic.rs | 23 +++++++++++++------ 3 files changed, 31 insertions(+), 14 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index ad77d31dc..d2cc68586 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -218,6 +218,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = #pop-options +#push-options "--z3rlimit 150" let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -226,8 +227,12 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - Seq.length vec.f_elements == Seq.length v__vec0.f_elements /\ - (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j))) + (forall j. + j < v i ==> + ((Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ + v (Seq.index vec.f_elements j) % 3329 == + (v (Seq.index v__vec0.f_elements j) % 3329)))) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -250,11 +255,13 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); + assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in - let _:Prims.unit = admit () (* Panic freedom *) in - result + vec let bitwise_and_with_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 4461478d8..ad8feb610 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -83,8 +83,9 @@ val barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in Spec.Utils.is_i16b_array 3328 result.f_elements /\ - Spec.MLKEM.Math.to_spec_array result.f_elements == - Spec.MLKEM.Math.to_spec_array vec.f_elements) + (forall i. + (v (Seq.index result.f_elements i) % 3329) == (v (Seq.index vec.f_elements i) % 3329)) + ) val bitwise_and_with_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 6483baa0f..4aa77c5d5 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -185,16 +185,25 @@ pub(crate) fn barrett_reduce_element(value: FieldElement) -> FieldElement { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 vec.f_elements")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 result.f_elements /\\ - Spec.MLKEM.Math.to_spec_array result.f_elements == Spec.MLKEM.Math.to_spec_array vec.f_elements")))] +#[hax_lib::fstar::options("--z3rlimit 150")] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 ${vec}.f_elements")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\ + (forall i. (v (Seq.index ${result}.f_elements i) % 3329) == + (v (Seq.index ${vec}.f_elements i) % 3329))")))] pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - hax_lib::loop_invariant!(|i: usize| { fstar!("Seq.length ${vec}.f_elements == Seq.length ${_vec0}.f_elements /\\ - (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j))") }); - vec.elements[i] = barrett_reduce_element(vec.elements[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> ((Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\ + v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329)))) /\\ + (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\\ + Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j))") }); + let vi = barrett_reduce_element(vec.elements[i]); + hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 vi); + assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j))"); + vec.elements[i] = vi; } vec } From b6cb1c43366e1d2fcab08a8d23c137a970601ee6 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 31 Aug 2024 16:04:35 +0200 Subject: [PATCH 183/348] avx2 arithmetic --- .../Libcrux_intrinsics.Avx2_extract.fsti | 53 +++++++++++++-- libcrux-intrinsics/src/avx2_extract.rs | 17 +++++ .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 66 +++++++++++++------ ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 39 ++++++----- .../proofs/fstar/spec/Spec.Utils.fst | 7 +- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 29 ++++++-- .../src/vector/portable/arithmetic.rs | 13 ++-- 7 files changed, 170 insertions(+), 54 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 83143b404..32ff380c3 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -11,11 +11,25 @@ val t_Vec256:Type0 val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) -val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( +. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_and_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_and_si256 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( &. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -51,7 +65,14 @@ val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mullo_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mullo_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -66,7 +87,13 @@ val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) val mm256_permutevar8x32_epi32 (vector control: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_set1_epi16 (constant: i16) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == Spec.Utils.create (sz 16) constant) val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -126,7 +153,14 @@ val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: t_Vec256) val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: t_Vec256) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val mm256_sub_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sub_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( -. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_unpackhi_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -141,7 +175,14 @@ val mm256_unpacklo_epi64 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_xor_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_add_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 9159df5b1..6d6b5f6ab 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -116,6 +116,8 @@ pub fn mm256_set_epi8( unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.create (sz 16) $constant"))] pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unimplemented!() } @@ -160,12 +162,19 @@ pub fn mm256_set_epi32( unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 (+.) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } + +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (+.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } + + pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -173,13 +182,19 @@ pub fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } + +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (-.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } + pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -208,6 +223,8 @@ pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (&.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 0728445b5..43625afda 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -4,30 +4,60 @@ open Core open FStar.Mul let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = + let cv:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector cv + in + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ + #_ + #_ + #(sz 16) + ( &. ) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 cv); + Spec.Utils.lemma_map_index #_ + #_ + #(sz 16) + (fun x -> x &. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); + Spec.Utils.lemma_create_index #_ (sz 16) constant; + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> x &. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) in - let _:Prims.unit = admit () (* Panic freedom *) in result let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = + let cv:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant + in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector cv + in + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ + #_ + #_ + #(sz 16) + mul_mod + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 cv); + Spec.Utils.lemma_map_index #_ + #_ + #(sz 16) + (fun x -> x *. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); + Spec.Utils.lemma_create_index #_ (sz 16) constant; + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> x *. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) in - let _:Prims.unit = admit () (* Panic freedom *) in result let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = @@ -38,11 +68,7 @@ let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec result let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index d2cc68586..7de903c73 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -219,6 +219,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = #pop-options #push-options "--z3rlimit 150" + let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -229,14 +230,22 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe let i:usize = i in (forall j. j < v i ==> - ((Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ - v (Seq.index vec.f_elements j) % 3329 == - (v (Seq.index v__vec0.f_elements j) % 3329)))) /\ - (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ + v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index v__vec0.f_elements j) % 3329) + )) /\ + (forall j. + j >= v i ==> + (Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j /\ + Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j)))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in + let vi:i16 = + barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -245,23 +254,23 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ - i ] - <: - i16) - <: - i16) + vi } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); - assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); - assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); - assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + let _:Prims.unit = + assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert (Spec.Utils.is_i16b 3328 vi); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); + assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)) + in vec) in - vec + vec + +#pop-options let bitwise_and_with_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 1ce80b1e9..3f4c44f2d 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -20,11 +20,16 @@ let map2 #a #b #c #len (x: t_Array a len) (y: t_Array b len): t_Array c len = createi (length x) (fun i -> f (Seq.index x (v i)) (Seq.index y (v i))) +let create len c = createi len (fun i -> c) + let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 -let lemma_create_index #a len f: +let lemma_createi_index #a len f: Lemma (forall i. Seq.index (createi #a len f) i == f (sz i)) = admit () +let lemma_create_index #a len c: + Lemma (forall i. Seq.index (create #a len c) i == c) = admit () + let lemma_map_index #a #b #len f x: Lemma (forall i. Seq.index (map_array #a #b #len f x) i == f (Seq.index x i)) = admit () diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index e080f5553..dc2e3ce23 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,7 +3,6 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { @@ -11,7 +10,6 @@ pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map2 (-.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { @@ -19,19 +17,38 @@ pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { - mm256_mullo_epi16(vector, mm256_set1_epi16(constant)) + let cv = mm256_set1_epi16(constant); + let result = mm256_mullo_epi16(vector, cv); + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) mul_mod + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${cv}); + Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x *. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}); + Spec.Utils.lemma_create_index #_ (sz 16) constant; + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + + result } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 { - mm256_and_si256(vector, mm256_set1_epi16(constant)) + let cv = mm256_set1_epi16(constant); + let result = mm256_and_si256(vector, cv); + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (&.) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${cv}); + Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x &. constant) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}); + Spec.Utils.lemma_create_index #_ (sz 16) constant; + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + (Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + result } #[inline(always)] diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 4aa77c5d5..dc1943ebd 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -194,16 +194,17 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { hax_lib::loop_invariant!(|i: usize| { fstar!(" - (forall j. j < v i ==> ((Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\ - v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329)))) /\\ + (forall j. j < v i ==> (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements j) /\\ + v (Seq.index ${vec}.f_elements j) % 3329 == (v (Seq.index ${_vec0}.f_elements j) % 3329))) /\\ (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j /\\ - Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j))") }); + Spec.Utils.is_i16b 28296 (Seq.index ${vec}.f_elements j)))") }); let vi = barrett_reduce_element(vec.elements[i]); - hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 vi); - assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + vec.elements[i] = vi; + hax_lib::fstar!("assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert(Spec.Utils.is_i16b 3328 vi); + assert(Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j))"); - vec.elements[i] = vi; } vec } From 8a8e8065e174c85ac3482adf6901b130173f13ac Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 31 Aug 2024 14:53:43 +0000 Subject: [PATCH 184/348] Add lemmas for Portable serialize/deserialize functions --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 1522 +++++------------ ...crux_ml_kem.Vector.Portable.Serialize.fsti | 74 +- .../src/vector/portable/serialize.rs | 642 ++++--- 3 files changed, 930 insertions(+), 1308 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index cc53f10b0..001466fff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -1,10 +1,8 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 1500" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul -#push-options "--admit_smt_queries true" - let deserialize_10_int (bytes: t_Slice u8) = let r0:i16 = (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 1l <: u8) &. 1uy <: u8) <: i16 in + let result2:i16 = cast (((v.[ sz 0 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in + let result3:i16 = cast (((v.[ sz 0 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in + let result4:i16 = cast (((v.[ sz 0 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in + let result5:i16 = cast (((v.[ sz 0 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in + let result6:i16 = cast (((v.[ sz 0 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in + let result7:i16 = cast (((v.[ sz 0 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in + let result8:i16 = cast ((v.[ sz 1 ] <: u8) &. 1uy <: u8) <: i16 in + let result9:i16 = cast (((v.[ sz 1 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in + let result10:i16 = cast (((v.[ sz 1 ] <: u8) >>! 2l <: u8) &. 1uy <: u8) <: i16 in + let result11:i16 = cast (((v.[ sz 1 ] <: u8) >>! 3l <: u8) &. 1uy <: u8) <: i16 in + let result12:i16 = cast (((v.[ sz 1 ] <: u8) >>! 4l <: u8) &. 1uy <: u8) <: i16 in + let result13:i16 = cast (((v.[ sz 1 ] <: u8) >>! 5l <: u8) &. 1uy <: u8) <: i16 in + let result14:i16 = cast (((v.[ sz 1 ] <: u8) >>! 6l <: u8) &. 1uy <: u8) <: i16 in + let result15:i16 = cast (((v.[ sz 1 ] <: u8) >>! 7l <: u8) &. 1uy <: u8) <: i16 in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + result0; result1; result2; result3; result4; result5; result6; result7; result8; result9; + result10; result11; result12; result13; result14; result15 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_1_ v).f_elements 1 in + (forall (i: nat {i < 16}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_1_lemma inputs = + deserialize_1_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let deserialize_10_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_10_ v).f_elements 10 in + (forall (i: nat {i < 160}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_10_lemma inputs = + deserialize_10_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_12_ (bytes: t_Slice u8) = + let v0_1_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v2_3_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v4_5_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v6_7_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_9_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v10_11_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v12_13_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v14_15_:(i16 & i16) = + deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_1_._1; v0_1_._2; v2_3_._1; v2_3_._2; v4_5_._1; v4_5_._2; v6_7_._1; v6_7_._2; v8_9_._1; + v8_9_._2; v10_11_._1; v10_11_._2; v12_13_._1; v12_13_._2; v14_15_._1; v14_15_._2 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_12_ v).f_elements 12 in + (forall (i: nat {i < 192}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_12_lemma inputs = + deserialize_12_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_12_ inputs).f_elements 12) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + let deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } @@ -276,50 +501,174 @@ let deserialize_4_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector +#push-options "--compat_pre_core 2 --z3rlimit 300" + +let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (deserialize_4_ v).f_elements 4 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options + +#push-options "--z3rlimit 300" + +let deserialize_4_lemma inputs = + deserialize_4_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options + +let deserialize_5_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let result0:u8 = 0uy in - let result1:u8 = 0uy in let result0:u8 = - Rust_primitives.Hax.Folds.fold_range (sz 0) - (sz 8) - (fun result0 temp_1_ -> - let result0:u8 = result0 in - let _:usize = temp_1_ in - true) - result0 - (fun result0 i -> - let result0:u8 = result0 in - let i:usize = i in - result0 |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let result1:u8 = result1 in - let _:usize = temp_1_ in - true) - result1 - (fun result1 i -> - let result1:u8 = result1 in - let i:usize = i in - result1 |. - ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let _:usize = temp_1_ in - true) - result - (fun result i -> - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let i:usize = i in - { - result with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) - <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Rust_primitives.Hax.Folds.fold_range (sz 8) - Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun result temp_1_ -> - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let _:usize = temp_1_ in - true) - result - (fun result i -> - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - let i:usize = i in - { - result with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) - <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - in - result - -let deserialize_10_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v0_7_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v0_7_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v0_7_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v0_7_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v0_7_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v0_7_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v8_15_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v8_15_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v8_15_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v8_15_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v8_15_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v8_15_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - v - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v0_7_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v0_7_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v0_7_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v0_7_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v0_7_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v0_7_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v8_15_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v8_15_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v8_15_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v8_15_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v8_15_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v8_15_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - v - -let deserialize_12_ (bytes: t_Slice u8) = - let v0_1_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v2_3_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v4_5_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v6_7_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_9_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v10_11_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v12_13_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v14_15_:(i16 & i16) = - deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_1_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_1_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v2_3_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v2_3_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v4_5_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v4_5_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v6_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v6_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_9_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_9_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v10_11_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v10_11_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v12_13_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v12_13_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v14_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - re with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v14_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - re - -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - Libcrux_ml_kem.Vector.Portable.Vector_type.zero () - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 0) - v0_7_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 1) - v0_7_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 2) - v0_7_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 3) - v0_7_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 4) - v0_7_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 5) - v0_7_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 6) - v0_7_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 7) - v0_7_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 8) - v8_15_._1 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 9) - v8_15_._2 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 10) - v8_15_._3 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 11) - v8_15_._4 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 12) - v8_15_._5 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 13) - v8_15_._6 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 14) - v8_15_._7 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - (sz 15) - v8_15_._8 - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5 + ] in - v + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); + Rust_primitives.Hax.array_of_list 10 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index f032ee103..1456b37d8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -53,39 +53,22 @@ val serialize_5_int (v: t_Slice i16) (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) -val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 8) - (fun _ -> Prims.l_True) - -val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) - -val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) - val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 v =. sz 2) (fun _ -> Prims.l_True) +val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) + val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 20) (fun _ -> Prims.l_True) +val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) + val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 22) @@ -96,7 +79,52 @@ val deserialize_12_ (bytes: t_Slice u8) (requires Core.Slice.impl__len #u8 bytes =. sz 24) (fun _ -> Prims.l_True) +val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_12_ inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) + +val deserialize_4_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 8) + (fun _ -> Prims.l_True) + +val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) + val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 10) (fun _ -> Prims.l_True) + +val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) + (ensures bit_vec_of_int_t_array (serialize_1_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) + +val serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) + (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) + (ensures bit_vec_of_int_t_array (serialize_12_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) + +val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) + (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index af5503a0b..5a9947fb2 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -13,62 +13,118 @@ // and code that updates arrays (in the outer functions). use super::vector_type::*; -use crate::vector::traits::FIELD_ELEMENTS_IN_VECTOR; -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma -// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_1} inputs) 8 inputs.f_elements 1) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_1_lemma inputs = -// serialize_1_bit_vec_lemma inputs (); -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_1} inputs) 8) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1)) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_1_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 1)) + (ensures bit_vec_of_int_t_array (${serialize_1} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 1) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" -// let serialize_1_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 1)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 1 in -// let outputs = bit_vec_of_int_t_array (${serialize_1} v) 8 in -// (forall (i: nat {i < 16}). inputs i == outputs i) -// ) = -// admit() +let serialize_1_lemma inputs = + serialize_1_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_1} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 1)) -// #pop-options -// "))] +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 1)) + : squash ( + let inputs = bit_vec_of_int_t_array v 1 in + let outputs = bit_vec_of_int_t_array (${serialize_1} ({ f_elements = v })) 8 in + (forall (i: nat {i < 16}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { - let mut result0 = 0u8; - let mut result1 = 0u8; - for i in 0..8 { - result0 |= (v.elements[i] as u8) << i; - } - for i in 8..16 { - result1 |= (v.elements[i] as u8) << (i - 8); - } + let result0 = (v.elements[0] as u8) | ((v.elements[1] as u8) << 1) | + ((v.elements[2] as u8) << 2) | ((v.elements[3] as u8) << 3) | + ((v.elements[4] as u8) << 4) | ((v.elements[5] as u8) << 5) | + ((v.elements[6] as u8) << 6) | ((v.elements[7] as u8) << 7); + let result1 = (v.elements[8] as u8) | ((v.elements[9] as u8) << 1) | + ((v.elements[10] as u8) << 2) | ((v.elements[11] as u8) << 3) | + ((v.elements[12] as u8) << 4) | ((v.elements[13] as u8) << 5) | + ((v.elements[14] as u8) << 6) | ((v.elements[15] as u8) << 7); [ result0, result1 ] } -#[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_1} inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let deserialize_1_lemma inputs = + deserialize_1_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_1} inputs).f_elements 1) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_1} v).f_elements 1 in + (forall (i: nat {i < 16}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${v.len() == 2} "#))] +#[inline(always)] pub(crate) fn deserialize_1(v: &[u8]) -> PortableVector { - let mut result = zero(); - for i in 0..8 { - result.elements[i] = ((v[0] >> i) & 0x1) as i16; - } - for i in 8..FIELD_ELEMENTS_IN_VECTOR { - result.elements[i] = ((v[1] >> (i - 8)) & 0x1) as i16; - } - result + let result0 = (v[0] & 0x1) as i16; + let result1 = ((v[0] >> 1) & 0x1) as i16; + let result2 = ((v[0] >> 2) & 0x1) as i16; + let result3 = ((v[0] >> 3) & 0x1) as i16; + let result4 = ((v[0] >> 4) & 0x1) as i16; + let result5 = ((v[0] >> 5) & 0x1) as i16; + let result6 = ((v[0] >> 6) & 0x1) as i16; + let result7 = ((v[0] >> 7) & 0x1) as i16; + let result8 = (v[1] & 0x1) as i16; + let result9 = ((v[1] >> 1) & 0x1) as i16; + let result10 = ((v[1] >> 2) & 0x1) as i16; + let result11 = ((v[1] >> 3) & 0x1) as i16; + let result12 = ((v[1] >> 4) & 0x1) as i16; + let result13 = ((v[1] >> 5) & 0x1) as i16; + let result14 = ((v[1] >> 6) & 0x1) as i16; + let result15 = ((v[1] >> 7) & 0x1) as i16; + PortableVector { elements: [ + result0, + result1, + result2, + result3, + result4, + result5, + result6, + result7, + result8, + result9, + result10, + result11, + result12, + result13, + result14, + result15, + ] } } #[inline(always)] @@ -83,16 +139,35 @@ pub(crate) fn serialize_4_int(v: &[i16]) -> (u8, u8, u8, u8) { (result0, result1, result2, result3) } -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_4_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 4)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 4 in -// let outputs = bit_vec_of_int_t_array (${serialize_4} v) 8 in -// (forall (i: nat {i < 64}). inputs i == outputs i) -// ) = -// _ by (Tactics.GetBit.prove_bit_vector_equality ()) -// "))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) + (ensures bit_vec_of_int_t_array (${serialize_4} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let serialize_4_lemma inputs = + serialize_4_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_4} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 4)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 4)) + : squash ( + let inputs = bit_vec_of_int_t_array v 4 in + let outputs = bit_vec_of_int_t_array (${serialize_4} ({ f_elements = v })) 8 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_4(v: PortableVector) -> [u8; 8] { let result0_3 = serialize_4_int(&v.elements[0..8]); @@ -125,29 +200,33 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma -// (ensures BitVecEq.int_t_array_bitwise_eq' (${deserialize_4} inputs).f_elements 4 inputs 8) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let deserialize_4_lemma inputs = -// deserialize_4_bit_vec_lemma inputs; -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" -// let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v 8 in -// let outputs = bit_vec_of_int_t_array (${deserialize_4} v).f_elements 4 in -// (forall (i: nat {i < 64}). inputs i == outputs i) -// ) = -// admit() +let deserialize_4_lemma inputs = + deserialize_4_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) -// #pop-options -// "))] +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_4} v).f_elements 4 in + (forall (i: nat {i < 64}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 8} "#))] @@ -188,22 +267,51 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val serialize_5_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma +// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 5)) +// (ensures bit_vec_of_int_t_array (${serialize_5} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 5) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + +// let serialize_5_lemma inputs = +// serialize_5_bit_vec_lemma inputs.f_elements (); +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_5} inputs) 8) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 5)) + +// #pop-options +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" + +// let serialize_5_bit_vec_lemma (v: t_Array i16 (sz 16)) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 5)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 5 in +// let outputs = bit_vec_of_int_t_array (${serialize_5} ({ f_elements = v })) 8 in +// (forall (i: nat {i < 80}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +// #pop-options +// "))] #[inline(always)] pub(crate) fn serialize_5(v: PortableVector) -> [u8; 10] { let r0_4 = serialize_5_int(&v.elements[0..8]); let r5_9 = serialize_5_int(&v.elements[8..16]); - let mut result = [0u8; 10]; - result[0] = r0_4.0; - result[1] = r0_4.1; - result[2] = r0_4.2; - result[3] = r0_4.3; - result[4] = r0_4.4; - result[5] = r5_9.0; - result[6] = r5_9.1; - result[7] = r5_9.2; - result[8] = r5_9.3; - result[9] = r5_9.4; - result + [ + r0_4.0, + r0_4.1, + r0_4.2, + r0_4.3, + r0_4.4, + r5_9.0, + r5_9.1, + r5_9.2, + r5_9.3, + r5_9.4, + ] } #[inline(always)] @@ -222,31 +330,58 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } -#[inline(always)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val deserialize_5_lemma (inputs: t_Array u8 (sz 10)) : Lemma +// (ensures bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5 == bit_vec_of_int_t_array inputs 8) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + +// let deserialize_5_lemma inputs = +// deserialize_5_bit_vec_lemma inputs; +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_5} inputs).f_elements 5) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +// #pop-options +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" + +// let deserialize_5_bit_vec_lemma (v: t_Array u8 (sz 10)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 8 in +// let outputs = bit_vec_of_int_t_array (${deserialize_5} v).f_elements 5 in +// (forall (i: nat {i < 80}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +// #pop-options +// "))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 10} "#))] +#[inline(always)] pub(crate) fn deserialize_5(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_5_int(&bytes[0..5]); let v8_15 = deserialize_5_int(&bytes[5..10]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] @@ -262,31 +397,35 @@ pub(crate) fn serialize_10_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { (r0, r1, r2, r3, r4) } -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma -// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_10} inputs) 8 inputs.f_elements 10) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_10_lemma inputs = -// serialize_10_bit_vec_lemma inputs (); -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_10} inputs) 8) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10)) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) + (ensures bit_vec_of_int_t_array (${serialize_10} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" -// let serialize_10_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 10)) -// : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 10 in -// let outputs = bit_vec_of_int_t_array (${serialize_10} v) 8 in -// (forall (i: nat {i < 160}). inputs i == outputs i) -// ) = -// admit() +let serialize_10_lemma inputs = + serialize_10_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_10} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 10)) -// #pop-options -// "))] +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 10)) + : squash ( + let inputs = bit_vec_of_int_t_array v 10 in + let outputs = bit_vec_of_int_t_array (${serialize_10} ({ f_elements = v })) 8 in + (forall (i: nat {i < 160}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[inline(always)] pub(crate) fn serialize_10(v: PortableVector) -> [u8; 20] { let r0_4 = serialize_10_int(&v.elements[0..4]); @@ -315,31 +454,58 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } -#[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_10} inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let deserialize_10_lemma inputs = + deserialize_10_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_10} inputs).f_elements 10) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_10} v).f_elements 10 in + (forall (i: nat {i < 160}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 20} "#))] +#[inline(always)] pub(crate) fn deserialize_10(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_10_int(&bytes[0..10]); let v8_15 = deserialize_10_int(&bytes[10..20]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] @@ -364,25 +530,29 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 // #[cfg_attr(hax, hax_lib::fstar::after(interface, " // val serialize_11_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma // (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 11)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_11} inputs) 8 inputs.f_elements 11) +// (ensures bit_vec_of_int_t_array (${serialize_11} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 11) // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + // let serialize_11_lemma inputs = -// serialize_11_bit_vec_lemma inputs (); +// serialize_11_bit_vec_lemma inputs.f_elements (); // BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_11} inputs) 8) // (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 11)) + +// #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" -// let serialize_11_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 11)) +// let serialize_11_bit_vec_lemma (v: t_Array i16 (sz 16)) +// (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 11)) // : squash ( -// let inputs = bit_vec_of_int_t_array v.f_elements 11 in -// let outputs = bit_vec_of_int_t_array (${serialize_11} v) 8 in +// let inputs = bit_vec_of_int_t_array v 11 in +// let outputs = bit_vec_of_int_t_array (${serialize_11} ({ f_elements = v })) 8 in // (forall (i: nat {i < 176}). inputs i == outputs i) // ) = -// admit() +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) // #pop-options // "))] @@ -412,31 +582,58 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } -#[inline(always)] +// #[cfg_attr(hax, hax_lib::fstar::after(interface, " +// val deserialize_11_lemma (inputs: t_Array u8 (sz 22)) : Lemma +// (ensures bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11 == bit_vec_of_int_t_array inputs 8) +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--z3rlimit 300\" + +// let deserialize_11_lemma inputs = +// deserialize_11_bit_vec_lemma inputs; +// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_11} inputs).f_elements 11) +// (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +// #pop-options +// "))] +// #[cfg_attr(hax, hax_lib::fstar::after(" +// #push-options \"--compat_pre_core 2 --z3rlimit 300\" + +// let deserialize_11_bit_vec_lemma (v: t_Array u8 (sz 22)) +// : squash ( +// let inputs = bit_vec_of_int_t_array v 8 in +// let outputs = bit_vec_of_int_t_array (${deserialize_11} v).f_elements 11 in +// (forall (i: nat {i < 176}). inputs i == outputs i) +// ) = +// _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +// #pop-options +// "))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 22} "#))] +#[inline(always)] pub(crate) fn deserialize_11(bytes: &[u8]) -> PortableVector { let v0_7 = deserialize_11_int(&bytes[0..11]); let v8_15 = deserialize_11_int(&bytes[11..22]); - let mut v = zero(); - v.elements[0] = v0_7.0; - v.elements[1] = v0_7.1; - v.elements[2] = v0_7.2; - v.elements[3] = v0_7.3; - v.elements[4] = v0_7.4; - v.elements[5] = v0_7.5; - v.elements[6] = v0_7.6; - v.elements[7] = v0_7.7; - v.elements[8] = v8_15.0; - v.elements[9] = v8_15.1; - v.elements[10] = v8_15.2; - v.elements[11] = v8_15.3; - v.elements[12] = v8_15.4; - v.elements[13] = v8_15.5; - v.elements[14] = v8_15.6; - v.elements[15] = v8_15.7; - v + PortableVector { elements: [ + v0_7.0, + v0_7.1, + v0_7.2, + v0_7.3, + v0_7.4, + v0_7.5, + v0_7.6, + v0_7.7, + v8_15.0, + v8_15.1, + v8_15.2, + v8_15.3, + v8_15.4, + v8_15.5, + v8_15.6, + v8_15.7, + ] } } #[inline(always)] @@ -450,25 +647,29 @@ pub(crate) fn serialize_12_int(v: &[i16]) -> (u8, u8, u8) { (r0, r1, r2) } -// #[cfg_attr(hax, hax_lib::fstar::after(interface, " -// val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma -// (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) -// (ensures BitVecEq.int_t_array_bitwise_eq' (${serialize_12} inputs) 8 inputs.f_elements 12) -// "))] -// #[cfg_attr(hax, hax_lib::fstar::after(" -// let serialize_12_lemma inputs = -// serialize_12_bit_vec_lemma inputs (); -// BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_12} inputs) 8) -// (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12)) -// "))] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val serialize_12_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma + (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 12)) + (ensures bit_vec_of_int_t_array (${serialize_12} inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 12) +"))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2\" +#push-options \"--z3rlimit 300\" -let serialize_12_bit_vec_lemma (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (_: squash (forall i. Rust_primitives.bounded (Seq.index v.f_elements i) 12)) +let serialize_12_lemma inputs = + serialize_12_bit_vec_lemma inputs.f_elements (); + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${serialize_12} inputs) 8) + (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 12)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16)) + (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 12)) : squash ( - let inputs = bit_vec_of_int_t_array v.f_elements 12 in - let outputs = bit_vec_of_int_t_array (${serialize_12} v) 8 in + let inputs = bit_vec_of_int_t_array v 12 in + let outputs = bit_vec_of_int_t_array (${serialize_12} ({ f_elements = v })) 8 in (forall (i: nat {i < 192}). inputs i == outputs i) ) = _ by (Tactics.GetBit.prove_bit_vector_equality' ()) @@ -510,10 +711,37 @@ pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { (r0, r1) } -#[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures bit_vec_of_int_t_array (${deserialize_12} inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--z3rlimit 300\" + +let deserialize_12_lemma inputs = + deserialize_12_bit_vec_lemma inputs; + BitVecEq.bit_vec_equal_intro (bit_vec_of_int_t_array (${deserialize_12} inputs).f_elements 12) + (BitVecEq.retype (bit_vec_of_int_t_array inputs 8)) + +#pop-options +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +#push-options \"--compat_pre_core 2 --z3rlimit 300\" + +let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) + : squash ( + let inputs = bit_vec_of_int_t_array v 8 in + let outputs = bit_vec_of_int_t_array (${deserialize_12} v).f_elements 12 in + (forall (i: nat {i < 192}). inputs i == outputs i) + ) = + _ by (Tactics.GetBit.prove_bit_vector_equality' ()) + +#pop-options +"))] #[hax_lib::requires(fstar!(r#" ${bytes.len() == 24} "#))] +#[inline(always)] pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v0_1 = deserialize_12_int(&bytes[0..3]); let v2_3 = deserialize_12_int(&bytes[3..6]); @@ -523,22 +751,22 @@ pub(crate) fn deserialize_12(bytes: &[u8]) -> PortableVector { let v10_11 = deserialize_12_int(&bytes[15..18]); let v12_13 = deserialize_12_int(&bytes[18..21]); let v14_15 = deserialize_12_int(&bytes[21..24]); - let mut re = zero(); - re.elements[0] = v0_1.0; - re.elements[1] = v0_1.1; - re.elements[2] = v2_3.0; - re.elements[3] = v2_3.1; - re.elements[4] = v4_5.0; - re.elements[5] = v4_5.1; - re.elements[6] = v6_7.0; - re.elements[7] = v6_7.1; - re.elements[8] = v8_9.0; - re.elements[9] = v8_9.1; - re.elements[10] = v10_11.0; - re.elements[11] = v10_11.1; - re.elements[12] = v12_13.0; - re.elements[13] = v12_13.1; - re.elements[14] = v14_15.0; - re.elements[15] = v14_15.1; - re + PortableVector { elements: [ + v0_1.0, + v0_1.1, + v2_3.0, + v2_3.1, + v4_5.0, + v4_5.1, + v6_7.0, + v6_7.1, + v8_9.0, + v8_9.1, + v10_11.0, + v10_11.1, + v12_13.0, + v12_13.1, + v14_15.0, + v14_15.1, + ] } } From ea8f110f5926ee3360151c1745e276de3dae5196 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 31 Aug 2024 18:45:02 +0000 Subject: [PATCH 185/348] Comment out pre/post-conditions for serialize fun in vector/traits.rs --- libcrux-ml-kem/src/vector/traits.rs | 30 +++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 835d671a9..1e69d52c0 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -91,38 +91,44 @@ pub trait Operations: Copy + Clone + Repr { fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a)"))] - #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"))] + // #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a)"))] + // #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"))] + #[requires(true)] fn serialize_1(a: Self) -> [u8; 2]; #[requires(true)] fn deserialize_1(a: &[u8]) -> Self; - #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a)"))] - #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"))] + // #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a)"))] + // #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"))] + #[requires(true)] fn serialize_4(a: Self) -> [u8; 8]; #[requires(true)] fn deserialize_4(a: &[u8]) -> Self; - #[requires(fstar!("Spec.MLKEM.serialize_pre 5 (f_repr $a)"))] - #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 5 (f_repr $a) ==> Spec.MLKEM.serialize_post 5 (f_repr $a) $result"))] + // #[requires(fstar!("Spec.MLKEM.serialize_pre 5 (f_repr $a)"))] + // #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 5 (f_repr $a) ==> Spec.MLKEM.serialize_post 5 (f_repr $a) $result"))] + #[requires(true)] fn serialize_5(a: Self) -> [u8; 10]; #[requires(true)] fn deserialize_5(a: &[u8]) -> Self; - #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a)"))] - #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"))] + // #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a)"))] + // #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"))] + #[requires(true)] fn serialize_10(a: Self) -> [u8; 20]; #[requires(true)] fn deserialize_10(a: &[u8]) -> Self; - #[requires(fstar!("Spec.MLKEM.serialize_pre 11 (f_repr $a)"))] - #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 11 (f_repr $a) ==> Spec.MLKEM.serialize_post 11 (f_repr $a) $result"))] + // #[requires(fstar!("Spec.MLKEM.serialize_pre 11 (f_repr $a)"))] + // #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 11 (f_repr $a) ==> Spec.MLKEM.serialize_post 11 (f_repr $a) $result"))] + #[requires(true)] fn serialize_11(a: Self) -> [u8; 22]; #[requires(true)] fn deserialize_11(a: &[u8]) -> Self; - #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a)"))] - #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"))] + // #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a)"))] + // #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"))] + #[requires(true)] fn serialize_12(a: Self) -> [u8; 24]; #[requires(true)] fn deserialize_12(a: &[u8]) -> Self; From c8b2d7efb06c24c1c92c1180b9802e9ba39ce857 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 31 Aug 2024 18:46:05 +0000 Subject: [PATCH 186/348] Fix return array in serialize_1 --- libcrux-ml-kem/src/vector/avx2/serialize.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 603d11504..69da39197 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -47,7 +47,7 @@ pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // significant bit from each element and collate them into two bytes. let bits_packed = mm_movemask_epi8(msbs); - [bits_packed as u8; (bits_packed >> 8) as u8] + [bits_packed as u8, (bits_packed >> 8) as u8] } #[inline(always)] From 3635503154521d2f80fc75a5e5f8dddadf464797 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 31 Aug 2024 18:46:22 +0000 Subject: [PATCH 187/348] Fix fstar::replace for mm256_srli_epi16 --- libcrux-intrinsics/src/avx2_extract.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index f0bdbe34e..202438398 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -236,7 +236,7 @@ pub fn mm256_srai_epi32(vector: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_srli_epi16} = BitVec.Intrinsics.mm256_srli_epi16" + "unfold let ${mm256_srli_epi16::<0>} = BitVec.Intrinsics.mm256_srli_epi16" )] pub fn mm256_srli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); From 10b461594b981de0ae4c02cb911af3c75bb531e2 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 31 Aug 2024 18:46:52 +0000 Subject: [PATCH 188/348] Update extracted F* files for intrinsics and ml-kem --- .../Libcrux_intrinsics.Avx2_extract.fst | 149 ++--------- .../Libcrux_intrinsics.Avx2_extract.fsti | 30 +-- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 123 +-------- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 233 ++++++++---------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 80 ++---- 5 files changed, 151 insertions(+), 464 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index b8f362555..47d5ae8e5 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -21,14 +21,14 @@ Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: }; kind = Concrete_ident.Kind.Value })); span = - { Span.id = 2117; + { Span.id = 1879; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 313 }; - lo = { Span.Imported.col = 0; line = 310 } } + hi = { Span.Imported.col = 2; line = 240 }; + lo = { Span.Imported.col = 0; line = 237 } } ] }; typ = @@ -54,43 +54,43 @@ Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: (Ast.String "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); span = - { Span.id = 2117; + { Span.id = 1879; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 313 }; - lo = { Span.Imported.col = 0; line = 310 } } + hi = { Span.Imported.col = 2; line = 240 }; + lo = { Span.Imported.col = 0; line = 237 } } ] }; typ = Ast.Make.TStr }; { Ast.Make.e = (Ast.Make.Literal (Ast.String - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"313\" };\n lo = { Types.col = \"0\"; line = \"310\" } };\n ty = Types.Never }")); + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"240\" };\n lo = { Types.col = \"0\"; line = \"237\" } };\n ty = Types.Never }")); span = - { Span.id = 2117; + { Span.id = 1879; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 313 }; - lo = { Span.Imported.col = 0; line = 310 } } + hi = { Span.Imported.col = 2; line = 240 }; + lo = { Span.Imported.col = 0; line = 237 } } ] }; typ = Ast.Make.TStr } ]; generic_args = []; bounds_impls = []; trait = None}; span = - { Span.id = 2117; + { Span.id = 1879; data = [{ Span.Imported.filename = (Span.Imported.Real (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 313 }; - lo = { Span.Imported.col = 0; line = 310 } } + hi = { Span.Imported.col = 2; line = 240 }; + lo = { Span.Imported.col = 0; line = 237 } } ] }; typ = @@ -116,128 +116,7 @@ Last AST: [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; { Concrete_ident.Imported.data = - (Concrete_ident.Imported.ValueNs "mm256_extracti128_si256"); - disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Value }) */ -const _: () = (); - *) - -(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! -Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: -{ Ast.Make.e = - Ast.Make.App { - f = - { Ast.Make.e = - (Ast.Make.GlobalVar - `Concrete ({ Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "rust_primitives"; - path = - [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); - disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Value })); - span = - { Span.id = 1837; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath - "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 245 }; - lo = { Span.Imported.col = 0; line = 242 } } - ] - }; - typ = - (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], - Ast.Make.TApp { - ident = - `Concrete ({ Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "rust_primitives"; - path = - [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); - disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Type }); - args = []} - )) - }; - args = - [{ Ast.Make.e = - (Ast.Make.Literal - (Ast.String - "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); - span = - { Span.id = 1837; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath - "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 245 }; - lo = { Span.Imported.col = 0; line = 242 } } - ] - }; - typ = Ast.Make.TStr }; - { Ast.Make.e = - (Ast.Make.Literal - (Ast.String - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"245\" };\n lo = { Types.col = \"0\"; line = \"242\" } };\n ty = Types.Never }")); - span = - { Span.id = 1837; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath - "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 245 }; - lo = { Span.Imported.col = 0; line = 242 } } - ] - }; - typ = Ast.Make.TStr } - ]; - generic_args = []; bounds_impls = []; trait = None}; - span = - { Span.id = 1837; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 245 }; - lo = { Span.Imported.col = 0; line = 242 } } - ] - }; - typ = - Ast.Make.TApp { - ident = - `Concrete ({ Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "rust_primitives"; - path = - [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); - disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Type }); - args = []} - } - -Last AST: -/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "libcrux_intrinsics"; - path = - [{ Concrete_ident.Imported.data = - (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.ValueNs "mm256_slli_epi16"); + (Concrete_ident.Imported.ValueNs "mm256_srli_epi16"); disambiguator = 0 } ] }; diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index b3cbb19e4..cdf663096 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -21,11 +21,15 @@ val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) val mm256_castsi128_si256 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 + val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 + val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -41,7 +45,7 @@ val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mullo_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -62,10 +66,7 @@ val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set_epi16 - (input15 input14 input13 input12 input11 input10 input9 input8 input7 input6 input5 input4 input3 input2 input1 input0: - i16) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -83,6 +84,8 @@ val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) val mm256_shuffle_epi8 (vector control: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 + val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -98,8 +101,7 @@ val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srli_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -132,10 +134,14 @@ val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ - val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 + val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 + val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) val mm_set_epi8 @@ -153,13 +159,3 @@ val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - -unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 - -unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 - -unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 - -unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 - -unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 4405a49d6..f10ac8ca3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -3,57 +3,15 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize open Core open FStar.Mul -module _ = Tactics.Utils -module _ = Tactics.Seq -module _ = BitVecEq - let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in () -open BitVec.Intrinsics {mk_bv, specialized_mm256_mullo_epi16, mm256_srli_epi16, mm256_set_epi16, mm256_mullo_epi16} - -open FStar.Tactics.V2 -open Tactics.Utils - -let rw_get_bit_cast #t #u - (x: int_t t) (nth: usize) - : Lemma (requires v nth < bits u /\ v nth < bits u) - (ensures eq2 #bit (get_bit (cast_mod #t #u x) nth) (if v nth < bits t then get_bit x nth else 0)) - [SMTPat (get_bit (cast_mod #t #u x) nth)] - = () - -let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t) - (ensures eq2 #bit (get_bit (x >>! y) i ) - (if v i < bits t - v y - then get_bit x (mk_int (v i + v y)) - else if signed t - then get_bit x (mk_int (bits t - 1)) - else 0)) - = () - -open Tactics.Utils - -/// This lemma takes care of specializing `mm256_mullo_epi16` -let mm256_mullo_epi16_rewrite () = - norm [primops; iota; zeta; delta_only [`%mm256_mullo_epi16]]; - pointwise_or_refl (fun _ -> - let?# (lhs, _, _) = expect_lhs_eq_rhs () in - let?# (f, _) = expect_app_n lhs 3 in - let?# _ = expect_free_var f (`%BitVec.Equality.bv_equality) in - apply_lemma_rw_eqtype (`BitVec.Equality.rewrite); - Some () - ) - -#push-options "--compat_pre_core 2" let deserialize_1_ (bytes: t_Slice u8) = - assume (Seq.length bytes == 2); let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - // WARNING: using `BitVec.Intrinsics.mm256_set_epi16` here for now, we need to bind it in extract_avx2.rs - mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) @@ -64,34 +22,15 @@ let deserialize_1_ (bytes: t_Slice u8) = (cast (bytes.[ sz 0 ] <: u8) <: i16) in let shift_lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - mm256_set_epi16 (1s < - mm256_mullo_epi16_rewrite (); - let light_norm () = norm [ iota; primops; zeta_full - ; delta_only [`%bit_vec_of_int_t_array;`%bits;`%Lib.IntTypes.bits] - ; delta_namespace ["FStar"] - ] in - light_norm (); - Tactics.Seq.norm_index (); - Tactics.MachineInts.(transform norm_machine_int_term); - light_norm (); - norm [primops; iota; zeta_full; delta_namespace ["Libcrux_intrinsics.Avx2_extract";"BitVec.Intrinsics"; implode_qn (cur_module ()); "FStar"]]; - print ("Ask SMT: " ^ term_to_string (cur_goal ())); - smt_sync () - )) - ); - result + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients shift_lsb_to_msb + in + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb let deserialize_10_ (bytes: t_Slice u8) = let shift_lsbs_to_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -271,65 +210,23 @@ let deserialize_5_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 11l coefficients -#push-options "--compat_pre_core 0" -#push-options "--z3rlimit 90" let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15 vector + Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15l vector in let low_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 lsb_to_msb in let high_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1 lsb_to_msb + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l lsb_to_msb in let msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_packs_epi16 low_msbs high_msbs in let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in - let x = cast (bits_packed <: i32) <: u8 in - let y = cast (bits_packed >>! 8l <: i32) <: u8 in - let l = [x; y] in - assert_norm (List.length l == 2); - let arr: t_Array u8 (sz 2) = Seq.seq_of_list l in - let ll = bit_vec_of_int_t_array arr 8 in - assume (forall (i: nat {i < 256}). vector i == (if i % 16 = 0 then vector i else 0)); - // HERE: the bound should be 16, not 8 - let _ = (forall (i: nat {i < 16}). ll i == vector (i * 16)) in - // assert (forall (i: nat {i < 16}). get_bit y (sz 7) == vector (i * 16)) by ( - assert (forall (i: nat {i < 16}). ll i == vector (i * 16)) by ( - Tactics.Utils.prove_forall_nat_pointwise (fun _ -> - norm [iota; primops; delta_only [`%cast; `%cast_tc_integers]]; - l_to_r [`rw_get_bit_cast]; - let light_norm () = norm [ iota; primops; zeta_full - ; delta_only [`%bit_vec_of_int_t_array;`%bits;`%Lib.IntTypes.bits] - ; delta_namespace ["FStar"] - ] in - light_norm (); - Tactics.Seq.norm_index (); - l_to_r[`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `get_bit_shr]; - Tactics.MachineInts.(transform norm_machine_int_term); - light_norm (); - norm [primops; iota; zeta_full; delta_only [ - `%Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8; - `%BitVec.Intrinsics.mm_movemask_epi8; - ]]; - l_to_r [`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `get_bit_shr]; - let _ = rewrite_lhs () in - flip (); - trefl (); - l_to_r [`rw_get_bit_shr]; - Tactics.MachineInts.(transform norm_machine_int_term); - l_to_r [`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `get_bit_shr]; - light_norm (); - norm [primops; iota; zeta_full; delta_namespace ["Libcrux_intrinsics.Avx2_extract";"BitVec.Intrinsics"; "FStar"]]; - dump' "Goal:"; - smt_sync (); - dump' "Success"; - smt () - ) - ); - Seq.seq_of_list l + let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); + Rust_primitives.Hax.array_of_list 2 list let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 1b0e7f569..9a88facf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -36,12 +36,7 @@ let deserialize_10_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_11_int (bytes: t_Slice u8) = let r0:i16 = @@ -82,12 +77,7 @@ let deserialize_11_int (bytes: t_Slice u8) = ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_12_int (bytes: t_Slice u8) = let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in @@ -95,10 +85,7 @@ let deserialize_12_int (bytes: t_Slice u8) = let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16) = r0, r1 <: (i16 & i16) in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1 <: (i16 & i16) let deserialize_4_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in @@ -109,12 +96,7 @@ let deserialize_4_int (bytes: t_Slice u8) = let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let deserialize_5_int (bytes: t_Slice u8) = let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in @@ -153,13 +135,7 @@ let deserialize_5_int (bytes: t_Slice u8) = i16 in let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in - let result:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#push-options "--z3rlimit 480 --split_queries always" + v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) let serialize_10_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -176,12 +152,7 @@ let serialize_10_int (v: t_Slice i16) = (cast (((v.[ sz 2 ] <: i16) >>! 4l <: i16) &. 63s <: i16) <: u8) in let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8 & u8 & u8) = r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#pop-options + r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) let serialize_11_int (v: t_Slice i16) = let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in @@ -216,14 +187,9 @@ let serialize_11_int (v: t_Slice i16) = (cast ((v.[ sz 6 ] <: i16) >>! 6l <: i16) <: u8) in let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 + <: + (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) let serialize_12_int (v: t_Slice i16) = let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in @@ -235,10 +201,7 @@ let serialize_12_int (v: t_Slice i16) = u8 in let r2:u8 = cast (((v.[ sz 1 ] <: i16) >>! 4l <: i16) &. 255s <: i16) <: u8 in - let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in - let result:(u8 & u8 & u8) = r0, r1, r2 <: (u8 & u8 & u8) in - let _:Prims.unit = admit () (* Panic freedom *) in - result + r0, r1, r2 <: (u8 & u8 & u8) let serialize_4_int (v: t_Slice i16) = let result0:u8 = @@ -253,20 +216,7 @@ let serialize_4_int (v: t_Slice i16) = let result3:u8 = ((cast (v.[ sz 7 ] <: i16) <: u8) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 10)) 8 (MkSeq.create8 tuple) 10 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 10)) + Prims.l_True + (fun _ -> Prims.l_True) val deserialize_11_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires Core.Slice.impl__len #u8 bytes =. sz 11) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 11)) 8 (MkSeq.create8 tuple) 11 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 11)) + Prims.l_True + (fun _ -> Prims.l_True) val deserialize_12_int (bytes: t_Slice u8) - : Prims.Pure (i16 & i16) - (requires Core.Slice.impl__len #u8 bytes =. sz 3) - (ensures - fun tuple -> - let tuple:(i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 3)) 8 (MkSeq.create2 tuple) 12 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create2 tuple) i) 12)) + : Prims.Pure (i16 & i16) Prims.l_True (fun _ -> Prims.l_True) val deserialize_4_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires Core.Slice.impl__len #u8 bytes =. sz 4) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 4)) 8 (MkSeq.create8 tuple) 4 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) + Prims.l_True + (fun _ -> Prims.l_True) val deserialize_5_int (bytes: t_Slice u8) : Prims.Pure (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - (requires Core.Slice.impl__len #u8 bytes =. sz 5) - (ensures - fun tuple -> - let tuple:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = tuple in - BitVecEq.int_t_array_bitwise_eq' (bytes <: t_Array _ (sz 5)) 8 (MkSeq.create8 tuple) 5 /\ - (forall i. Rust_primitives.bounded (Seq.index (MkSeq.create8 tuple) i) 4)) + Prims.l_True + (fun _ -> Prims.l_True) val serialize_10_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 4)) 10 (MkSeq.create5 tuple) 8) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) val serialize_11_int (v: t_Slice i16) : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ - (forall i. Rust_primitives.bounded (Seq.index v i) 11)) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 11 (MkSeq.create11 tuple) 8) + Prims.l_True + (fun _ -> Prims.l_True) val serialize_12_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 2 /\ - (forall i. Rust_primitives.bounded (Seq.index v i) 12)) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 2)) 12 (MkSeq.create3 tuple) 8) + : Prims.Pure (u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 4) - ) - (fun _ -> Prims.l_True) + : Prims.Pure (u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) val serialize_5_int (v: t_Slice i16) - : Prims.Pure (u8 & u8 & u8 & u8 & u8) - (requires - Core.Slice.impl__len #i16 v =. sz 8 /\ (forall i. Rust_primitives.bounded (Seq.index v i) 5) - ) - (ensures - fun tuple -> - let tuple:(u8 & u8 & u8 & u8 & u8) = tuple in - BitVecEq.int_t_array_bitwise_eq' (v <: t_Array _ (sz 8)) 5 (MkSeq.create5 tuple) 8) + : Prims.Pure (u8 & u8 & u8 & u8 & u8) Prims.l_True (fun _ -> Prims.l_True) val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) From 89af0677a8f0df11946f5cad58770e5bbc1b3671 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sat, 31 Aug 2024 20:13:50 +0000 Subject: [PATCH 189/348] wip --- Cargo.lock | 42 +-- .../fstar-bitvec/BitVec.Intrinsics.fsti | 15 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 2 + libcrux-intrinsics/src/avx2_extract.rs | 8 +- .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 351 ------------------ 5 files changed, 35 insertions(+), 383 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst diff --git a/Cargo.lock b/Cargo.lock index aab24163c..1f9f0f6d1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.76", + "syn 2.0.77", "which", ] @@ -319,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,20 +712,20 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#66b7683b9238b04c828ca887fa134ee08fc2c873" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "proc-macro2", "quote", @@ -1205,7 +1205,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1372,7 +1372,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1560,18 +1560,18 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" dependencies = [ "bitflags", "errno", @@ -1638,7 +1638,7 @@ checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1737,9 +1737,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.76" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -1858,7 +1858,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", "wasm-bindgen-shared", ] @@ -1892,7 +1892,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1926,7 +1926,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -2084,7 +2084,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -2104,5 +2104,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index 480f19738..1df39c089 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -7,24 +7,25 @@ open FStar.Mul (*** BitVec related utils *) open FStar.FunctionalExtensionality open BitVec.Equality {bv_equality} +open Rust_primitives.BitVectors let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f (*** The intrinsics *) -let mm256_slli_epi16 (shift: nat {shift <= 16}) (vec: bit_vec 256): bit_vec 256 +let mm256_slli_epi16 (shift: i32 {v shift >= 0 /\ v shift <= 16}) (vec: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in - if nth_bit >= shift - then vec (i - shift) + if nth_bit >= v shift + then vec (i - v shift) else 0) -let mm256_srli_epi16 (shift: nat {shift <= 16}) (vec: bit_vec 256): bit_vec 256 +let mm256_srli_epi16 (shift: i32 {v shift >= 0 /\ v shift <= 16}) (vec: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in - if nth_bit < 16 - shift then vec (i + shift) else 0) + if nth_bit < 16 - v shift then vec (i + v shift) else 0) let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec i) -let mm256_extracti128_si256 (control: nat {control == 1}) (vec: bit_vec 256): bit_vec 128 +let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec (i + 128)) private let saturate8 (v: bit_vec 16): bit_vec 8 @@ -154,5 +155,5 @@ let tassert (x: bool): Tac unit private let example: bit_vec 256 = mk_bv (fun i -> if i % 16 = 15 then 1 else 0) private let x = bv_to_string example -private let y = bv_to_string (mm256_srli_epi16 15 example) +private let y = bv_to_string (mm256_srli_epi16 15l example) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index cdf663096..8d68fd457 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -4,8 +4,10 @@ open Core open FStar.Mul unfold type t_Vec128 = bit_vec 128 + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) unfold type t_Vec256 = bit_vec 256 + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 202438398..1c90c05d6 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -5,14 +5,14 @@ #[cfg(hax)] #[derive(Clone, Copy)] -#[hax_lib::opaque_type] -#[hax_lib::fstar::replace(interface, "unfold type $:{Vec256} = bit_vec 256")] +#[hax_lib::fstar::replace(interface, "unfold type $:{Vec256} = bit_vec 256 + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] pub struct Vec256(u8); #[cfg(hax)] #[derive(Copy, Clone)] -#[hax_lib::fstar::replace(interface, "unfold type $:{Vec128} = bit_vec 128")] -#[hax_lib::opaque_type] +#[hax_lib::fstar::replace(interface, "unfold type $:{Vec128} = bit_vec 128 + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] pub struct Vec128(u8); #[cfg(not(hax))] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst deleted file mode 100644 index acdcf619b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst +++ /dev/null @@ -1,351 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - in - let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - in - let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - in - let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - in - let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - in - let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - in - let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_10_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_10_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_10_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_10_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_10_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r0_10_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r0_10_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r0_10_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r0_10_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r0_10_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r0_10_._11 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r11_21_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r11_21_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r11_21_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r11_21_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r11_21_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r11_21_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r11_21_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r11_21_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r11_21_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 20) r11_21_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 21) r11_21_._11 - in - result - -let to_i16_array (v: t_PortableVector) = v.f_elements - -let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:t_PortableVector = zero () in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 0) v0_7_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 1) v0_7_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 2) v0_7_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 3) v0_7_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 4) v0_7_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 5) v0_7_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 6) v0_7_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 7) v0_7_._8 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 8) v8_15_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 9) v8_15_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 10) v8_15_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 11) v8_15_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 12) v8_15_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 13) v8_15_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 14) v8_15_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 15) v8_15_._8 - } - <: - t_PortableVector - in - v From 56eed0a307611d5e3622479a76b76cac7bda4dac Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sat, 31 Aug 2024 21:04:53 +0000 Subject: [PATCH 190/348] verifying --- .../Libcrux_ml_kem.Vector.Portable.Arithmetic.fst | 10 +++++++++- libcrux-ml-kem/src/vector/portable/arithmetic.rs | 4 +++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index da78ce70c..bcafbb1c6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -65,7 +65,7 @@ let barrett_reduce_element (value: i16) = #pop-options -#push-options "--z3rlimit 300 --split_queries always" +#push-options "--z3rlimit 500 --split_queries always" let montgomery_reduce_element (value: i32) = let _:i32 = v_MONTGOMERY_R in @@ -161,11 +161,15 @@ let montgomery_reduce_element (value: i32) = #pop-options +#push-options "--z3rlimit 300" + let montgomery_multiply_fe_by_fer (fe fer: i16) = let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer in let product:i32 = (cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) in montgomery_reduce_element product +#pop-options + let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -310,6 +314,8 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--z3rlimit 150" + let montgomery_multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) @@ -347,6 +353,8 @@ let montgomery_multiply_by_constant in v +#pop-options + let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 4d72204a3..00e5bf81f 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -186,7 +186,7 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { /// In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. /// And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 /// -#[hax_lib::fstar::options("--z3rlimit 300 --split_queries always")] +#[hax_lib::fstar::options("--z3rlimit 500 --split_queries always")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\\ @@ -270,6 +270,7 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { /// `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a representative /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 300")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 fer")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ v result % 3329 == (v fe * v fer * 169) % 3329")))] @@ -283,6 +284,7 @@ pub(crate) fn montgomery_multiply_fe_by_fer( } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 150")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 c")))] pub(crate) fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { From aa003c81eee56e9fd33c424dfc5a9a4cf827fa5e Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sat, 31 Aug 2024 21:10:31 +0000 Subject: [PATCH 191/348] fmt --- libcrux-intrinsics/src/avx2_extract.rs | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 1c90c05d6..6215c7de7 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -5,14 +5,20 @@ #[cfg(hax)] #[derive(Clone, Copy)] -#[hax_lib::fstar::replace(interface, "unfold type $:{Vec256} = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)")] +#[hax_lib::fstar::replace( + interface, + "unfold type $:{Vec256} = bit_vec 256 + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)" +)] pub struct Vec256(u8); #[cfg(hax)] #[derive(Copy, Clone)] -#[hax_lib::fstar::replace(interface, "unfold type $:{Vec128} = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)")] +#[hax_lib::fstar::replace( + interface, + "unfold type $:{Vec128} = bit_vec 128 + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)" +)] pub struct Vec128(u8); #[cfg(not(hax))] From 87ab89d6020ae6cb38dc885cae15e2fb49f5e209 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sat, 31 Aug 2024 21:16:08 +0000 Subject: [PATCH 192/348] fstar feat --- fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index 1df39c089..a246794d6 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -6,7 +6,7 @@ open FStar.Mul (*** BitVec related utils *) open FStar.FunctionalExtensionality -open BitVec.Equality {bv_equality} +open BitVec.Equality open Rust_primitives.BitVectors let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f From 894d5ee44936b4f157af4e25d32cedd64d41f137 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 31 Aug 2024 23:32:13 +0200 Subject: [PATCH 193/348] arithmetic --- .../Libcrux_intrinsics.Avx2_extract.fsti | 8 +- libcrux-intrinsics/src/avx2_extract.rs | 3 + .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 83 ++++++++++++++++++- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 2 + .../proofs/fstar/spec/Spec.Utils.fst | 3 + libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 31 +++++-- .../src/vector/portable/arithmetic.rs | 2 + 7 files changed, 123 insertions(+), 9 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 32ff380c3..219d91c92 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -133,7 +133,13 @@ val mm256_sllv_epi32 (vector counts: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec256 + (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec256_as_i16x16 vector)) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 6d6b5f6ab..699093416 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -233,6 +233,9 @@ pub fn mm256_xor_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (vec256_as_i16x16 $vector)"))] pub fn mm256_srai_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); unimplemented!() diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 43625afda..5bfd11bc7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -64,7 +64,16 @@ let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 v_SHIFT_BY vector in - let _:Prims.unit = admit () (* Panic freedom *) in + let _:Prims.unit = + Spec.Utils.lemma_map_index #_ + #_ + #(sz 16) + (fun x -> x >>! v_SHIFT_BY) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + in result let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = @@ -94,25 +103,93 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector quotient_times_field_modulus +let get_ith v i = Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 v) i + +#push-options "--z3rlimit 500" let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in + let _:Prims.unit = + Spec.Utils.lemma_create_index #_ (sz 16) Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in let vv_minus_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector field_modulus in + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ + #_ + #_ + #(sz 16) + ( -. ) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 field_modulus) + in + assume (forall i. Spec.Utils.is_i16b (pow2 12 - 1) (get_ith vector i)); + assert (forall i. get_ith vv_minus_field_modulus i == get_ith vector i -. 3329s); + assert (forall i. v (get_ith vv_minus_field_modulus i) == v (get_ith vector i) - 3329); let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus in + let _:Prims.unit = + Spec.Utils.lemma_map_index #_ + #_ + #(sz 16) + (fun x -> x >>! 15l) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vv_minus_field_modulus) + in + assume (forall (x:i16). v x < 0 ==> x >>! 15l == ones); + assume (forall (x:i16). v x >= 0 ==> x >>! 15l == 0s); + assert (forall i. get_ith sign_mask i == ((get_ith vv_minus_field_modulus i) >>! 15l)); + assert (forall i. get_ith sign_mask i == + (if (v (get_ith vector i) - 3329) < 0 then ones else 0s)); let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ + #_ + #_ + #(sz 16) + ( &. ) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 sign_mask) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 field_modulus) + in + assume (forall (x:i16). (x &. ones) == x); + assume (forall (x:i16). (x &. 0s) == 0s); + assume (forall (x:i16). (ones &. x) == x); + assume (forall (x:i16). (0s &. x) == 0s); + assert (forall i. get_ith conditional_add_field_modulus i == + (if (v (get_ith vector i) - 3329) < 0 then 3329s else 0s)); let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Spec.Utils.lemma_map2_index #_ + #_ + #_ + #(sz 16) + ( +. ) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vv_minus_field_modulus) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 conditional_add_field_modulus) + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + assert (forall i. get_ith result i == + (if (v (get_ith vector i) - 3329) < 0 then get_ith vector i else get_ith vector i -. 3329s)); + assert (forall i. get_ith result i == + (if (get_ith vector i) >=. 3329s then get_ith vector i -. 3329s else get_ith vector i)); + assert (forall i. get_ith result i == (fun x -> if x >=. 3329s then x -! 3329s else x) (get_ith vector i)); + Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> if x >=. 3329s then x -! 3329s else x) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); + assert (forall i. Seq.index + (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) i == + (fun x -> if x >=. 3329s then x -! 3329s else x) (get_ith vector i)); + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)); + result let montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index ad8feb610..92357766f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -97,6 +97,8 @@ val bitwise_and_with_constant let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in result.f_elements == Spec.Utils.map_array (fun x -> x &. c) (vec.f_elements)) +/// Note: This function is not secret independent +/// Only use with public values. val cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector Prims.l_True diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 3f4c44f2d..62d7d81ec 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -36,6 +36,9 @@ let lemma_map_index #a #b #len f x: let lemma_map2_index #a #b #c #len f x y : Lemma (forall i. Seq.index (map2 #a #b #c #len f x y) i == f (Seq.index x i) (Seq.index y i)) = admit () +let lemma_bitand_properties #t (x:int_t t) : + Lemma (x &. ones == x /\ x &. mk_int #t 0 == mk_int #t 0 /\ ones #t &. x == x /\ mk_int #t 0 &. x == mk_int #t 0) = admit() + #push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index dc2e3ce23..c577c27b2 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -52,13 +52,18 @@ pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] #[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { - mm256_srai_epi16::<{ SHIFT_BY }>(vector) + let result = mm256_srai_epi16::<{ SHIFT_BY }>(vector); + hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! ${SHIFT_BY}) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}); + Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + result } // #[inline(always)] @@ -67,20 +72,36 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { // } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] + Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("Spec.Utils.lemma_create_index #_ (sz 16) ${FIELD_MODULUS}"); // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (-.) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $field_modulus)"); + let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); + hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! 15l) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $v_minus_field_modulus)"); // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); - mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus) + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (&.) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $sign_mask) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $field_modulus)"); + + let result = mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); + hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (+.) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $v_minus_field_modulus) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $conditional_add_field_modulus)"); + + result } const BARRETT_MULTIPLIER: i16 = 20159; diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index dc1943ebd..87de8ab74 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -122,6 +122,8 @@ pub fn shift_right(mut vec: PortableVector) -> PortableVect vec } +/// Note: This function is not secret independent +/// Only use with public values. #[inline(always)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"))] From 0ad4043d187093bf8f10286f1132d00e452a1400 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 2 Sep 2024 12:00:02 +0000 Subject: [PATCH 194/348] Use z3refresh on tactic calls for serialize.rs --- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 16 ++++++------- .../src/vector/portable/serialize.rs | 24 +++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 001466fff..4f479ac21 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -276,7 +276,7 @@ let deserialize_1_ (v: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) : squash ( @@ -327,7 +327,7 @@ let deserialize_10_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) : squash ( @@ -450,7 +450,7 @@ let deserialize_12_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) : squash ( @@ -501,7 +501,7 @@ let deserialize_4_ (bytes: t_Slice u8) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) : squash ( @@ -647,7 +647,7 @@ let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); Rust_primitives.Hax.array_of_list 2 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 1)) @@ -720,7 +720,7 @@ let serialize_10_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 20); Rust_primitives.Hax.array_of_list 20 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 10)) @@ -864,7 +864,7 @@ let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVecto FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 24); Rust_primitives.Hax.array_of_list 24 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 12)) @@ -922,7 +922,7 @@ let serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 8); Rust_primitives.Hax.array_of_list 8 list -#push-options "--compat_pre_core 2 --z3rlimit 300" +#push-options "--compat_pre_core 2 --z3rlimit 300 --z3refresh" let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 4)) diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index 5a9947fb2..e10194a40 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -30,7 +30,7 @@ let serialize_1_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_1_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 1)) @@ -74,7 +74,7 @@ let deserialize_1_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_1_bit_vec_lemma (v: t_Array u8 (sz 2)) : squash ( @@ -155,7 +155,7 @@ let serialize_4_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_4_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 4)) @@ -215,7 +215,7 @@ let deserialize_4_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_4_bit_vec_lemma (v: t_Array u8 (sz 8)) : squash ( @@ -283,7 +283,7 @@ pub(crate) fn serialize_5_int(v: &[i16]) -> (u8, u8, u8, u8, u8) { // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let serialize_5_bit_vec_lemma (v: t_Array i16 (sz 16)) // (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 5)) @@ -345,7 +345,7 @@ pub(crate) fn deserialize_5_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let deserialize_5_bit_vec_lemma (v: t_Array u8 (sz 10)) // : squash ( @@ -413,7 +413,7 @@ let serialize_10_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_10_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 10)) @@ -469,7 +469,7 @@ let deserialize_10_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_10_bit_vec_lemma (v: t_Array u8 (sz 20)) : squash ( @@ -543,7 +543,7 @@ pub(crate) fn serialize_11_int(v: &[i16]) -> (u8, u8, u8, u8, u8, u8, u8, u8, u8 // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let serialize_11_bit_vec_lemma (v: t_Array i16 (sz 16)) // (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 11)) @@ -597,7 +597,7 @@ pub(crate) fn deserialize_11_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, // #pop-options // "))] // #[cfg_attr(hax, hax_lib::fstar::after(" -// #push-options \"--compat_pre_core 2 --z3rlimit 300\" +// #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" // let deserialize_11_bit_vec_lemma (v: t_Array u8 (sz 22)) // : squash ( @@ -663,7 +663,7 @@ let serialize_12_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let serialize_12_bit_vec_lemma (v: t_Array i16 (sz 16)) (_: squash (forall i. Rust_primitives.bounded (Seq.index v i) 12)) @@ -726,7 +726,7 @@ let deserialize_12_lemma inputs = #pop-options "))] #[cfg_attr(hax, hax_lib::fstar::after(" -#push-options \"--compat_pre_core 2 --z3rlimit 300\" +#push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" let deserialize_12_bit_vec_lemma (v: t_Array u8 (sz 24)) : squash ( From 37d4f52ecd6348bee53feae7e4270f9849633f47 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Mon, 2 Sep 2024 14:50:15 +0200 Subject: [PATCH 195/348] makefile: add a `SLOW_MODULES` variable --- fstar-helpers/Makefile.base | 11 ++++++- fstar-helpers/Makefile.generic | 1 + fstar-helpers/fstar-bitvec/Makefile | 31 ------------------- .../proofs/fstar/extraction/Makefile | 4 ++- 4 files changed, 14 insertions(+), 33 deletions(-) diff --git a/fstar-helpers/Makefile.base b/fstar-helpers/Makefile.base index e7c57847f..b4e0d962b 100644 --- a/fstar-helpers/Makefile.base +++ b/fstar-helpers/Makefile.base @@ -1,5 +1,14 @@ # Base Makefile for F* in libcrux. # This inherits from Makefile.generic, and adds the `specs` folder from HACL and the `libcrux-ml-kem/proofs/fstar/spec` folder. -FSTAR_INCLUDE_DIRS_EXTRA = $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec +VERIFY_SLOW_MODULES ?= no +ifeq (${VERIFY_SLOW_MODULES},no) + ADMIT_MODULES += ${SLOW_MODULES} +endif + +EXTRA_HELPMESSAGE += printf "Libcrux specifics:\n"; +EXTRA_HELPMESSAGE += target SLOW_MODULES 'a list of modules to verify fully only when `VERIFY_SLOW_MODULES` is set to `yes`. When `VERIFY_SLOW_MODULES`, those modules are admitted.'; +EXTRA_HELPMESSAGE += target VERIFY_SLOW_MODULES '`yes` or `no`, defaults to `no`'; + +FSTAR_INCLUDE_DIRS_EXTRA += $(HACL_HOME)/specs $(shell git rev-parse --show-toplevel)/libcrux-ml-kem/proofs/fstar/spec $(shell git rev-parse --show-toplevel)/fstar-helpers/fstar-bitvec include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.generic diff --git a/fstar-helpers/Makefile.generic b/fstar-helpers/Makefile.generic index ce340b346..0a40da2d8 100644 --- a/fstar-helpers/Makefile.generic +++ b/fstar-helpers/Makefile.generic @@ -196,6 +196,7 @@ echo "Variables:" target "NO_COLOR" "Set to anything to disable colors" target "ADMIT_MODULES" "List of modules where F* will assume every SMT query" target "FSTAR_INCLUDE_DIRS_EXTRA" "List of extra include F* dirs" +${EXTRA_HELPMESSAGE} endef export HELPMESSAGE diff --git a/fstar-helpers/fstar-bitvec/Makefile b/fstar-helpers/fstar-bitvec/Makefile index 9cbf41f87..b4ce70a38 100644 --- a/fstar-helpers/fstar-bitvec/Makefile +++ b/fstar-helpers/fstar-bitvec/Makefile @@ -1,32 +1 @@ -ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Ind_cca.fst \ - Libcrux_ml_kem.Ind_cpa.fst \ - Libcrux_ml_kem.Ind_cpa.fsti \ - Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Matrix.fst \ - Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Polynomial.fst \ - Libcrux_ml_kem.Sampling.fst \ - Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ - Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Avx2.Compress.fst \ - Libcrux_ml_kem.Vector.Avx2.fst \ - Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ - Libcrux_ml_kem.Vector.Avx2.Portable.fst \ - Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Neon.Compress.fst \ - Libcrux_ml_kem.Vector.Neon.fst \ - Libcrux_ml_kem.Vector.Neon.Ntt.fst \ - Libcrux_ml_kem.Vector.Neon.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ - Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ - Libcrux_ml_kem.Vector.Traits.fst - include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 9cbf41f87..286a23206 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,4 +1,6 @@ -ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ +SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst + +ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Ind_cca.fst \ Libcrux_ml_kem.Ind_cpa.fst \ Libcrux_ml_kem.Ind_cpa.fsti \ From 61a2488e38bfb18cb3f3c6e08c1f8ebb9e3cd84c Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 2 Sep 2024 13:16:50 +0000 Subject: [PATCH 196/348] refreshed c code --- libcrux-ml-kem/c.yaml | 11 +- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 15 - libcrux-ml-kem/c/internal/libcrux_core.h | 66 +- .../c/internal/libcrux_mlkem_avx2.h | 50 +- .../c/internal/libcrux_mlkem_portable.h | 50 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 46 +- libcrux-ml-kem/c/libcrux_core.c | 68 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 54 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 3567 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 257 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1424 +++---- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 1238 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 754 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg.yaml | 16 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 132 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2785 ++++++------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 810 ++-- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 1311 +++--- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 838 ++-- 45 files changed, 6416 insertions(+), 7510 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 54dea4797..2af7c36be 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_5e ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_27 ] + - [libcrux_sha3, generic_keccak, absorb_final_d9 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] api: - [libcrux_sha3, avx2, "*"] private: @@ -230,3 +230,10 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7a7fb98ac..50e2aa7a6 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 +Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb +Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 +Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7f7dd62b3..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,13 +18,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) -#define EURYDICE_ASSERT(test, msg) \ - do { \ - if (!(test)) { \ - fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ - __FILE__, __LINE__); \ - } \ - } while (0) // SLICES, ARRAYS, ETC. @@ -137,10 +130,6 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } -static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { - store32_le(dst, src); -} - static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -148,7 +137,6 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -200,9 +188,6 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } -static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { - return x < y ? x : y; -} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 5f115384f..3ef2beef6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __internal_libcrux_core_H @@ -81,7 +81,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_781( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( uint8_t value[1568U]); /** @@ -94,7 +94,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_001( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_1d1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( uint8_t value[3168U]); /** @@ -119,7 +119,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_891( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( uint8_t value[1568U]); /** @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_7b1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_941( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -153,7 +153,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]); /** @@ -165,7 +165,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_780( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( uint8_t value[1184U]); /** @@ -178,7 +178,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_000( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -191,7 +191,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_1d0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( uint8_t value[2400U]); /** @@ -203,7 +203,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_890( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_7b0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_940( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]); /** @@ -249,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_78( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( uint8_t value[800U]); /** @@ -262,7 +262,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_00( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_1d( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( uint8_t value[1632U]); /** @@ -287,7 +287,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_89( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( uint8_t value[768U]); /** @@ -298,7 +298,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_7b( +uint8_t *libcrux_ml_kem_types_as_slice_f6_94( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -309,7 +309,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -333,7 +333,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -343,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -355,7 +355,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -366,7 +366,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]); /** @@ -377,7 +377,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -401,7 +401,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -424,7 +424,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -447,7 +447,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -470,7 +470,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e93ae1ee8..debf82f1a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_d21(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_101( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_311( +void libcrux_ml_kem_ind_cca_decapsulate_251( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_d20(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_100( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_310( +void libcrux_ml_kem_ind_cca_decapsulate_250( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_d2(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_31( +void libcrux_ml_kem_ind_cca_decapsulate_25( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 8e73b3cb1..3c3c0e9d3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_141(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_011(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c51( +void libcrux_ml_kem_ind_cca_decapsulate_531( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_140(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_010(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c50( +void libcrux_ml_kem_ind_cca_decapsulate_530( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_14(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c5( +void libcrux_ml_kem_ind_cca_decapsulate_53( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 138336886..a2365b0a1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 0f71ab9de..1002e489a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_ba(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_f3(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -50,7 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -58,15 +58,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } /** @@ -76,7 +76,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_f30(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_ba(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 88b08d8e5..3fd2a5aa7 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_781( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_001( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_1d1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_891( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_7b1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_941( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -196,7 +196,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_780( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_000( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_1d0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_890( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_7b0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_940( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -316,7 +316,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_78( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_00( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_1d( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_89( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_7b( +uint8_t *libcrux_ml_kem_types_as_slice_f6_94( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -421,7 +421,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -440,7 +440,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -460,7 +460,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_be( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -493,7 +493,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; @@ -512,7 +512,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -531,7 +531,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -551,7 +551,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -571,7 +571,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -591,7 +591,7 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -611,7 +611,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 1e71a9e61..66b054b12 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_core_H @@ -229,7 +229,7 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index acf089dba..82fd34954 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index e0a7b2465..9fc3014b2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_5b0( +static void decapsulate_f3( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_310(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_250(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_5b0(private_key, ciphertext, ret); + decapsulate_f3(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ee0( +static void decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ee0(private_key, ciphertext, ret); + decapsulate_unpacked_d1(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_3d0( +static tuple_21 encapsulate_6c( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_100(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_3d0(uu____0, copy_of_randomness); + return encapsulate_6c(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_370( +static tuple_21 encapsulate_unpacked_e9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_370( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_370(uu____0, copy_of_randomness); + return encapsulate_unpacked_e9(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_070( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f70(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_210(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_070(copy_of_randomness); + return generate_keypair_a3(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_910(uint8_t randomness[64U]) { +generate_keypair_unpacked_3e(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_910(copy_of_randomness); + return generate_keypair_unpacked_3e(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_c60(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_d20(public_key); +static bool validate_public_key_ea0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2a0(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_c60(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_c60(public_key.value)) { + if (validate_public_key_ea0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index d29a9d6c7..1e4429f30 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 83b2de6c6..7d72cc93a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_f71( +static void decapsulate_aa( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c51(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_531(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f71(private_key, ciphertext, ret); + decapsulate_aa(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_661( +static void decapsulate_unpacked_0b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_661(private_key, ciphertext, ret); + decapsulate_unpacked_0b(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ae1( +static tuple_21 encapsulate_07( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6b1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ae1(uu____0, copy_of_randomness); + return encapsulate_07(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_861( +static tuple_21 encapsulate_unpacked_7c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_861( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_861(uu____0, copy_of_randomness); + return encapsulate_unpacked_7c(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_141( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_99( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_011(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_651(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_141(copy_of_randomness); + return generate_keypair_99(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_f51(uint8_t randomness[64U]) { +generate_keypair_unpacked_60(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f51(copy_of_randomness); + return generate_keypair_unpacked_60(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_521(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_141(public_key); +static bool validate_public_key_931(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_361(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_521(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_521(public_key.value)) { + if (validate_public_key_931(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index b11dd9849..3bc0c4199 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 8f5c0d2ab..d603ac13b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d7123d46b..d7a9eb950 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_5b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_31(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_25(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_5b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_5b(private_key, ciphertext, ret); + decapsulate_1c(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_ee( +static void decapsulate_unpacked_36( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_ee( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ee(private_key, ciphertext, ret); + decapsulate_unpacked_36(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_3d( +static tuple_ec encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_10(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_3d(uu____0, copy_of_randomness); + return encapsulate_93(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_37( +static tuple_ec encapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_37( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_37(uu____0, copy_of_randomness); + return encapsulate_unpacked_ff(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_07( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c6( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_07(copy_of_randomness); + return generate_keypair_c6(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_91(uint8_t randomness[64U]) { +generate_keypair_unpacked_7a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_91(copy_of_randomness); + return generate_keypair_unpacked_7a(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_c6(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_d2(public_key); +static bool validate_public_key_ea(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_c6(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_c6(public_key.value)) { + if (validate_public_key_ea(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 501ed46db..0aa147efe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 0392adb8d..e8f8433ad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f70( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c50(private_key, ciphertext, ret); +static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_530(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_f70( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f70(private_key, ciphertext, ret); + decapsulate_3e(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_660( +static void decapsulate_unpacked_0e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_660( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_660(private_key, ciphertext, ret); + decapsulate_unpacked_0e(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_ae0( +static tuple_ec encapsulate_d8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6b0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ae0(uu____0, copy_of_randomness); + return encapsulate_d8(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_860( +static tuple_ec encapsulate_unpacked_d7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_860( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_860(uu____0, copy_of_randomness); + return encapsulate_unpacked_d7(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_140( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_010(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_650(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_140(copy_of_randomness); + return generate_keypair_25(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_f50(uint8_t randomness[64U]) { +generate_keypair_unpacked_d1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f50(copy_of_randomness); + return generate_keypair_unpacked_d1(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_520(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_140(public_key); +static bool validate_public_key_930(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_360(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_520(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_520(public_key.value)) { + if (validate_public_key_930(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index d9ad3d85d..28f2a9ad7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 83d4cec1b..6d41768b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index d6a6579c4..71ed1a8ac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_5b1( +static void decapsulate_10( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_311(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_251(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_5b1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_5b1(private_key, ciphertext, ret); + decapsulate_10(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_ee1( +static void decapsulate_unpacked_1f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_ee1( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ee1(private_key, ciphertext, ret); + decapsulate_unpacked_1f(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_3d1( +static tuple_3c encapsulate_6f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_101(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e91(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_3d1(uu____0, copy_of_randomness); + return encapsulate_6f(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_371( +static tuple_3c encapsulate_unpacked_b8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_371( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_371(uu____0, copy_of_randomness); + return encapsulate_unpacked_b8(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_071( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_75( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f71(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_211(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_071(copy_of_randomness); + return generate_keypair_75(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_911(uint8_t randomness[64U]) { +generate_keypair_unpacked_4c(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_911(copy_of_randomness); + return generate_keypair_unpacked_4c(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_c61(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_d21(public_key); +static bool validate_public_key_ea1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2a1(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_c61(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_c61(public_key.value)) { + if (validate_public_key_ea1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 1619dc8e4..1c88c7072 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 93bcd6386..1420d7a72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_f7( +static void decapsulate_64( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_53(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_f7( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f7(private_key, ciphertext, ret); + decapsulate_64(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_66( +static void decapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_66( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_66(private_key, ciphertext, ret); + decapsulate_unpacked_87(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ae( +static tuple_3c encapsulate_eb( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6b(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ae(uu____0, copy_of_randomness); + return encapsulate_eb(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_86( +static tuple_3c encapsulate_unpacked_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_86( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_86(uu____0, copy_of_randomness); + return encapsulate_unpacked_d0(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_14( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_0a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_01(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_14(copy_of_randomness); + return generate_keypair_0a(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_f5(uint8_t randomness[64U]) { +generate_keypair_unpacked_0f(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(copy_of_randomness); + return generate_keypair_unpacked_0f(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_52(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_14(public_key); +static bool validate_public_key_93(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_52(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_52(public_key.value)) { + if (validate_public_key_93(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c53c50b62..f51ce81d2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 8cbdaaea9..db101ec95 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "internal/libcrux_mlkem_avx2.h" @@ -33,39 +33,36 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_vec_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) { + return mm256_setzero_si256(); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ZERO_09(void) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) { return libcrux_ml_kem_vector_avx2_vec_zero(); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); + return mm256_loadu_si256_i16(array); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( - Eurydice_slice array) { +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { + __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t), v); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), + v); int16_t result[16U]; memcpy(result, output, (size_t)16U * sizeof(int16_t)); memcpy(ret, result, (size_t)16U * sizeof(int16_t)); @@ -75,98 +72,84 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_09(core_core_arch_x86___m256i x, - int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { + return mm256_add_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_09( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { + return mm256_sub_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_09( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { + return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( - core_core_arch_x86___m256i v, int16_t c) { +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i v, + int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i vector, int16_t constant) { + return mm256_and_si256(vector, mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = + mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = + mm256_and_si256(sign_mask, field_modulus); + return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -174,558 +157,441 @@ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( See Section 3.2 of the implementation notes document for an explanation of this code. */ -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = mm256_mulhi_epi16( + vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); + __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = mm256_mullo_epi16( + quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return mm256_sub_epi16(vector, quotient_times_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i vector, int16_t constant) { + __m256i constant0 = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(vector, constant0); + return mm256_sub_epi16(value_high, k_times_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + __m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); + __m256i shifted_to_positive_in_range = + mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); + return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_09( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = mm256_mul_epu32(lhs, rhs); + __m256i prod13 = + mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), + mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = mm256_mullo_epi16(v, c); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(v, c); + return mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, + zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, + -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, + zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, + zeta0, zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m128i +KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = mm_mullo_epi16(v, c); + __m128i k = mm_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( + mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = + __m128i k_times_modulus = mm_mulhi_epi16( + k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = mm_mulhi_epi16(v, c); + return mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + rhs, mm_set1_epi16(zeta)); + __m128i lhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + __m256i sum0 = mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + sum0, + mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); + __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); + __m256i sum = mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + sum, + mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + upper_coefficients, mm_set1_epi16(zeta)); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = mm256_mullo_epi16( v, - libcrux_intrinsics_avx2_mm256_set1_epi32( + mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); + return mm256_srai_epi32((int32_t)16, result0, __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = + mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = + mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); + __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i right1 = mm256_mullo_epi32( + right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, + (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, + -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( + rhs, + mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + __m256i products_right1 = + mm256_slli_epi32((int32_t)16, products_right0, __m256i); + return mm256_blend_epi16((int32_t)170, products_left0, products_right1, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = mm_movemask_epi8(msbs); + ret[0U] = (uint8_t)bits_packed; + ret[1U] = (uint8_t)(bits_packed >> 8U); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_1_09( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsb_to_msb = mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_2_combined, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + __m256i combined = mm256_permutevar8x32_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = mm256_castsi256_si128(combined); + mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; @@ -733,7 +599,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -741,100 +607,81 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_4_09( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = + mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); + return mm256_and_si256(coefficients_in_lsb, + mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = mm256_sllv_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = + mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; @@ -843,7 +690,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -851,119 +698,102 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_5_09( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m128i coefficients = + mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = mm256_shuffle_epi8( + coefficients_loaded0, + mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, + (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)1, (int8_t)0)); + __m256i coefficients1 = mm256_mullo_epi16( + coefficients0, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, - uint8_t), - upper_8); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, + (size_t)26U, uint8_t), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -971,68 +801,50 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_10_09( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, + uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_array_to_slice((size_t)16U, array, int16_t)); @@ -1045,18 +857,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_11_09( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector, + uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + return mm256_loadu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t)); } @@ -1064,61 +876,51 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, - uint8_t), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, + (size_t)28U, uint8_t), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1126,73 +928,53 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_12_09( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, + uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, + 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); + __m256i compare_with_field_modulus = + mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -1201,34 +983,27 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + __m128i lower_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); + __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = + mm_shuffle_epi8(lower_coefficients, lower_shuffles0); + mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t), - upper_coefficients0); + __m128i upper_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); + __m128i upper_coefficients = + mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = + mm_shuffle_epi8(upper_coefficients, upper_shuffles0); + mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1246,8 +1021,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_78( - core_core_arch_x86___m256i *self) { +inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { return self[0U]; } @@ -1261,7 +1035,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_28(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_98(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1289,15 +1063,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_to_reduced_ring_element_ce(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } @@ -1310,12 +1083,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_031( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_28();); + deserialized_pk[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1327,7 +1100,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_031( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_60(ring_element); + deserialize_to_reduced_ring_element_ce(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1340,10 +1113,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_cf(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i shift_right_fb(__m256i vector) { + return mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -1355,9 +1126,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_09_73( - core_core_arch_x86___m256i vector) { - return shift_right_cf(vector); +static __m256i shift_right_09_cf(__m256i vector) { + return shift_right_fb(vector); } /** @@ -1366,12 +1136,10 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_0b( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_09_73(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static __m256i to_unsigned_representative_4b(__m256i a) { + __m256i t = shift_right_09_cf(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); } @@ -1381,14 +1149,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_44( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_0b(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_4b(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1406,7 +1173,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_d81( +static KRML_MUSTINLINE void serialize_secret_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1424,7 +1191,7 @@ static KRML_MUSTINLINE void serialize_secret_key_d81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_44(&re, ret0); + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1439,14 +1206,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_c41( +static KRML_MUSTINLINE void serialize_public_key_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_d81(t_as_ntt, ret0); + serialize_secret_key_801(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1466,15 +1233,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_d21(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_031( + deserialize_ring_elements_reduced_f51( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_c41( + serialize_public_key_ac1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1505,7 +1272,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_ab1(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1515,10 +1282,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_fb1( +static void closure_d61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_28();); + ret[i] = ZERO_20_98();); } /** @@ -1528,7 +1295,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_501(uint8_t input[3U][34U]) { +shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1550,11 +1317,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_3f1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_501(copy_of_input); + return shake128_init_absorb_final_4d1(copy_of_input); } /** @@ -1563,7 +1330,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_001( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1597,9 +1364,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_941( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_001(self, ret); + shake128_squeeze_first_three_blocks_6b1(self, ret); } /** @@ -1650,7 +1417,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_973( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1688,7 +1455,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1722,9 +1489,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_dd1(self, ret); + shake128_squeeze_next_block_1b1(self, ret); } /** @@ -1775,7 +1542,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_974( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1818,8 +1585,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); +from_i16_array_20_84(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1836,9 +1603,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_061( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e91( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1848,7 +1615,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f81( +static KRML_MUSTINLINE void sample_from_xof_0c1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1857,25 +1624,25 @@ static KRML_MUSTINLINE void sample_from_xof_f81( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_3f1(copy_of_seeds); + shake128_init_absorb_final_a9_ca1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_941(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6c3( + bool done = sample_from_uniform_distribution_next_973( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_bf1(&xof_state, randomness); + shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6c4( + done = sample_from_uniform_distribution_next_974( copy_of_randomness, sampled_coefficients, out); } } @@ -1884,7 +1651,7 @@ static KRML_MUSTINLINE void sample_from_xof_f81( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_061(copy_of_out[i]);); + ret0[i] = closure_e91(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1896,12 +1663,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_1c1( +static KRML_MUSTINLINE void sample_matrix_A_431( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_fb1(A_transpose[i]);); + closure_d61(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1916,7 +1683,7 @@ static KRML_MUSTINLINE void sample_matrix_A_1c1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_f81(copy_of_seeds, sampled); + sample_from_xof_0c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1960,7 +1727,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_ef2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1998,9 +1765,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_412(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_ef2(input, ret); + PRFxN_1c2(input, ret); } /** @@ -2059,7 +1826,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_53(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2093,7 +1860,7 @@ sample_from_binomial_distribution_2_53(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2104,7 +1871,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_04(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2137,7 +1904,7 @@ sample_from_binomial_distribution_3_04(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2148,8 +1915,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_fb0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_53(randomness); +sample_from_binomial_distribution_cf0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_9b(randomness); } /** @@ -2158,14 +1925,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_cd( +static KRML_MUSTINLINE void ntt_at_layer_7_68( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_09( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); re->coefficients[j] = @@ -2174,8 +1940,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_cd( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -2184,8 +1950,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_99( - core_core_arch_x86___m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_7b(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -2196,9 +1961,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_86(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_99(b, zeta_r); +ntt_layer_int_vec_step_c5(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_7b(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2211,7 +1975,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_82( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2224,11 +1988,11 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_82( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_86( + ntt_layer_int_vec_step_c5( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2241,7 +2005,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_6e( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2257,7 +2021,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_52( +static KRML_MUSTINLINE void ntt_at_layer_2_70( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2276,7 +2040,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_03( +static KRML_MUSTINLINE void ntt_at_layer_1_7e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2303,7 +2067,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_a0( +static KRML_MUSTINLINE void poly_barrett_reduce_20_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2319,17 +2083,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_43( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_cd(re); + ntt_at_layer_7_68(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_6e(&zeta_i, re); - ntt_at_layer_2_52(&zeta_i, re); - ntt_at_layer_1_03(&zeta_i, re); - poly_barrett_reduce_20_a0(re); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_70(&zeta_i, re); + ntt_at_layer_1_7e(&zeta_i, re); + poly_barrett_reduce_20_78(re); } /** @@ -2340,11 +2104,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_821( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_28();); + re_as_ntt[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2356,12 +2120,12 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_821( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_412(prf_inputs, prf_outputs); + PRFxN_a9_512(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_fb0( + re_as_ntt[i0] = sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2386,9 +2150,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_8b(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_15(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2419,14 +2183,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_021( +static KRML_MUSTINLINE void add_to_ring_element_20_f31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( @@ -2440,8 +2203,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_6b( - core_core_arch_x86___m256i v) { +static __m256i to_standard_domain_6b(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2456,13 +2218,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_2c( +static KRML_MUSTINLINE void add_standard_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = to_standard_domain_6b(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -2476,14 +2238,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_251( +static KRML_MUSTINLINE void compute_As_plus_e_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_28();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2504,10 +2266,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_251( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_021(&result0[i1], &product); + ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_f31(&result0[i1], &product); } - add_standard_error_reduce_20_2c(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2526,10 +2288,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_fe1( +static tuple_9b0 generate_keypair_unpacked_f81( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_ab1(key_generation_seed, hashed); + G_a9_681(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2537,15 +2299,15 @@ static tuple_9b0 generate_keypair_unpacked_fe1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_1c1(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_431(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_821(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2557,14 +2319,14 @@ static tuple_9b0 generate_keypair_unpacked_fe1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_821(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_571(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_251(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_4b1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -2612,10 +2374,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_4e1( +static void closure_1c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_28();); + ret[i] = ZERO_20_98();); } /** @@ -2628,14 +2390,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_94( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -2648,7 +2409,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_311(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2666,7 +2427,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2675,18 +2436,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_fe1(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_f81(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_4e1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_94(&ind_cpa_public_key.A[j][i1]); + clone_3a_4a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2696,19 +2457,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_911( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_c41( + serialize_public_key_ac1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_311(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -2744,17 +2505,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_f81( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_fe1(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_f81(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_c41( + serialize_public_key_ac1( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_d81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_801(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2778,7 +2539,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_561( +static KRML_MUSTINLINE void serialize_kem_secret_key_c91( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2804,7 +2565,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_561( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_311(public_key, ret0); + H_a9_651(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2833,7 +2594,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2842,13 +2603,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_1c1(ind_cpa_keypair_randomness); + generate_keypair_f81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_561( + serialize_kem_secret_key_c91( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2857,13 +2618,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_1d0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_000( - uu____2, libcrux_ml_kem_types_from_07_780(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_750( + uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); } /** @@ -2875,10 +2636,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_611(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_28();); + error_1[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2890,11 +2651,11 @@ sample_ring_element_cbd_611(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_412(prf_inputs, prf_outputs); + PRFxN_a9_512(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_fb0( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2915,7 +2676,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_c90(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2932,9 +2693,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_264(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, uint8_t ret[128U]) { - PRF_c90(input, ret); + PRF_420(input, ret); } /** @@ -2943,7 +2704,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_18( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2967,7 +2728,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_38( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_e4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2987,7 +2748,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3005,14 +2766,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_76(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_09(b, &a); +inv_ntt_layer_int_vec_step_reduce_e9(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_99(a_minus_b, zeta_r); + b = montgomery_multiply_fe_7b(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -3023,7 +2781,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_44( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3038,11 +2796,11 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_44( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_76( + inv_ntt_layer_int_vec_step_reduce_e9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -3055,18 +2813,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_321( +static KRML_MUSTINLINE void invert_ntt_montgomery_c51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_18(&zeta_i, re); - invert_ntt_at_layer_2_38(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_a0(re); + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_e4(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_78(re); } /** @@ -3079,13 +2837,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_dd( +static KRML_MUSTINLINE void add_error_reduce_20_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( @@ -3100,14 +2858,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_921( +static KRML_MUSTINLINE void compute_vector_u_641( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_28();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3127,11 +2885,11 @@ static KRML_MUSTINLINE void compute_vector_u_921( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(a_element, &r_as_ntt[j]); - add_to_ring_element_20_021(&result0[i1], &product); + ntt_multiply_20_15(a_element, &r_as_ntt[j]); + add_to_ring_element_20_f31(&result0[i1], &product); } - invert_ntt_montgomery_321(&result0[i1]); - add_error_reduce_20_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_c51(&result0[i1]); + add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -3148,8 +2906,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_ac( - core_core_arch_x86___m256i v) { +static __m256i decompress_1_05(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -3163,16 +2920,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b3(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_09( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_ac(coefficient_compressed);); + re.coefficients[i0] = decompress_1_05(coefficient_compressed);); return re; } @@ -3187,19 +2944,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_25( +add_message_error_reduce_20_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_09( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); @@ -3214,18 +2971,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_871( +compute_ring_element_v_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_021(&result, &product);); - invert_ntt_montgomery_321(&result); - result = add_message_error_reduce_20_25(error_2, message, result); + ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_f31(&result, &product);); + invert_ntt_montgomery_c51(&result); + result = add_message_error_reduce_20_86(error_2, message, result); return result; } @@ -3235,61 +2992,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_33(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_a7(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3301,9 +3040,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_09_f2( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_33(vector); +static __m256i compress_09_b5(__m256i vector) { + return compress_ciphertext_coefficient_a7(vector); } /** @@ -3312,14 +3050,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( +static KRML_MUSTINLINE void compress_then_serialize_10_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_09_f2(to_unsigned_representative_0b(re->coefficients[i0])); + __m256i coefficient = + compress_09_b5(to_unsigned_representative_4b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3336,61 +3074,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_330(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_a70(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3402,9 +3122,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_09_f20( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_330(vector); +static __m256i compress_09_b50(__m256i vector) { + return compress_ciphertext_coefficient_a70(vector); } /** @@ -3414,10 +3133,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d3( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); + compress_then_serialize_10_a8(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3430,7 +3149,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a91( +static void compress_then_serialize_u_521( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3446,7 +3165,7 @@ static void compress_then_serialize_u_a91( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d3(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3458,61 +3177,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_331(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_a71(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3524,9 +3225,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_09_f21( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_331(vector); +static __m256i compress_09_b51(__m256i vector) { + return compress_ciphertext_coefficient_a71(vector); } /** @@ -3535,7 +3235,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_f8( +static KRML_MUSTINLINE void compress_then_serialize_4_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3543,8 +3243,8 @@ static KRML_MUSTINLINE void compress_then_serialize_4_f8( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_09_f21(to_unsigned_representative_0b(re.coefficients[i0])); + __m256i coefficient = + compress_09_b51(to_unsigned_representative_4b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3560,61 +3260,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_332(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_a72(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3626,9 +3308,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_09_f22( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_332(vector); +static __m256i compress_09_b52(__m256i vector) { + return compress_ciphertext_coefficient_a72(vector); } /** @@ -3637,7 +3318,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a5( +static KRML_MUSTINLINE void compress_then_serialize_5_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3645,8 +3326,8 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a5( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_09_f22(to_unsigned_representative_0b(re.coefficients[i0])); + __m256i coefficients = + compress_09_b52(to_unsigned_representative_4b(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3665,7 +3346,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_f8(re, out); + compress_then_serialize_4_42(re, out); } /** @@ -3685,15 +3366,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_751( +static void encrypt_unpacked_ac1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_821(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3703,7 +3384,7 @@ static void encrypt_unpacked_751( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_611(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_b31(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3711,27 +3392,27 @@ static void encrypt_unpacked_751( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_fb0( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_921(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_641(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b3(copy_of_message); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_871(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_6c1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_a91( + compress_then_serialize_u_521( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -3759,11 +3440,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -3773,7 +3454,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3786,7 +3467,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_751(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ac1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3796,7 +3477,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_111( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3817,11 +3498,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_831(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_8d1(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -3841,22 +3522,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_c31(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_031( + deserialize_ring_elements_reduced_f51( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_1c1(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_431(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -3886,7 +3567,7 @@ static void encrypt_c31(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_751(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_ac1(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3901,11 +3582,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_7c1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -3927,27 +3608,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_101( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_831( + entropy_preprocess_af_8d1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_311(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3955,19 +3636,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_101( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_c31(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_7c1(shared_secret, shared_secret_array); + kdf_af_e51(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3986,58 +3667,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_ee(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_2f(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4050,9 +3712,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_19( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_ee(vector); +static __m256i decompress_ciphertext_coefficient_09_ab(__m256i vector) { + return decompress_ciphertext_coefficient_2f(vector); } /** @@ -4062,21 +3723,20 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_9f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_then_decompress_10_04(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); LowStar_Ignore_ignore( - Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i), + Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), + __m256i), size_t, void *); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_19(coefficient); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab(coefficient); } return re; } @@ -4087,58 +3747,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_ee0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_2f0(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4151,9 +3792,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_190( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_ee0(vector); +static __m256i decompress_ciphertext_coefficient_09_ab0(__m256i vector) { + return decompress_ciphertext_coefficient_2f0(vector); } /** @@ -4163,16 +3803,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_3c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_then_decompress_11_0a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_190(coefficient); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab0(coefficient); } return re; } @@ -4184,8 +3823,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_88(Eurydice_slice serialized) { - return deserialize_then_decompress_10_9f(serialized); +deserialize_then_decompress_ring_element_u_07(Eurydice_slice serialized) { + return deserialize_then_decompress_10_04(serialized); } /** @@ -4194,17 +3833,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_fd( +static KRML_MUSTINLINE void ntt_vector_u_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_6e(&zeta_i, re); - ntt_at_layer_2_52(&zeta_i, re); - ntt_at_layer_1_03(&zeta_i, re); - poly_barrett_reduce_20_a0(re); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_70(&zeta_i, re); + ntt_at_layer_1_7e(&zeta_i, re); + poly_barrett_reduce_20_78(re); } /** @@ -4215,12 +3854,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_28();); + u_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -4238,8 +3877,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_88(u_bytes); - ntt_vector_u_fd(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); + ntt_vector_u_bf(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4252,58 +3891,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_ee1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_2f1(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4316,9 +3936,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_191( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_ee1(vector); +static __m256i decompress_ciphertext_coefficient_09_ab1(__m256i vector) { + return decompress_ciphertext_coefficient_2f1(vector); } /** @@ -4328,16 +3947,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_4d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_then_decompress_4_f0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_191(coefficient); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab1(coefficient); } return re; } @@ -4348,58 +3966,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_ee2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_2f2(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4412,9 +4011,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_09_192( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_ee2(vector); +static __m256i decompress_ciphertext_coefficient_09_ab2(__m256i vector) { + return decompress_ciphertext_coefficient_2f2(vector); } /** @@ -4424,8 +4022,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_67(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_then_decompress_5_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4433,7 +4031,7 @@ deserialize_then_decompress_5_67(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_192(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_ab2(re.coefficients[i0]); } return re; } @@ -4445,8 +4043,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_3d(Eurydice_slice serialized) { - return deserialize_then_decompress_4_4d(serialized); +deserialize_then_decompress_ring_element_v_bb(Eurydice_slice serialized) { + return deserialize_then_decompress_4_f0(serialized); } /** @@ -4460,12 +4058,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_45(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( @@ -4482,17 +4080,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c31( +compute_message_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_021(&result, &product);); - invert_ntt_montgomery_321(&result); - result = subtract_reduce_20_f9(v, result); + ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_f31(&result, &product);); + invert_ntt_montgomery_c51(&result); + result = subtract_reduce_20_45(v, result); return result; } @@ -4502,14 +4100,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_6c( +static KRML_MUSTINLINE void compress_then_serialize_message_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_0b(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient = to_unsigned_representative_4b(re.coefficients[i0]); + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); @@ -4531,19 +4128,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_041( +static void decrypt_unpacked_071( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b31(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_3d( + deserialize_then_decompress_ring_element_v_bb( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c31(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c81(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_6c(message, ret0); + compress_then_serialize_message_fc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4552,7 +4149,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_c9(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4569,8 +4166,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_263(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); } /** @@ -4594,14 +4191,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_041(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_071(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4612,7 +4209,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4620,17 +4217,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -4638,11 +4235,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_791( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_751(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ac1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4660,8 +4257,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_03(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_28(); +deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4678,12 +4275,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_c11( +static KRML_MUSTINLINE void deserialize_secret_key_a21( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_28();); + secret_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4695,7 +4292,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_c11( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_03(secret_bytes); + deserialize_to_uncompressed_ring_element_10(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4717,10 +4314,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_951(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_c11(secret_key, secret_as_ntt); + deserialize_secret_key_a21(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4732,7 +4329,7 @@ static void decrypt_951(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_041(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_071(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4758,7 +4355,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_311( +void libcrux_ml_kem_ind_cca_decapsulate_251( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4776,9 +4373,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_311( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_951(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4786,7 +4383,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_311( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4794,31 +4391,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_311( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_c31(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_f01(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_7c1(Eurydice_array_to_slice( + kdf_af_e51(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_7c1(shared_secret0, shared_secret1); + kdf_af_e51(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4835,12 +4432,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_030( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_28();); + deserialized_pk[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4852,7 +4449,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_030( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_60(ring_element); + deserialize_to_reduced_ring_element_ce(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4867,7 +4464,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_d80( +static KRML_MUSTINLINE void serialize_secret_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4885,7 +4482,7 @@ static KRML_MUSTINLINE void serialize_secret_key_d80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_44(&re, ret0); + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4900,14 +4497,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_c40( +static KRML_MUSTINLINE void serialize_public_key_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_d80(t_as_ntt, ret0); + serialize_secret_key_800(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4927,15 +4524,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_d20(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_030( + deserialize_ring_elements_reduced_f50( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_c40( + serialize_public_key_ac0( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4966,7 +4563,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_ab0(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4976,10 +4573,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_fb0( +static void closure_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_28();); + ret[i] = ZERO_20_98();); } /** @@ -4989,7 +4586,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_500(uint8_t input[4U][34U]) { +shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -5011,11 +4608,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_3f0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_500(copy_of_input); + return shake128_init_absorb_final_4d0(copy_of_input); } /** @@ -5024,7 +4621,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_000( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -5061,9 +4658,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_940( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_000(self, ret); + shake128_squeeze_first_three_blocks_6b0(self, ret); } /** @@ -5114,7 +4711,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_971( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5152,7 +4749,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -5189,9 +4786,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_dd0(self, ret); + shake128_squeeze_next_block_1b0(self, ret); } /** @@ -5242,7 +4839,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_972( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5280,9 +4877,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_060( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e90( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5292,7 +4889,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f80( +static KRML_MUSTINLINE void sample_from_xof_0c0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -5301,25 +4898,25 @@ static KRML_MUSTINLINE void sample_from_xof_f80( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_3f0(copy_of_seeds); + shake128_init_absorb_final_a9_ca0(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_940(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6c1( + bool done = sample_from_uniform_distribution_next_971( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_bf0(&xof_state, randomness); + shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6c2( + done = sample_from_uniform_distribution_next_972( copy_of_randomness, sampled_coefficients, out); } } @@ -5328,7 +4925,7 @@ static KRML_MUSTINLINE void sample_from_xof_f80( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_060(copy_of_out[i]);); + ret0[i] = closure_e90(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5340,12 +4937,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_1c0( +static KRML_MUSTINLINE void sample_matrix_A_430( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_fb0(A_transpose[i]);); + closure_d60(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5360,7 +4957,7 @@ static KRML_MUSTINLINE void sample_matrix_A_1c0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_f80(copy_of_seeds, sampled); + sample_from_xof_0c0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5404,7 +5001,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_ef1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5445,9 +5042,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_411(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_ef1(input, ret); + PRFxN_1c1(input, ret); } /** @@ -5458,11 +5055,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_820( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_28();); + re_as_ntt[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5474,12 +5071,12 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_820( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_411(prf_inputs, prf_outputs); + PRFxN_a9_511(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_fb0( + re_as_ntt[i0] = sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5503,14 +5100,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_020( +static KRML_MUSTINLINE void add_to_ring_element_20_f30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( @@ -5524,14 +5120,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_250( +static KRML_MUSTINLINE void compute_As_plus_e_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_28();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5552,10 +5148,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_250( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_020(&result0[i1], &product); + ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_f30(&result0[i1], &product); } - add_standard_error_reduce_20_2c(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5574,10 +5170,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_fe0( +static tuple_54 generate_keypair_unpacked_f80( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_ab0(key_generation_seed, hashed); + G_a9_680(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5585,15 +5181,15 @@ static tuple_54 generate_keypair_unpacked_fe0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_1c0(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_430(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_820(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5605,14 +5201,14 @@ static tuple_54 generate_keypair_unpacked_fe0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_820(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_570(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_250(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_4b0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5660,10 +5256,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_4e0( +static void closure_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_28();); + ret[i] = ZERO_20_98();); } /** @@ -5675,7 +5271,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_310(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5693,7 +5289,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5702,18 +5298,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_fe0(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_f80(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_4e0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_94(&ind_cpa_public_key.A[j][i1]); + clone_3a_4a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5723,19 +5319,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_910( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_c40( + serialize_public_key_ac0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_310(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5771,17 +5367,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_f80( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_fe0(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_f80(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_c40( + serialize_public_key_ac0( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_d80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_800(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5805,7 +5401,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_560( +static KRML_MUSTINLINE void serialize_kem_secret_key_c90( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5831,7 +5427,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_560( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_310(public_key, ret0); + H_a9_650(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5860,7 +5456,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5869,13 +5465,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_1c0(ind_cpa_keypair_randomness); + generate_keypair_f80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_560( + serialize_kem_secret_key_c90( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5884,13 +5480,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_1d1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_001( - uu____2, libcrux_ml_kem_types_from_07_781(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_751( + uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); } /** @@ -5902,10 +5498,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_610(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_28();); + error_1[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5917,11 +5513,11 @@ sample_ring_element_cbd_610(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_411(prf_inputs, prf_outputs); + PRFxN_a9_511(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_fb0( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5947,9 +5543,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_262(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, uint8_t ret[128U]) { - PRF_c90(input, ret); + PRF_420(input, ret); } /** @@ -5958,18 +5554,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_320( +static KRML_MUSTINLINE void invert_ntt_montgomery_c50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_18(&zeta_i, re); - invert_ntt_at_layer_2_38(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_a0(re); + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_e4(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_78(re); } /** @@ -5978,14 +5574,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_920( +static KRML_MUSTINLINE void compute_vector_u_640( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_28();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6005,11 +5601,11 @@ static KRML_MUSTINLINE void compute_vector_u_920( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(a_element, &r_as_ntt[j]); - add_to_ring_element_20_020(&result0[i1], &product); + ntt_multiply_20_15(a_element, &r_as_ntt[j]); + add_to_ring_element_20_f30(&result0[i1], &product); } - invert_ntt_montgomery_320(&result0[i1]); - add_error_reduce_20_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_c50(&result0[i1]); + add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -6027,18 +5623,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_870( +compute_ring_element_v_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_020(&result, &product);); - invert_ntt_montgomery_320(&result); - result = add_message_error_reduce_20_25(error_2, message, result); + ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_f30(&result, &product);); + invert_ntt_montgomery_c50(&result); + result = add_message_error_reduce_20_86(error_2, message, result); return result; } @@ -6048,14 +5644,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_d60( +static KRML_MUSTINLINE void compress_then_serialize_11_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_09_f20(to_unsigned_representative_0b(re->coefficients[i0])); + __m256i coefficient = + compress_09_b50(to_unsigned_representative_4b(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6073,10 +5669,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d30( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_d60(re, uu____0); + compress_then_serialize_11_a50(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6089,7 +5685,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_a90( +static void compress_then_serialize_u_520( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6105,7 +5701,7 @@ static void compress_then_serialize_u_a90( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d30(&re, ret); + compress_then_serialize_ring_element_u_970(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -6120,7 +5716,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_a5(re, out); + compress_then_serialize_5_8a(re, out); } /** @@ -6140,15 +5736,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_750( +static void encrypt_unpacked_ac0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_820(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6158,7 +5754,7 @@ static void encrypt_unpacked_750( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_610(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_b30(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6166,27 +5762,27 @@ static void encrypt_unpacked_750( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_fb0( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_920(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_640(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b3(copy_of_message); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_870(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_6c0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_a90( + compress_then_serialize_u_520( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -6214,11 +5810,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6228,7 +5824,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6241,7 +5837,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_750(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ac0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6251,7 +5847,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_110( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6272,11 +5868,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_830(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_8d0(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -6296,22 +5892,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_c30(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_030( + deserialize_ring_elements_reduced_f50( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_1c0(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_430(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -6341,7 +5937,7 @@ static void encrypt_c30(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_750(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_ac0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -6356,11 +5952,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_7c0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -6382,27 +5978,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_100( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_830( + entropy_preprocess_af_8d0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_310(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6410,19 +6006,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_100( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_c30(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_7c0(shared_secret, shared_secret_array); + kdf_af_e50(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6442,8 +6038,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_880(Eurydice_slice serialized) { - return deserialize_then_decompress_11_3c(serialized); +deserialize_then_decompress_ring_element_u_070(Eurydice_slice serialized) { + return deserialize_then_decompress_11_0a(serialized); } /** @@ -6452,17 +6048,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_fd0( +static KRML_MUSTINLINE void ntt_vector_u_bf0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_6e(&zeta_i, re); - ntt_at_layer_2_52(&zeta_i, re); - ntt_at_layer_1_03(&zeta_i, re); - poly_barrett_reduce_20_a0(re); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_70(&zeta_i, re); + ntt_at_layer_1_7e(&zeta_i, re); + poly_barrett_reduce_20_78(re); } /** @@ -6473,12 +6069,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_28();); + u_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6496,8 +6092,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_880(u_bytes); - ntt_vector_u_fd0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_070(u_bytes); + ntt_vector_u_bf0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6511,8 +6107,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_3d0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_67(serialized); +deserialize_then_decompress_ring_element_v_bb0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_fe(serialized); } /** @@ -6522,17 +6118,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c30( +compute_message_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_020(&result, &product);); - invert_ntt_montgomery_320(&result); - result = subtract_reduce_20_f9(v, result); + ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_f30(&result, &product);); + invert_ntt_montgomery_c50(&result); + result = subtract_reduce_20_45(v, result); return result; } @@ -6546,19 +6142,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_040( +static void decrypt_unpacked_070( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b30(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_3d0( + deserialize_then_decompress_ring_element_v_bb0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c30(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c80(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_6c(message, ret0); + compress_then_serialize_message_fc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6572,8 +6168,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_261(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); } /** @@ -6597,15 +6193,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_040(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_070(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -6616,7 +6212,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6624,17 +6220,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -6642,11 +6238,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_790( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_750(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ac0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6663,12 +6259,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_c10( +static KRML_MUSTINLINE void deserialize_secret_key_a20( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_28();); + secret_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6680,7 +6276,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_c10( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_03(secret_bytes); + deserialize_to_uncompressed_ring_element_10(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6702,10 +6298,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_950(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_c10(secret_key, secret_as_ntt); + deserialize_secret_key_a20(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6717,7 +6313,7 @@ static void decrypt_950(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_040(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_070(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6743,7 +6339,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_310( +void libcrux_ml_kem_ind_cca_decapsulate_250( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6762,9 +6358,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_310( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_950(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6772,7 +6368,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_310( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6780,31 +6376,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_310( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_c30(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_f00(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_7c0(Eurydice_array_to_slice( + kdf_af_e50(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_7c0(shared_secret0, shared_secret1); + kdf_af_e50(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6821,12 +6417,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_03( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_28();); + deserialized_pk[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6838,7 +6434,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_03( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_60(ring_element); + deserialize_to_reduced_ring_element_ce(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6853,7 +6449,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_d8( +static KRML_MUSTINLINE void serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6871,7 +6467,7 @@ static KRML_MUSTINLINE void serialize_secret_key_d8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_44(&re, ret0); + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6886,14 +6482,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_c4( +static KRML_MUSTINLINE void serialize_public_key_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_d8(t_as_ntt, ret0); + serialize_secret_key_80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6913,15 +6509,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_d2(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_03( + deserialize_ring_elements_reduced_f5( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_c4( + serialize_public_key_ac( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6952,7 +6548,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_ab(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6962,10 +6558,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_fb( +static void closure_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_28();); + ret[i] = ZERO_20_98();); } /** @@ -6975,7 +6571,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_50(uint8_t input[2U][34U]) { +shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6997,11 +6593,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_3f(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_50(copy_of_input); + return shake128_init_absorb_final_4d(copy_of_input); } /** @@ -7010,7 +6606,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_00( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -7041,9 +6637,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_94( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_00(self, ret); + shake128_squeeze_first_three_blocks_6b(self, ret); } /** @@ -7094,7 +6690,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_97( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7132,7 +6728,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd( +static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -7163,9 +6759,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_dd(self, ret); + shake128_squeeze_next_block_1b(self, ret); } /** @@ -7216,7 +6812,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_6c0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_970( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7254,9 +6850,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_06( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e9( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7266,7 +6862,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f8( +static KRML_MUSTINLINE void sample_from_xof_0c( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -7275,25 +6871,25 @@ static KRML_MUSTINLINE void sample_from_xof_f8( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_3f(copy_of_seeds); + shake128_init_absorb_final_a9_ca(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_94(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_6c( + bool done = sample_from_uniform_distribution_next_97( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_bf(&xof_state, randomness); + shake128_squeeze_next_block_a9_5a(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_6c0( + done = sample_from_uniform_distribution_next_970( copy_of_randomness, sampled_coefficients, out); } } @@ -7302,7 +6898,7 @@ static KRML_MUSTINLINE void sample_from_xof_f8( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_06(copy_of_out[i]);); + ret0[i] = closure_e9(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7314,12 +6910,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_1c( +static KRML_MUSTINLINE void sample_matrix_A_43( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_fb(A_transpose[i]);); + closure_d6(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7334,7 +6930,7 @@ static KRML_MUSTINLINE void sample_matrix_A_1c( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_f8(copy_of_seeds, sampled); + sample_from_xof_0c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7378,7 +6974,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_ef(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -7413,9 +7009,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_ef(input, ret); + PRFxN_1c(input, ret); } /** @@ -7425,8 +7021,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_fb(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_04(randomness); +sample_from_binomial_distribution_cf(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_41(randomness); } /** @@ -7437,11 +7033,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_82( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_28();); + re_as_ntt[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7453,12 +7049,12 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_82( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_41(prf_inputs, prf_outputs); + PRFxN_a9_51(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_fb( + re_as_ntt[i0] = sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7482,14 +7078,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_02( +static KRML_MUSTINLINE void add_to_ring_element_20_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( @@ -7503,14 +7098,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_25( +static KRML_MUSTINLINE void compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_28();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7531,10 +7126,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_02(&result0[i1], &product); + ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_f3(&result0[i1], &product); } - add_standard_error_reduce_20_2c(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7553,10 +7148,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_fe( +static tuple_4c generate_keypair_unpacked_f8( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_ab(key_generation_seed, hashed); + G_a9_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7564,15 +7159,15 @@ static tuple_4c generate_keypair_unpacked_fe( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_1c(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_43(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_82(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7584,14 +7179,14 @@ static tuple_4c generate_keypair_unpacked_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_82(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_25(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7639,10 +7234,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_4e( +static void closure_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_28();); + ret[i] = ZERO_20_98();); } /** @@ -7654,7 +7249,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_31(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -7672,7 +7267,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7681,18 +7276,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_fe(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_f8(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_4e(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_94(&ind_cpa_public_key.A[j][i1]); + clone_3a_4a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7702,19 +7297,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_91( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_c4( + serialize_public_key_ac( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_31(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -7750,17 +7345,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_f8( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_fe(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_f8(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_c4( + serialize_public_key_ac( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_d8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7784,7 +7379,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_56( +static KRML_MUSTINLINE void serialize_kem_secret_key_c9( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7810,7 +7405,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_56( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_31(public_key, ret0); + H_a9_65(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7838,7 +7433,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7848,13 +7443,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_1c(ind_cpa_keypair_randomness); + generate_keypair_f8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_56( + serialize_kem_secret_key_c9( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7863,13 +7458,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_00( - uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -7878,7 +7473,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_ef0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7913,9 +7508,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_410(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_ef0(input, ret); + PRFxN_1c0(input, ret); } /** @@ -7927,10 +7522,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_61(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_28();); + error_1[i] = ZERO_20_98();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7942,11 +7537,11 @@ sample_ring_element_cbd_61(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_410(prf_inputs, prf_outputs); + PRFxN_a9_510(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_fb0( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7972,9 +7567,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_260(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, uint8_t ret[128U]) { - PRF_c90(input, ret); + PRF_420(input, ret); } /** @@ -7983,18 +7578,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_32( +static KRML_MUSTINLINE void invert_ntt_montgomery_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_18(&zeta_i, re); - invert_ntt_at_layer_2_38(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_44(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_a0(re); + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_e4(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_78(re); } /** @@ -8003,14 +7598,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_92( +static KRML_MUSTINLINE void compute_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_28();); + result0[i] = ZERO_20_98();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8030,11 +7625,11 @@ static KRML_MUSTINLINE void compute_vector_u_92( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(a_element, &r_as_ntt[j]); - add_to_ring_element_20_02(&result0[i1], &product); + ntt_multiply_20_15(a_element, &r_as_ntt[j]); + add_to_ring_element_20_f3(&result0[i1], &product); } - invert_ntt_montgomery_32(&result0[i1]); - add_error_reduce_20_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_c5(&result0[i1]); + add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -8052,18 +7647,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_87( +compute_ring_element_v_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_02(&result, &product);); - invert_ntt_montgomery_32(&result); - result = add_message_error_reduce_20_25(error_2, message, result); + ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_f3(&result, &product);); + invert_ntt_montgomery_c5(&result); + result = add_message_error_reduce_20_86(error_2, message, result); return result; } @@ -8076,7 +7671,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a9( +static void compress_then_serialize_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8092,7 +7687,7 @@ static void compress_then_serialize_u_a9( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d3(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8115,15 +7710,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_75( +static void encrypt_unpacked_ac( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_82(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -8133,7 +7728,7 @@ static void encrypt_unpacked_75( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_61(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_b3(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8141,27 +7736,27 @@ static void encrypt_unpacked_75( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_fb0( + sample_from_binomial_distribution_cf0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_92(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b3(copy_of_message); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_87(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_6c(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_a9( + compress_then_serialize_u_52( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -8189,11 +7784,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -8203,7 +7798,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8216,7 +7811,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_75(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8226,7 +7821,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_11( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8247,11 +7842,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_83(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_8d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -8271,22 +7866,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_c3(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_03( + deserialize_ring_elements_reduced_f5( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_1c(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_43(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -8316,7 +7911,7 @@ static void encrypt_c3(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_75(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -8331,11 +7926,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_7c(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -8357,27 +7952,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_83( + entropy_preprocess_af_8d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_31(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8385,19 +7980,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_c3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_7c(shared_secret, shared_secret_array); + kdf_af_e5(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8418,12 +8013,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_28();); + u_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8441,8 +8036,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_88(u_bytes); - ntt_vector_u_fd(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); + ntt_vector_u_bf(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8456,17 +8051,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c3( +compute_message_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_28(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_8b(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_02(&result, &product);); - invert_ntt_montgomery_32(&result); - result = subtract_reduce_20_f9(v, result); + ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_f3(&result, &product);); + invert_ntt_montgomery_c5(&result); + result = subtract_reduce_20_45(v, result); return result; } @@ -8480,19 +8075,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_04( +static void decrypt_unpacked_07( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_3d( + deserialize_then_decompress_ring_element_v_bb( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c3(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c8(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_6c(message, ret0); + compress_then_serialize_message_fc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8506,8 +8101,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_26(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); } /** @@ -8531,14 +8126,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_04(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_07(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -8549,7 +8144,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8557,17 +8152,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -8575,11 +8170,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_79( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_75(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_ac(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8596,12 +8191,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_c1( +static KRML_MUSTINLINE void deserialize_secret_key_a2( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_28();); + secret_as_ntt[i] = ZERO_20_98();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8613,7 +8208,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_c1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_03(secret_bytes); + deserialize_to_uncompressed_ring_element_10(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8635,10 +8230,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_95(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_c1(secret_key, secret_as_ntt); + deserialize_secret_key_a2(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8650,7 +8245,7 @@ static void decrypt_95(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_04(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_07(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8676,7 +8271,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_31( +void libcrux_ml_kem_ind_cca_decapsulate_25( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8694,9 +8289,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_31( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_95(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8704,7 +8299,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_31( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8712,30 +8307,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_31( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_c3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_7c(Eurydice_array_to_slice((size_t)32U, + kdf_af_e5(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_7c(shared_secret0, shared_secret1); + kdf_af_e5(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 4db3bdb2d..edb0c9772 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem_avx2_H @@ -30,87 +30,74 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_vec_zero(void); +__m256i libcrux_ml_kem_vector_avx2_vec_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_09(void); +__m256i libcrux_ml_kem_vector_avx2_ZERO_09(void); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_vec_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_vec_to_i16_array(__m256i v, int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_09(core_core_arch_x86___m256i x, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_09( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_09( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( - core_core_arch_x86___m256i v, int16_t c); +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i v, + int16_t c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) @@ -119,250 +106,235 @@ core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( See Section 3.2 of the implementation notes document for an explanation of this code. */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_09( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m128i +__m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + __m128i v, __m128i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_1_09( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_4_09( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_5_09( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, + uint8_t ret[10U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_10_09( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, + uint8_t ret[20U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_11_09( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector, + uint8_t ret[22U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -void libcrux_ml_kem_vector_avx2_serialize_12_09( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, + uint8_t ret[24U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -378,8 +350,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_78( - core_core_arch_x86___m256i *self); +__m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -387,7 +358,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 3713c3f99..fe31da61f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 571bf315c..a85df9d5b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2972eda7b..0dd9bf381 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2234,7 +2234,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_7f(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_9a(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,8 +2262,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_87(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_to_reduced_ring_element_a2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2284,12 +2284,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_841( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7f();); + deserialized_pk[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2301,7 +2301,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_841( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_87(ring_element); + deserialize_to_reduced_ring_element_a2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2315,7 +2315,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2334,8 +2334,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f1(v); +shift_right_0d_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_53(v); } /** @@ -2345,10 +2345,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_19( +to_unsigned_representative_39( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_be(a); + shift_right_0d_e7(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2361,14 +2361,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_79( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_19(re->coefficients[i0]); + to_unsigned_representative_39(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2386,7 +2386,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_8b1( +static KRML_MUSTINLINE void serialize_secret_key_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2404,7 +2404,7 @@ static KRML_MUSTINLINE void serialize_secret_key_8b1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_79(&re, ret0); + serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2419,14 +2419,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_eb1( +static KRML_MUSTINLINE void serialize_public_key_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_8b1(t_as_ntt, ret0); + serialize_secret_key_f01(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2446,15 +2446,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_141(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_841( + deserialize_ring_elements_reduced_c71( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_951( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2485,7 +2485,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_d01(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2496,10 +2496,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_9a1( +static void closure_441( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_7f();); + ret[i] = ZERO_20_9a();); } /** @@ -2518,7 +2518,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_401(uint8_t input[4U][34U]) { +shake128_init_absorb_final_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2549,11 +2549,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_831(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_401(copy_of_input); + return shake128_init_absorb_final_751(copy_of_input); } /** @@ -2562,7 +2562,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2583,9 +2583,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_201( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_9a1(self, ret); + shake128_squeeze_first_three_blocks_101(self, ret); } /** @@ -2636,7 +2636,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f63( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_833( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2674,7 +2674,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2695,9 +2695,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_041( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ea1(self, ret); + shake128_squeeze_next_block_ed1(self, ret); } /** @@ -2748,7 +2748,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f64( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_834( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2791,8 +2791,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_b2(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); +from_i16_array_20_8d(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2812,9 +2812,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_d41( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a1( int16_t s[272U]) { - return from_i16_array_20_b2( + return from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2833,25 +2833,25 @@ static KRML_MUSTINLINE void sample_from_xof_611( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_831(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_201(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_f63( + bool done = sample_from_uniform_distribution_next_833( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_041(&xof_state, randomness); + shake128_squeeze_next_block_f1_c11(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_f64( + done = sample_from_uniform_distribution_next_834( copy_of_randomness, sampled_coefficients, out); } } @@ -2860,7 +2860,7 @@ static KRML_MUSTINLINE void sample_from_xof_611( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d41(copy_of_out[i]);); + ret0[i] = closure_6a1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2873,12 +2873,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_b61( +static KRML_MUSTINLINE void sample_matrix_A_451( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_9a1(A_transpose[i]);); + closure_441(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2937,7 +2937,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d32(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2958,9 +2958,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_bf2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_d32(input, ret); + PRFxN_1d2(input, ret); } /** @@ -3019,7 +3019,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_0e(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3053,7 +3053,7 @@ sample_from_binomial_distribution_2_0e(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_b2( + return from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3064,7 +3064,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_44(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3097,7 +3097,7 @@ sample_from_binomial_distribution_3_44(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_b2( + return from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3108,8 +3108,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_97(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_0e(randomness); +sample_from_binomial_distribution_c3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_b3(randomness); } /** @@ -3118,7 +3118,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_9e( +static KRML_MUSTINLINE void ntt_at_layer_7_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3146,7 +3146,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_1e( +montgomery_multiply_fe_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3160,12 +3160,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a1( + ntt_layer_int_vec_step_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_1e(b, zeta_r); + montgomery_multiply_fe_10(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3179,7 +3179,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_3a( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3192,7 +3192,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_3a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a1( + ntt_layer_int_vec_step_59( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3209,7 +3209,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_4c( +static KRML_MUSTINLINE void ntt_at_layer_3_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3227,7 +3227,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_68( +static KRML_MUSTINLINE void ntt_at_layer_2_6b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3247,7 +3247,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_9d( +static KRML_MUSTINLINE void ntt_at_layer_1_37( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3275,7 +3275,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_42( +static KRML_MUSTINLINE void poly_barrett_reduce_20_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3293,17 +3293,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_71( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_9e(re); + ntt_at_layer_7_3e(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_4c(&zeta_i, re); - ntt_at_layer_2_68(&zeta_i, re); - ntt_at_layer_1_9d(&zeta_i, re); - poly_barrett_reduce_20_42(re); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9c(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_37(&zeta_i, re); + poly_barrett_reduce_20_8e(re); } /** @@ -3315,11 +3315,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_c01( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7f();); + re_as_ntt[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3331,12 +3331,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_c01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_bf2(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_97( + re_as_ntt[i0] = sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3361,9 +3361,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_e9(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3396,7 +3396,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_671( +static KRML_MUSTINLINE void add_to_ring_element_20_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3421,7 +3421,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_5f( +to_standard_domain_d6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3437,14 +3437,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_5c( +static KRML_MUSTINLINE void add_standard_error_reduce_20_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_5f(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_d6(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3459,14 +3459,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_ea1( +static KRML_MUSTINLINE void compute_As_plus_e_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_7f();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3487,10 +3487,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_ea1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_671(&result0[i1], &product); + ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_0e1(&result0[i1], &product); } - add_standard_error_reduce_20_5c(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3510,10 +3510,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_6e1( +static tuple_540 generate_keypair_unpacked_a11( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_d01(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3521,15 +3521,15 @@ static tuple_540 generate_keypair_unpacked_6e1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_b61(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_451(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_c01(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3541,14 +3541,14 @@ static tuple_540 generate_keypair_unpacked_6e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_c01(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_561(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_ea1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0e1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -3597,10 +3597,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_481( +static void closure_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_7f();); + ret[i] = ZERO_20_9a();); } /** @@ -3613,7 +3613,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_6e( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3635,7 +3635,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_fd1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3654,7 +3654,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3663,18 +3663,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_6e1(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a11(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_481(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a11(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_6e(&ind_cpa_public_key.A[j][i1]); + clone_3a_20(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3684,19 +3684,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_811( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_951( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_fd1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -3733,17 +3733,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_d81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c01( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_6e1(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a11(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_951( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_8b1(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f01(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3767,7 +3767,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b0( +static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3793,7 +3793,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b0( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_fd1(public_key, ret0); + H_f1_2e1(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3823,7 +3823,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_011(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3832,13 +3832,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_011(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_d81(ind_cpa_keypair_randomness); + generate_keypair_c01(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_b0( + serialize_kem_secret_key_50( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3847,13 +3847,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_011(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_1d1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_001( - uu____2, libcrux_ml_kem_types_from_07_781(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_751( + uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); } /** @@ -3866,10 +3866,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_781(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_7f();); + error_1[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3881,11 +3881,11 @@ sample_ring_element_cbd_781(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_bf2(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_97( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3906,7 +3906,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_030(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3923,9 +3923,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_c84(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_030(input, ret); + PRF_3a0(input, ret); } /** @@ -3934,7 +3934,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_1f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_1e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3958,7 +3958,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ea( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_12( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3978,7 +3978,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3998,7 +3998,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_ee( + inv_ntt_layer_int_vec_step_reduce_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4006,7 +4006,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_1e(a_minus_b, zeta_r); + b = montgomery_multiply_fe_10(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4018,7 +4018,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4033,7 +4033,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_ee( + inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4050,18 +4050,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_021( +static KRML_MUSTINLINE void invert_ntt_montgomery_271( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1f(&zeta_i, re); - invert_ntt_at_layer_2_ea(&zeta_i, re); - invert_ntt_at_layer_3_2a(&zeta_i, re); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_42(re); + invert_ntt_at_layer_1_1e(&zeta_i, re); + invert_ntt_at_layer_2_12(&zeta_i, re); + invert_ntt_at_layer_3_72(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_8e(re); } /** @@ -4074,7 +4074,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_07( +static KRML_MUSTINLINE void add_error_reduce_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4098,14 +4098,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_2e1( +static KRML_MUSTINLINE void compute_vector_u_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_7f();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4125,11 +4125,11 @@ static KRML_MUSTINLINE void compute_vector_u_2e1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(a_element, &r_as_ntt[j]); - add_to_ring_element_20_671(&result0[i1], &product); + ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + add_to_ring_element_20_0e1(&result0[i1], &product); } - invert_ntt_montgomery_021(&result0[i1]); - add_error_reduce_20_07(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_271(&result0[i1]); + add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4147,7 +4147,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_11(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4161,8 +4161,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_34(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_then_decompress_message_08(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4172,7 +4172,7 @@ deserialize_then_decompress_message_34(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_11(coefficient_compressed); + decompress_1_5f(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4188,7 +4188,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_31( +add_message_error_reduce_20_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4218,18 +4218,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_5d1( +compute_ring_element_v_041( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_671(&result, &product);); - invert_ntt_montgomery_021(&result); - result = add_message_error_reduce_20_31(error_2, message, result); + ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_0e1(&result, &product);); + invert_ntt_montgomery_271(&result); + result = add_message_error_reduce_20_0f(error_2, message, result); return result; } @@ -4239,7 +4239,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4260,9 +4260,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_17( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e(v); + return compress_5f(v); } /** @@ -4271,7 +4271,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4293,8 +4293,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_170(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e0(v); +compress_0d_730(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_5f0(v); } /** @@ -4303,14 +4303,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e40( +static KRML_MUSTINLINE void compress_then_serialize_11_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_170(to_unsigned_representative_19(re->coefficients[i0])); + compress_0d_730(to_unsigned_representative_39(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4328,10 +4328,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f30( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e40(re, uu____0); + compress_then_serialize_11_250(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4344,7 +4344,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_fc1( +static void compress_then_serialize_u_a41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4360,7 +4360,7 @@ static void compress_then_serialize_u_fc1( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_f30(&re, ret); + compress_then_serialize_ring_element_u_4c0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4372,7 +4372,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4394,8 +4394,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_171(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e1(v); +compress_0d_731(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_5f1(v); } /** @@ -4404,7 +4404,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_d4( +static KRML_MUSTINLINE void compress_then_serialize_4_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4413,7 +4413,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_d4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_171(to_unsigned_representative_19(re.coefficients[i0])); + compress_0d_731(to_unsigned_representative_39(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4429,7 +4429,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4451,8 +4451,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_172(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e2(v); +compress_0d_732(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_5f2(v); } /** @@ -4461,7 +4461,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_59( +static KRML_MUSTINLINE void compress_then_serialize_5_94( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4470,7 +4470,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_59( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_172(to_unsigned_representative_19(re.coefficients[i0])); + compress_0d_732(to_unsigned_representative_39(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,9 +4487,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_59(re, out); + compress_then_serialize_5_94(re, out); } /** @@ -4510,15 +4510,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_b01( +static void encrypt_unpacked_8e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_c01(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4528,7 +4528,7 @@ static void encrypt_unpacked_b01( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_781(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_151(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4536,31 +4536,31 @@ static void encrypt_unpacked_b01( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_97( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_2e1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a21(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_34(copy_of_message); + deserialize_then_decompress_message_08(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_5d1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_fc1( + compress_then_serialize_u_a41( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2f0( + compress_then_serialize_ring_element_v_fc0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4585,11 +4585,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4599,7 +4599,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4612,7 +4612,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_b01(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4622,7 +4622,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_471( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4643,11 +4643,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e5(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_9b(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -4668,22 +4668,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_d91(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_841( + deserialize_ring_elements_reduced_c71( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_b61(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_451(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -4713,7 +4713,7 @@ static void encrypt_d91(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_b01(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8e1(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4728,11 +4728,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_66(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4a(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -4754,27 +4754,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e5( + entropy_preprocess_af_9b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_fd1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4782,19 +4782,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_6b1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_7b1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_d91(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_971(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_891(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_66(shared_secret, shared_secret_array); + kdf_af_4a(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4814,7 +4814,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e3( +decompress_ciphertext_coefficient_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4839,9 +4839,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f( +decompress_ciphertext_coefficient_0d_80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e3(v); + return decompress_ciphertext_coefficient_63(v); } /** @@ -4851,8 +4851,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_a9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_then_decompress_10_26(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4868,7 +4868,7 @@ deserialize_then_decompress_10_a9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_9f(coefficient); + decompress_ciphertext_coefficient_0d_80(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4881,7 +4881,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e30( +decompress_ciphertext_coefficient_630( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4906,9 +4906,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f0( +decompress_ciphertext_coefficient_0d_800( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e30(v); + return decompress_ciphertext_coefficient_630(v); } /** @@ -4918,8 +4918,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_34(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_then_decompress_11_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4928,7 +4928,7 @@ deserialize_then_decompress_11_34(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_9f0(coefficient); + decompress_ciphertext_coefficient_0d_800(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4941,8 +4941,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_900(Eurydice_slice serialized) { - return deserialize_then_decompress_11_34(serialized); +deserialize_then_decompress_ring_element_u_110(Eurydice_slice serialized) { + return deserialize_then_decompress_11_fe(serialized); } /** @@ -4951,17 +4951,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_850( +static KRML_MUSTINLINE void ntt_vector_u_2e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_4c(&zeta_i, re); - ntt_at_layer_2_68(&zeta_i, re); - ntt_at_layer_1_9d(&zeta_i, re); - poly_barrett_reduce_20_42(re); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9c(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_37(&zeta_i, re); + poly_barrett_reduce_20_8e(re); } /** @@ -4972,12 +4972,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_f21( +static KRML_MUSTINLINE void deserialize_then_decompress_u_031( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7f();); + u_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4995,8 +4995,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_f21( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_900(u_bytes); - ntt_vector_u_850(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_110(u_bytes); + ntt_vector_u_2e0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5010,7 +5010,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e31( +decompress_ciphertext_coefficient_631( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5035,9 +5035,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f1( +decompress_ciphertext_coefficient_0d_801( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e31(v); + return decompress_ciphertext_coefficient_631(v); } /** @@ -5047,8 +5047,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_then_decompress_4_ab(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5057,7 +5057,7 @@ deserialize_then_decompress_4_e9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_9f1(coefficient); + decompress_ciphertext_coefficient_0d_801(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5070,7 +5070,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e32( +decompress_ciphertext_coefficient_632( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5095,9 +5095,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f2( +decompress_ciphertext_coefficient_0d_802( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e32(v); + return decompress_ciphertext_coefficient_632(v); } /** @@ -5107,8 +5107,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_then_decompress_5_5c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5117,7 +5117,7 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_9f2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_802(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5130,8 +5130,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_c10(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_9f0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_5c(serialized); } /** @@ -5145,7 +5145,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_37(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_4b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5170,17 +5170,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_5e1( +compute_message_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_671(&result, &product);); - invert_ntt_montgomery_021(&result); - result = subtract_reduce_20_37(v, result); + ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_0e1(&result, &product);); + invert_ntt_montgomery_271(&result); + result = subtract_reduce_20_4b(v, result); return result; } @@ -5190,13 +5190,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_44( +static KRML_MUSTINLINE void compress_then_serialize_message_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_19(re.coefficients[i0]); + to_unsigned_representative_39(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5220,19 +5220,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_281( +static void decrypt_unpacked_681( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_f21(ciphertext, u_as_ntt); + deserialize_then_decompress_u_031(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_c10( + deserialize_then_decompress_ring_element_v_9f0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_5e1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9a1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_44(message, ret0); + compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5241,7 +5241,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_03(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5258,8 +5258,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_c83(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -5284,15 +5284,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_281(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_681(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5303,7 +5303,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5311,17 +5311,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -5329,11 +5329,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_b01(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8e1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5351,8 +5351,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_ff(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_7f(); +deserialize_to_uncompressed_ring_element_30(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5371,12 +5371,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_d81( +static KRML_MUSTINLINE void deserialize_secret_key_681( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7f();); + secret_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5388,7 +5388,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d81( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ff(secret_bytes); + deserialize_to_uncompressed_ring_element_30(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5410,10 +5410,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_421(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_d81(secret_key, secret_as_ntt); + deserialize_secret_key_681(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5425,7 +5425,7 @@ static void decrypt_421(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_281(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_681(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5451,7 +5451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c51( +void libcrux_ml_kem_ind_cca_decapsulate_531( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5470,9 +5470,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_c51( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_421(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b41(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5480,7 +5480,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c51( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5488,31 +5488,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_c51( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_d91(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_971(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_66(Eurydice_array_to_slice((size_t)32U, + kdf_af_4a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_66(shared_secret0, shared_secret1); + kdf_af_4a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5529,12 +5529,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_840( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7f();); + deserialized_pk[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5546,7 +5546,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_840( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_87(ring_element); + deserialize_to_reduced_ring_element_a2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5561,7 +5561,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_8b0( +static KRML_MUSTINLINE void serialize_secret_key_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5579,7 +5579,7 @@ static KRML_MUSTINLINE void serialize_secret_key_8b0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_79(&re, ret0); + serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5594,14 +5594,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_eb0( +static KRML_MUSTINLINE void serialize_public_key_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_8b0(t_as_ntt, ret0); + serialize_secret_key_f00(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5621,15 +5621,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_140(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_840( + deserialize_ring_elements_reduced_c70( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_950( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5660,7 +5660,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_d00(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5671,10 +5671,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_9a0( +static void closure_440( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_7f();); + ret[i] = ZERO_20_9a();); } /** @@ -5693,7 +5693,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_400(uint8_t input[2U][34U]) { +shake128_init_absorb_final_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5724,11 +5724,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_830(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_400(copy_of_input); + return shake128_init_absorb_final_750(copy_of_input); } /** @@ -5737,7 +5737,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5758,9 +5758,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_200( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_9a0(self, ret); + shake128_squeeze_first_three_blocks_100(self, ret); } /** @@ -5811,7 +5811,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f61( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_831( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5849,7 +5849,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5870,9 +5870,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_040( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ea0(self, ret); + shake128_squeeze_next_block_ed0(self, ret); } /** @@ -5923,7 +5923,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f62( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_832( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5962,9 +5962,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_d40( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a0( int16_t s[272U]) { - return from_i16_array_20_b2( + return from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5983,25 +5983,25 @@ static KRML_MUSTINLINE void sample_from_xof_610( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_830(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_200(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_f61( + bool done = sample_from_uniform_distribution_next_831( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_040(&xof_state, randomness); + shake128_squeeze_next_block_f1_c10(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_f62( + done = sample_from_uniform_distribution_next_832( copy_of_randomness, sampled_coefficients, out); } } @@ -6010,7 +6010,7 @@ static KRML_MUSTINLINE void sample_from_xof_610( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d40(copy_of_out[i]);); + ret0[i] = closure_6a0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6023,12 +6023,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_b60( +static KRML_MUSTINLINE void sample_matrix_A_450( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_9a0(A_transpose[i]);); + closure_440(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6087,7 +6087,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_d30(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6108,9 +6108,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_bf0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_d30(input, ret); + PRFxN_1d0(input, ret); } /** @@ -6120,8 +6120,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_970(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_44(randomness); +sample_from_binomial_distribution_c30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_25(randomness); } /** @@ -6133,11 +6133,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_c00( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7f();); + re_as_ntt[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6149,12 +6149,12 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_c00( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_bf0(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_970( + re_as_ntt[i0] = sample_from_binomial_distribution_c30( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6178,7 +6178,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_670( +static KRML_MUSTINLINE void add_to_ring_element_20_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6202,14 +6202,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_ea0( +static KRML_MUSTINLINE void compute_As_plus_e_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_7f();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6230,10 +6230,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_ea0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_670(&result0[i1], &product); + ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_0e0(&result0[i1], &product); } - add_standard_error_reduce_20_5c(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6253,10 +6253,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_6e0( +static tuple_4c0 generate_keypair_unpacked_a10( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_d00(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6264,15 +6264,15 @@ static tuple_4c0 generate_keypair_unpacked_6e0( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_b60(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_450(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_c00(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6284,14 +6284,14 @@ static tuple_4c0 generate_keypair_unpacked_6e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_c00(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_560(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_ea0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0e0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -6340,10 +6340,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_480( +static void closure_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_7f();); + ret[i] = ZERO_20_9a();); } /** @@ -6355,7 +6355,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_fd0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6374,7 +6374,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6383,18 +6383,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_6e0(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_a10(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_480(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a10(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_6e(&ind_cpa_public_key.A[j][i1]); + clone_3a_20(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6404,19 +6404,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_810( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_950( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_fd0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6453,17 +6453,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_d80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c00( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_6e0(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_a10(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_950( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_8b0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f00(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6487,7 +6487,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b9( +static KRML_MUSTINLINE void serialize_kem_secret_key_fb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6513,7 +6513,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_fd0(public_key, ret0); + H_f1_2e0(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6543,7 +6543,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_010(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6552,13 +6552,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_010(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_d80(ind_cpa_keypair_randomness); + generate_keypair_c00(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b9( + serialize_kem_secret_key_fb( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6567,13 +6567,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_010(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_00( - uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -6582,7 +6582,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d31(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6603,9 +6603,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_bf1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_d31(input, ret); + PRFxN_1d1(input, ret); } /** @@ -6618,10 +6618,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_780(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_7f();); + error_1[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6633,11 +6633,11 @@ sample_ring_element_cbd_780(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_bf1(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_97( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6663,9 +6663,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_c82(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_030(input, ret); + PRF_3a0(input, ret); } /** @@ -6674,18 +6674,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_020( +static KRML_MUSTINLINE void invert_ntt_montgomery_270( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1f(&zeta_i, re); - invert_ntt_at_layer_2_ea(&zeta_i, re); - invert_ntt_at_layer_3_2a(&zeta_i, re); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_42(re); + invert_ntt_at_layer_1_1e(&zeta_i, re); + invert_ntt_at_layer_2_12(&zeta_i, re); + invert_ntt_at_layer_3_72(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_8e(re); } /** @@ -6694,14 +6694,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_2e0( +static KRML_MUSTINLINE void compute_vector_u_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_7f();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6721,11 +6721,11 @@ static KRML_MUSTINLINE void compute_vector_u_2e0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(a_element, &r_as_ntt[j]); - add_to_ring_element_20_670(&result0[i1], &product); + ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + add_to_ring_element_20_0e0(&result0[i1], &product); } - invert_ntt_montgomery_020(&result0[i1]); - add_error_reduce_20_07(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_270(&result0[i1]); + add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6743,18 +6743,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_5d0( +compute_ring_element_v_040( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_670(&result, &product);); - invert_ntt_montgomery_020(&result); - result = add_message_error_reduce_20_31(error_2, message, result); + ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_0e0(&result, &product);); + invert_ntt_montgomery_270(&result); + result = add_message_error_reduce_20_0f(error_2, message, result); return result; } @@ -6764,14 +6764,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_f4( +static KRML_MUSTINLINE void compress_then_serialize_10_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_17(to_unsigned_representative_19(re->coefficients[i0])); + compress_0d_73(to_unsigned_representative_39(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6789,10 +6789,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_f3( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_f4(re, uu____0); + compress_then_serialize_10_51(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6805,7 +6805,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fc0( +static void compress_then_serialize_u_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6821,7 +6821,7 @@ static void compress_then_serialize_u_fc0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f3(&re, ret); + compress_then_serialize_ring_element_u_4c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6834,9 +6834,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_d4(re, out); + compress_then_serialize_4_53(re, out); } /** @@ -6857,15 +6857,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_b00( +static void encrypt_unpacked_8e0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_c00(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6875,7 +6875,7 @@ static void encrypt_unpacked_b00( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_780(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_150(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6883,31 +6883,31 @@ static void encrypt_unpacked_b00( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_97( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_2e0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a20(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_34(copy_of_message); + deserialize_then_decompress_message_08(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_5d0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_fc0( + compress_then_serialize_u_a40( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2f( + compress_then_serialize_ring_element_v_fc( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6932,11 +6932,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6946,7 +6946,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6959,7 +6959,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_b00(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6969,7 +6969,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_470( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6990,11 +6990,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5e(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_b2(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -7015,22 +7015,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_d90(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_840( + deserialize_ring_elements_reduced_c70( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_b60(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_450(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -7060,7 +7060,7 @@ static void encrypt_d90(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_b00(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8e0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7075,11 +7075,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_97(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -7101,27 +7101,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5e( + entropy_preprocess_af_b2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_fd0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7129,19 +7129,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_6b0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_d90(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_970(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_97(shared_secret, shared_secret_array); + kdf_af_ff(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7161,8 +7161,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_90(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a9(serialized); +deserialize_then_decompress_ring_element_u_11(Eurydice_slice serialized) { + return deserialize_then_decompress_10_26(serialized); } /** @@ -7171,17 +7171,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_85( +static KRML_MUSTINLINE void ntt_vector_u_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_4c(&zeta_i, re); - ntt_at_layer_2_68(&zeta_i, re); - ntt_at_layer_1_9d(&zeta_i, re); - poly_barrett_reduce_20_42(re); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_9c(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_37(&zeta_i, re); + poly_barrett_reduce_20_8e(re); } /** @@ -7192,12 +7192,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_f20( +static KRML_MUSTINLINE void deserialize_then_decompress_u_030( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7f();); + u_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7215,8 +7215,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_f20( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_90(u_bytes); - ntt_vector_u_85(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); + ntt_vector_u_2e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7230,8 +7230,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_c1(Eurydice_slice serialized) { - return deserialize_then_decompress_4_e9(serialized); +deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) { + return deserialize_then_decompress_4_ab(serialized); } /** @@ -7241,17 +7241,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_5e0( +compute_message_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_670(&result, &product);); - invert_ntt_montgomery_020(&result); - result = subtract_reduce_20_37(v, result); + ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_0e0(&result, &product);); + invert_ntt_montgomery_270(&result); + result = subtract_reduce_20_4b(v, result); return result; } @@ -7265,19 +7265,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_280( +static void decrypt_unpacked_680( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_f20(ciphertext, u_as_ntt); + deserialize_then_decompress_u_030(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_c1( + deserialize_then_decompress_ring_element_v_9f( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_5e0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_44(message, ret0); + compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7291,8 +7291,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_c81(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -7317,14 +7317,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_280(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_680(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -7335,7 +7335,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7343,17 +7343,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -7361,11 +7361,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_b00(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8e0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7382,12 +7382,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_d80( +static KRML_MUSTINLINE void deserialize_secret_key_680( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7f();); + secret_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7399,7 +7399,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d80( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ff(secret_bytes); + deserialize_to_uncompressed_ring_element_30(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7421,10 +7421,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_420(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_d80(secret_key, secret_as_ntt); + deserialize_secret_key_680(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7436,7 +7436,7 @@ static void decrypt_420(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_280(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_680(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7462,7 +7462,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c50( +void libcrux_ml_kem_ind_cca_decapsulate_530( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7480,9 +7480,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_c50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_420(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b40(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7490,7 +7490,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c50( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7498,31 +7498,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_c50( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_d90(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_970(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_97(Eurydice_array_to_slice((size_t)32U, + kdf_af_ff(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_97(shared_secret0, shared_secret1); + kdf_af_ff(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7539,12 +7539,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_84( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7f();); + deserialized_pk[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7556,7 +7556,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_84( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_87(ring_element); + deserialize_to_reduced_ring_element_a2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7571,7 +7571,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_8b( +static KRML_MUSTINLINE void serialize_secret_key_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7589,7 +7589,7 @@ static KRML_MUSTINLINE void serialize_secret_key_8b( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_79(&re, ret0); + serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7604,14 +7604,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_eb( +static KRML_MUSTINLINE void serialize_public_key_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_8b(t_as_ntt, ret0); + serialize_secret_key_f0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7631,15 +7631,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_14(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_84( + deserialize_ring_elements_reduced_c7( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_95( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7670,7 +7670,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_d0(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7681,10 +7681,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_9a( +static void closure_44( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_7f();); + ret[i] = ZERO_20_9a();); } /** @@ -7703,7 +7703,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_40(uint8_t input[3U][34U]) { +shake128_init_absorb_final_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7734,11 +7734,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_83(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_40(copy_of_input); + return shake128_init_absorb_final_75(copy_of_input); } /** @@ -7747,7 +7747,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7768,9 +7768,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_20( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_9a(self, ret); + shake128_squeeze_first_three_blocks_10(self, ret); } /** @@ -7821,7 +7821,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f6( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_83( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7859,7 +7859,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7880,9 +7880,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_04( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ea(self, ret); + shake128_squeeze_next_block_ed(self, ret); } /** @@ -7933,7 +7933,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f60( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_830( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7972,9 +7972,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_d4( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a( int16_t s[272U]) { - return from_i16_array_20_b2( + return from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7993,25 +7993,25 @@ static KRML_MUSTINLINE void sample_from_xof_61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_83(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_20(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_f6( + bool done = sample_from_uniform_distribution_next_83( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_04(&xof_state, randomness); + shake128_squeeze_next_block_f1_c1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_f60( + done = sample_from_uniform_distribution_next_830( copy_of_randomness, sampled_coefficients, out); } } @@ -8020,7 +8020,7 @@ static KRML_MUSTINLINE void sample_from_xof_61( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d4(copy_of_out[i]);); + ret0[i] = closure_6a(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8033,12 +8033,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_b6( +static KRML_MUSTINLINE void sample_matrix_A_45( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_9a(A_transpose[i]);); + closure_44(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8097,7 +8097,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d3(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -8118,9 +8118,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_bf(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_d3(input, ret); + PRFxN_1d(input, ret); } /** @@ -8132,11 +8132,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_c0( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7f();); + re_as_ntt[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8148,12 +8148,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_c0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_bf(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_97( + re_as_ntt[i0] = sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8177,7 +8177,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_67( +static KRML_MUSTINLINE void add_to_ring_element_20_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8201,14 +8201,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_ea( +static KRML_MUSTINLINE void compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_7f();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8229,10 +8229,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_67(&result0[i1], &product); + ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_0e(&result0[i1], &product); } - add_standard_error_reduce_20_5c(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8252,10 +8252,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_6e( +static tuple_9b generate_keypair_unpacked_a1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_d0(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8263,15 +8263,15 @@ static tuple_9b generate_keypair_unpacked_6e( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_b6(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_45(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_c0(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8283,14 +8283,14 @@ static tuple_9b generate_keypair_unpacked_6e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_c0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_ea(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8339,10 +8339,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_48( +static void closure_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_7f();); + ret[i] = ZERO_20_9a();); } /** @@ -8354,7 +8354,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8373,7 +8373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8382,18 +8382,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_6e(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_48(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_6e(&ind_cpa_public_key.A[j][i1]); + clone_3a_20(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8403,19 +8403,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_81( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_95( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_fd(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -8452,17 +8452,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_d8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c0( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_6e(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_95( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_8b(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8486,7 +8486,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_91( +static KRML_MUSTINLINE void serialize_kem_secret_key_cd( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8512,7 +8512,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_91( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_fd(public_key, ret0); + H_f1_2e(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8542,7 +8542,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8551,13 +8551,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_d8(ind_cpa_keypair_randomness); + generate_keypair_c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_91( + serialize_kem_secret_key_cd( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8566,13 +8566,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_1d0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_000( - uu____2, libcrux_ml_kem_types_from_07_780(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_750( + uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); } /** @@ -8585,10 +8585,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_78(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_7f();); + error_1[i] = ZERO_20_9a();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8600,11 +8600,11 @@ sample_ring_element_cbd_78(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_bf(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_97( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8630,9 +8630,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_c80(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_030(input, ret); + PRF_3a0(input, ret); } /** @@ -8641,18 +8641,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_02( +static KRML_MUSTINLINE void invert_ntt_montgomery_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1f(&zeta_i, re); - invert_ntt_at_layer_2_ea(&zeta_i, re); - invert_ntt_at_layer_3_2a(&zeta_i, re); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_42(re); + invert_ntt_at_layer_1_1e(&zeta_i, re); + invert_ntt_at_layer_2_12(&zeta_i, re); + invert_ntt_at_layer_3_72(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_8e(re); } /** @@ -8661,14 +8661,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_2e( +static KRML_MUSTINLINE void compute_vector_u_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_7f();); + result0[i] = ZERO_20_9a();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8688,11 +8688,11 @@ static KRML_MUSTINLINE void compute_vector_u_2e( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(a_element, &r_as_ntt[j]); - add_to_ring_element_20_67(&result0[i1], &product); + ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + add_to_ring_element_20_0e(&result0[i1], &product); } - invert_ntt_montgomery_02(&result0[i1]); - add_error_reduce_20_07(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_27(&result0[i1]); + add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8710,18 +8710,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_5d( +compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_67(&result, &product);); - invert_ntt_montgomery_02(&result); - result = add_message_error_reduce_20_31(error_2, message, result); + ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_0e(&result, &product);); + invert_ntt_montgomery_27(&result); + result = add_message_error_reduce_20_0f(error_2, message, result); return result; } @@ -8734,7 +8734,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fc( +static void compress_then_serialize_u_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8750,7 +8750,7 @@ static void compress_then_serialize_u_fc( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_f3(&re, ret); + compress_then_serialize_ring_element_u_4c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8774,15 +8774,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_b0( +static void encrypt_unpacked_8e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_c0(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8792,7 +8792,7 @@ static void encrypt_unpacked_b0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_78(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_15(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8800,31 +8800,31 @@ static void encrypt_unpacked_b0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_97( + sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_2e(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_34(copy_of_message); + deserialize_then_decompress_message_08(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_5d(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_fc( + compress_then_serialize_u_a4( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2f( + compress_then_serialize_ring_element_v_fc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8849,11 +8849,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -8863,7 +8863,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8876,7 +8876,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_b0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8886,7 +8886,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_47( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8907,11 +8907,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_ec(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_ac(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -8932,22 +8932,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_d9(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_84( + deserialize_ring_elements_reduced_c7( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_b6(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_45(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8977,7 +8977,7 @@ static void encrypt_d9(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_b0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8992,11 +8992,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_62(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_3f(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + core_result_unwrap_41_83(dst, ret); } /** @@ -9018,27 +9018,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_ec( + entropy_preprocess_af_ac( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_fd(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9046,19 +9046,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_d9(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_890(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_62(shared_secret, shared_secret_array); + kdf_af_3f(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9079,12 +9079,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_f2( +static KRML_MUSTINLINE void deserialize_then_decompress_u_03( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7f();); + u_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9102,8 +9102,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_f2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_90(u_bytes); - ntt_vector_u_85(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); + ntt_vector_u_2e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9117,17 +9117,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_5e( +compute_message_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_7f(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_e9(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_67(&result, &product);); - invert_ntt_montgomery_02(&result); - result = subtract_reduce_20_37(v, result); + ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_0e(&result, &product);); + invert_ntt_montgomery_27(&result); + result = subtract_reduce_20_4b(v, result); return result; } @@ -9141,19 +9141,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_28( +static void decrypt_unpacked_68( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_f2(ciphertext, u_as_ntt); + deserialize_then_decompress_u_03(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_c1( + deserialize_then_decompress_ring_element_v_9f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_5e(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9a(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_44(message, ret0); + compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9167,8 +9167,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_c8(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -9193,14 +9193,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_28(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_68(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -9211,7 +9211,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9219,17 +9219,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -9237,11 +9237,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ec( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_b0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8e(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9258,12 +9258,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_d8( +static KRML_MUSTINLINE void deserialize_secret_key_68( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7f();); + secret_as_ntt[i] = ZERO_20_9a();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9275,7 +9275,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_d8( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ff(secret_bytes); + deserialize_to_uncompressed_ring_element_30(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9297,10 +9297,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_d8(secret_key, secret_as_ntt); + deserialize_secret_key_68(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9312,7 +9312,7 @@ static void decrypt_42(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_28(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_68(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9338,7 +9338,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c5( +void libcrux_ml_kem_ind_cca_decapsulate_53( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9356,9 +9356,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_c5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_42(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9366,7 +9366,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c5( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9374,30 +9374,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_c5( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_d9(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_62(Eurydice_array_to_slice((size_t)32U, + kdf_af_3f(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_62(shared_secret0, shared_secret1); + kdf_af_3f(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_be0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index bc60a3c22..71eea2534 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 5c938e202..dbca50d4c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_97(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_970(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_971(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_972(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_973(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_974(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 5ef98a0d0..633f1d30a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "internal/libcrux_sha3_avx2.h" @@ -19,29 +19,24 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +static KRML_MUSTINLINE __m256i zero_ef(void) { + return mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = mm256_xor_si256(a, b); + __m256i cd = mm256_xor_si256(c, d); + __m256i abcd = mm256_xor_si256(ab, cd); + return mm256_xor_si256(abcd, e); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -51,60 +46,46 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_21(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), + mm256_srli_epi64((int32_t)63, x, __m256i)); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_21(b)); +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; + return mm256_xor_si256(uu____0, rotate_left_58(b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { + return mm256_xor_si256(a, mm256_andnot_si256(c, b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = mm256_set1_epi64x((int64_t)c); + return mm256_xor_si256(a, c0); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -112,9 +93,8 @@ xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { + return mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, @@ -196,7 +176,7 @@ with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_fa(void) { +new_1e_16(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -231,67 +211,48 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_fe(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); @@ -320,12 +281,11 @@ static KRML_MUSTINLINE void load_block_fe(core_core_arch_x86___m256i (*s)[5U], uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), uint8_t); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = @@ -352,15 +312,13 @@ static KRML_MUSTINLINE void load_block_fe(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t), uint8_t); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -373,13 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_ef_16( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_fe(uu____0, copy_of_b); + load_block_c7(uu____0, copy_of_b); } /** @@ -388,13 +346,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_210(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), + mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -403,10 +357,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_210(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_580(ab); } /** @@ -419,9 +372,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_13(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { + return _vxarq_u64_c1(a, b); } /** @@ -430,13 +382,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_211(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), + mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -445,10 +393,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_130(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_211(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_581(ab); } /** @@ -461,9 +408,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c0( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_130(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { + return _vxarq_u64_c10(a, b); } /** @@ -472,13 +418,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_212(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), + mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -487,10 +429,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_131(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_212(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_582(ab); } /** @@ -503,9 +444,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c1( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_131(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { + return _vxarq_u64_c11(a, b); } /** @@ -514,13 +454,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_213(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), + mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -529,10 +465,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_132(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_213(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_583(ab); } /** @@ -545,9 +480,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c2( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_132(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { + return _vxarq_u64_c12(a, b); } /** @@ -556,10 +490,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_133(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_21(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_58(ab); } /** @@ -572,9 +505,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c3( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_133(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { + return _vxarq_u64_c13(a, b); } /** @@ -583,13 +515,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_214(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), + mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -598,10 +526,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_134(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_214(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_584(ab); } /** @@ -614,9 +541,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c4( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_134(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { + return _vxarq_u64_c14(a, b); } /** @@ -625,13 +551,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_215(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), + mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -640,10 +562,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_135(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_215(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_585(ab); } /** @@ -656,9 +577,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c5( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_135(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { + return _vxarq_u64_c15(a, b); } /** @@ -667,13 +587,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_216(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), + mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -682,10 +598,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_136(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_216(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_586(ab); } /** @@ -698,9 +613,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c6( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_136(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { + return _vxarq_u64_c16(a, b); } /** @@ -709,13 +623,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_217(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), + mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -724,10 +634,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_137(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_217(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_587(ab); } /** @@ -740,9 +649,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c7( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_137(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { + return _vxarq_u64_c17(a, b); } /** @@ -751,13 +659,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_218(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), + mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -766,10 +670,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_138(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_218(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_588(ab); } /** @@ -782,9 +685,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c8( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_138(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { + return _vxarq_u64_c18(a, b); } /** @@ -793,13 +695,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_219(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), + mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -808,10 +706,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_139(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_219(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_589(ab); } /** @@ -824,9 +721,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c9( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_139(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { + return _vxarq_u64_c19(a, b); } /** @@ -835,13 +731,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2110(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), + mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -850,10 +742,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1310(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2110(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5810(ab); } /** @@ -866,9 +757,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c10( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1310(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { + return _vxarq_u64_c110(a, b); } /** @@ -877,13 +767,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2111(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), + mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -892,10 +778,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1311(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2111(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5811(ab); } /** @@ -908,9 +793,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c11( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1311(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { + return _vxarq_u64_c111(a, b); } /** @@ -919,13 +803,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2112(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), + mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -934,10 +814,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1312(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2112(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5812(ab); } /** @@ -950,9 +829,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c12( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1312(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { + return _vxarq_u64_c112(a, b); } /** @@ -961,13 +839,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2113(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), + mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -976,10 +850,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1313(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2113(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5813(ab); } /** @@ -992,9 +865,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c13( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1313(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { + return _vxarq_u64_c113(a, b); } /** @@ -1003,13 +875,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2114(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), + mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1018,10 +886,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1314(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2114(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5814(ab); } /** @@ -1034,9 +901,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c14( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1314(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { + return _vxarq_u64_c114(a, b); } /** @@ -1045,13 +911,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2115(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), + mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1060,10 +922,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1315(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2115(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5815(ab); } /** @@ -1076,9 +937,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c15( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1315(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { + return _vxarq_u64_c115(a, b); } /** @@ -1087,13 +947,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2116(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), + mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1102,10 +958,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1316(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2116(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5816(ab); } /** @@ -1118,9 +973,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1316(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { + return _vxarq_u64_c116(a, b); } /** @@ -1129,13 +983,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2117(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), + mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1144,10 +994,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1317(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2117(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5817(ab); } /** @@ -1160,9 +1009,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1317(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { + return _vxarq_u64_c117(a, b); } /** @@ -1171,13 +1019,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2118(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), + mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1186,10 +1030,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1318(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2118(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5818(ab); } /** @@ -1202,9 +1045,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c18( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1318(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { + return _vxarq_u64_c118(a, b); } /** @@ -1213,13 +1055,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2119(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), + mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1228,10 +1066,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1319(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2119(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5819(ab); } /** @@ -1244,9 +1081,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c19( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1319(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { + return _vxarq_u64_c119(a, b); } /** @@ -1255,13 +1091,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2120(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), + mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1270,10 +1102,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1320(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2120(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5820(ab); } /** @@ -1286,9 +1117,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c20( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1320(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { + return _vxarq_u64_c120(a, b); } /** @@ -1297,13 +1127,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2121(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), + mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1312,10 +1138,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1321(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2121(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5821(ab); } /** @@ -1328,9 +1153,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c21( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1321(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { + return _vxarq_u64_c121(a, b); } /** @@ -1339,13 +1163,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_2122(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), + mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1354,10 +1174,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_1322(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_2122(ab); +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); + return rotate_left_5822(ab); } /** @@ -1370,9 +1189,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_5c22( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return _vxarq_u64_1322(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { + return _vxarq_u64_c122(a, b); } /** @@ -1381,61 +1199,59 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_3f( +static KRML_MUSTINLINE void theta_rho_71( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = + __m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = + __m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = + __m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { + __m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1445,10 +1261,10 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_d8( +static KRML_MUSTINLINE void pi_01( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1481,10 +1297,10 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_95( +static KRML_MUSTINLINE void chi_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1499,7 +1315,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_c9( +static KRML_MUSTINLINE void iota_09( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1511,14 +1327,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_4e( +static KRML_MUSTINLINE void keccakf1600_07( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_3f(s); - pi_d8(s); - chi_95(s); - iota_c9(s, i0); + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); } } @@ -1529,13 +1345,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_26( +static KRML_MUSTINLINE void absorb_block_37( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_16(uu____0, uu____1); - keccakf1600_4e(s); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); } /** @@ -1543,14 +1359,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_1d( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_fe(s, buf); + load_block_c7(s, buf); } /** @@ -1562,13 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_40( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_1d(uu____0, copy_of_b); + load_block_full_91(uu____0, copy_of_b); } /** @@ -1579,7 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_80( +static KRML_MUSTINLINE void absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1592,11 +1408,11 @@ static KRML_MUSTINLINE void absorb_final_80( } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_40(uu____3, uu____4); - keccakf1600_4e(s); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); } /** @@ -1604,61 +1420,53 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_78(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v0l = mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); @@ -1668,8 +1476,8 @@ static KRML_MUSTINLINE void store_block_78(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); Eurydice_slice_copy( @@ -1700,8 +1508,8 @@ static KRML_MUSTINLINE void store_block_78(core_core_arch_x86___m256i (*s)[5U], ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); Eurydice_slice uu____4 = Eurydice_slice_subslice2( out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( @@ -1734,8 +1542,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_61( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; @@ -1745,7 +1553,7 @@ static KRML_MUSTINLINE void store_block_full_61( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_78(s, buf); + store_block_e9(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1772,9 +1580,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_83( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_61(a, ret); +static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); } /** @@ -1784,10 +1592,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_ac( +static KRML_MUSTINLINE void squeeze_first_and_last_a4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_83(s->st, b); + store_block_full_ef_99(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1808,9 +1616,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_ef_aa( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_78(a, b); +static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_e9(a, b); } /** @@ -1820,9 +1628,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_b7( +static KRML_MUSTINLINE void squeeze_first_block_e9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_aa(s->st, out); + store_block_ef_f6(s->st, out); } /** @@ -1832,10 +1640,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_ff( +static KRML_MUSTINLINE void squeeze_next_block_1c( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_4e(s); - store_block_ef_aa(s->st, out); + keccakf1600_07(s); + store_block_ef_f6(s->st, out); } /** @@ -1845,11 +1653,11 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_0a( +static KRML_MUSTINLINE void squeeze_last_77( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_4e(&s); + keccakf1600_07(&s); uint8_t b[4U][200U]; - store_block_full_ef_83(s.st, b); + store_block_full_ef_99(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1869,9 +1677,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_fa(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1881,7 +1689,7 @@ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_26(uu____0, ret); + absorb_block_37(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1891,12 +1699,12 @@ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - absorb_final_80(uu____2, ret); + absorb_final_5e(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_ac(&s, out); + squeeze_first_and_last_a4(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1904,7 +1712,7 @@ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_b7(&s, o0); + squeeze_first_block_e9(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1922,12 +1730,12 @@ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_ff(&s, o); + squeeze_next_block_1c(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_0a(s, o1); + squeeze_last_77(s, o1); } } } @@ -1941,7 +1749,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_9b(buf0, buf); + keccak_14(buf0, buf); } /** @@ -1949,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_fa(); + return new_1e_16(); } /** @@ -1957,67 +1765,48 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_fe0(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); @@ -2046,12 +1835,11 @@ static KRML_MUSTINLINE void load_block_fe0(core_core_arch_x86___m256i (*s)[5U], uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), uint8_t); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = @@ -2078,15 +1866,13 @@ static KRML_MUSTINLINE void load_block_fe0(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t), uint8_t); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -2095,14 +1881,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_1d0( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_fe0(s, buf); + load_block_c70(s, buf); } /** @@ -2114,13 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_400( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_1d0(uu____0, copy_of_b); + load_block_full_910(uu____0, copy_of_b); } /** @@ -2131,7 +1917,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_800( +static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2144,11 +1930,11 @@ static KRML_MUSTINLINE void absorb_final_800( } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_400(uu____3, uu____4); - keccakf1600_4e(s); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } /** @@ -2158,7 +1944,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_800(s, buf); + absorb_final_5e0(s, buf); } /** @@ -2166,61 +1952,53 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_780(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v0l = mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); @@ -2230,8 +2008,8 @@ static KRML_MUSTINLINE void store_block_780(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); Eurydice_slice_copy( @@ -2262,8 +2040,8 @@ static KRML_MUSTINLINE void store_block_780(core_core_arch_x86___m256i (*s)[5U], ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); Eurydice_slice uu____4 = Eurydice_slice_subslice2( out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( @@ -2300,9 +2078,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void store_block_ef_aa0( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_780(a, b); +static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_e90(a, b); } /** @@ -2312,9 +2090,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_b70( +static KRML_MUSTINLINE void squeeze_first_block_e90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_aa0(s->st, out); + store_block_ef_f60(s->st, out); } /** @@ -2324,10 +2102,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_ff0( +static KRML_MUSTINLINE void squeeze_next_block_1c0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_4e(s); - store_block_ef_aa0(s->st, out); + keccakf1600_07(s); + store_block_ef_f60(s->st, out); } /** @@ -2337,7 +2115,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_three_blocks_6d( +static KRML_MUSTINLINE void squeeze_first_three_blocks_27( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2345,15 +2123,15 @@ static KRML_MUSTINLINE void squeeze_first_three_blocks_6d( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_b70(s, o0); + squeeze_first_block_e90(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_ff0(s, o1); - squeeze_next_block_ff0(s, o2); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); } /** @@ -2363,7 +2141,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_three_blocks_6d(s, buf); + squeeze_first_three_blocks_27(s, buf); } /** @@ -2373,7 +2151,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_ff0(s, buf); + squeeze_next_block_1c0(s, buf); } /** @@ -2383,7 +2161,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_58( +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2391,29 +2169,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_58( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_b70(s, o0); + squeeze_first_block_e90(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_ff0(s, o1); + squeeze_next_block_1c0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_ff0(s, o2); + squeeze_next_block_1c0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_ff0(s, o3); - squeeze_next_block_ff0(s, o4); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } /** @@ -2424,7 +2202,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_58(s, buf); + squeeze_first_five_blocks_e4(s, buf); } /** @@ -2434,7 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_80(s, buf); + absorb_final_5e(s, buf); } /** @@ -2445,7 +2223,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_b7(s, buf); + squeeze_first_block_e9(s, buf); } /** @@ -2456,5 +2234,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_ff(s, buf); + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index c05a20f4c..da062e426 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_sha3_avx2_H @@ -30,7 +30,7 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index fac672712..63801aeae 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_ba(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_28(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_0d(s); - libcrux_sha3_generic_keccak_pi_f0(s); - libcrux_sha3_generic_keccak_chi_e2(s); - libcrux_sha3_generic_keccak_iota_ae(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1431,9 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1443,10 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1454,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_280(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1511,7 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d0(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1573,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1585,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1616,13 +1616,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1630,12 +1630,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1652,9 +1652,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_853(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1665,10 +1665,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1691,11 +1691,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1719,10 +1719,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1733,7 +1733,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1743,12 +1743,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,7 +1756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1774,12 +1774,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1790,12 +1790,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -1803,7 +1803,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1814,7 +1814,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1831,13 +1831,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -1847,13 +1847,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1861,11 +1861,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_283(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1877,13 +1877,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -1894,7 +1894,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1913,8 +1913,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1922,7 +1922,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1940,12 +1940,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d3(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1962,9 +1962,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_852(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -1975,10 +1975,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2003,9 +2003,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d3(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2015,9 +2015,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2027,10 +2027,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2040,11 +2040,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2068,10 +2068,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2082,7 +2082,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2092,12 +2092,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,7 +2105,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2123,12 +2123,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2139,12 +2139,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2163,7 +2163,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2180,13 +2180,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2196,13 +2196,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2210,11 +2210,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_282(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2226,13 +2226,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2243,7 +2243,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2262,8 +2262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2271,7 +2271,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2289,12 +2289,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d2(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2311,9 +2311,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_851(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2324,10 +2324,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2352,9 +2352,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d2(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2364,9 +2364,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2376,10 +2376,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2389,11 +2389,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2417,10 +2417,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2431,7 +2431,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2441,12 +2441,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,7 +2454,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2472,12 +2472,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2488,12 +2488,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2505,13 +2505,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -2521,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2535,12 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d0(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2557,9 +2557,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_850(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2570,10 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2596,11 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2624,10 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2638,7 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2648,12 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2661,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2695,12 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2711,7 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2730,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2742,10 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2756,7 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2766,12 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2779,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2813,12 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2826,7 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2854,13 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -2870,13 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2884,11 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_281(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2900,13 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2917,7 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2936,8 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2945,7 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2963,12 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d1(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2984,9 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_85(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -2997,10 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3025,9 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d1(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3037,9 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3049,10 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3062,11 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3090,10 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3104,7 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3114,12 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3127,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3161,12 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 7fe004fad..a0c87071b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 183656227..f644d380f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 7e0205733..5d57f7855 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -27,8 +27,8 @@ files: - [libcrux_sha3, simd, avx2, "*"] monomorphizations_exact: - [libcrux_sha3, generic_keccak, KeccakState_29] - - [libcrux_sha3, generic_keccak, absorb_final_5e ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_27 ] + - [libcrux_sha3, generic_keccak, absorb_final_d9 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] monomorphizations_of: - [libcrux_sha3, avx2, "*"] - [libcrux_sha3, simd, avx2, "*"] @@ -96,8 +96,8 @@ files: inline_static: true private: exact: - - [ libcrux_ml_kem, ind_cca, MlKem ] - - [ libcrux_ml_kem, ind_cca, Kyber ] + - [ libcrux_ml_kem, variant, MlKem ] + - [ libcrux_ml_kem, variant, Kyber ] api: patterns: - [libcrux_ml_kem, "*"] @@ -116,3 +116,11 @@ files: - [libcrux_ml_kem, vector, "*"] - [libcrux_ml_kem, hash_functions, portable, "*"] - [libcrux_ml_kem, ind_cca, instantiations, portable, "*"] + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] + - [ core, option ] + - [ core, result ] + - [ core, array ] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 7a7fb98ac..50e2aa7a6 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 +Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb +Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 +Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 49fa52216..5ac03509a 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_core_H @@ -30,20 +30,20 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; -#define core_option_None 0 -#define core_option_Some 1 +#define None 0 +#define Some 1 -typedef uint8_t core_option_Option_ef_tags; +typedef uint8_t Option_ef_tags; /** A monomorphic instance of core.option.Option with types size_t */ -typedef struct core_option_Option_b3_s { - core_option_Option_ef_tags tag; +typedef struct Option_b3_s { + Option_ef_tags tag; size_t f0; -} core_option_Option_b3; +} Option_b3; static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); @@ -84,23 +84,23 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 +#define Ok 0 +#define Err 1 -typedef uint8_t core_result_Result_6f_tags; +typedef uint8_t Result_6f_tags; /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; +typedef struct Result_6f_s { + Result_6f_tags tag; union { uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_6f; +} Result_6f; /** This function found in impl {core::result::Result} @@ -110,9 +110,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_76(core_result_Result_6f self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { + if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); @@ -128,13 +127,13 @@ A monomorphic instance of core.result.Result with types uint8_t[20size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; +typedef struct Result_7a_s { + Result_6f_tags tag; union { uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_7a; +} Result_7a; /** This function found in impl {core::result::Result} @@ -144,9 +143,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_ea(core_result_Result_7a self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { + if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); @@ -162,13 +160,13 @@ A monomorphic instance of core.result.Result with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; +typedef struct Result_cd_s { + Result_6f_tags tag; union { uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_cd; +} Result_cd; /** This function found in impl {core::result::Result} @@ -178,9 +176,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_07(core_result_Result_cd self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { + if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); @@ -210,10 +207,10 @@ A monomorphic instance of core.option.Option with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] */ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; +typedef struct Option_92_s { + Option_ef_tags tag; libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; +} Option_92; typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; @@ -227,7 +224,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_2f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_14( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -242,7 +239,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_78(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_3a(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -276,7 +273,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_00(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_75(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -292,7 +289,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_1d(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_20(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -322,7 +319,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_89(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_30(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -339,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_7b( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_94( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -352,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_172( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -368,13 +365,13 @@ A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; +typedef struct Result_00_s { + Result_6f_tags tag; union { uint8_t case_Ok[32U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_00; +} Result_00; /** This function found in impl {core::result::Result} @@ -384,9 +381,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_33(core_result_Result_00 self, - uint8_t ret[32U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { + if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); @@ -405,7 +401,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_171( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -425,7 +421,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_f1( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_49( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -438,7 +434,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_170( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -457,7 +453,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_17( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -473,13 +469,13 @@ A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; +typedef struct Result_c0_s { + Result_6f_tags tag; union { int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_c0; +} Result_c0; /** This function found in impl {core::result::Result} @@ -489,9 +485,8 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_30(core_result_Result_c0 self, - int16_t ret[16U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { + if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); @@ -507,13 +502,13 @@ A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; +typedef struct Result_56_s { + Result_6f_tags tag; union { uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_56; +} Result_56; /** This function found in impl {core::result::Result} @@ -523,9 +518,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_0e(core_result_Result_56 self, - uint8_t ret[8U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { + if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index b129ea5bd..ea2f6e973 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index de5d59623..54540cb08 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem768_avx2_H @@ -43,11 +43,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_vec_zero(void) { +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -56,13 +55,12 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ZERO_09(void) { +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) { return libcrux_ml_kem_vector_avx2_vec_zero(); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -72,14 +70,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) { +static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( + Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { + __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t), v); @@ -94,14 +92,13 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_to_i16_array_09( - core_core_arch_x86___m256i x, int16_t ret[16U]) { + __m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs) { return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } @@ -110,15 +107,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_09( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +static inline __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, + __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs) { return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } @@ -127,15 +123,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_09( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +static inline __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, + __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { return libcrux_intrinsics_avx2_mm256_mullo_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -145,16 +141,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_09(core_core_arch_x86___m256i v, - int16_t c) { +static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( + __m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_intrinsics_avx2_mm256_and_si256( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -164,26 +159,22 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - core_core_arch_x86___m256i vector, int16_t constant) { +static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); @@ -194,9 +185,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -208,18 +198,16 @@ libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( of this code. */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -232,30 +220,27 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_09( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -265,36 +250,32 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = + __m256i shifted_to_positive_in_range = libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + (int32_t)15, shifted_to_positive_in_range, __m256i); } /** @@ -302,63 +283,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_09(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -367,28 +340,26 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -397,52 +368,43 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( + __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m128i +static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients, __m256i); } /** @@ -450,39 +412,38 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( - core_core_arch_x86___m256i vector, int16_t zeta) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( + __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum0, libcrux_intrinsics_avx2_mm256_set_epi16( zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); } /** @@ -490,40 +451,37 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum, libcrux_intrinsics_avx2_mm256_set_epi16( zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); } /** @@ -531,33 +489,28 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( + __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients0, __m256i); } /** @@ -565,115 +518,96 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( - core_core_arch_x86___m256i vector, int16_t zeta) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( + __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); + __m256i); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = + __m256i right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( right0, libcrux_intrinsics_avx2_mm256_set_epi32( -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + products_right1, __m256i); } /** @@ -681,33 +615,25 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_09(core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( + __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); + ret[0U] = (uint8_t)bits_packed; + ret[1U] = (uint8_t)(bits_packed >> 8U); } /** @@ -715,44 +641,40 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_09( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); } /** @@ -760,51 +682,44 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -813,46 +728,40 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_09( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 4U) - (int16_t)1)); @@ -863,62 +772,54 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; - core_result_Result_cd dst; + Result_cd dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -927,15 +828,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_09( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), @@ -952,34 +853,29 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - core_core_arch_x86___m256i coefficients_loaded = + __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m256i); } /** @@ -987,62 +883,56 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), upper_8); uint8_t ret0[20U]; - core_result_Result_7a dst; + Result_7a dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1052,49 +942,38 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); @@ -1105,14 +984,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); @@ -1130,12 +1009,12 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_11_09( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); @@ -1150,48 +1029,41 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -1200,12 +1072,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( uint8_t), upper_8); uint8_t ret0[24U]; - core_result_Result_6f dst; + Result_6f dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1215,49 +1087,38 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); @@ -1268,8 +1129,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1277,12 +1138,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = + __m256i compare_with_field_modulus = libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; @@ -1293,14 +1153,12 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); - core_core_arch_x86___m128i lower_coefficients = + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; @@ -1308,15 +1166,12 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, sampled_count + (size_t)8U, int16_t), @@ -1341,7 +1196,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** @@ -1356,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_28(void) { +libcrux_ml_kem_polynomial_ZERO_20_98(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1385,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a8(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -1397,10 +1252,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_05( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1418,12 +1273,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1436,7 +1291,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_05( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1469,8 +1324,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3b(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_98(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -1480,59 +1335,45 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_43( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1546,10 +1387,10 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_43( +static inline __m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( vector); } @@ -1561,24 +1402,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_b7( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); LowStar_Ignore_ignore( - Eurydice_slice_len(Eurydice_array_to_slice((size_t)16U, re.coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i), + Eurydice_slice_len( + Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), + __m256i), size_t, void *); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( coefficient); } return re; @@ -1591,59 +1431,45 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_430( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1657,10 +1483,10 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae0( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_430( +static inline __m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( vector); } @@ -1672,19 +1498,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_16( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( coefficient); } return re; @@ -1698,14 +1523,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_61( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_b7(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -1715,9 +1540,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99( - core_core_arch_x86___m256i v, int16_t fer) { +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b( + __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1729,11 +1553,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_86(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5(__m256i a, __m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1747,7 +1569,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1760,11 +1582,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_86( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -1778,7 +1600,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_6e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1797,7 +1619,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_52( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_70( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1819,7 +1641,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_03( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1849,7 +1671,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1866,21 +1688,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b5( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_6e(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_52(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_03(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); } /** @@ -1893,12 +1715,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c3( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1918,9 +1740,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c3( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_61( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_b5(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1934,59 +1756,45 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_431( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2000,10 +1808,10 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae1( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_431( +static inline __m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( vector); } @@ -2015,19 +1823,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_45( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( coefficient); } return re; @@ -2040,59 +1847,45 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_432( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2106,10 +1899,10 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae2( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_432( +static inline __m256i +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( vector); } @@ -2121,10 +1914,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_7e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -2132,7 +1925,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_7e( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_ae2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( re.coefficients[i0]); } return re; @@ -2146,9 +1939,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_82( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_45(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_58(serialized); } /** @@ -2163,11 +1956,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_8b( +libcrux_ml_kem_polynomial_ntt_multiply_20_15( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2199,14 +1992,13 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_02( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i), - core_core_arch_x86___m256i); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_09( @@ -2221,7 +2013,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_18( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2248,7 +2040,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2271,7 +2063,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2292,14 +2084,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_76( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_09(b, &a); +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9(__m256i a, + __m256i b, + int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_99(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2312,7 +2103,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2327,11 +2118,11 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_76( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2345,22 +2136,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_18(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_44(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); } /** @@ -2375,13 +2166,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_a4( +libcrux_ml_kem_polynomial_subtract_reduce_20_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( @@ -2399,21 +2190,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d4( +libcrux_ml_kem_matrix_compute_message_12( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_8b(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_a4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_c4(v, result); return result; } @@ -2423,11 +2214,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_88( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -2440,10 +2229,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_09_14( - core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_88(vector); +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_06( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(vector); } /** @@ -2453,14 +2241,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_09_14(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static inline __m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_4b(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_06(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); } @@ -2472,15 +2257,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_e4( +libcrux_ml_kem_serialize_compress_then_serialize_message_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( + __m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); @@ -2503,20 +2288,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6b( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_c3(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_82( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d4(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_12(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_e4(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_33(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2531,11 +2316,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_a9(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_e4(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2547,7 +2332,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_a9(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6b(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_02(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2562,7 +2347,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_ab( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2573,7 +2358,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2592,9 +2377,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_c9(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); } /** @@ -2605,9 +2390,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_b2( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9a( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -2618,17 +2403,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_60( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } @@ -2643,12 +2427,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2661,7 +2445,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_60( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( ring_element); deserialized_pk[i0] = uu____0; } @@ -2678,8 +2462,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a1(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2b(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -2689,10 +2473,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fb( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d6( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } } @@ -2707,7 +2491,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2731,12 +2515,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( copy_of_input); } @@ -2748,7 +2532,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2784,9 +2568,9 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( self, ret); } @@ -2840,7 +2624,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2883,7 +2667,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2919,9 +2703,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); } /** @@ -2974,7 +2758,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3021,9 +2805,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3042,8 +2826,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_06(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( +libcrux_ml_kem_sampling_sample_from_xof_closure_e9(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3054,7 +2838,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3063,28 +2847,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f8( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_6c0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( copy_of_randomness, sampled_coefficients, out); } } @@ -3094,7 +2878,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_06(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_e9(copy_of_out[i]); } memcpy( ret, ret0, @@ -3108,12 +2892,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_fb(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_d6(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3133,7 +2917,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_1c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_f8(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_0c(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3193,8 +2977,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_80(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_48(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -3204,7 +2988,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_ef( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3243,9 +3027,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_ef(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); } /** @@ -3305,7 +3089,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_53( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3340,7 +3124,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_53( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3352,7 +3136,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_04( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3386,7 +3170,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_04( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3398,9 +3182,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_53( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( randomness); } @@ -3411,14 +3195,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_68( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_09( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); re->coefficients[j] = @@ -3434,20 +3217,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_43( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_cd(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_68(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_6e(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_52(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_03(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_a0(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); } /** @@ -3460,11 +3243,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3479,13 +3262,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_43(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3510,8 +3293,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_46(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2a(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -3524,11 +3307,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3543,11 +3326,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3570,7 +3353,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c90( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3589,9 +3372,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_c90(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); } /** @@ -3602,8 +3385,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_63(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_matrix_compute_vector_u_closure_73(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -3617,13 +3400,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_dd( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_87( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( @@ -3639,14 +3422,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_92( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3667,12 +3450,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_92( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_8b(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_15(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_dd(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_87(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3691,8 +3474,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_ac(core_core_arch_x86___m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_05(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -3707,18 +3489,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b3( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_09( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_ac(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_05(coefficient_compressed); } return re; } @@ -3735,19 +3517,19 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_25( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_09( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); @@ -3763,22 +3545,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_87( +libcrux_ml_kem_matrix_compute_ring_element_v_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_28(); + libcrux_ml_kem_polynomial_ZERO_20_98(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_8b(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_32(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_25( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( error_2, message, result); return result; } @@ -3790,62 +3572,50 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_16( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3858,9 +3628,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_d7(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_16( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_92( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( vector); } @@ -3872,16 +3642,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( +libcrux_ml_kem_serialize_compress_then_serialize_10_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_d7( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( - re->coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_92( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3899,62 +3668,50 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_160( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3967,9 +3724,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_d70(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_160( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_920( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( vector); } @@ -3981,16 +3738,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d6( +libcrux_ml_kem_serialize_compress_then_serialize_11_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_d70( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( - re->coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_920( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4010,10 +3766,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d3( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_a8(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4027,7 +3783,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a9( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4043,7 +3799,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a9( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_d3(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4057,62 +3813,50 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_161( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4125,9 +3869,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_d71(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_161( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_921( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( vector); } @@ -4139,7 +3883,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_f8( +libcrux_ml_kem_serialize_compress_then_serialize_4_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4147,10 +3891,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_f8( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_09_d71( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( - re.coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_921( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -4167,62 +3910,50 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_162( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4235,9 +3966,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_09_d72(core_core_arch_x86___m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_162( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_922( + __m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( vector); } @@ -4249,7 +3980,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a5( +libcrux_ml_kem_serialize_compress_then_serialize_5_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4257,10 +3988,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_a5( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_09_d72( - libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( - re.coefficients[i0])); + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_922( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -4281,7 +4011,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_f8(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_42(re, out); } /** @@ -4302,15 +4032,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_75( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4320,7 +4050,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_75( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4329,29 +4059,29 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_75( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_fb( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_92(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b3( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_87( + libcrux_ml_kem_matrix_compute_ring_element_v_6c( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a9( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; @@ -4379,24 +4109,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_c3(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_1c(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_43(ret0, false, A); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4426,7 +4156,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_c3(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_75(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4443,12 +4173,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_6e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_11( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + unwrap_41_83(dst, ret); } /** @@ -4474,7 +4204,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_ab( +static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4492,10 +4222,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_a9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4503,7 +4233,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( + libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4512,14 +4242,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4527,18 +4257,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c3(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6e( + libcrux_ml_kem_ind_cca_kdf_43_11( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6e(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4570,10 +4300,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_80( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ab(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_f5(private_key, ciphertext, ret); } /** @@ -4587,7 +4317,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_80(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a(private_key, ciphertext, ret); } @@ -4647,14 +4377,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6b( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4665,7 +4395,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( + libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4674,17 +4404,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = @@ -4693,11 +4423,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_75( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4734,10 +4464,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_af( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a2(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e(key_pair, ciphertext, ret); } @@ -4752,7 +4482,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_af( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( private_key, ciphertext, ret); } @@ -4767,11 +4497,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( Eurydice_slice randomness, uint8_t ret[32U]) { - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + unwrap_41_83(dst, ret); } /** @@ -4784,7 +4514,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_31( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4809,28 +4539,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_10( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_87( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31( + libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_7b(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( + libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4839,20 +4569,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6e(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4885,14 +4615,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_34( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_10(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); } /** @@ -4910,7 +4640,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_34( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( uu____0, copy_of_randomness); } @@ -4933,11 +4663,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4947,7 +4677,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( + libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4961,7 +4691,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_75(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4971,7 +4701,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5005,7 +4735,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_72( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5013,7 +4743,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_72( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_49( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uu____0, copy_of_randomness); } @@ -5034,7 +4764,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_72( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( uu____0, copy_of_randomness); } @@ -5059,8 +4789,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_5a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_02(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -5070,9 +4800,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_6b( - core_core_arch_x86___m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_6b( + __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -5089,13 +4818,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_2c( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_traits_to_standard_domain_6b( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( @@ -5111,14 +4840,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_25( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5140,12 +4869,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_8b(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_02(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_2c( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -5166,10 +4895,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5177,15 +4906,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_1c(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_43(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -5198,17 +4927,17 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_82(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_25(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -5251,14 +4980,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_44( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_0b( + __m256i coefficient = + libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -5278,7 +5007,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5296,7 +5025,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_d8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_44(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5312,14 +5041,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_c4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5344,17 +5073,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_f8(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_c4( + libcrux_ml_kem_ind_cpa_serialize_public_key_ac( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_d8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5380,7 +5109,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_56( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5406,7 +5135,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_56( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5436,7 +5165,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5445,13 +5174,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_1c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_f8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_56( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5460,13 +5189,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_00( - uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -5482,12 +5211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_47( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); } /** @@ -5499,7 +5228,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_47( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( copy_of_randomness); } @@ -5518,9 +5247,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_0c( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_87( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_28(); + return libcrux_ml_kem_polynomial_ZERO_20_98(); } /** @@ -5538,10 +5267,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_e5( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_28(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); } } @@ -5557,14 +5286,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_e0( +libcrux_ml_kem_polynomial_clone_3a_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -5583,7 +5311,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5592,7 +5320,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_fe( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5600,7 +5328,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_e5(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5608,7 +5336,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_e0(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_4f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5620,20 +5348,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_c4( + libcrux_ml_kem_ind_cpa_serialize_public_key_ac( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31( + libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5675,12 +5403,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_41( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_86( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( copy_of_randomness); } @@ -5694,7 +5422,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_41( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( copy_of_randomness); } @@ -5710,24 +5438,24 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_2f( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31( + libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_2f(ciphertext), + libcrux_ml_kem_types_as_slice_a8_14(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5755,7 +5483,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_ab0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5773,10 +5501,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_a9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5784,7 +5512,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( + libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5793,14 +5521,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5808,18 +5536,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ab0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c3(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_0a( + libcrux_ml_kem_ind_cca_kdf_6c_2f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_0a(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5855,10 +5583,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_71( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ab0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_f50(private_key, ciphertext, ret); } /** @@ -5872,7 +5600,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_71( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( private_key, ciphertext, ret); } @@ -5887,9 +5615,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_19( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); } /** @@ -5912,28 +5640,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_100( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_19( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31( + libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_7b(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( + libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5942,20 +5670,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_100( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_c3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_0a(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5991,14 +5719,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_53( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_100(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); } /** @@ -6016,7 +5744,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_53( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( uu____0, copy_of_randomness); } @@ -6029,16 +5757,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_d2( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_03( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_c4( + libcrux_ml_kem_ind_cpa_serialize_public_key_ac( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6057,9 +5785,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_90( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_d2(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); } /** @@ -6068,16 +5796,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_90( Returns `Some(public_key)` if valid, and `None` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_avx2_validate_public_key( +static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_90( + Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); + uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + uu____0 = (CLITERAL(Option_92){.tag = None}); } return uu____0; } @@ -6087,8 +5813,7 @@ This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_78( - core_core_arch_x86___m256i *self) { +static inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { return self[0U]; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 7c6d62c24..7882cc122 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_mlkem768_portable_H @@ -71,6 +71,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +typedef struct libcrux_ml_kem_ind_cca_Kyber_s { +} libcrux_ml_kem_ind_cca_Kyber; + +typedef struct libcrux_ml_kem_ind_cca_MlKem_s { +} libcrux_ml_kem_ind_cca_MlKem; + typedef uint8_t libcrux_ml_kem_ind_cca_MlKemSharedSecret[32U]; static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = @@ -130,11 +136,11 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; - core_result_Result_c0 dst; + Result_c0 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2438,7 +2444,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_7f(void) { +libcrux_ml_kem_polynomial_ZERO_20_9a(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2466,8 +2472,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_81(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_c8(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -2477,10 +2483,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e4( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2499,12 +2505,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2517,7 +2523,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_6b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e4( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2549,8 +2555,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_2c(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_32(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -2560,7 +2566,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2585,9 +2591,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( v); } @@ -2598,10 +2604,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_e3( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2617,7 +2623,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_e3( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( coefficient); re.coefficients[i0] = uu____0; } @@ -2631,7 +2637,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2656,9 +2662,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( v); } @@ -2669,10 +2675,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_60( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2681,7 +2687,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_60( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( coefficient); re.coefficients[i0] = uu____0; } @@ -2695,9 +2701,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_2b( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_e3(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2712,7 +2718,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_1e( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2726,12 +2732,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a1( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_1e(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2745,7 +2751,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2758,7 +2764,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a1( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2775,7 +2781,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_4c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2795,7 +2801,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_68( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2817,7 +2823,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2847,7 +2853,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2865,21 +2871,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_4c(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_68(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_9d(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); } /** @@ -2891,12 +2897,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ec( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2916,9 +2922,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ec( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_2b( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_8d(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_d3(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2932,7 +2938,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2957,9 +2963,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( v); } @@ -2970,10 +2976,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_e7( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2982,7 +2988,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_e7( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( coefficient); re.coefficients[i0] = uu____0; } @@ -2996,7 +3002,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3021,9 +3027,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( v); } @@ -3034,10 +3040,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_96( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3046,7 +3052,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_96( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3060,9 +3066,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_e7(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_70(serialized); } /** @@ -3076,11 +3082,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_e9( +libcrux_ml_kem_polynomial_ntt_multiply_20_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3113,7 +3119,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_67( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3137,7 +3143,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3163,7 +3169,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3185,7 +3191,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3207,7 +3213,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ee( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3215,7 +3221,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_1e(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3228,7 +3234,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3243,7 +3249,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ee( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3260,22 +3266,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2a(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9f(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); } /** @@ -3289,7 +3295,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_a2( +libcrux_ml_kem_polynomial_subtract_reduce_20_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3315,21 +3321,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_f7( +libcrux_ml_kem_matrix_compute_message_29( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_e9(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_a2(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_56(v, result); return result; } @@ -3339,7 +3345,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_53( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3359,9 +3365,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_be( +libcrux_ml_kem_vector_portable_shift_right_0d_e7( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_53(v); } /** @@ -3371,10 +3377,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_19( +libcrux_ml_kem_vector_traits_to_unsigned_representative_39( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_be(a); + libcrux_ml_kem_vector_portable_shift_right_0d_e7(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3388,13 +3394,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_a1( +libcrux_ml_kem_serialize_compress_then_serialize_message_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_19( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3420,20 +3426,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ec( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_ec(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_f7(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_29(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_a1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_7d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3447,11 +3453,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_0f(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_6b(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_74(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3463,7 +3469,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_0f(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ec(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3477,7 +3483,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3487,7 +3493,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_03( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3505,9 +3511,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_03(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); } /** @@ -3517,9 +3523,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_94( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -3529,10 +3535,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3554,12 +3560,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3572,7 +3578,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( ring_element); deserialized_pk[i0] = uu____0; } @@ -3589,8 +3595,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_d2(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_0f(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -3600,10 +3606,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_9a( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_44( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } } @@ -3623,7 +3629,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3656,12 +3662,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( copy_of_input); } @@ -3672,7 +3678,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3696,10 +3702,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( self, ret); } @@ -3752,7 +3758,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f6( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3794,7 +3800,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3818,10 +3824,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, ret); } @@ -3874,7 +3880,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f60( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3920,9 +3926,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_b2(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_8d(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3943,8 +3949,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_d4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_b2( +libcrux_ml_kem_sampling_sample_from_xof_closure_6a(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_8d( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3964,28 +3970,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f6( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f60( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( copy_of_randomness, sampled_coefficients, out); } } @@ -3995,7 +4001,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_d4(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_6a(copy_of_out[i]); } memcpy( ret, ret0, @@ -4009,12 +4015,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_9a(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_44(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4094,8 +4100,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_b1(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_49(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -4104,7 +4110,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d3( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4126,9 +4132,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_d3(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } /** @@ -4187,7 +4193,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0e( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4222,7 +4228,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0e( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_b2( + return libcrux_ml_kem_polynomial_from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4233,7 +4239,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_44( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4267,7 +4273,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_44( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_b2( + return libcrux_ml_kem_polynomial_from_i16_array_20_8d( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4278,9 +4284,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_0e( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( randomness); } @@ -4290,7 +4296,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_9e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4313,20 +4319,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_71( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_9e(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_3e(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_3a(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_4c(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_68(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_9d(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_42(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); } /** @@ -4339,11 +4345,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4358,13 +4364,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_71(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4389,8 +4395,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_72(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_69(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -4403,11 +4409,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_78(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4422,11 +4428,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_78(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4448,7 +4454,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_030( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4466,9 +4472,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_030(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); } /** @@ -4478,8 +4484,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_ba(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_matrix_compute_vector_u_closure_e0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -4492,7 +4498,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_07( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4516,14 +4522,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4544,12 +4550,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_2e( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_e9(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_07(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_fc(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4568,7 +4574,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_11( +libcrux_ml_kem_vector_traits_decompress_1_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4583,10 +4589,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_34( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4596,7 +4602,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_34( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_11(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_5f(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4613,7 +4619,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_31( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4643,22 +4649,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_5d( +libcrux_ml_kem_matrix_compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_7f(); + libcrux_ml_kem_polynomial_ZERO_20_9a(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_e9(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_02(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_31( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( error_2, message, result); return result; } @@ -4669,7 +4675,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e( +libcrux_ml_kem_vector_portable_compress_compress_5f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4692,9 +4698,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_17( +libcrux_ml_kem_vector_portable_compress_0d_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f(v); } /** @@ -4704,15 +4710,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_f4( +libcrux_ml_kem_serialize_compress_then_serialize_10_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_17( - libcrux_ml_kem_vector_traits_to_unsigned_representative_19( + libcrux_ml_kem_vector_portable_compress_0d_73( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4730,7 +4736,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e0( +libcrux_ml_kem_vector_portable_compress_compress_5f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4753,9 +4759,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_170( +libcrux_ml_kem_vector_portable_compress_0d_730( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e0(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f0(v); } /** @@ -4765,15 +4771,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e4( +libcrux_ml_kem_serialize_compress_then_serialize_11_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_170( - libcrux_ml_kem_vector_traits_to_unsigned_representative_19( + libcrux_ml_kem_vector_portable_compress_0d_730( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4793,10 +4799,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_f4(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_51(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4809,7 +4815,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fc( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4825,7 +4831,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fc( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_f3(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4838,7 +4844,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e1( +libcrux_ml_kem_vector_portable_compress_compress_5f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4861,9 +4867,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_171( +libcrux_ml_kem_vector_portable_compress_0d_731( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e1(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f1(v); } /** @@ -4873,7 +4879,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_d4( +libcrux_ml_kem_serialize_compress_then_serialize_4_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4882,8 +4888,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_d4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_171( - libcrux_ml_kem_vector_traits_to_unsigned_representative_19( + libcrux_ml_kem_vector_portable_compress_0d_731( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4900,7 +4906,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e2( +libcrux_ml_kem_vector_portable_compress_compress_5f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4923,9 +4929,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_172( +libcrux_ml_kem_vector_portable_compress_0d_732( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e2(v); + return libcrux_ml_kem_vector_portable_compress_compress_5f2(v); } /** @@ -4935,7 +4941,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_59( +libcrux_ml_kem_serialize_compress_then_serialize_5_94( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4944,8 +4950,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_59( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_172( - libcrux_ml_kem_vector_traits_to_unsigned_representative_19( + libcrux_ml_kem_vector_portable_compress_0d_732( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4964,9 +4970,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_d4(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_53(re, out); } /** @@ -4987,15 +4993,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5005,7 +5011,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_78( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5014,33 +5020,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( + libcrux_ml_kem_hash_functions_portable_PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_97( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_2e(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_34( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_5d( + libcrux_ml_kem_matrix_compute_ring_element_v_04( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fc( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2f( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5064,24 +5070,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_d9(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_b6(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_45(ret0, false, A); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5111,7 +5117,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d9(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5127,12 +5133,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_dd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_de( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + unwrap_41_83(dst, ret); } /** @@ -5157,7 +5163,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( +static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5175,10 +5181,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_0f(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5186,7 +5192,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5195,14 +5201,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5210,18 +5216,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d9(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_dd( + libcrux_ml_kem_ind_cca_kdf_43_de( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_dd(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5253,10 +5259,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_bc( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ee(private_key, ciphertext, ret); } /** @@ -5269,7 +5275,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_bc( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_bc( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( private_key, ciphertext, ret); } @@ -5333,10 +5339,10 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ec( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5347,7 +5353,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5356,17 +5362,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5375,11 +5381,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5415,7 +5421,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_e4( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1(key_pair, ciphertext, @@ -5432,7 +5438,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_e4( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_e4( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( private_key, ciphertext, ret); } @@ -5446,11 +5452,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( Eurydice_slice randomness, uint8_t ret[32U]) { - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); + unwrap_41_83(dst, ret); } /** @@ -5462,7 +5468,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_fd( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5486,28 +5492,28 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_b0( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_7b(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5516,20 +5522,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d9(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_dd(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5561,14 +5567,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_74( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6b(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); } /** @@ -5585,7 +5591,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_74( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( uu____0, copy_of_randomness); } @@ -5608,11 +5614,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -5622,7 +5628,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5636,7 +5642,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_b0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5646,7 +5652,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5679,7 +5685,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_51( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5687,7 +5693,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_51( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_c4( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uu____0, copy_of_randomness); } @@ -5707,7 +5713,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_51( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( uu____0, copy_of_randomness); } @@ -5731,8 +5737,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_47(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -5742,7 +5748,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_5f( +libcrux_ml_kem_vector_traits_to_standard_domain_d6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5759,7 +5765,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_5c( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5767,7 +5773,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_5c( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_5f( + libcrux_ml_kem_vector_traits_to_standard_domain_d6( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5783,14 +5789,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5812,12 +5818,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_e9(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_67(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_5c( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5838,10 +5844,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5849,15 +5855,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_b6(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_45(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5870,17 +5876,17 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_c0(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_ea(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); + unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5922,14 +5928,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_19( + libcrux_ml_kem_vector_traits_to_unsigned_representative_39( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5948,7 +5954,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8b( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5966,7 +5972,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8b( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_79(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5981,14 +5987,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8b(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6013,17 +6019,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_d8(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_c0(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_95( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8b(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6048,7 +6054,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_91( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6074,7 +6080,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_91( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6104,7 +6110,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6113,13 +6119,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_d8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_91( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6128,13 +6134,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_01(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_1d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_00( - uu____2, libcrux_ml_kem_types_from_07_78(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_75( + uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); } /** @@ -6150,12 +6156,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_14( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_01(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); } /** @@ -6166,7 +6172,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_14( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( copy_of_randomness); } @@ -6185,9 +6191,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_bc( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e8( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_7f(); + return libcrux_ml_kem_polynomial_ZERO_20_9a(); } /** @@ -6205,10 +6211,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7f(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); } } @@ -6223,7 +6229,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_58( +libcrux_ml_kem_polynomial_clone_3a_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6251,7 +6257,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6260,7 +6266,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6e( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6268,7 +6274,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6276,7 +6282,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_58(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6288,20 +6294,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_95( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); + unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6342,12 +6348,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_f5( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_c7( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( copy_of_randomness); } @@ -6360,7 +6366,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_f5( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( copy_of_randomness); } @@ -6375,24 +6381,24 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a8( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_2f(ciphertext), + libcrux_ml_kem_types_as_slice_a8_14(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6419,7 +6425,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( +static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6437,10 +6443,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_0f(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6448,7 +6454,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6457,14 +6463,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( + libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -6472,18 +6478,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d9(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cc( + libcrux_ml_kem_ind_cca_kdf_6c_a8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cc(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_f1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_49(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6519,10 +6525,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_be( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ee0(private_key, ciphertext, ret); } /** @@ -6535,7 +6541,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_be( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_be( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( private_key, ciphertext, ret); } @@ -6549,9 +6555,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_05( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } /** @@ -6573,28 +6579,28 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_05( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd( + libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_7b(public_key), + libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( + libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6603,20 +6609,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_6b0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_7b(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_d9(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_89(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6652,14 +6658,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_6b0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); } /** @@ -6676,7 +6682,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f9( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( uu____0, copy_of_randomness); } @@ -6688,16 +6694,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_14( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_36( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_84( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_95( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6715,9 +6721,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_52( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_14(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); } /** @@ -6725,16 +6731,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_52( Returns `Some(public_key)` if valid, and `None` otherwise. */ -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_portable_validate_public_key( +static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_52( + Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); + uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + uu____0 = (CLITERAL(Option_92){.tag = None}); } return uu____0; } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index e5ecc42d1..7141feb4f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_sha3_avx2_H @@ -28,22 +28,16 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_zero_ef(void) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_zero_ef(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veor5q_u64( + __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } @@ -52,12 +46,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor5_ef( + __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); } @@ -68,22 +58,19 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_21(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a, + __m256i b) { + __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_21(b)); + uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); } /** @@ -91,17 +78,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vbcaxq_u64(__m256i a, + __m256i b, + __m256i c) { return libcrux_intrinsics_avx2_mm256_xor_si256( a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } @@ -111,18 +96,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a, + uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } @@ -131,9 +113,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, - uint64_t c) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_constant_ef(__m256i a, uint64_t c) { return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); } @@ -142,8 +123,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor_ef(__m256i a, + __m256i b) { return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } @@ -223,7 +204,7 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; /** @@ -241,7 +222,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_fa(void) { +libcrux_sha3_generic_keccak_new_1e_16(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -277,46 +258,34 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( + __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -366,7 +335,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), uint8_t); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -398,10 +367,9 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t), uint8_t); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -420,13 +388,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_16( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( + __m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_fe(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); } /** @@ -436,13 +404,11 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_210(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_580(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -452,11 +418,10 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_210(ab); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_c1(__m256i a, + __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_580(ab); } /** @@ -470,10 +435,9 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_13(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); } /** @@ -483,13 +447,11 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_211(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_581(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -499,11 +461,10 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_130(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_211(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_581(ab); } /** @@ -517,10 +478,9 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_130(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); } /** @@ -530,13 +490,11 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_212(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_582(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -546,11 +504,10 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_131(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_212(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_582(ab); } /** @@ -564,10 +521,9 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_131(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); } /** @@ -577,13 +533,11 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_213(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_583(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -593,11 +547,10 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_132(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_213(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_583(ab); } /** @@ -611,10 +564,9 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_132(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); } /** @@ -624,11 +576,10 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_133(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_21(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_58(ab); } /** @@ -642,10 +593,9 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_133(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); } /** @@ -655,13 +605,11 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_214(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_584(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -671,11 +619,10 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_134(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_214(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_584(ab); } /** @@ -689,10 +636,9 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_134(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); } /** @@ -702,13 +648,11 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_215(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_585(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -718,11 +662,10 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_135(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_215(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_585(ab); } /** @@ -736,10 +679,9 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_135(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); } /** @@ -749,13 +691,11 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_216(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_586(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -765,11 +705,10 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_136(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_216(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_586(ab); } /** @@ -783,10 +722,9 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_136(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); } /** @@ -796,13 +734,11 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_217(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_587(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -812,11 +748,10 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_137(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_217(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_587(ab); } /** @@ -830,10 +765,9 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_137(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); } /** @@ -843,13 +777,11 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_218(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_588(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -859,11 +791,10 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_138(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_218(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_588(ab); } /** @@ -877,10 +808,9 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_138(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); } /** @@ -890,13 +820,11 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_219(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_589(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -906,11 +834,10 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_139(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_219(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_589(ab); } /** @@ -924,10 +851,9 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_139(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); } /** @@ -937,13 +863,11 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2110(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5810(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -953,11 +877,10 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1310(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2110(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5810(ab); } /** @@ -971,10 +894,9 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1310(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); } /** @@ -984,13 +906,11 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2111(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5811(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -1000,11 +920,10 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1311(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2111(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5811(ab); } /** @@ -1018,10 +937,9 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1311(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); } /** @@ -1031,13 +949,11 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2112(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5812(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -1047,11 +963,10 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1312(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2112(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5812(ab); } /** @@ -1065,10 +980,9 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1312(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); } /** @@ -1078,13 +992,11 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2113(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5813(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -1094,11 +1006,10 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1313(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2113(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5813(ab); } /** @@ -1112,10 +1023,9 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1313(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); } /** @@ -1125,13 +1035,11 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2114(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5814(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1141,11 +1049,10 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1314(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2114(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5814(ab); } /** @@ -1159,10 +1066,9 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1314(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); } /** @@ -1172,13 +1078,11 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2115(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5815(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1188,11 +1092,10 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1315(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2115(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5815(ab); } /** @@ -1206,10 +1109,9 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1315(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); } /** @@ -1219,13 +1121,11 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2116(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5816(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1235,11 +1135,10 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1316(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2116(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5816(ab); } /** @@ -1253,10 +1152,9 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1316(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); } /** @@ -1266,13 +1164,11 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2117(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5817(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1282,11 +1178,10 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1317(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2117(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5817(ab); } /** @@ -1300,10 +1195,9 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1317(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); } /** @@ -1313,13 +1207,11 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2118(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5818(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1329,11 +1221,10 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1318(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2118(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5818(ab); } /** @@ -1347,10 +1238,9 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1318(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); } /** @@ -1360,13 +1250,11 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2119(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5819(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1376,11 +1264,10 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1319(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2119(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5819(ab); } /** @@ -1394,10 +1281,9 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1319(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); } /** @@ -1407,13 +1293,11 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2120(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5820(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1423,11 +1307,10 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1320(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2120(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5820(ab); } /** @@ -1441,10 +1324,9 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1320(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); } /** @@ -1454,13 +1336,11 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2121(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5821(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1470,11 +1350,10 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1321(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2121(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5821(ab); } /** @@ -1488,10 +1367,9 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1321(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); } /** @@ -1501,13 +1379,11 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_2122(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5822(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1517,11 +1393,10 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_1322(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_2122(ab); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return libcrux_sha3_simd_avx2_rotate_left_5822(ab); } /** @@ -1535,10 +1410,9 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_1322(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); } /** @@ -1548,94 +1422,88 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_3f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + __m256i uu____0 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + __m256i uu____1 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + __m256i uu____2 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + __m256i uu____3 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + __m256i t[5U] = {uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); - core_core_arch_x86___m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = + libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1646,10 +1514,10 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1683,10 +1551,10 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_95( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)5U; i++) { @@ -1705,7 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_c9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1718,14 +1586,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_4e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_3f(s); - libcrux_sha3_generic_keccak_pi_d8(s); - libcrux_sha3_generic_keccak_chi_95(s); - libcrux_sha3_generic_keccak_iota_c9(s, i0); + libcrux_sha3_generic_keccak_theta_rho_71(s); + libcrux_sha3_generic_keccak_pi_01(s); + libcrux_sha3_generic_keccak_chi_9b(s); + libcrux_sha3_generic_keccak_iota_09(s, i0); } } @@ -1737,13 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_26( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_16(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } /** @@ -1752,14 +1620,14 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( + __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_fe(s, buf); + libcrux_sha3_simd_avx2_load_block_c7(s, buf); } /** @@ -1772,13 +1640,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_40( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( + __m256i (*a)[5U], uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_1d(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); } /** @@ -1790,7 +1658,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1806,11 +1674,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_40(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } /** @@ -1819,48 +1687,40 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_78( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( + __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), @@ -1950,8 +1810,8 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( + __m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; @@ -1961,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - libcrux_sha3_simd_avx2_store_block_78(s, buf); + libcrux_sha3_simd_avx2_store_block_e9(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1989,9 +1849,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_83( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_61(a, ret); +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( + __m256i (*a)[5U], uint8_t ret[4U][200U]) { + libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); } /** @@ -2003,10 +1863,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_ac( +libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_83(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2032,9 +1892,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_78(a, b); +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( + __m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e9(a, b); } /** @@ -2045,9 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); } /** @@ -2058,10 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(s); - libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); } /** @@ -2072,11 +1932,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_0a( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(&s); + libcrux_sha3_generic_keccak_keccakf1600_07(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_83(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2101,10 +1961,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_fa(); + libcrux_sha3_generic_keccak_new_1e_16(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2115,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_26(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -2125,12 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_ac(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2138,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_b7(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2146,8 +2006,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_4size_t__x2 uu____5 = @@ -2156,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_ff(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_0a(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); } } } @@ -2176,7 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_9b(buf0, buf); + libcrux_sha3_generic_keccak_keccak_14(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2188,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_fa(); + return libcrux_sha3_generic_keccak_new_1e_16(); } /** @@ -2197,46 +2057,34 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( + __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -2286,7 +2134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), uint8_t); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -2318,10 +2166,9 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t), uint8_t); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -2336,14 +2183,14 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d0( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( + __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_fe0(s, buf); + libcrux_sha3_simd_avx2_load_block_c70(s, buf); } /** @@ -2356,13 +2203,13 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_400( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( + __m256i (*a)[5U], uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_1d0(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); } /** @@ -2374,7 +2221,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2390,11 +2237,11 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_400(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_07(s); } /** @@ -2406,7 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_800(s, buf); + libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); } /** @@ -2415,48 +2262,40 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_780( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( + __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t), @@ -2550,9 +2389,9 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa0( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_780(a, b); +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( + __m256i (*a)[5U], Eurydice_slice b[4U]) { + libcrux_sha3_simd_avx2_store_block_e90(a, b); } /** @@ -2563,9 +2402,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b70( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); } /** @@ -2576,10 +2415,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(s); - libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); } /** @@ -2591,7 +2430,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2599,15 +2438,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } /** @@ -2619,7 +2458,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); } /** @@ -2631,7 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); } /** @@ -2643,7 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2651,29 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } /** @@ -2685,7 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } /** @@ -2697,7 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_80(s, buf); + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } /** @@ -2709,7 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_b7(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } /** @@ -2721,7 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_ff(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index da59f6f74..b3f8ff4fb 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: fcdd1852994390db2b6aa780ed8d837fa811167d - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 + * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb + * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 7cd7a08d172e1715493176358bffadf8f87ae3a4 + * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_ba(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,18 +236,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -264,13 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -280,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -291,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -307,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -318,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -329,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -345,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -356,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -367,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -383,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -394,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -405,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -421,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -432,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -448,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -459,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -470,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -486,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -497,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -508,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -524,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -535,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -546,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -562,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -573,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -584,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -600,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -611,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -622,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -638,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -649,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -660,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -676,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -687,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -698,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -714,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -725,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -736,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -752,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -763,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -774,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -790,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -801,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -812,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -828,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -839,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -850,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -866,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -877,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -888,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -904,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -915,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -926,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -942,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -953,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -964,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -980,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -991,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1002,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1018,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1029,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1040,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1056,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1067,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1078,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1094,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1105,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1116,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1132,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1143,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1154,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1170,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1180,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1216,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1272,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1308,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1341,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_0d(s); - libcrux_sha3_generic_keccak_pi_f0(s); - libcrux_sha3_generic_keccak_chi_e2(s); - libcrux_sha3_generic_keccak_iota_ae(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1359,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1373,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_28(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -1389,13 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1406,7 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1425,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1434,7 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1452,12 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1473,9 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_85(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -1486,10 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1526,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1538,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1551,11 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1579,10 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1593,7 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1603,12 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1616,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1624,8 +1624,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -1634,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -1650,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } /** @@ -1665,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_97(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -1673,18 +1673,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1701,13 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -1717,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1731,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_280(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1747,13 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1764,7 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1783,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1792,7 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1810,12 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d0(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1832,9 +1832,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_850(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -1845,10 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1873,9 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d0(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1885,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1897,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1910,11 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1938,10 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1952,7 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1962,12 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1983,8 +1983,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -1993,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2009,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2024,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_970(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -2035,7 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2054,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2066,10 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2080,7 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2090,12 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2103,7 +2103,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2111,8 +2111,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2121,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2137,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_971(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } /** @@ -2249,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_ba(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -2257,18 +2257,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2281,11 +2281,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_281(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2297,13 +2297,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2314,7 +2314,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2333,8 +2333,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2344,7 +2344,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_f32(s, buf); + libcrux_sha3_generic_keccak_absorb_final_722(s, buf); } /** @@ -2352,7 +2352,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2374,9 +2374,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d1(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -2386,9 +2386,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -2398,10 +2398,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -2412,7 +2412,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2420,15 +2420,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } /** @@ -2438,7 +2438,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } /** @@ -2448,7 +2448,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2494,18 +2494,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2522,13 +2522,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2538,13 +2538,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2552,11 +2552,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_282(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2568,13 +2568,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2585,7 +2585,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2604,8 +2604,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2613,7 +2613,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2631,12 +2631,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d2(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2653,9 +2653,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_851(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2666,10 +2666,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2694,9 +2694,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d2(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2706,9 +2706,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2718,10 +2718,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2731,11 +2731,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2759,10 +2759,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2773,7 +2773,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2783,12 +2783,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2796,7 +2796,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2804,8 +2804,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2814,12 +2814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2830,12 +2830,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2845,7 +2845,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_972(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } /** @@ -2853,18 +2853,18 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2881,13 +2881,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -2897,13 +2897,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2911,11 +2911,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_283(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -2927,13 +2927,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -2944,7 +2944,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2963,8 +2963,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2972,7 +2972,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2990,12 +2990,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d3(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3012,9 +3012,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_852(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -3025,10 +3025,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3053,9 +3053,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d3(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -3065,9 +3065,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -3077,10 +3077,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -3090,11 +3090,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3118,10 +3118,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3132,7 +3132,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3142,12 +3142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3155,7 +3155,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3163,8 +3163,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -3173,12 +3173,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -3189,12 +3189,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -3204,7 +3204,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_973(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } /** @@ -3295,13 +3295,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -3311,13 +3311,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -3325,12 +3325,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_3d1(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3347,9 +3347,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_853(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -3360,10 +3360,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3386,11 +3386,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3414,10 +3414,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3428,7 +3428,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3438,12 +3438,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3451,7 +3451,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3459,8 +3459,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -3469,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -3485,12 +3485,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -3500,7 +3500,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_974(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } /** @@ -3565,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3573,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } /** @@ -3605,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } /** @@ -3615,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_f31(s, buf); + libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } /** @@ -3623,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_ba(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -3633,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } /** @@ -3643,7 +3643,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** From 38c246d232ff8ad90172c162c8ecc7dd682398a3 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 2 Sep 2024 14:46:29 +0000 Subject: [PATCH 197/348] new eurydice_glue --- libcrux-ml-kem/c/eurydice_glue.h | 182 ++++++++++++++++-------------- libcrux-ml-kem/cg/eurydice_glue.h | 15 ++- 2 files changed, 112 insertions(+), 85 deletions(-) diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 660918c54..d9b08f6ad 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -46,7 +46,7 @@ typedef struct { // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ +#define EURYDICE_SLICE(x, start, end) \ (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an @@ -55,42 +55,42 @@ typedef struct { // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ @@ -99,21 +99,21 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, @@ -169,14 +169,28 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } -// unsigned overflow wraparound semantics in C +// wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } + static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } +static inline uint16_t core_num__i16_1__wrapping_add(int16_t x, int16_t y) { + return x + y; +} + +static inline uint16_t core_num__i16_1__wrapping_sub(int16_t x, int16_t y) { + return x - y; +} + +static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { + return x * y; +} + + static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { *x0 = *x0 + *x1; @@ -197,10 +211,10 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N } // ITERATORS -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ .f0 = (iter_ptr)->start++})) // Old name (TODO: remove once everyone has upgraded to the latest Charon) @@ -240,25 +254,25 @@ static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, return curr_chunk; } -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ - ((Eurydice_chunks){ \ - .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){ \ + .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ .chunk_size = sz_}) #define core_slice_iter_Chunks Eurydice_chunks #define core_slice_iter_ChunksExact Eurydice_chunks -#define Eurydice_chunks_next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, \ +#define Eurydice_chunks_next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ .f0 = chunk_next(iter, sizeof(t))})) #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next \ Eurydice_chunks_next // This name changed on 20240627 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next \ Eurydice_chunks_next -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ - iter, t, _ret_t) \ +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ + iter, t, _ret_t) \ core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) typedef struct { @@ -266,17 +280,17 @@ typedef struct { size_t index; } Eurydice_slice_iterator; -#define core_slice___Slice_T___iter(x, t, _ret_t) \ +#define core_slice___Slice_T___iter(x, t, _ret_t) \ ((Eurydice_slice_iterator){.s = x, .index = 0}) #define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ - ret_t) \ - (((iter)->index == (iter)->s.len) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){ \ - .tag = core_option_Some, \ - .f0 = ((iter)->index++, \ - &((t *)((iter)->s.ptr))[(iter)->index - 1])})) +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ + ret_t) \ + (((iter)->index == (iter)->s.len) \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ + .f0 = \ + ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) // STRINGS @@ -287,8 +301,8 @@ typedef const char *Prims_string; typedef void *core_fmt_Formatter; typedef void *core_fmt_Arguments; typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ - x4) \ +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ + x4) \ NULL // VECTORS (ANCIENT, POSSIBLY UNTESTED) @@ -306,49 +320,49 @@ typedef struct { * statement-expression -- this suitably initializes ptr to NULL and len and * size to 0. */ #define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size / sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX / 2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t *)v->ptr)[v->len] = x; \ - v->len++; \ +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size / sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX / 2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t *)v->ptr)[v->len] = x; \ + v->len++; \ } while (0) -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ } while (0) #define EURYDICE_VEC_INDEX(v, i, t) &((t *)v->ptr)[i] #define EURYDICE_VEC_LEN(v, t) (v)->len /* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) \ - ({ \ - t *p = malloc(sizeof(t)); \ - *p = x; \ - p; \ +#define EURYDICE_BOX_NEW(x, t) \ + ({ \ + t *p = malloc(sizeof(t)); \ + *p = x; \ + p; \ }) -#define EURYDICE_REPLACE(ptr, new_v, t) \ - ({ \ - t old_v = *ptr; \ - *ptr = new_v; \ - old_v; \ +#define EURYDICE_REPLACE(ptr, new_v, t) \ + ({ \ + t old_v = *ptr; \ + *ptr = new_v; \ + old_v; \ }) #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 4e4690c1f..b5c5fa751 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -148,7 +148,7 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } -// unsigned overflow wraparound semantics in C +// wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } @@ -156,6 +156,19 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } +static inline uint16_t core_num__i16_1__wrapping_add(int16_t x, int16_t y) { + return x + y; +} + +static inline uint16_t core_num__i16_1__wrapping_sub(int16_t x, int16_t y) { + return x - y; +} + +static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { + return x * y; +} + + // ITERATORS #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ From 579a042aed17fce8e03cd51d625171238b3abe5c Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 2 Sep 2024 17:10:35 +0200 Subject: [PATCH 198/348] mont spec --- .../proofs/fstar/spec/Spec.Utils.fst | 156 +++++++++++++++++- 1 file changed, 149 insertions(+), 7 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 7d77cf8ed..77064c653 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -1,9 +1,8 @@ module Spec.Utils #set-options "--fuel 0 --ifuel 1 --z3rlimit 100" -open Spec.SHA3 open FStar.Mul open Core - + (** Utils *) let map_slice #a #b (f:(x:a -> b)) @@ -54,6 +53,8 @@ type t_Result a b = | Err: b -> t_Result a b (** Hash Function *) +open Spec.SHA3 + val v_G (input: t_Slice u8) : t_Array u8 (sz 64) let v_G input = map_slice Lib.RawIntTypes.u8_to_UInt8 (sha3_512 (Seq.length input) (map_slice Lib.IntTypes.secret input)) @@ -87,7 +88,6 @@ let update_at_range_lemma #n introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) - /// Bounded integers @@ -101,9 +101,10 @@ let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i3 let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 -let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) +val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) - (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) = + (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) +let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = if v n1 = 0 || v n2 = 0 then () else @@ -115,9 +116,150 @@ let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) lemma_mult_le_right b2 (abs (v n1)) b1; lemma_abs_bound (v n1 * v n2) (b1 * b2) -let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : +val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) (ensures (range (v n1 + v n2) i16_inttype /\ is_i16b (b1 + b2) (n1 +! n2))) - = () +let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () + +let mont_mul_red_i16 (x:i16) (y:i16) : i16= + let vlow = x *. y in + let k = vlow *. (neg 3327s) in + let k_times_modulus = cast (((cast k <: i32) *. 3329l) >>! 16l) <: i16 in + let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in + vhigh -. k_times_modulus +let mont_red_i32 (x:i32) : i16 = + let vlow = cast x <: i16 in + let k = vlow *. (neg 3327s) in + let k_times_modulus = cast (((cast k <: i32) *. 3329l) >>! 16l) <: i16 in + let vhigh = cast (x >>! 16l) <: i16 in + vhigh -. k_times_modulus + +#push-options "--z3rlimit 900 --split_queries always" +val lemma_mont_red_i32 (x:i32): Lemma + (requires (Spec.Utils.is_i32b (3328 * pow2 16) x)) + (ensures ( + let result:i16 = mont_red_i32 x in + Spec.Utils.is_i16b (3328 + 1665) result /\ + (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 3328 result) /\ + v result % 3329 == (v x * 169) % 3329)) +let lemma_mont_red_i32 (x:i32) = + let vlow = cast x <: i16 in + assert (v vlow == v x @% pow2 16); + let k = vlow *. (neg 3327s) in + assert (v k == ((v x @% pow2 16) * (- 3327)) @% pow2 16); + let k_times_modulus = (cast k <: i32) *. 3329l in + assert (v k_times_modulus == (v k * 3329)); + let c = cast (k_times_modulus >>! 16l) <: i16 in + assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); + assert (v c == (((v k * 3329) / pow2 16))); + assert (is_i16b 1665 c); + let vhigh = cast (x >>! 16l) <: i16 in + assert (v vhigh == v x / pow2 16); + assert (is_i16b 3328 vhigh); + assert (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 169 vhigh); + let result = vhigh -. c in + assert (is_i16b (3328 + 1665) result); + assert (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 3328 result); + calc ( == ) { + v k_times_modulus % pow2 16; + ( == ) { assert (v k_times_modulus == v k * 3329) } + (v k * 3329) % pow2 16; + ( == ) { assert (v k = ((v x @% pow2 16) * (-3327)) @% pow2 16) } + ((((v x @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v x @% pow2 16) * (-3327)) 3329 (pow2 16) } + ((((v x @% pow2 16) * (-3327)) * 3329) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v x @% pow2 16) (-3327 * 3329) (pow2 16) } + ((v x @% pow2 16) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_sub (v x) (pow2 16) 1 } + (v x) % pow2 16; + }; + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v x) (v k_times_modulus); + assert ((v x - v k_times_modulus) % pow2 16 == 0); + calc ( == ) { + v result % 3329; + ( == ) { assert (v result == v vhigh - v c) } + (v x / pow2 16 - v k_times_modulus / pow2 16) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v x - v k_times_modulus) (pow2 16) } + ((v x - v k_times_modulus) / pow2 16) % 3329; + ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } + (((v x - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v x - v k_times_modulus) / pow2 16) + (pow2 16 * 169) + 3329 } + (((v x - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact (v x - v k_times_modulus) (pow2 16) } + ((v x - v k_times_modulus) * 169) % 3329; + ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } + ((v x * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub (v x * 169) 3329 ((v k @% pow2 16) * 169) } + (v x * 169) % 3329; + } +#pop-options + +#push-options "--z3rlimit 1200 --split_queries always --z3refresh" +val lemma_mont_mul_red_i16 (x y:i16): Lemma + (requires (Spec.Utils.is_i16b 3328 y)) + (ensures ( + let result:i16 = mont_mul_red_i16 x y in + Spec.Utils.is_i16b (3328 + 1665) result /\ + v result % 3329 == (v x * v y * 169) % 3329)) +let lemma_mont_mul_red_i16 (x y:i16) = + let vlow = x *. y in + assert (v vlow == (v x * v y) @% pow2 16); + let k = vlow *. (neg 3327s) in + assert (v k == (((v x * v y) @% pow2 16) * (- 3327)) @% pow2 16); + let k_times_modulus = (cast k <: i32) *. 3329l in + assert (v k_times_modulus == (v k * 3329)); + let c = cast (k_times_modulus >>! 16l) <: i16 in + assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); + assert (v c == (((v k * 3329) / pow2 16))); + assert (is_i16b 1665 c); + let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in + lemma_mul_i16b (pow2 15) (pow2 15) x y; + assert (is_i32b (pow2 30) ((cast x <: i32) *. (cast y <: i32))); + assert (v x * v y <= pow2 30 /\ v x * v y >= - pow2 30); + assert (v x * v y < pow2 31 /\ v x * v y > - pow2 31); + assert (v vhigh == (((v x * v y) @% pow2 32) / pow2 16) @% pow2 16); + assert (v vhigh == (v x * v y) / pow2 16); + assert (is_i16b 3328 vhigh); + + let result = vhigh -. c in + assert (is_i16b (3328 + 1665) result); + assert (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 3328 result); + calc ( == ) { + v k_times_modulus % pow2 16; + ( == ) { assert (v k_times_modulus == v k * 3329) } + (v k * 3329) % pow2 16; + ( == ) { assert (v k = (((v x * v y) @% pow2 16) * (-3327)) @% pow2 16) } + (((((v x * v y) @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((v x * v y) @% pow2 16) * (-3327)) 3329 (pow2 16) } + (((((v x * v y) @% pow2 16) * (-3327)) * 3329) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v x * v y) @% pow2 16) (-3327 * 3329) (pow2 16) } + (((v x * v y) @% pow2 16) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_sub ((v x * v y)) (pow2 16) 1 } + ((v x * v y)) % pow2 16; + }; + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) ((v x * v y)) (v k_times_modulus); + assert (((v x * v y) - v k_times_modulus) % pow2 16 == 0); + calc ( == ) { + v result % 3329; + ( == ) { assert (v result == v vhigh - v c) } + ((v x * v y) / pow2 16 - v k_times_modulus / pow2 16) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((v x * v y) - v k_times_modulus) (pow2 16) } + (((v x * v y) - v k_times_modulus) / pow2 16) % 3329; + ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } + ((((v x * v y) - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (((v x * v y) - v k_times_modulus) / pow2 16) + (pow2 16 * 169) + 3329 } + ((((v x * v y) - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((v x * v y) - v k_times_modulus) (pow2 16) } + (((v x * v y) - v k_times_modulus) * 169) % 3329; + ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } + (((v x * v y) * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub ((v x * v y) * 169) 3329 ((v k @% pow2 16) * 169) } + ((v x * v y) * 169) % 3329; + } +#pop-options From 26899502631c392b6dfc1127a563155653883484 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 2 Sep 2024 21:34:21 +0200 Subject: [PATCH 199/348] verified --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 4 + .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 59 +++----- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 68 --------- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 12 +- .../proofs/fstar/spec/Spec.Utils.fst | 141 +++++++++++------- libcrux-ml-kem/src/ind_cpa.rs | 1 + libcrux-ml-kem/src/mlkem512.rs | 29 ++-- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 42 +----- .../src/vector/portable/arithmetic.rs | 21 +-- 9 files changed, 137 insertions(+), 240 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index eb79bb57f..2de97dec6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -197,6 +197,8 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--z3rlimit 200" + let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) (#v_Vector: Type0) @@ -261,6 +263,8 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out +#pop-options + #push-options "--admit_smt_queries true" let deserialize_then_decompress_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index ad9388559..ab1391f87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -3,64 +3,39 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let v_ETA1: usize = sz 3 +let v_C1_BLOCK_SIZE_512_: usize = sz 320 -let v_ETA1_RANDOMNESS_SIZE: usize = v_ETA1 *! sz 64 +let v_C1_SIZE_512_: usize = sz 640 -let v_ETA2: usize = sz 2 +let v_C2_SIZE_512_: usize = sz 128 -let v_ETA2_RANDOMNESS_SIZE: usize = v_ETA2 *! sz 64 +let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = sz 768 -let v_RANK_512_: usize = sz 2 +let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = sz 800 -let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_CPA_PKE_SECRET_KEY_SIZE_512_: usize = sz 768 -let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = - (v_RANK_512_ *! Libcrux_ml_kem.Constants.v_BITS_PER_RING_ELEMENT <: usize) /! sz 8 +let v_ETA1: usize = sz 3 -let v_T_AS_NTT_ENCODED_SIZE_512_: usize = - ((v_RANK_512_ *! Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT <: usize) *! - Libcrux_ml_kem.Constants.v_BITS_PER_COEFFICIENT - <: - usize) /! - sz 8 +let v_ETA1_RANDOMNESS_SIZE: usize = sz 192 -let v_CPA_PKE_PUBLIC_KEY_SIZE_512_: usize = v_T_AS_NTT_ENCODED_SIZE_512_ +! sz 32 +let v_ETA2: usize = sz 2 -let v_SECRET_KEY_SIZE_512_: usize = - ((v_CPA_PKE_SECRET_KEY_SIZE_512_ +! v_CPA_PKE_PUBLIC_KEY_SIZE_512_ <: usize) +! - Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE - <: - usize) +! - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +let v_ETA2_RANDOMNESS_SIZE: usize = sz 128 -let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 +let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = sz 800 -let v_C1_BLOCK_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_U_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_RANKED_BYTES_PER_RING_ELEMENT_512_: usize = sz 768 -let v_C1_SIZE_512_: usize = v_C1_BLOCK_SIZE_512_ *! v_RANK_512_ +let v_RANK_512_: usize = sz 2 -let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +let v_SECRET_KEY_SIZE_512_: usize = sz 1632 -let v_C2_SIZE_512_: usize = - (Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! v_VECTOR_V_COMPRESSION_FACTOR_512_ - <: - usize) /! - sz 8 +let v_T_AS_NTT_ENCODED_SIZE_512_: usize = sz 768 -let v_CPA_PKE_CIPHERTEXT_SIZE_512_: usize = v_C1_SIZE_512_ +! v_C2_SIZE_512_ +let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 -let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = - Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_512_ +let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 /// Validate a public key. /// Returns `Some(public_key)` if valid, and `None` otherwise. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index df07ea6c9..0a7990597 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -14,19 +14,6 @@ let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) Libcrux_intrinsics.Avx2_extract.mm256_and_si256 vector cv in let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ - #_ - #_ - #(sz 16) - ( &. ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 cv); - Spec.Utils.lemma_map_index #_ - #_ - #(sz 16) - (fun x -> x &. constant) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); - Spec.Utils.lemma_create_index #_ (sz 16) constant; Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) (Spec.Utils.map_array (fun x -> x &. constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) @@ -41,19 +28,6 @@ let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (con Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector cv in let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ - #_ - #_ - #(sz 16) - mul_mod - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 cv); - Spec.Utils.lemma_map_index #_ - #_ - #(sz 16) - (fun x -> x *. constant) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); - Spec.Utils.lemma_create_index #_ (sz 16) constant; Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) (Spec.Utils.map_array (fun x -> x *. constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) @@ -65,11 +39,6 @@ let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 v_SHIFT_BY vector in let _:Prims.unit = - Spec.Utils.lemma_map_index #_ - #_ - #(sz 16) - (fun x -> x >>! v_SHIFT_BY) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector); Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) @@ -107,56 +76,19 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in - let _:Prims.unit = - Spec.Utils.lemma_create_index #_ (sz 16) Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - in let vv_minus_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector field_modulus in - let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ - #_ - #_ - #(sz 16) - ( -. ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 field_modulus) - in let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus in - let _:Prims.unit = - Spec.Utils.lemma_map_index #_ - #_ - #(sz 16) - (fun x -> x >>! 15l) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vv_minus_field_modulus) - in let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in - let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ - #_ - #_ - #(sz 16) - ( &. ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 sign_mask) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 field_modulus) - in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus in - let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ - #_ - #_ - #(sz 16) - ( +. ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vv_minus_field_modulus) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 conditional_add_field_modulus) - in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in let _:Prims.unit = admit () (* Panic freedom *) in result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index b3f57d134..117dc37fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -105,7 +105,7 @@ let montgomery_reduce_element (value: i32) = assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); - assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); + Spec.Utils.lemma_div_at_percent (v value) (pow2 16); assert (v value_high == (v value / pow2 16)); assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert (Spec.Utils.is_i16b 3328 value_high) @@ -211,7 +211,6 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = lhs) in let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) ( +. ) v__lhs0.f_elements rhs.f_elements; Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( +. ) v__lhs0.f_elements rhs.f_elements) in lhs @@ -308,7 +307,6 @@ let bitwise_and_with_constant vec) in let _:Prims.unit = - Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x &. c) v__vec0.f_elements; Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) v__vec0.f_elements) in vec @@ -354,11 +352,6 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta else vec) in let _:Prims.unit = - Spec.Utils.lemma_map_index #_ - #_ - #(sz 16) - (fun x -> if x >=. 3329s then x -! 3329s else x) - v__vec0.f_elements; Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) v__vec0.f_elements) in @@ -444,7 +437,6 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port vec) in let _:Prims.unit = - Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x *. c) v__vec0.f_elements; Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x *. c) v__vec0.f_elements) in vec @@ -484,7 +476,6 @@ let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty vec) in let _:Prims.unit = - Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements; Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements) in @@ -529,7 +520,6 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = lhs) in let _:Prims.unit = - Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) ( -. ) v__lhs0.f_elements rhs.f_elements; Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( -. ) v__lhs0.f_elements rhs.f_elements) in lhs diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 77064c653..20344a7e6 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -23,22 +23,31 @@ let create len c = createi len (fun i -> c) let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 -let lemma_createi_index #a len f: - Lemma (forall i. Seq.index (createi #a len f) i == f (sz i)) = admit () +val lemma_createi_index #a len f i : + Lemma (Seq.index (createi #a len f) i == f (sz i)) + [SMTPat (Seq.index (createi #a len f) i)] +let lemma_createi_index #a len f i = () -let lemma_create_index #a len c: - Lemma (forall i. Seq.index (create #a len c) i == c) = admit () +val lemma_create_index #a len c i: + Lemma (Seq.index (create #a len c) i == c) + [SMTPat (Seq.index (create #a len c) i)] +let lemma_create_index #a len c i = () -let lemma_map_index #a #b #len f x: - Lemma (forall i. Seq.index (map_array #a #b #len f x) i == f (Seq.index x i)) = admit () - -let lemma_map2_index #a #b #c #len f x y : - Lemma (forall i. Seq.index (map2 #a #b #c #len f x y) i == f (Seq.index x i) (Seq.index y i)) = admit () +val lemma_map_index #a #b #len f x i: + Lemma (Seq.index (map_array #a #b #len f x) i == f (Seq.index x i)) + [SMTPat (Seq.index (map_array #a #b #len f x) i)] +let lemma_map_index #a #b #len f x i = () +val lemma_map2_index #a #b #c #len f x y i: + Lemma (Seq.index (map2 #a #b #c #len f x y) i == f (Seq.index x i) (Seq.index y i)) + [SMTPat (Seq.index (map2 #a #b #c #len f x y) i)] +let lemma_map2_index #a #b #c #len f x y i = () + let lemma_bitand_properties #t (x:int_t t) : - Lemma ((x &. ones) == x /\ (x &. mk_int #t 0) == mk_int #t 0 /\ (ones #t &. x) == x /\ (mk_int #t 0 &. x) == mk_int #t 0) = admit() + Lemma ((x &. ones) == x /\ (x &. mk_int #t 0) == mk_int #t 0 /\ (ones #t &. x) == x /\ (mk_int #t 0 &. x) == mk_int #t 0) = + logand_lemma #t x x -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" +#push-options "--z3rlimit 200" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) (x: t_Array (t_Array t m) n) @@ -88,7 +97,8 @@ let update_at_range_lemma #n introduce forall (i:nat {i < len}). Seq.index s i == Seq.index s' i with (assert ( Seq.index (Seq.slice s 0 len) i == Seq.index s i /\ Seq.index (Seq.slice s' 0 len) i == Seq.index s' i )) - + + /// Bounded integers let is_i16b (l:nat) (x:i16) = (v x <= l) && (v x >= -l) @@ -136,14 +146,24 @@ let mont_red_i32 (x:i32) : i16 = let vhigh = cast (x >>! 16l) <: i16 in vhigh -. k_times_modulus -#push-options "--z3rlimit 900 --split_queries always" +let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): + Lemma ((v @% p) % p == v % p) = () + +let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): + Lemma ((v / p) @% p == v / p) = + assert ((v / p) < p); + assert ((v / p) @% p == v / p); + () + +#push-options "--z3rlimit 1200 --split_queries always" val lemma_mont_red_i32 (x:i32): Lemma - (requires (Spec.Utils.is_i32b (3328 * pow2 16) x)) + (requires (is_i32b (3328 * pow2 16) x)) (ensures ( let result:i16 = mont_red_i32 x in - Spec.Utils.is_i16b (3328 + 1665) result /\ - (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 3328 result) /\ + is_i16b (3328 + 1665) result /\ + (is_i32b (3328 * 3328) x ==> is_i16b 3328 result) /\ v result % 3329 == (v x * 169) % 3329)) + let lemma_mont_red_i32 (x:i32) = let vlow = cast x <: i16 in assert (v vlow == v x @% pow2 16); @@ -158,28 +178,36 @@ let lemma_mont_red_i32 (x:i32) = let vhigh = cast (x >>! 16l) <: i16 in assert (v vhigh == v x / pow2 16); assert (is_i16b 3328 vhigh); - assert (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 169 vhigh); + assert (is_i32b (3328 * 3328) x ==> is_i16b 169 vhigh); let result = vhigh -. c in + assert (v result = (v vhigh - v c) @% pow2 16); + assert (v result = v vhigh - v c); assert (is_i16b (3328 + 1665) result); - assert (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 3328 result); + assert (is_i32b (3328 * 3328) x ==> is_i16b 3328 result); calc ( == ) { v k_times_modulus % pow2 16; ( == ) { assert (v k_times_modulus == v k * 3329) } (v k * 3329) % pow2 16; ( == ) { assert (v k = ((v x @% pow2 16) * (-3327)) @% pow2 16) } ((((v x @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((v x @% pow2 16) * (-3327)) @% pow2 16) 3329 (pow2 16) } + (((((v x @% pow2 16) * (-3327)) @% pow2 16) % pow2 16) * 3329) % pow2 16; + ( == ) { lemma_at_percent_mod ((v x @% pow2 16) * (-3327)) (pow2 16)} + ((((v x @% pow2 16) * (-3327)) % pow2 16) * 3329) % pow2 16; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v x @% pow2 16) * (-3327)) 3329 (pow2 16) } - ((((v x @% pow2 16) * (-3327)) * 3329) % pow2 16); + (((v x @% pow2 16) * (-3327)) * 3329) % pow2 16; + ( == ) { } + ((v x @% pow2 16) * (-3327 * 3329)) % pow2 16; ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (v x @% pow2 16) (-3327 * 3329) (pow2 16) } ((v x @% pow2 16) % pow2 16); - ( == ) { Math.Lemmas.lemma_mod_sub (v x) (pow2 16) 1 } + ( == ) { lemma_at_percent_mod (v x) (pow2 16) } (v x) % pow2 16; }; Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) (v x) (v k_times_modulus); assert ((v x - v k_times_modulus) % pow2 16 == 0); calc ( == ) { v result % 3329; - ( == ) { assert (v result == v vhigh - v c) } + ( == ) { } (v x / pow2 16 - v k_times_modulus / pow2 16) % 3329; ( == ) { Math.Lemmas.lemma_div_exact (v x - v k_times_modulus) (pow2 16) } ((v x - v k_times_modulus) / pow2 16) % 3329; @@ -196,20 +224,23 @@ let lemma_mont_red_i32 (x:i32) = ( == ) { Math.Lemmas.lemma_mod_sub (v x * 169) 3329 ((v k @% pow2 16) * 169) } (v x * 169) % 3329; } -#pop-options +#pop-options -#push-options "--z3rlimit 1200 --split_queries always --z3refresh" +#push-options "--z3rlimit 1200 --split_queries always" val lemma_mont_mul_red_i16 (x y:i16): Lemma - (requires (Spec.Utils.is_i16b 3328 y)) + (requires (is_i16b 3328 y)) (ensures ( let result:i16 = mont_mul_red_i16 x y in - Spec.Utils.is_i16b (3328 + 1665) result /\ + is_i16b (3328 + 1665) result /\ v result % 3329 == (v x * v y * 169) % 3329)) -let lemma_mont_mul_red_i16 (x y:i16) = +let lemma_mont_mul_red_i16 (x y:i16) = admit() + +(* let vlow = x *. y in - assert (v vlow == (v x * v y) @% pow2 16); + let prod = v x * v y in + assert (v vlow == prod @% pow2 16); let k = vlow *. (neg 3327s) in - assert (v k == (((v x * v y) @% pow2 16) * (- 3327)) @% pow2 16); + assert (v k == (((prod) @% pow2 16) * (- 3327)) @% pow2 16); let k_times_modulus = (cast k <: i32) *. 3329l in assert (v k_times_modulus == (v k * 3329)); let c = cast (k_times_modulus >>! 16l) <: i16 in @@ -219,47 +250,47 @@ let lemma_mont_mul_red_i16 (x y:i16) = let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in lemma_mul_i16b (pow2 15) (pow2 15) x y; assert (is_i32b (pow2 30) ((cast x <: i32) *. (cast y <: i32))); - assert (v x * v y <= pow2 30 /\ v x * v y >= - pow2 30); - assert (v x * v y < pow2 31 /\ v x * v y > - pow2 31); - assert (v vhigh == (((v x * v y) @% pow2 32) / pow2 16) @% pow2 16); - assert (v vhigh == (v x * v y) / pow2 16); + assert (prod <= pow2 30 /\ prod >= - pow2 30); + assert (prod < pow2 31 /\ prod > - pow2 31); + assert (v vhigh == (((prod) @% pow2 32) / pow2 16) @% pow2 16); + assert (v vhigh == (prod) / pow2 16); assert (is_i16b 3328 vhigh); - let result = vhigh -. c in assert (is_i16b (3328 + 1665) result); - assert (Spec.Utils.is_i32b (3328 * 3328) x ==> Spec.Utils.is_i16b 3328 result); + assert (is_i32b (3328 * 3328) x ==> is_i16b 3328 result); calc ( == ) { v k_times_modulus % pow2 16; ( == ) { assert (v k_times_modulus == v k * 3329) } (v k * 3329) % pow2 16; - ( == ) { assert (v k = (((v x * v y) @% pow2 16) * (-3327)) @% pow2 16) } - (((((v x * v y) @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; - ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((v x * v y) @% pow2 16) * (-3327)) 3329 (pow2 16) } - (((((v x * v y) @% pow2 16) * (-3327)) * 3329) % pow2 16); - ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((v x * v y) @% pow2 16) (-3327 * 3329) (pow2 16) } - (((v x * v y) @% pow2 16) % pow2 16); - ( == ) { Math.Lemmas.lemma_mod_sub ((v x * v y)) (pow2 16) 1 } - ((v x * v y)) % pow2 16; + ( == ) { assert (v k = (((prod) @% pow2 16) * (-3327)) @% pow2 16) } + (((((prod) @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((prod) @% pow2 16) * (-3327)) 3329 (pow2 16) } + (((((prod) @% pow2 16) * (-3327)) * 3329) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((prod) @% pow2 16) (-3327 * 3329) (pow2 16) } + (((prod) @% pow2 16) % pow2 16); + ( == ) { Math.Lemmas.lemma_mod_sub ((prod)) (pow2 16) 1 } + ((prod)) % pow2 16; }; - Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) ((v x * v y)) (v k_times_modulus); - assert (((v x * v y) - v k_times_modulus) % pow2 16 == 0); + Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) ((prod)) (v k_times_modulus); + assert (((prod) - v k_times_modulus) % pow2 16 == 0); calc ( == ) { v result % 3329; ( == ) { assert (v result == v vhigh - v c) } - ((v x * v y) / pow2 16 - v k_times_modulus / pow2 16) % 3329; - ( == ) { Math.Lemmas.lemma_div_exact ((v x * v y) - v k_times_modulus) (pow2 16) } - (((v x * v y) - v k_times_modulus) / pow2 16) % 3329; + ((prod) / pow2 16 - v k_times_modulus / pow2 16) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((prod) - v k_times_modulus) (pow2 16) } + (((prod) - v k_times_modulus) / pow2 16) % 3329; ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } - ((((v x * v y) - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; - ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (((v x * v y) - v k_times_modulus) / pow2 16) + ((((prod) - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (((prod) - v k_times_modulus) / pow2 16) (pow2 16 * 169) 3329 } - ((((v x * v y) - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; - ( == ) { Math.Lemmas.lemma_div_exact ((v x * v y) - v k_times_modulus) (pow2 16) } - (((v x * v y) - v k_times_modulus) * 169) % 3329; + ((((prod) - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((prod) - v k_times_modulus) (pow2 16) } + (((prod) - v k_times_modulus) * 169) % 3329; ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } - (((v x * v y) * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; - ( == ) { Math.Lemmas.lemma_mod_sub ((v x * v y) * 169) 3329 ((v k @% pow2 16) * 169) } - ((v x * v y) * 169) % 3329; + (((prod) * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub ((prod) * 169) 3329 ((v k @% pow2 16) * 169) } + ((prod) * 169) % 3329; } +*) #pop-options diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index fe0749390..4673dca06 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -291,6 +291,7 @@ pub(crate) fn generate_keypair< /// Call [`compress_then_serialize_ring_element_u`] on each ring element. #[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::options("--z3rlimit 200")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 88916a625..98f4ceeda 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -9,34 +9,31 @@ use super::{ // Kyber 512 parameters const RANK_512: usize = 2; -const RANKED_BYTES_PER_RING_ELEMENT_512: usize = RANK_512 * BITS_PER_RING_ELEMENT / 8; -const T_AS_NTT_ENCODED_SIZE_512: usize = - (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; +const RANKED_BYTES_PER_RING_ELEMENT_512: usize = 768; +const T_AS_NTT_ENCODED_SIZE_512: usize = 768; const VECTOR_U_COMPRESSION_FACTOR_512: usize = 10; // [hax]: hacspec/hacspec-v2#27 stealing error // block_len::() -const C1_BLOCK_SIZE_512: usize = - (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_U_COMPRESSION_FACTOR_512) / 8; +const C1_BLOCK_SIZE_512: usize = 320; // [hax]: hacspec/hacspec-v2#27 stealing error // serialized_len::() -const C1_SIZE_512: usize = C1_BLOCK_SIZE_512 * RANK_512; +const C1_SIZE_512: usize = 640; const VECTOR_V_COMPRESSION_FACTOR_512: usize = 4; // [hax]: hacspec/hacspec-v2#27 stealing error // block_len::() -const C2_SIZE_512: usize = (COEFFICIENTS_IN_RING_ELEMENT * VECTOR_V_COMPRESSION_FACTOR_512) / 8; -const CPA_PKE_SECRET_KEY_SIZE_512: usize = - (RANK_512 * COEFFICIENTS_IN_RING_ELEMENT * BITS_PER_COEFFICIENT) / 8; -pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = T_AS_NTT_ENCODED_SIZE_512 + 32; -const CPA_PKE_CIPHERTEXT_SIZE_512: usize = C1_SIZE_512 + C2_SIZE_512; -pub(crate) const SECRET_KEY_SIZE_512: usize = - CPA_PKE_SECRET_KEY_SIZE_512 + CPA_PKE_PUBLIC_KEY_SIZE_512 + H_DIGEST_SIZE + SHARED_SECRET_SIZE; +const C2_SIZE_512: usize = 128; +const CPA_PKE_SECRET_KEY_SIZE_512: usize = 768; +pub(crate) const CPA_PKE_PUBLIC_KEY_SIZE_512: usize = 800; +const CPA_PKE_CIPHERTEXT_SIZE_512: usize = 768; + +pub(crate) const SECRET_KEY_SIZE_512: usize = 1632; const ETA1: usize = 3; -const ETA1_RANDOMNESS_SIZE: usize = ETA1 * 64; +const ETA1_RANDOMNESS_SIZE: usize = 192; const ETA2: usize = 2; -const ETA2_RANDOMNESS_SIZE: usize = ETA2 * 64; +const ETA2_RANDOMNESS_SIZE: usize = 128; -const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = SHARED_SECRET_SIZE + CPA_PKE_CIPHERTEXT_SIZE_512; +const IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = 800; // Kyber 512 types /// An ML-KEM 512 Ciphertext diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 0f65668e0..f6e4bc29d 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -22,13 +22,7 @@ pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { let cv = mm256_set1_epi16(constant); let result = mm256_mullo_epi16(vector, cv); - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) mul_mod - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${cv}); - Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x *. constant) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}); - Spec.Utils.lemma_create_index #_ (sz 16) constant; - Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); result @@ -40,13 +34,7 @@ pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 { let cv = mm256_set1_epi16(constant); let result = mm256_and_si256(vector, cv); - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (&.) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${cv}); - Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x &. constant) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}); - Spec.Utils.lemma_create_index #_ (sz 16) constant; - Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x &. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); result } @@ -58,9 +46,7 @@ pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { let result = mm256_srai_epi16::<{ SHIFT_BY }>(vector); - hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! ${SHIFT_BY}) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector}); - Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); result @@ -78,30 +64,18 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); - hax_lib::fstar!("Spec.Utils.lemma_create_index #_ (sz 16) ${FIELD_MODULUS}"); - + // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (-.) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $field_modulus)"); - + let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); - hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! 15l) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $v_minus_field_modulus)"); - + // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (&.) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $sign_mask) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $field_modulus)"); - + let result = mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (+.) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $v_minus_field_modulus) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $conditional_add_field_modulus)"); - + result } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index ca9e4eead..98767bd57 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -51,8 +51,7 @@ pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); lhs.elements[i] = lhs.elements[i].wrapping_add(rhs.elements[i]); } - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (+.) ${_lhs0}.f_elements ${rhs}.f_elements; - Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (+.) ${_lhs0}.f_elements ${rhs}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (+.) ${_lhs0}.f_elements ${rhs}.f_elements)"); lhs } @@ -67,8 +66,7 @@ pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); lhs.elements[i] = lhs.elements[i].wrapping_sub(rhs.elements[i]); } - hax_lib::fstar!("Spec.Utils.lemma_map2_index #_ #_ #_ #(sz 16) (-.) ${_lhs0}.f_elements ${rhs}.f_elements; - Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (-.) ${_lhs0}.f_elements ${rhs}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (-.) ${_lhs0}.f_elements ${rhs}.f_elements)"); lhs } @@ -83,8 +81,7 @@ pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); vec.elements[i] = vec.elements[i].wrapping_mul(c); } - hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x *. c) ${_vec0}.f_elements; - Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x *. c) ${_vec0}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x *. c) ${_vec0}.f_elements)"); vec } @@ -99,8 +96,7 @@ pub fn bitwise_and_with_constant(mut vec: PortableVector, c: i16) -> PortableVec (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); vec.elements[i] &= c; } - hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x &. c) ${_vec0}.f_elements; - Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x &. c) ${_vec0}.f_elements)"); vec } @@ -117,8 +113,7 @@ pub fn shift_right(mut vec: PortableVector) -> PortableVect (forall j. j >= v i ==> Seq.index ${vec}.f_elements j == Seq.index ${_vec0}.f_elements j)") }); vec.elements[i] = vec.elements[i] >> SHIFT_BY; } - hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements; - Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) ${_vec0}.f_elements)"); vec } @@ -141,9 +136,7 @@ pub fn cond_subtract_3329(mut vec: PortableVector) -> PortableVector { vec.elements[i] -= 3329 } } - hax_lib::fstar!("Spec.Utils.lemma_map_index #_ #_ #(sz 16) - (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements; - Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) ${_vec0}.f_elements)"); vec } @@ -257,7 +250,7 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { hax_lib::fstar!("assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); - assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); + Spec.Utils.lemma_div_at_percent (v value) (pow2 16); assert (v value_high == (v value / pow2 16)); assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert(Spec.Utils.is_i16b 3328 value_high)"); From 87f07896c4682a4ec4c8fb22659e9ae00d0c68e2 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 08:43:52 +0200 Subject: [PATCH 200/348] z3 limits for montred --- .../proofs/fstar/spec/Spec.Utils.fst | 88 +++++++++++-------- 1 file changed, 53 insertions(+), 35 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 20344a7e6..6e64597f0 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -111,9 +111,15 @@ let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i3 let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 +val lemma_mul_intb (b1 b2: nat) (n1 n2: int) + : Lemma (requires (n1 <= b1 /\ n1 >= -b1 /\ n2 <= b2 /\ n2 >= -b2)) + (ensures ((n1 * n2) <= (b1 * b2) /\ (n1 * n2) >= - (b1 * b2))) +let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = () + val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) + let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = if v n1 = 0 || v n2 = 0 then () @@ -132,6 +138,12 @@ val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : is_i16b (b1 + b2) (n1 +! n2))) let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () +val lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) : + Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) + (ensures (range (v n1 - v n2) i16_inttype /\ + is_i16b (b1 + b2) (n1 -. n2))) +let lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) = () + let mont_mul_red_i16 (x:i16) (y:i16) : i16= let vlow = x *. y in let k = vlow *. (neg 3327s) in @@ -226,16 +238,14 @@ let lemma_mont_red_i32 (x:i32) = } #pop-options -#push-options "--z3rlimit 1200 --split_queries always" +#push-options "--z3rlimit 800 --split_queries always" val lemma_mont_mul_red_i16 (x y:i16): Lemma (requires (is_i16b 3328 y)) (ensures ( let result:i16 = mont_mul_red_i16 x y in - is_i16b (3328 + 1665) result /\ + is_i16b 3329 result /\ v result % 3329 == (v x * v y * 169) % 3329)) -let lemma_mont_mul_red_i16 (x y:i16) = admit() - -(* +let lemma_mont_mul_red_i16 (x y:i16) = let vlow = x *. y in let prod = v x * v y in assert (v vlow == prod @% pow2 16); @@ -245,52 +255,60 @@ let lemma_mont_mul_red_i16 (x y:i16) = admit() assert (v k_times_modulus == (v k * 3329)); let c = cast (k_times_modulus >>! 16l) <: i16 in assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); + lemma_div_at_percent (v k * 3329) (pow2 16); assert (v c == (((v k * 3329) / pow2 16))); assert (is_i16b 1665 c); let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in - lemma_mul_i16b (pow2 15) (pow2 15) x y; - assert (is_i32b (pow2 30) ((cast x <: i32) *. (cast y <: i32))); - assert (prod <= pow2 30 /\ prod >= - pow2 30); - assert (prod < pow2 31 /\ prod > - pow2 31); assert (v vhigh == (((prod) @% pow2 32) / pow2 16) @% pow2 16); - assert (v vhigh == (prod) / pow2 16); - assert (is_i16b 3328 vhigh); + lemma_mul_intb (pow2 15) 3328 (v x) (v y); + assert_norm (pow2 15 * 3328 < pow2 31); + assert (prod < pow2 31 /\ prod > - pow2 31); + assert (prod @% pow2 32 == prod); + assert (v vhigh == (prod / pow2 16) @% pow2 16); + lemma_div_at_percent prod (pow2 16); + assert (v vhigh == prod / pow2 16); + assert (is_i16b 1664 vhigh); let result = vhigh -. c in - assert (is_i16b (3328 + 1665) result); - assert (is_i32b (3328 * 3328) x ==> is_i16b 3328 result); + lemma_sub_i16b 1664 1665 vhigh c; + assert (is_i16b 3329 result); + assert (v result = (v vhigh - v c) @% pow2 16); + assert (v result = v vhigh - v c); calc ( == ) { v k_times_modulus % pow2 16; ( == ) { assert (v k_times_modulus == v k * 3329) } (v k * 3329) % pow2 16; - ( == ) { assert (v k = (((prod) @% pow2 16) * (-3327)) @% pow2 16) } - (((((prod) @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; - ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((prod) @% pow2 16) * (-3327)) 3329 (pow2 16) } - (((((prod) @% pow2 16) * (-3327)) * 3329) % pow2 16); - ( == ) { Math.Lemmas.lemma_mod_mul_distr_r ((prod) @% pow2 16) (-3327 * 3329) (pow2 16) } - (((prod) @% pow2 16) % pow2 16); - ( == ) { Math.Lemmas.lemma_mod_sub ((prod)) (pow2 16) 1 } - ((prod)) % pow2 16; + ( == ) { assert (v k = ((prod @% pow2 16) * (-3327)) @% pow2 16) } + ((((prod @% pow2 16) * (-3327)) @% pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (((prod @% pow2 16) * (-3327)) @% pow2 16) 3329 (pow2 16) } + (((((prod @% pow2 16) * (-3327)) @% pow2 16) % pow2 16) * 3329) % pow2 16; + ( == ) { lemma_at_percent_mod ((prod @% pow2 16) * (-3327)) (pow2 16)} + ((((prod @% pow2 16) * (-3327)) % pow2 16) * 3329) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((prod @% pow2 16) * (-3327)) 3329 (pow2 16) } + (((prod @% pow2 16) * (-3327)) * 3329) % pow2 16; + ( == ) { } + ((prod @% pow2 16) * (-3327 * 3329)) % pow2 16; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (prod @% pow2 16) (-3327 * 3329) (pow2 16) } + ((prod @% pow2 16) % pow2 16); + ( == ) { lemma_at_percent_mod (prod) (pow2 16) } + (prod) % pow2 16; }; Math.Lemmas.modulo_add (pow2 16) (- (v k_times_modulus)) ((prod)) (v k_times_modulus); assert (((prod) - v k_times_modulus) % pow2 16 == 0); calc ( == ) { v result % 3329; - ( == ) { assert (v result == v vhigh - v c) } - ((prod) / pow2 16 - v k_times_modulus / pow2 16) % 3329; - ( == ) { Math.Lemmas.lemma_div_exact ((prod) - v k_times_modulus) (pow2 16) } - (((prod) - v k_times_modulus) / pow2 16) % 3329; + ( == ) { } + (((prod) / pow2 16) - ((v k * 3329) / pow2 16)) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((prod) - (v k * 3329)) (pow2 16) } + ((prod - (v k * 3329)) / pow2 16) % 3329; ( == ) { assert ((pow2 16 * 169) % 3329 == 1) } - ((((prod) - v k_times_modulus) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; - ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (((prod) - v k_times_modulus) / pow2 16) + (((prod - (v k * 3329)) / pow2 16) * ((pow2 16 * 169) % 3329)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_r (((prod) - (v k * 3329)) / pow2 16) (pow2 16 * 169) 3329 } - ((((prod) - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; - ( == ) { Math.Lemmas.lemma_div_exact ((prod) - v k_times_modulus) (pow2 16) } - (((prod) - v k_times_modulus) * 169) % 3329; - ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } - (((prod) * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; - ( == ) { Math.Lemmas.lemma_mod_sub ((prod) * 169) 3329 ((v k @% pow2 16) * 169) } + ((((prod) - (v k * 3329)) / pow2 16) * pow2 16 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_div_exact ((prod) - (v k * 3329)) (pow2 16) } + (((prod) - (v k * 3329)) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub ((prod) * 169) 3329 (v k * 169)} ((prod) * 169) % 3329; } -*) -#pop-options +#pop-options From 65df9ca4cc33dfcf5ce00113d32d62925b4f5710 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 08:41:56 +0000 Subject: [PATCH 201/348] Add pre/post-conditions for portable serialize/deserialize --- .../Libcrux_ml_kem.Vector.Portable.fsti | 68 +++++++++++------ .../Libcrux_ml_kem.Vector.Traits.fsti | 74 ++++++++++++++----- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 27 ++++++- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- libcrux-ml-kem/src/vector/portable.rs | 34 +++++++++ libcrux-ml-kem/src/vector/traits.rs | 30 +++++--- 6 files changed, 179 insertions(+), 56 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 312bea76b..ccc333409 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -441,46 +441,58 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Ntt.ntt_multiply lhs rhs zeta0 zeta1 zeta2 zeta3); f_serialize_1_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 1 (impl.f_repr a)); f_serialize_1_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 2)) -> - true); + Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr a) out); f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a); - f_deserialize_1_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); f_deserialize_1_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)); f_deserialize_1_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); f_serialize_4_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 4 (impl.f_repr a)); f_serialize_4_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 8)) -> - true); + Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 4 (impl.f_repr a) out); f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a); - f_deserialize_4_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); f_deserialize_4_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)); f_deserialize_4_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -495,7 +507,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a); - f_deserialize_5_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10); f_deserialize_5_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -504,25 +516,31 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a); f_serialize_10_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 10 (impl.f_repr a)); f_serialize_10_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 20)) -> - true); + Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 10 (impl.f_repr a) out); f_serialize_10_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a); - f_deserialize_10_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20); f_deserialize_10_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)); f_deserialize_10_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -537,7 +555,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a); - f_deserialize_11_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22); f_deserialize_11_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -546,25 +564,31 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a); f_serialize_12_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Spec.MLKEM.serialize_pre 12 (impl.f_repr a)); f_serialize_12_post = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: t_Array u8 (sz 24)) -> - true); + Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 12 (impl.f_repr a) out); f_serialize_12_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a); - f_deserialize_12_pre = (fun (a: t_Slice u8) -> true); + f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24); f_deserialize_12_post = - (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)); f_deserialize_12_ = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); + (fun (a: t_Slice u8) -> + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true); f_rej_sample_post = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 3b7aa112e..657dd56d5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -176,64 +176,98 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) (fun result -> f_ntt_multiply_post x0 x1 x2 x3 x4 x5 result); - f_serialize_1_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_1_post:v_Self -> t_Array u8 (sz 2) -> Type0; + f_serialize_1_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 1 (f_repr a) ==> pred}; + f_serialize_1_post:a: v_Self -> result: t_Array u8 (sz 2) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 1 (f_repr a) ==> Spec.MLKEM.serialize_post 1 (f_repr a) result }; f_serialize_1_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 2)) (f_serialize_1_pre x0) (fun result -> f_serialize_1_post x0 result); - f_deserialize_1_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_1_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_1_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 2 ==> pred}; + f_deserialize_1_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0{pred ==> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (f_repr result)}; f_deserialize_1_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_1_pre x0) (fun result -> f_deserialize_1_post x0 result); - f_serialize_4_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_4_post:v_Self -> t_Array u8 (sz 8) -> Type0; + f_serialize_4_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 4 (f_repr a) ==> pred}; + f_serialize_4_post:a: v_Self -> result: t_Array u8 (sz 8) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 4 (f_repr a) ==> Spec.MLKEM.serialize_post 4 (f_repr a) result }; f_serialize_4_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 8)) (f_serialize_4_pre x0) (fun result -> f_serialize_4_post x0 result); - f_deserialize_4_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_4_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_4_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 8 ==> pred}; + f_deserialize_4_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0{pred ==> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (f_repr result)}; f_deserialize_4_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_4_pre x0) (fun result -> f_deserialize_4_post x0 result); - f_serialize_5_pre:a: v_Self -> pred: Type0{true ==> pred}; + f_serialize_5_pre:v_Self -> Type0; f_serialize_5_post:v_Self -> t_Array u8 (sz 10) -> Type0; f_serialize_5_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 10)) (f_serialize_5_pre x0) (fun result -> f_serialize_5_post x0 result); - f_deserialize_5_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; + f_deserialize_5_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 10 ==> pred}; f_deserialize_5_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_5_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_5_pre x0) (fun result -> f_deserialize_5_post x0 result); - f_serialize_10_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_10_post:v_Self -> t_Array u8 (sz 20) -> Type0; + f_serialize_10_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 10 (f_repr a) ==> pred}; + f_serialize_10_post:a: v_Self -> result: t_Array u8 (sz 20) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 10 (f_repr a) ==> Spec.MLKEM.serialize_post 10 (f_repr a) result + }; f_serialize_10_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 20)) (f_serialize_10_pre x0) (fun result -> f_serialize_10_post x0 result); - f_deserialize_10_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_10_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_10_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 20 ==> pred}; + f_deserialize_10_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0 + {pred ==> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (f_repr result)}; f_deserialize_10_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_10_pre x0) (fun result -> f_deserialize_10_post x0 result); - f_serialize_11_pre:a: v_Self -> pred: Type0{true ==> pred}; + f_serialize_11_pre:v_Self -> Type0; f_serialize_11_post:v_Self -> t_Array u8 (sz 22) -> Type0; f_serialize_11_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 22)) (f_serialize_11_pre x0) (fun result -> f_serialize_11_post x0 result); - f_deserialize_11_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; + f_deserialize_11_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 22 ==> pred}; f_deserialize_11_post:t_Slice u8 -> v_Self -> Type0; f_deserialize_11_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_11_pre x0) (fun result -> f_deserialize_11_post x0 result); - f_serialize_12_pre:a: v_Self -> pred: Type0{true ==> pred}; - f_serialize_12_post:v_Self -> t_Array u8 (sz 24) -> Type0; + f_serialize_12_pre:a: v_Self -> pred: Type0{Spec.MLKEM.serialize_pre 12 (f_repr a) ==> pred}; + f_serialize_12_post:a: v_Self -> result: t_Array u8 (sz 24) + -> pred: + Type0 + { pred ==> + Spec.MLKEM.serialize_pre 12 (f_repr a) ==> Spec.MLKEM.serialize_post 12 (f_repr a) result + }; f_serialize_12_:x0: v_Self -> Prims.Pure (t_Array u8 (sz 24)) (f_serialize_12_pre x0) (fun result -> f_serialize_12_post x0 result); - f_deserialize_12_pre:a: t_Slice u8 -> pred: Type0{true ==> pred}; - f_deserialize_12_post:t_Slice u8 -> v_Self -> Type0; + f_deserialize_12_pre:a: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 a <: usize) =. sz 24 ==> pred}; + f_deserialize_12_post:a: t_Slice u8 -> result: v_Self + -> pred: + Type0 + {pred ==> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (f_repr result)}; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index a1b9d71ac..083681ebf 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -257,4 +257,29 @@ let compress_then_byte_encode (d: dT {d <> 12}) (coefficients: polynomial): t_Ar let byte_decode_then_decompress (d: dT {d <> 12}) (b:t_Array u8 (sz (32 * d))): polynomial = map_array (decompress_d d) (byte_decode d b) - + +(**** Definitions to move or to rework *) +let serialize_pre + (d1: dT) + (coefficients: t_Array i16 (sz 16)) + = forall i. i < 16 ==> bounded (Seq.index coefficients i) d1 + +// TODO: this is an alternative version of byte_encode +// rename to encoded bytes +#push-options "--z3rlimit 80 --split_queries always" +let serialize_post + (d1: dT) + (coefficients: t_Array i16 (sz 16) { serialize_pre d1 coefficients }) + (output: t_Array u8 (sz (d1 * 2))) + = BitVecEq.int_t_array_bitwise_eq coefficients d1 + output 8 + +// TODO: this is an alternative version of byte_decode +// rename to decoded bytes +let deserialize_post + (d1: dT) + (bytes: t_Array u8 (sz (d1 * 2))) + (output: t_Array i16 (sz 16)) + = BitVecEq.int_t_array_bitwise_eq bytes 8 + output d1 +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 671f5d46e..586195aed 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -22,7 +22,7 @@ let map2 #a #b #c (#len:usize{v len < pow2 32}) let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" +#push-options "--z3rlimit 500" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) (x: t_Array (t_Array t m) n) diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index cf05ab802..59315d962 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -131,19 +131,35 @@ impl Operations for PortableVector { ntt_multiply(lhs, rhs, zeta0, zeta1, zeta2, zeta3) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); serialize_1(a) } + #[requires(a.len() == 2)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); deserialize_1(a) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); serialize_4(a) } + #[requires(a.len() == 8)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); deserialize_4(a) } @@ -151,15 +167,24 @@ impl Operations for PortableVector { serialize_5(a) } + #[requires(a.len() == 10)] fn deserialize_5(a: &[u8]) -> Self { deserialize_5(a) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] fn serialize_10(a: Self) -> [u8; 20] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); serialize_10(a) } + #[requires(a.len() == 20)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); deserialize_10(a) } @@ -167,15 +192,24 @@ impl Operations for PortableVector { serialize_11(a) } + #[requires(a.len() == 22)] fn deserialize_11(a: &[u8]) -> Self { deserialize_11(a) } + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] fn serialize_12(a: Self) -> [u8; 24] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); serialize_12(a) } + #[requires(a.len() == 24)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); deserialize_12(a) } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 56ff9cf27..0b0c28899 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -92,34 +92,40 @@ pub trait Operations: Copy + Clone + Repr { -> Self; // Serialization and deserialization - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 1 (f_repr $a) ==> Spec.MLKEM.serialize_post 1 (f_repr $a) $result"))] fn serialize_1(a: Self) -> [u8; 2]; - #[requires(true)] + #[requires(a.len() == 2)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (f_repr $result)"))] fn deserialize_1(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 4 (f_repr $a) ==> Spec.MLKEM.serialize_post 4 (f_repr $a) $result"))] fn serialize_4(a: Self) -> [u8; 8]; - #[requires(true)] + #[requires(a.len() == 8)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (f_repr $result)"))] fn deserialize_4(a: &[u8]) -> Self; - #[requires(true)] fn serialize_5(a: Self) -> [u8; 10]; - #[requires(true)] + #[requires(a.len() == 10)] fn deserialize_5(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 10 (f_repr $a) ==> Spec.MLKEM.serialize_post 10 (f_repr $a) $result"))] fn serialize_10(a: Self) -> [u8; 20]; - #[requires(true)] + #[requires(a.len() == 20)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (f_repr $result)"))] fn deserialize_10(a: &[u8]) -> Self; - #[requires(true)] fn serialize_11(a: Self) -> [u8; 22]; - #[requires(true)] + #[requires(a.len() == 22)] fn deserialize_11(a: &[u8]) -> Self; - #[requires(true)] + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a)"))] + #[ensures(|result| fstar!("Spec.MLKEM.serialize_pre 12 (f_repr $a) ==> Spec.MLKEM.serialize_post 12 (f_repr $a) $result"))] fn serialize_12(a: Self) -> [u8; 24]; - #[requires(true)] + #[requires(a.len() == 24)] + #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (f_repr $result)"))] fn deserialize_12(a: &[u8]) -> Self; #[requires(true)] From bfd737a115214f45fc473def675e6e5ea3483b6d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 12:20:25 +0200 Subject: [PATCH 202/348] ntt --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 50 ++++++++++--------- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 20 ++++++-- libcrux-ml-kem/src/vector/portable/ntt.rs | 5 ++ 3 files changed, 48 insertions(+), 27 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 99ab0e5b0..fd610ae8d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -140,43 +140,45 @@ let inv_ntt_layer_3_step in v +#push-options "--z3rlimit 50 --query_stats --split_queries always" let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let o0:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a + let ai = (cast (a .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) - <: - i32) +! - ((cast (Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) - <: - i32) - <: - i32) + i32) in + assert (Spec.Utils.is_i32b 3328 ai); + let bi = (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) in + assert (Spec.Utils.is_i32b 3328 bi); + let aj = (cast (a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: - i32) *! - (cast (zeta <: i16) <: i32) - <: - i32) - <: - i32) - in + i32) in + assert (Spec.Utils.is_i32b 3328 aj); + let bj = (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) in + assert (Spec.Utils.is_i32b 3328 bj); + Spec.Utils.lemma_mul_intb 3328 3328 (v ai) (v bi); + Spec.Utils.lemma_mul_intb 3328 3328 (v ai) (v bj); + Spec.Utils.lemma_mul_intb 3328 3328 (v aj) (v bi); + Spec.Utils.lemma_mul_intb 3328 3328 (v aj) (v bj); + let ai_bi = ai *! bi in + let aj_bj = aj *! bj in + let sum = ai_bi +! aj_bj in + assert (Spec.Utils.is_i32b (2 * 3328 * 3328) sum); + let red = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element sum in + assert (Spec.Utils.is_i16b (3328 + 1665) red); + assert (Spec.Utils.is_i16b 1664 zeta); + Spec.Utils.lemma_mul_intb (3328 + 1665) 1664 (v red) (v zeta); + let o0 = (cast red <: i32) *! (cast (zeta <: i16) <: i32) in + admit() let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 3c826a279..57c66ac27 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -44,7 +44,7 @@ val inv_ntt_layer_3_step /// c₁ ← a₀·b₁ + a₁·b₀ /// return c₀, c₁ /// ``` -/// We say "almost" because the coefficients output by this function are in +/// We say \"almost\" because the coefficients output by this function are in /// the Montgomery domain (unlike in the specification). /// The NIST FIPS 203 standard can be found at /// . @@ -54,8 +54,22 @@ val ntt_multiply_binomials (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires (v i < 16 /\ v j < 16 /\ + Spec.Utils.is_i16b_array 3328 a.f_elements /\ + Spec.Utils.is_i16b_array 3328 b.f_elements /\ + Spec.Utils.is_i16b 1664 zeta)) + (ensures + fun out_future -> + let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in + let (x,y) = + Spec.MLKEM.Math.poly_base_case_multiply + (v (Seq.index a.f_elements (v i)) % 3329) + (v (Seq.index a.f_elements (v j)) % 3329) + (v (Seq.index b.f_elements (v i)) % 3329) + (v (Seq.index b.f_elements (v j)) % 3329) + ((v zeta * 169) % 3329) in + (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\ + y == v (Seq.index out_future.f_elements (v j)) % 3329)) val ntt_step (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index d6eb66396..f23f6e34c 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -130,6 +130,11 @@ pub(crate) fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> Portable /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::ensures(|()| fstar!("(Seq.index out_future (v i), Seq.index out_future (v j)) == + Spec.MLKEM.Math.poly_base_case_multiply + (Seq.index a (v i)) (Seq.index a (v j)) + (Seq.index b (v i)) (Seq.index b (v j)) + (v zeta) "))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, From b7b237fb9caa82f39a38c8ef86c72edd985f69d5 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 10:47:06 +0000 Subject: [PATCH 203/348] Update vector/avx2.rs --- .../Libcrux_ml_kem.Vector.Avx2.fsti | 92 +++++++++++++++---- libcrux-ml-kem/src/vector/avx2.rs | 34 +++++++ 2 files changed, 108 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 08c285c87..35de3d65c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -366,31 +366,57 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_serialize_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_1_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> true); + f_serialize_1_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 1 (impl.f_repr vector)); + f_serialize_1_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 2)) -> + Spec.MLKEM.serialize_pre 1 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr vector) out); f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); - f_deserialize_1_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_1_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_1_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2); + f_deserialize_1_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 bytes (impl.f_repr out)); f_deserialize_1_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); - f_serialize_4_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_4_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> true); + f_serialize_4_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 4 (impl.f_repr vector)); + f_serialize_4_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 8)) -> + Spec.MLKEM.serialize_pre 4 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 4 (impl.f_repr vector) out); f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements); - f_deserialize_4_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_4_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_4_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8); + f_deserialize_4_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 bytes (impl.f_repr out)); f_deserialize_4_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); @@ -400,7 +426,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); - f_deserialize_5_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_5_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 10); f_deserialize_5_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_5_ = @@ -408,17 +436,30 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); - f_serialize_10_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_10_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> true); + f_serialize_10_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 10 (impl.f_repr vector)); + f_serialize_10_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 20)) -> + Spec.MLKEM.serialize_pre 10 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 10 (impl.f_repr vector) out); f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements); - f_deserialize_10_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_10_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_10_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 20); + f_deserialize_10_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 bytes (impl.f_repr out)); f_deserialize_10_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector); @@ -428,7 +469,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) -> Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_11_ vector.f_elements); - f_deserialize_11_pre = (fun (bytes: t_Slice u8) -> true); + f_deserialize_11_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 22); f_deserialize_11_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); f_deserialize_11_ = @@ -436,17 +479,30 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_11_ bytes } <: t_SIMD256Vector); - f_serialize_12_pre = (fun (vector: t_SIMD256Vector) -> true); - f_serialize_12_post = (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> true); + f_serialize_12_pre + = + (fun (vector: t_SIMD256Vector) -> Spec.MLKEM.serialize_pre 12 (impl.f_repr vector)); + f_serialize_12_post + = + (fun (vector: t_SIMD256Vector) (out: t_Array u8 (sz 24)) -> + Spec.MLKEM.serialize_pre 12 (impl.f_repr vector) ==> + Spec.MLKEM.serialize_post 12 (impl.f_repr vector) out); f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements); - f_deserialize_12_pre = (fun (bytes: t_Slice u8) -> true); - f_deserialize_12_post = (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> true); + f_deserialize_12_pre + = + (fun (bytes: t_Slice u8) -> (Core.Slice.impl__len #u8 bytes <: usize) =. sz 24); + f_deserialize_12_post + = + (fun (bytes: t_Slice u8) (out: t_SIMD256Vector) -> + sz (Seq.length bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 bytes (impl.f_repr out)); f_deserialize_12_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector); diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 9d2fb3c62..93cd2812b 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -200,21 +200,37 @@ impl Operations for SIMD256Vector { } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))] fn serialize_1(vector: Self) -> [u8; 2] { + hax_lib::fstar!("admit()"); serialize::serialize_1(vector.elements) } + #[requires(bytes.len() == 2)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))] fn deserialize_1(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_1(bytes), } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))] fn serialize_4(vector: Self) -> [u8; 8] { + hax_lib::fstar!("admit()"); serialize::serialize_4(vector.elements) } + #[requires(bytes.len() == 8)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))] fn deserialize_4(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_4(bytes), } @@ -224,17 +240,26 @@ impl Operations for SIMD256Vector { serialize::serialize_5(vector.elements) } + #[requires(bytes.len() == 10)] fn deserialize_5(bytes: &[u8]) -> Self { Self { elements: serialize::deserialize_5(bytes), } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))] fn serialize_10(vector: Self) -> [u8; 20] { + hax_lib::fstar!("admit()"); serialize::serialize_10(vector.elements) } + #[requires(bytes.len() == 20)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))] fn deserialize_10(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_10(bytes), } @@ -244,17 +269,26 @@ impl Operations for SIMD256Vector { serialize::serialize_11(vector.elements) } + #[requires(bytes.len() == 22)] fn deserialize_11(bytes: &[u8]) -> Self { Self { elements: serialize::deserialize_11(bytes), } } + #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector)"))] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))] fn serialize_12(vector: Self) -> [u8; 24] { + hax_lib::fstar!("admit()"); serialize::serialize_12(vector.elements) } + #[requires(bytes.len() == 24)] + // Output name has be `out` https://github.com/hacspec/hax/issues/832 + #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))] fn deserialize_12(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_12(bytes), } From c04abb695d0a73b86ee4c5f46c95694ffdd0734c Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Tue, 3 Sep 2024 10:05:15 +0200 Subject: [PATCH 204/348] Remove unsafe code from include to avoid being rejected by hax. --- libcrux-ml-kem/hax.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 534d921cc..b95b864ab 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -31,7 +31,7 @@ class extractAction(argparse.Action): def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform interfaces - include_str = "+:**" + include_str = "+:** -**::x86::init::cpuid -**::x86::init::cpuid_count" interface_include = "+**" cargo_hax_into = [ "cargo", From 481b7dc6bce618c2b7836e28b84a58954a47b124 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 14:30:07 +0000 Subject: [PATCH 205/348] Update MLKEM Makefile --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 286a23206..ffda0cd45 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -21,6 +21,7 @@ ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ Libcrux_ml_kem.Vector.Neon.fst \ + Libcrux_ml_kem.Vector.Neon.fsti \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ From e945931259eeca1fcd7b4445189cdc02787b0a21 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 14:52:49 +0000 Subject: [PATCH 206/348] Update Cargo.lock --- Cargo.lock | 77 +++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 71330f9eb..0da78d60b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.74", + "syn 2.0.77", "which", ] @@ -191,12 +191,13 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.10" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ "jobserver", "libc", + "shlex", ] [[package]] @@ -289,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.15" +version = "4.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc" +checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" dependencies = [ "clap_builder", "clap_derive", @@ -318,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -482,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -718,7 +719,7 @@ dependencies = [ "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -741,9 +742,9 @@ checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" -version = "0.3.9" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231dfb89cfffdbc30e7fc41579ed6066ad03abda9e567ccafae602b97ec5024" +checksum = "fbf6a919d6cf397374f7dfeeea91d974c7c0a7221d0d0f4f20d859d329e53fcc" [[package]] name = "hex" @@ -798,9 +799,9 @@ dependencies = [ [[package]] name = "is-terminal" -version = "0.4.12" +version = "0.4.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f23ff5ef2b80d608d61efee834934d862cd92461afc0560dedf493e4c033738b" +checksum = "261f68e344040fbd0edea105bef17c66edf46f984ddb1115b775ce31be948f4b" dependencies = [ "hermit-abi", "libc", @@ -888,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.155" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libcrux" @@ -1204,7 +1205,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -1366,12 +1367,12 @@ dependencies = [ [[package]] name = "prettyplease" -version = "0.2.20" +version = "0.2.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" +checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -1440,9 +1441,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.36" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -1559,18 +1560,18 @@ checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2" [[package]] name = "rustc_version" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfa0f585226d2e68097d4f95d113b15b83a82e819ab25717ec0590d9584ef366" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" dependencies = [ "semver", ] [[package]] name = "rustix" -version = "0.38.34" +version = "0.38.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70dc5ec042f7a43c4a73241207cecc9873a06d45debb38b329f8541d85c2730f" +checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" dependencies = [ "bitflags", "errno", @@ -1622,29 +1623,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.207" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.207" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] name = "serde_json" -version = "1.0.124" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", @@ -1736,9 +1737,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.74" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1fceb41e3d546d0bd83421d3409b1460cc7444cd389341a4c880fe7a042cb3d7" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -1857,7 +1858,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", "wasm-bindgen-shared", ] @@ -1891,7 +1892,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1925,7 +1926,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -2083,7 +2084,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] [[package]] @@ -2103,5 +2104,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.74", + "syn 2.0.77", ] From 5bd655e976f5c41e7fc48c243fcb2ff9e71bde04 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 14:58:08 +0000 Subject: [PATCH 207/348] Remove unnecessary files --- .../proofs/fstar/extraction/Hello.fst | 390 --- .../Libcrux_ml_kem.Vector.Avx2.Portable.fst | 351 --- ...l_kem.Vector.Portable.Serialize.Edited.fst | 2334 ----------------- .../fstar/extraction/Tactic.RwLemmas.fst | 0 .../proofs/fstar/extraction/TacticTest.fst | 15 - .../fstar/spec/ML.KEM.Spec.fst.config.json | 25 - 6 files changed, 3115 deletions(-) delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Hello.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst delete mode 100644 libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst b/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst deleted file mode 100644 index 5178c4c54..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Hello.fst +++ /dev/null @@ -1,390 +0,0 @@ -module Hello - -open Core -open FStar.Mul -open FStar.Tactics.V2 - -// module _ = BitVecEq -// module _ = Rust_primitives.BitVectors - -// // val ( >>! ) #t #t': int_t -> int - -// #push-options "--admit_smt_queries true" -// val serialize_10_int (v: t_Slice i16) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8) -// (requires (Core.Slice.impl__len #i16 v <: usize) =. sz 4) -// (ensures fun _ -> True) -// let serialize_10_int (v: t_Slice i16) = -// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in -// let r1:u8 = -// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) -// in -// let r2:u8 = -// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) -// in -// let r3:u8 = -// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) -// in -// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in -// //let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in -// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) -// #pop-options - -// let wrapped (v: t_Array i16 (sz 4)): t_Array u8 (sz 5) = -// MkSeq.create5 (serialize_10_int v) - -// let norm_seq #t (l: list t) i -// : Lemma (Seq.Base.index (Seq.Base.seq_of_list l) i == FStar.List.Tot.index l i) -// = () - -// let split_forall_nat -// (#upper_bound: pos) -// (p: (i:nat{i <= upper_bound}) -> Type0) -// : Lemma (requires (if upper_bound = 0 then True else (forall (i:nat{i <= upper_bound - 1}). p i)) -// /\ p upper_bound -// ) -// (ensures forall (i:nat{i <= upper_bound}). p i) -// = () - -// let rw_simplify_v_mk_int t (x: int {Rust_primitives.Integers.range x t}) -// : Lemma (v (mk_int #t x) == x) -// = () - - -// let rw_simplify_v_mk_intu8 -// (x: int {Rust_primitives.Integers.range x u8_inttype}) -// (t: _ {t == u8_inttype}) -// : Lemma (UInt8.v (mk_int #t x) == x) -// = assert (UInt8.v (mk_int #t x) == v (mk_int #u8_inttype x)) - - -// let conv_mk_int_u8 x: Lemma (mk_int #u8_inttype x == UInt8.uint_to_t x) = admit () -// let rw_v_uint_to_t_u8 x: Lemma (UInt8.v (UInt8.uint_to_t x) == x) = () -// let rw_v_uint_to_t_u8' x: Lemma (UInt8.uint_to_t (UInt8.v x) == x) = () -// let rw_v_u8 x: Lemma (v #u8_inttype x == UInt8.v x) = () - -// let conv_mk_int_i16 x: Lemma (mk_int #i16_inttype x == Int16.int_to_t x) = admit () -// let rw_v_uint_to_t_i16 x: Lemma (Int16.v (Int16.int_to_t x) == x) = () -// let rw_v_uint_to_t_i16' x: Lemma (Int16.int_to_t (Int16.v x) == x) = () -// let rw_v_i16 x: Lemma (v #i16_inttype x == Int16.v x) = () - -// let conv_mk_int_i32 x: Lemma (mk_int #i32_inttype x == Int32.int_to_t x) = admit () -// let rw_v_uint_to_t_i32 x: Lemma (Int32.v (Int32.int_to_t x) == x) = () -// let rw_v_uint_to_t_i32' x: Lemma (Int32.int_to_t (Int32.v x) == x) = () -// let rw_v_i32 x: Lemma (v #i32_inttype x == Int32.v x) = () - -// let usize_v_mk_int x: Lemma (v #usize_inttype (mk_int #usize_inttype x) == x) = () - -// let rw_ints = [ -// `conv_mk_int_u8; -// `rw_v_uint_to_t_u8; -// `rw_v_uint_to_t_u8'; -// `rw_v_u8; -// `conv_mk_int_i16; -// `rw_v_uint_to_t_i16; -// `rw_v_uint_to_t_i16'; -// `rw_v_i16; -// `conv_mk_int_i32; -// `rw_v_uint_to_t_i32; -// `rw_v_uint_to_t_i32'; -// `rw_v_i32; -// `usize_v_mk_int; -// ] - -// let rw_v_mk_int t x: Lemma (v (mk_int #t x) == x) = () - -// // let lemma_gt_0 x: Lemma ( -// // (Int16.v (logand #Lib.IntTypes.S16 x 255s) @%. Lib.IntTypes.U8 >= 0) -// // == (Int16.v x >= 0) -// // ) = () - -// let rw = [ -// `norm_seq -// ; `rw_simplify_v_mk_int -// ; `conv_mk_int_u8; `rw_v_uint_to_t_u8; `rw_v_uint_to_t_u8' -// ; `conv_mk_int_i16; `rw_v_uint_to_t_i16; `rw_v_uint_to_t_i16' -// ; `rw_v_mk_int -// // ; `lemma_gt_0 -// ] - -// #push-options "--z3rlimit 60" -// let rw_bit_or (b1 b2: bit) result: -// Lemma -// (requires ( -// (b1 = 0 ==> b2 = 0 ==> result = 0) -// /\ (b1 = 0 ==> b2 = 1 ==> result = 1) -// /\ (b1 = 1 ==> b2 = 0 ==> result = 1) -// /\ (b1 = 1 ==> b2 = 1 ==> result = 0) -// )) -// (ensures (bit_or b1 b2 == result)) -// = () - -// type nn = { -// x_bits: nat; -// y_bits: int; -// x_shift: nat; -// } - -// #push-options "--z3rlimit 260" -// let numbers -// t (u: inttype {bits t > bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (arr2_term_idx: nat) = -// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = -// let first_bit = arr2_term_idx * d2 in -// let arr1_idx = first_bit / d1 in -// let x_shift = first_bit % d1 in -// // How many bits are left from `x` in the result? -// let x_bits: nat = d1 - x_shift in -// // How many bits are left from `y` in the result? -// let y_bits: int = d2 - x_bits in -// // let x_mask = pow2 x_bits - 1 in -// // let y_mask = pow2 y_bits - 1 in -// {x_bits; y_bits; x_shift; } -// #pop-options - -// let config = numbers i16_inttype u8_inttype 10 8 2 - -// #push-options "--z3rlimit 260" -// // #push-options "--z3rlimit 260 --admit_smt_queries true" -// let compute_term -// t (u: inttype {bits t > bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) -// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) -// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) -// (arr2_term_idx: nat {arr2_term_idx < n2}): int_t u = -// // let t (arr2_term_idx: nat {arr2_term_idx > 0 /\ arr2_term_idx < 4}) = -// let first_bit = arr2_term_idx * d2 in -// let arr1_idx = first_bit / d1 in -// let x = Seq.index arr1 arr1_idx in -// let x_shift = first_bit % d1 in -// // How many bits are left from `x` in the result? -// let x_bits = d1 - x_shift in -// // How many bits are left from `y` in the result? -// let y_bits = d2 - x_bits in -// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) x_bits; -// let x_mask = pow2 x_bits - 1 in -// let x': int_t u = cast ((x >>! mk_int #i32_inttype x_shift) &. mk_int #t x_mask) in -// if arr1_idx + 1 < n1 && y_bits > 0 -// then ( -// Math.Lemmas.pow2_le_compat (bits u - (if unsigned u then 0 else 1)) y_bits; -// let y_mask = pow2 y_bits - 1 in -// let y = Seq.index arr1 (arr1_idx + 1) in -// let y': int_t u = cast (y &. mk_int #t y_mask) in -// let y_shift = x_bits in -// let y': int_t u = y' < bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (n1: nat) (n2: nat {n2 * d2 == n1 * d1}) -// (arr1: Seq.seq (int_t t) {Seq.length arr1 == n1}) -// (arr2: Seq.seq (int_t u) {Seq.length arr2 == n2}) -// (arr2_term_idx: nat {arr2_term_idx < n2}) -// (i: nat { i < d2 }) -// : Lemma ( -// let first_bit = arr2_term_idx * d2 in -// let x_bits = d1 - first_bit % d1 in -// let arr1_idx = first_bit / d1 in -// get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) (sz i) -// == ( if i < x_bits -// // ICI C'EST PAS OKAY -// then get_bit (Seq.index arr1 arr1_idx ) (sz i) -// else get_bit (Seq.index arr1 (arr1_idx + 1)) (sz (i - x_bits)) -// ) -// // let j = i - -// // bv1 i == get_bit (compute_term t u d1 d2 n1 n2 arr1 arr2 arr2_term_idx) j -// ) = admit () -// #pop-options - -// let norm_pow2 (): Tac unit = -// pointwise (fun () -> -// begin match FStar.Tactics.V2.Logic.cur_formula () with -// | Comp _eq lhs _rhs -> -// let (head, args) = collect_app lhs in -// ( match (inspect head, args) with -// | (Tv_FVar fv, [_]) -> -// if implode_qn (inspect_fv fv) = `%pow2 -// then norm [iota; zeta_full; reify_; delta; primops; unmeta] -// else () -// | _ -> ()) -// | _ -> () -// end; -// trefl ()) - -// let unfold_index (#a: Type) (l: list a) (i:nat{i < List.Tot.length l}) -// : Lemma ( FStar.List.Tot.index #a l i -// == (let hd::tl = l in -// if i = 0 then hd else List.Tot.index tl (i - 1))) -// = () - -// exception StopNormIndex - -// let norm_index (): Tac unit = -// let _ = repeat (fun _ -> -// lset "found" false; -// pointwise (fun _ -> -// (fun () -> -// apply_lemma_rw (`unfold_index); -// lset "found" true -// ) `or_else` trefl); -// if lget "found" then () else raise StopNormIndex) in () - -// // #push-options "--fuel 0 --ifuel 0 --z3rlimit 60" -// // let xx (x0 x1: i16) = -// // get_bit_pow2_minus_one_i16 63 (sz 3); -// // assert (get_bit (mk_int #i16_inttype 63) (sz 3) == 1) - -// // // get_bit_pow2_minus_one_i16 63 (sz 3); -// // assert ( -// // get_bit x1 (mk_int #usize_inttype 3) -// // == -// // // get_bit ((cast (x1 &. mk_int #i16_inttype 63) <: u8) <>! mk_int #i16_inttype 8 &. mk_int #i16_inttype 3) <: u8) (mk_int 5)) -// // ) - -// // let shift_right_simplify_0 t (x: int_t t): Lemma (shift_right x 0l == x) -// // = () - -// #push-options "--compat_pre_core 0" -// #push-options "--z3rlimit 60" -// let lemma (arr1: t_Array i16 (sz 4)) = -// let arr2 = wrapped arr1 in -// let d1 = 10 in -// let d2 = 8 in -// let bv1 = bit_vec_of_int_t_array arr1 d1 in -// let bv2 = bit_vec_of_int_t_array arr2 d2 in -// let mk = compute_term -// i16_inttype u8_inttype -// 10 8 -// 4 5 -// arr1 arr2 -// in -// let mk_lemma = lemma_compute_term -// i16_inttype u8_inttype -// 10 8 -// 4 5 -// arr1 arr2 -// in -// let i = 13 in -// assert (forall (i: nat {i <= 19}). bv1 i == bv2 i) by ( -// let rec round (i: nat): Tac _ = -// apply_lemma (`split_forall_nat); -// norm [iota; reify_; primops; unmeta; delta_only [`%op_Subtraction]]; -// let deep_norm () = -// norm [iota; zeta; reify_; delta; primops; unmeta]; -// norm_index (); -// l_to_r (rw_ints `List.Tot.append` [`norm_index; `norm_seq]) -// in -// split (); -// flip (); -// focus (fun () -> -// dump "x"; -// let t = quote (get_bit (mk (i / d2)) (sz (i % d2))) in -// // let bv2_eq_t = tcut (`((`@bv2) (`@i) == (`#t))) in -// grewrite (quote (bv2 i)) t; -// dump "after grewrite 1"; -// flip (); -// focus (fun _ -> -// let _ = repeatn 3 deep_norm in -// trefl `or_else` (fun () -> -// dump "Not refl after norm, SMT?"; -// smt_sync (); -// dump "SMT ok" -// ) -// ); -// // let bv1_eq_t = tcut (`((`@bv1) (`@i) == (`#t))) in -// grewrite (quote (bv1 i)) t; -// dump "after grewrite 2"; -// flip (); -// focus (fun () -> -// dump "dunm"; -// l_to_r [quote mk_lemma]; -// compute (); -// trefl `or_else` (fun () -> -// dump "Not refl, SMT?"; -// smt_sync (); -// dump "SMT ok" -// ) -// ); -// dump "Just before the end of the round"; -// deep_norm (); -// dump "Just before the end of the round (+norm)"; -// trefl () -// ); -// dump ("finished round" ^ string_of_int i); -// if i = 0 -// then () -// else round (i - 1) -// in -// let _ = round 19 in -// () -// ); -// // assert (bv2 i == get_bit (mk (i / d2)) (sz (i % d2))) by ( -// // ); -// // assert ( -// // bv2 8 == get_bit t (sz 0) -// // ) by ( -// // compute (); -// // l_to_r [`norm_seq]; -// // ); -// admit(); -// () - -// let _ = -// assume (Int16.v (Seq.Base.index arr1 (i / d1)) >= 0); -// assume (Int16.v (Seq.Base.index arr1 (i / d2)) >= 0); -// // assert (bv2 13 == ); -// assert ( -// bv2 13 -// == bv1 13 -// // == get_bit (Seq.index bv1 0) (sz 0) -// // == get_bit (Seq.index arr2 0) (sz 0) -// //get_bit (Seq.index arr2 0) (sz 0) -// ) by ( - -// compute (); -// l_to_r rw; -// compute (); -// l_to_r rw; -// norm [iota; simplify; zeta_full; reify_; delta; primops; unmeta]; -// l_to_r rw; -// l_to_r [`Math.Lemmas.modulo_distributivity]; -// l_to_r [`get_bit_or; `get_bit_and]; -// // l_to_r [`rw_bit_or]; -// apply_lemma (`rw_bit_or); -// l_to_r rw; -// fail "x"; -// let _ = repeat split in -// iterAll (fun _ -> -// l_to_r rw; -// norm [iota; simplify; zeta_full; reify_; delta; primops; simplify; unmeta]; -// () -// ); -// fail "x"; -// iterAll ( -// fun _ -> -// dump "SMT for:"; -// smt_sync () -// ) -// // let _ = iterAll (fun _ -> let _ = l_intros () in ()) in -// // fail "x" -// // tadmit () -// ) - - - diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst deleted file mode 100644 index acdcf619b..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Portable.fst +++ /dev/null @@ -1,351 +0,0 @@ -module Libcrux_ml_kem.Vector.Avx2.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -open Core -open FStar.Mul - -let deserialize_11_int (bytes: t_Slice u8) = - let r0:i16 = - (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) - in - let r2:i16 = - ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) - in - let r3:i16 = - (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) - in - let r4:i16 = - (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) - in - let r5:i16 = - ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) - in - let r6:i16 = - (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) - in - let r7:i16 = - ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) - in - r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -let serialize_11_int (v: t_Slice i16) = - let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in - let r1:u8 = - ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) - in - let r2:u8 = - ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) - in - let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in - let r4:u8 = - ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) - in - let r5:u8 = - ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) - in - let r6:u8 = - ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) - in - let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in - let r8:u8 = - ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) - in - let r9:u8 = - ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) - in - let r10:u8 = cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8 in - r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 - <: - (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -let from_i16_array (array: t_Array i16 (sz 16)) = { f_elements = array } <: t_PortableVector - -let serialize_11_ (v: t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.f_elements.[ { Core.Ops.Range.f_start = sz 8; Core.Ops.Range.f_end = sz 16 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let result:t_Array u8 (sz 22) = Rust_primitives.Hax.repeat 0uy (sz 22) in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 0) r0_10_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 1) r0_10_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 2) r0_10_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 3) r0_10_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 4) r0_10_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 5) r0_10_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 6) r0_10_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 7) r0_10_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 8) r0_10_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 9) r0_10_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 10) r0_10_._11 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 11) r11_21_._1 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 12) r11_21_._2 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 13) r11_21_._3 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 14) r11_21_._4 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 15) r11_21_._5 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 16) r11_21_._6 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 17) r11_21_._7 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 18) r11_21_._8 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 19) r11_21_._9 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 20) r11_21_._10 - in - let result:t_Array u8 (sz 22) = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result (sz 21) r11_21_._11 - in - result - -let to_i16_array (v: t_PortableVector) = v.f_elements - -let zero (_: Prims.unit) = - { f_elements = Rust_primitives.Hax.repeat 0s (sz 16) } <: t_PortableVector - -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v:t_PortableVector = zero () in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 0) v0_7_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 1) v0_7_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 2) v0_7_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 3) v0_7_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 4) v0_7_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 5) v0_7_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 6) v0_7_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 7) v0_7_._8 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 8) v8_15_._1 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 9) v8_15_._2 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 10) v8_15_._3 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 11) v8_15_._4 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 12) v8_15_._5 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 13) v8_15_._6 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 14) v8_15_._7 - } - <: - t_PortableVector - in - let v:t_PortableVector = - { - v with - f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v.f_elements (sz 15) v8_15_._8 - } - <: - t_PortableVector - in - v diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst deleted file mode 100644 index 785f57dd7..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.Edited.fst +++ /dev/null @@ -1,2334 +0,0 @@ -module Libcrux_ml_kem.Vector.Portable.Serialize.Edited -// #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" -// open Core -// open FStar.Mul - -// #push-options "--admit_smt_queries true" - -// let deserialize_10_int (bytes: t_Slice u8) = -// let r0:i16 = -// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) -// in -// let r2:i16 = -// (((cast (bytes.[ sz 3 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) -// in -// let r3:i16 = -// ((cast (bytes.[ sz 4 ] <: u8) <: i16) <>! 6l <: i16) -// in -// let r4:i16 = -// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 3s <: i16) <>! 2l <: i16) -// in -// let r6:i16 = -// (((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 63s <: i16) <>! 4l <: i16) -// in -// let r7:i16 = -// ((cast (bytes.[ sz 9 ] <: u8) <: i16) <>! 6l <: i16) -// in -// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_11_int (bytes: t_Slice u8) = -// let r0:i16 = -// (((cast (bytes.[ sz 1 ] <: u8) <: i16) &. 7s <: i16) <>! 3l <: i16) -// in -// let r2:i16 = -// ((((cast (bytes.[ sz 4 ] <: u8) <: i16) &. 1s <: i16) <>! 6l <: i16) -// in -// let r3:i16 = -// (((cast (bytes.[ sz 5 ] <: u8) <: i16) &. 15s <: i16) <>! 1l <: i16) -// in -// let r4:i16 = -// (((cast (bytes.[ sz 6 ] <: u8) <: i16) &. 127s <: i16) <>! 4l <: i16) -// in -// let r5:i16 = -// ((((cast (bytes.[ sz 8 ] <: u8) <: i16) &. 3s <: i16) <>! 7l <: i16) -// in -// let r6:i16 = -// (((cast (bytes.[ sz 9 ] <: u8) <: i16) &. 31s <: i16) <>! 2l <: i16) -// in -// let r7:i16 = -// ((cast (bytes.[ sz 10 ] <: u8) <: i16) <>! 5l <: i16) -// in -// r0, r1, r2, r3, r4, r5, r6, r7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_12_int (bytes: t_Slice u8) = -// let byte0:i16 = cast (bytes.[ sz 0 ] <: u8) <: i16 in -// let byte1:i16 = cast (bytes.[ sz 1 ] <: u8) <: i16 in -// let byte2:i16 = cast (bytes.[ sz 2 ] <: u8) <: i16 in -// let r0:i16 = ((byte1 &. 15s <: i16) <>! 4l <: i16) &. 15s <: i16) in -// r0, r1 <: (i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_4_int (bytes: t_Slice u8) = -// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 15uy <: u8) <: i16 in -// let v1:i16 = cast (((bytes.[ sz 0 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// let v2:i16 = cast ((bytes.[ sz 1 ] <: u8) &. 15uy <: u8) <: i16 in -// let v3:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// let v4:i16 = cast ((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <: i16 in -// let v5:i16 = cast (((bytes.[ sz 2 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// let v6:i16 = cast ((bytes.[ sz 3 ] <: u8) &. 15uy <: u8) <: i16 in -// let v7:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 4l <: u8) &. 15uy <: u8) <: i16 in -// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_5_int (bytes: t_Slice u8) = -// let v0:i16 = cast ((bytes.[ sz 0 ] <: u8) &. 31uy <: u8) <: i16 in -// let v1:i16 = -// cast ((((bytes.[ sz 1 ] <: u8) &. 3uy <: u8) <>! 5l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v2:i16 = cast (((bytes.[ sz 1 ] <: u8) >>! 2l <: u8) &. 31uy <: u8) <: i16 in -// let v3:i16 = -// cast ((((bytes.[ sz 2 ] <: u8) &. 15uy <: u8) <>! 7l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v4:i16 = -// cast ((((bytes.[ sz 3 ] <: u8) &. 1uy <: u8) <>! 4l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v5:i16 = cast (((bytes.[ sz 3 ] <: u8) >>! 1l <: u8) &. 31uy <: u8) <: i16 in -// let v6:i16 = -// cast ((((bytes.[ sz 4 ] <: u8) &. 7uy <: u8) <>! 6l <: u8) -// <: -// u8) -// <: -// i16 -// in -// let v7:i16 = cast ((bytes.[ sz 4 ] <: u8) >>! 3l <: u8) <: i16 in -// v0, v1, v2, v3, v4, v5, v6, v7 <: (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) - -// #pop-options - -// #push-options "--z3rlimit 480 --split_queries always" - -// let serialize_10_int (v: t_Slice i16) = -// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in -// let r1:u8 = -// ((cast ((v.[ sz 1 ] <: i16) &. 63s <: i16) <: u8) <>! 8l <: i16) &. 3s <: i16) <: u8) -// in -// let r2:u8 = -// ((cast ((v.[ sz 2 ] <: i16) &. 15s <: i16) <: u8) <>! 6l <: i16) &. 15s <: i16) <: u8) -// in -// let r3:u8 = -// ((cast ((v.[ sz 3 ] <: i16) &. 3s <: i16) <: u8) <>! 4l <: i16) &. 63s <: i16) <: u8) -// in -// let r4:u8 = cast (((v.[ sz 3 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in -// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in -// r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) - -// #pop-options - -// // #push-options "--ifuel 1 --z3rlimit 1600 " - -// unfold let (.[]) (x: t_Slice i16) (i: usize {v i < Seq.length x}): i16 = Seq.index x (v i) - -// // val serialize_11_int' (v: t_Slice i16) -// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// // (requires Seq.length v == 8 -// // /\ Rust_primitives.bounded (v.[sz 0] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 1] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 2] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 3] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 4] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 5] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 6] <: i16) 11 -// // /\ Rust_primitives.bounded (v.[sz 7] <: i16) 11 -// // ) -// // (ensures -// // fun tuple -> -// // let tuple:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = tuple in -// // BitVecEq.int_t_array_bitwise_eq' (v <: t_Array i16 (sz 8)) 11 (MkSeq.create11 tuple) 8) - -// #push-options "--ifuel 1 --z3rlimit 600 --split_queries always" - -// val compress_coefficients_11_ -// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -// int_t_d i16_inttype 11) -// : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// (requires True) -// (ensures fun tuple -> -// True -// // BitVecEq.int_t_array_bitwise_eq' -// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -// // (MkSeq.create11 tuple) 8 -// ) - -// #pop-options - -// // #push-options "--z3rlimit 90" -// // let rightmost_bits #t u -// // (coef: int_t t) (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) -// // (shift: nat {shift > 0 /\ shift < bits u}) -// // : result: int_t u {forall i. get_bit result i == } -// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; -// // (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) -// // <= bits u}) -// // (coef: int_t t) -// // (n_bits: nat {n_bits <= bits t - (if unsigned t then 0 else 1)}) -// // (shift: nat {shift > 0 /\ shift < (bits u - n_bits)}) -// // // : result: int_t u -// // // {forall (i: nat). i < n_bits ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) } -// // // : result: int_t u {forall i. (i >= shift /\ i < shift + n_bits) -// // // ==> get_bit result (sz i) == get_bit coef (sz (i - shift)) -// // // } -// // = Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) n_bits; -// // let x = (cast (coef &. mk_int (pow2 n_bits - 1)) <: int_t u) in -// // let y: int_t u = mk_int shift in -// // let result = x < 0 -// // // // ==> -// // // // (get_bit result (sz 0) == get_bit x (sz shift)) -// // // // ); -// // // // admit (); -// // result - -// // let leftmost_bits #t u (coef: int_t t) (shift: nat {shift > 0 /\ shift < bits t}) -// // = (cast (coef >>! (mk_int shift <: int_t t)) <: int_t u) - -// let is_num_bits t (d:nat) = d > 0 /\ d <= bits t /\ (signed t ==> d < bits t) - -// #push-options "--fuel 0 --ifuel 0 --z3rlimit 900" -// [@@"opaque_to_smt"] -// let mix_two_ints t (u:inttype {bits t > bits u}) -// (d1: num_bits t) (d2: num_bits u) -// (x1: int_t t) (x2: int_t t) -// (offset1: pos { offset1 < d1 /\ offset1 > d1 - d2}) -// : r: int_t u { -// forall i. i < d2 -// ==> get_bit r (sz i) -// = ( if i >= d1 - offset1 (* offset2 *) -// then -// // get_bit r (sz i) -// get_bit x2 (sz (i - (d1 - offset1))) -// else -// // get_bit r (sz i) -// get_bit x1 (sz (offset1 + i)) -// ) -// } -// = -// let offset2 = d1 - offset1 in -// Math.Lemmas.pow2_le_compat (bits t - (if unsigned t then 0 else 1)) (d2 - offset2); -// let power = d2 - offset2 in -// FStar.Classical.forall_intro (get_bit_pow2_minus_one #t power); -// let mask: int_t t = mk_int (pow2 power - 1) in -// admit (); -// ((cast (x2 &. mask <: int_t t) <: int_t u) <>! mk_int #t offset1 <: int_t t) <: int_t u) -// // let a = cast (x1 >>! mk_int #t offset1 <: int_t t) <: int_t u in -// // let b' = cast (x2 &. mask <: int_t t) <: int_t u in -// // let b = b' <= offset2 /\ i < d2}). get_bit b (sz i) == get_bit x2 (sz (i - offset2)) -// // with ( -// // get_bit_pow2_minus_one #t power (sz (i - offset2)); -// // get_bit_and x2 mask (sz i) -// // ); -// // let proof (i: nat {i >= offset2 /\ i < d2}) = -// // // assert (get_bit b (sz i) == get_bit b' (sz (i - offset2))); -// // get_bit_pow2_minus_one #t power (sz (i - offset2)); -// // // assert (get_bit mask (sz (i - offset2)) == 1); -// // get_bit_and x2 mask (sz i); -// // // assert (get_bit b' (sz (i - offset2)) == get_bit x2 (sz (i - offset2))); -// // assert (get_bit b (sz i) == get_bit x2 (sz (i - offset2))); -// // () -// // in -// // // assert (forall (i: nat {i < offset2}). get_bit b (sz i) == 0); -// // // let proof (i: nat {i < offset2}) = - -// // // calc (==) { -// // // get_bit r (sz i); -// // // == { -// // // assert (get_bit b (sz i) == 0); -// // // get_bit_or a b (sz i) -// // // } get_bit a (sz i); -// // // // == { -// // // // get_bit_shr x1 (mk_int #t offset1) (sz i) -// // // // } get_bit x1 (sz (offset1 + i)); -// // // }; -// // // // assert (get_bit b (sz i) == 0); -// // // // assert (get_bit (b |. a) (sz i) == get_bit a (sz i)); -// // // // assert (get_bit a (sz i) == get_bit x1 (sz (offset1 + i))); -// // // // assert (get_bit (b |. a) (sz i) == get_bit x1 (sz (offset1 + i))); -// // // () -// // // // assert (get_bit r (a |. b) == get_bit a (sz i)); -// // // in -// // r -// #pop-options - -// let mask_inv_opt_in_range #t (mask: int_t t {Some? (mask_inv_opt (v mask))}) -// : Lemma (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t) -// [SMTPat (Rust_primitives.Integers.range (Some?.v (mask_inv_opt (v mask))) t)] -// = let n = (Some?.v (mask_inv_opt (v mask))) in -// assert (pow2 n - 1 == v mask) - -// #push-options "--z3rlimit 90 --split_queries always" -// let rw_mix_two_ints -// t u -// (x1: int_t t) (x2: int_t t) -// (mask: int_t t {Some? (mask_inv_opt (v mask))}) -// (shl: int_t t {v shl > 0 /\ v shl < bits u}) -// (shr: int_t t {v shr > 0 /\ v shr < bits t}) -// : Lemma -// (requires ( -// let d1 = v shl + v shr in -// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in -// let offset1 = v shr in -// bits t > bits u -// /\ is_num_bits t d1 -// /\ is_num_bits u d2 -// /\ offset1 < d1 -// /\ offset1 > d1 - d2 -// )) -// (ensures -// ( ((cast (x2 &. mask <: int_t t) <: int_t u) <>! shr <: int_t t) <: int_t u) -// ) -// == ( -// let d1 = v shl + v shr in -// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in -// let offset1 = v shr in -// mix_two_ints t u d1 d2 x1 x2 offset1 -// ) -// ) -// = let d1 = v shl + v shr in -// let d2 = Some?.v (mask_inv_opt (v mask)) + v shl in -// let offset1 = v shr in -// reveal_opaque (`%mix_two_ints) (mix_two_ints t u d1 d2 x1 x2 offset1); -// admit () -// #pop-options - -// open FStar.Tactics.V2 - -// let tau () -// = let first_or_trefl () : Tac unit = -// if try apply_lemma_rw (`rw_mix_two_ints); true -// with | _ -> false -// then begin -// FStar.Tactics.V1.dump "Before norm"; -// norm [iota; zeta_full; reify_; delta; primops; simplify; unmeta]; -// FStar.Tactics.V1.dump "After norm"; -// trivial () -// end else trefl () -// in -// pointwise first_or_trefl; -// FStar.Tactics.V1.dump "xx"; -// trefl () - -// #push-options "--compat_pre_core 2" - -// #push-options "--z3rlimit 90" -// // [@@"opaque_to_smt"] -// [@@postprocess_with tau] -// let compress_coefficients_11_ -// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 = -// let coef1:u8 = cast (coefficient1 <: i16) <: u8 in -// // assert (get_bit ) -// // coefficient1 -// let coef2:u8 = -// ((cast (coefficient2 &. 31s <: i16) <: u8) <>! 8s <: i16) <: u8) -// in -// let coef3:u8 = -// ((cast (coefficient3 &. 3s <: i16) <: u8) <>! 5s <: i16) <: u8) -// in -// let coef4:u8 = cast ((coefficient3 >>! 2s <: i16) &. 255s <: i16) <: u8 in -// let coef5:u8 = -// ((cast (coefficient4 &. 127s <: i16) <: u8) <>! 10s <: i16) <: u8) -// in -// let coef6:u8 = -// ((cast (coefficient5 &. 15s <: i16) <: u8) <>! 7s <: i16) <: u8) -// in -// let coef7:u8 = -// ((cast (coefficient6 &. 1s <: i16) <: u8) <>! 4s <: i16) <: u8) -// in -// let coef8:u8 = cast ((coefficient6 >>! 1s <: i16) &. 255s <: i16) <: u8 in -// let coef9:u8 = -// ((cast (coefficient7 &. 63s <: i16) <: u8) <>! 9s <: i16) <: u8) -// in -// let coef10:u8 = -// ((cast (coefficient8 &. 7s <: i16) <: u8) <>! 6s <: i16) <: u8) -// in -// let coef11:u8 = cast (coefficient8 >>! 3s <: i16) <: u8 in -// // admit (); -// // BitVecEq.bit_vec_equal_intro_principle (); -// coef1, coef2, coef3, coef4, coef5, coef6, coef7, coef8, coef9, coef10, coef11 -// <: -// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// #pop-options - -// #push-options "--fuel 5 --ifuel 0 --z3rlimit 800 --split_queries always" -// let compress_coefficients_11_lemma -// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -// int_t_d i16_inttype 11) -// = BitVecEq.bit_vec_equal_intro_principle (); -// // let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in -// // let arr2 = (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) in -// // let bv1 = bit_vec_of_int_t_array arr1 11 in -// // let bv2 = bit_vec_of_int_t_array arr2 8 in -// // let d1 = 11 in -// // let d2 = 8 in -// // let i = 27 in -// // let coef_number_input = i / d1 in -// // let mixed = mix_two_ints i16_inttype u8_inttype -// // 11 8 -// // (Seq.index arr1 coef_number_input ) -// // (Seq.index arr1 (coef_number_input + 1)) -// // (i % d2) in -// assert ( -// // bv1 i == get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) -// // bv2 i == get_bit mixed (sz (i % d2)) -// // get_bit (Seq.index arr1 (coef_number_input)) (sz (i % d1)) -// // bv1 27 == bv2 27 -// BitVecEq.int_t_array_bitwise_eq' -// (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -// (MkSeq.create11 (compress_coefficients_11_ coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8)) 8 -// ) -// #pop-options - -// // bv2 i == bit_vec (Seq.index arr1 ()) - -// let eee -// (coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8: -// int_t_d i32_inttype 11) -// = let arr1 = MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8) in -// let tuple = compress_coefficients_11_ -// coefficient1 coefficient2 coefficient3 coefficient4 coefficient5 coefficient6 coefficient7 coefficient8 in -// let arr2 = MkSeq.create11 tuple in -// let bv1 = bit_vec_of_int_t_array arr1 11 in -// let bv2 = bit_vec_of_int_t_array (MkSeq.create11 tuple) 8 in -// let i = 0 in -// let d = 11 in -// assert ( -// // bv2 i == get_bit (Seq.index arr2 (i / 11)) (sz (i % 11)) -// bv2 i == (cast (coefficient1 <: i32) <: u8) -// ) by (FStar.Tactics.compute (); FStar.Tactics.trefl (); FStar.Tactics.fail "x"); -// // assert ( -// // bv1 i == get_bit (Seq.index arr1 (i / 11)) (sz (i % 11)) -// // ) by (FStar.Tactics.compute (); FStar.Tactics.fail "x"); -// admit () -// // : Prims.Pure (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) -// // (requires True) -// // (ensures fun tuple -> -// // BitVecEq.int_t_array_bitwise_eq' -// // (MkSeq.create8 (coefficient1, coefficient2, coefficient3, coefficient4, coefficient5, coefficient6, coefficient7, coefficient8)) 11 -// // (MkSeq.create11 tuple) 8 -// // ) - -// #push-options "--ifuel 1 --z3rlimit 200" - -// #push-options "--z3rlimit 1600 --split_queries always" - -// let serialize_11_int' (v: t_Slice i16) = -// let r0:u8 = cast (v.[ sz 0 ] <: i16) <: u8 in -// let r1:u8 = -// ((cast ((v.[ sz 1 ] <: i16) &. 31s <: i16) <: u8) <>! 8l <: i16) <: u8) -// in -// let r2:u8 = -// ((cast ((v.[ sz 2 ] <: i16) &. 3s <: i16) <: u8) <>! 5l <: i16) <: u8) -// in -// let r3:u8 = cast (((v.[ sz 2 ] <: i16) >>! 2l <: i16) &. 255s <: i16) <: u8 in -// let r4:u8 = -// ((cast ((v.[ sz 3 ] <: i16) &. 127s <: i16) <: u8) <>! 10l <: i16) <: u8) -// in -// let r5:u8 = -// ((cast ((v.[ sz 4 ] <: i16) &. 15s <: i16) <: u8) <>! 7l <: i16) <: u8) -// in -// let r6:u8 = -// ((cast ((v.[ sz 5 ] <: i16) &. 1s <: i16) <: u8) <>! 4l <: i16) <: u8) -// in -// let r7:u8 = cast (((v.[ sz 5 ] <: i16) >>! 1l <: i16) &. 255s <: i16) <: u8 in -// let r8:u8 = -// ((cast ((v.[ sz 6 ] <: i16) &. 63s <: i16) <: u8) <>! 9l <: i16) <: u8) -// in -// let r9:u8 = -// ((cast ((v.[ sz 7 ] <: i16) &. 7s <: i16) <: u8) <>! 6l <: i16) <: u8) -// in -// let r10: u8 = (cast ((v.[ sz 7 ] <: i16) >>! 3l <: i16) <: u8) in -// let _:Prims.unit = BitVecEq.bit_vec_equal_intro_principle () in -// r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10 -// <: -// (u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let serialize_12_int (v: t_Slice i16) = -// let r0:u8 = cast ((v.[ sz 0 ] <: i16) &. 255s <: i16) <: u8 in -// let r1:u8 = -// cast (((v.[ sz 0 ] <: i16) >>! 8l <: i16) |. (((v.[ sz 1 ] <: i16) &. 15s <: i16) <>! 4l <: i16) &. 255s <: i16) <: u8 in -// r0, r1, r2 <: (u8 & u8 & u8) - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let serialize_4_int (v: t_Slice i16) = -// let result0:u8 = -// ((cast (v.[ sz 1 ] <: i16) <: u8) <>! 3l <: i16) |. ((v.[ sz 2 ] <: i16) <>! 1l <: i16) |. ((v.[ sz 4 ] <: i16) <>! 4l <: i16) |. ((v.[ sz 5 ] <: i16) <>! 2l <: i16) |. ((v.[ sz 7 ] <: i16) < -// let result:t_Array u8 (sz 2) = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:t_Array u8 (sz 2) = result in -// let i:usize = i in -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// (sz 0) -// ((result.[ sz 0 ] <: u8) |. -// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < -// let result:t_Array u8 (sz 2) = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:t_Array u8 (sz 2) = result in -// let i:usize = i in -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// (sz 1) -// ((result.[ sz 1 ] <: u8) |. -// ((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: u8) < -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let i:usize = i in -// { -// result with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// i -// (cast (((v.[ sz 0 ] <: u8) >>! i <: u8) &. 1uy <: u8) <: i16) -// <: -// t_Array i16 (sz 16) -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// in -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Rust_primitives.Hax.Folds.fold_range (sz 8) -// Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR -// (fun result temp_1_ -> -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let _:usize = temp_1_ in -// true) -// result -// (fun result i -> -// let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in -// let i:usize = i in -// { -// result with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// i -// (cast (((v.[ sz 1 ] <: u8) >>! (i -! sz 8 <: usize) <: u8) &. 1uy <: u8) <: i16) -// <: -// t_Array i16 (sz 16) -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -// in -// result - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_10_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 20 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_11_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_12_ (bytes: t_Slice u8) = -// let v0_1_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v2_3_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 3; Core.Ops.Range.f_end = sz 6 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v4_5_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 6; Core.Ops.Range.f_end = sz 9 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v6_7_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 9; Core.Ops.Range.f_end = sz 12 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_9_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 12; Core.Ops.Range.f_end = sz 15 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v10_11_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 15; Core.Ops.Range.f_end = sz 18 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v12_13_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 18; Core.Ops.Range.f_end = sz 21 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v14_15_:(i16 & i16) = -// deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 21; Core.Ops.Range.f_end = sz 24 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_1_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_1_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v2_3_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v2_3_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v4_5_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v4_5_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v6_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v6_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_9_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_9_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v10_11_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v10_11_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v12_13_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v12_13_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v14_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let re:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// re with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize re -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v14_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// re - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_4_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 8 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options - -// #push-options "--admit_smt_queries true" - -// let deserialize_5_ (bytes: t_Slice u8) = -// let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = -// deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } -// <: -// Core.Ops.Range.t_Range usize ] -// <: -// t_Slice u8) -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// Libcrux_ml_kem.Vector.Portable.Vector_type.zero () -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 0) -// v0_7_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 1) -// v0_7_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 2) -// v0_7_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 3) -// v0_7_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 4) -// v0_7_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 5) -// v0_7_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 6) -// v0_7_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 7) -// v0_7_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 8) -// v8_15_._1 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 9) -// v8_15_._2 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 10) -// v8_15_._3 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 11) -// v8_15_._4 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 12) -// v8_15_._5 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 13) -// v8_15_._6 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 14) -// v8_15_._7 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -// { -// v with -// Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// = -// Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v -// .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements -// (sz 15) -// v8_15_._8 -// } -// <: -// Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector -// in -// v - -// #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst b/libcrux-ml-kem/proofs/fstar/extraction/Tactic.RwLemmas.fst deleted file mode 100644 index e69de29bb..000000000 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst b/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst deleted file mode 100644 index e2e480052..000000000 --- a/libcrux-ml-kem/proofs/fstar/extraction/TacticTest.fst +++ /dev/null @@ -1,15 +0,0 @@ -module TacticTest - -open Core -open FStar.Mul -open FStar.Tactics.V2 - -module _ = BitVecEq -module _ = Rust_primitives.BitVectors - - -/// Rewrite lemmas - - - - diff --git a/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json b/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json deleted file mode 100644 index 2509bf529..000000000 --- a/libcrux-ml-kem/proofs/fstar/spec/ML.KEM.Spec.fst.config.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "fstar_exe": "fstar.exe", - "options": [ - "--warn_error", - "-274-321-331", - "--cache_checked_modules", - "--query_stats", - "--record_hints", - "--log_queries", - "--cache_dir", - ".cache", - "--no_location_info", - "--use_hints" - ], - "include_dirs": [ - "${HACL_HOME}/lib", - "${HACL_HOME}/specs", - "${HAX_HOME}/proof-libs/fstar/rust_primitives", - "${HAX_HOME}/proof-libs/fstar/core", - "${HAX_HOME}/hax-lib/proofs/fstar/extraction", - "../../../../sys/platform/proofs/fstar/extraction", - "../../../../libcrux-sha3/proofs/fstar/extraction", - "../../../../libcrux-intrinsics/proofs/fstar/extraction" - ] -} From be21196bf1eff1b8d35381270147e7fb00e035a4 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Tue, 3 Sep 2024 10:05:15 +0200 Subject: [PATCH 208/348] Remove unsafe code from include to avoid being rejected by hax. --- libcrux-ml-kem/hax.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 534d921cc..b95b864ab 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -31,7 +31,7 @@ class extractAction(argparse.Action): def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform interfaces - include_str = "+:**" + include_str = "+:** -**::x86::init::cpuid -**::x86::init::cpuid_count" interface_include = "+**" cargo_hax_into = [ "cargo", From 3183572181daad04a4361c689c570af2b3c90abe Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 15:45:15 +0000 Subject: [PATCH 209/348] Update MLKEM Makefile --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 07600d92d..002992afa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,16 +1,13 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst -ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Ind_cca.fst \ - Libcrux_ml_kem.Ind_cpa.fst \ - Libcrux_ml_kem.Ind_cpa.fsti \ +ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Matrix.fst \ Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ - Libcrux_ml_kem.Vector.Avx2.SeriGalize.fst \ + Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ @@ -19,16 +16,10 @@ ADMIT_MODULES += Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ Libcrux_ml_kem.Vector.Neon.Compress.fst \ - Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.fsti \ + Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ - Libcrux_ml_kem.Vector.Portable.Arithmetic.fst \ - Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ - Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ - Libcrux_ml_kem.Vector.Traits.fst include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From 1b7fe71621ac57f9f30f3b7bc9c7171653c1d9fe Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 20:45:15 +0200 Subject: [PATCH 210/348] ntt wip --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 57 +++++++++++-------- 1 file changed, 34 insertions(+), 23 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index fd610ae8d..856328a84 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -140,7 +140,24 @@ let inv_ntt_layer_3_step in v -#push-options "--z3rlimit 50 --query_stats --split_queries always" +let vu16 (b1:u16) : nat = + let r = v b1 in + assert (r >= 0); + r + + +#push-options "--z3rlimit 150" +val mul_i16b (b1 b2:u16) (n1 n2:i16): + Pure i32 + (requires (let vb1: nat = v b1 in Spec.Utils.is_i16b vb1 n1)) + (ensures (fun _ -> True)) + + //z /\ Spec.Utils.is_i16b (v b2) n2)) + (ensures (fun _ -> Spec.Utils.is_i32b (v b1 * v b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) + +let mul_i16b (b1 b2:u16) (n1 n2:i16) = + +#push-options "--z3rlimit 300 --query_stats --split_queries always" let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -170,32 +187,26 @@ let ntt_multiply_binomials Spec.Utils.lemma_mul_intb 3328 3328 (v aj) (v bi); Spec.Utils.lemma_mul_intb 3328 3328 (v aj) (v bj); let ai_bi = ai *! bi in - let aj_bj = aj *! bj in - let sum = ai_bi +! aj_bj in - assert (Spec.Utils.is_i32b (2 * 3328 * 3328) sum); + let aj_bj = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (aj *! bj) in + assert (Spec.Utils.is_i16b 3328 aj_bj); + Spec.Utils.lemma_mul_intb 3328 1664 (v aj_bj) (v zeta); + let aj_bj_zeta = (cast aj_bj <: i32) *. (cast (zeta <: i16) <: i32) in + assert (v aj_bj_zeta = v aj_bj * v zeta); + assert (Spec.Utils.is_i32b (3328 * 1664) aj_bj_zeta); + let sum = ai_bi +! aj_bj_zeta in + assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 1664) sum); let red = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element sum in assert (Spec.Utils.is_i16b (3328 + 1665) red); - assert (Spec.Utils.is_i16b 1664 zeta); Spec.Utils.lemma_mul_intb (3328 + 1665) 1664 (v red) (v zeta); - let o0 = (cast red <: i32) *! (cast (zeta <: i16) <: i32) in - admit() - let o1:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) - <: - i32) +! - ((cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) - <: - i32) - <: - i32) + let mul = (cast red <: i32) *! (cast (zeta <: i16) <: i32) in + let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element mul in + let ai_bj = ai *! bj in + let aj_bi = aj *! bi in + let sum = ai_bj +! aj_bi in + assert (Spec.Utils.is_i32b (2 * 3328 * 3328) sum); + let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element sum in + admit() let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with From bd251358508d823009b40d1cd0b41942886bee68 Mon Sep 17 00:00:00 2001 From: Maxime Buyse Date: Tue, 3 Sep 2024 10:05:15 +0200 Subject: [PATCH 211/348] Remove unsafe code from include to avoid being rejected by hax. --- libcrux-ml-kem/hax.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 534d921cc..b95b864ab 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -31,7 +31,7 @@ class extractAction(argparse.Action): def __call__(self, parser, args, values, option_string=None) -> None: # Extract platform interfaces - include_str = "+:**" + include_str = "+:** -**::x86::init::cpuid -**::x86::init::cpuid_count" interface_include = "+**" cargo_hax_into = [ "cargo", From 705320f047f84bd4b4c65a3fe503bbde182cd950 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 3 Sep 2024 21:36:06 +0200 Subject: [PATCH 212/348] wip --- .../fstar-bitvec/BitVec.Equality.fst | 11 +- .../fstar-bitvec/BitVec.Equality.fsti | 8 + .../fstar-bitvec/BitVec.Intrinsics.fsti | 148 +++++++++++---- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 68 ++++++- .../Libcrux_intrinsics.Avx2_extract.fsti | 22 +-- libcrux-intrinsics/src/avx2_extract.rs | 20 ++- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 168 ++++++++++++++++-- libcrux-ml-kem/src/vector/avx2/serialize.rs | 81 +++++---- .../extraction/Libcrux_platform.X86.fsti | 6 - 9 files changed, 409 insertions(+), 123 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Equality.fst b/fstar-helpers/fstar-bitvec/BitVec.Equality.fst index afbc5a4fa..5e21832c7 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Equality.fst +++ b/fstar-helpers/fstar-bitvec/BitVec.Equality.fst @@ -33,7 +33,16 @@ let bv_equality' #n (bv1 bv2: bit_vec n) let bv_equality #n (bv1 bv2: bit_vec n) = bv_equality' bv1 bv2 - + +let bv_equality_elim #n (bv1 bv2: bit_vec n) + : Lemma (requires bv_equality bv1 bv2) + (ensures bv1 == bv2) + = () +let bv_equality_intro #n (bv1 bv2: bit_vec n) + : Lemma (requires bv1 == bv2) + (ensures bv_equality bv1 bv2) + = () + let rewrite n (bv1: bit_vec n) : Lemma (bv_equality #n bv1 bv1 == true) = () diff --git a/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti b/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti index 184202a61..5340903b4 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Equality.fsti @@ -6,4 +6,12 @@ open FStar.Mul open FStar.FunctionalExtensionality val bv_equality #n (bv1 bv2: bit_vec n): bool +val bv_equality_elim #n (bv1 bv2: bit_vec n) + : Lemma (requires bv_equality bv1 bv2) + (ensures bv1 == bv2) +val bv_equality_intro #n (bv1 bv2: bit_vec n) + : Lemma (requires bv1 == bv2) + (ensures bv_equality bv1 bv2) val rewrite n (bv1: bit_vec n): Lemma (bv_equality #n bv1 bv1 == true) + + diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index a246794d6..1a2043013 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -3,13 +3,9 @@ module BitVec.Intrinsics open Core open Rust_primitives open FStar.Mul - -(*** BitVec related utils *) -open FStar.FunctionalExtensionality +open BitVec.Utils open BitVec.Equality -open Rust_primitives.BitVectors - -let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f +open Tactics.Utils (*** The intrinsics *) @@ -28,6 +24,46 @@ let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec (i + 128)) +let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : bit_vec 256 + = mk_bv (fun i -> + let offset = i % 16 in + match i / 16 with + | 0 -> get_bit x15 (sz offset) + | 1 -> get_bit x14 (sz offset) + | 2 -> get_bit x13 (sz offset) + | 3 -> get_bit x12 (sz offset) + | 4 -> get_bit x11 (sz offset) + | 5 -> get_bit x10 (sz offset) + | 6 -> get_bit x9 (sz offset) + | 7 -> get_bit x8 (sz offset) + | 8 -> get_bit x7 (sz offset) + | 9 -> get_bit x6 (sz offset) + | 10 -> get_bit x5 (sz offset) + | 11 -> get_bit x4 (sz offset) + | 12 -> get_bit x3 (sz offset) + | 13 -> get_bit x2 (sz offset) + | 14 -> get_bit x1 (sz offset) + | 15 -> get_bit x0 (sz offset) + ) + +val mm256_set1_epi16_no_semantics: i16 -> bit_vec 256 +let mm256_set1_epi16_pow2_minus_one (n: nat): bit_vec 256 + = mk_bv (fun i -> if i <= n then 1 else 0) + +let mm256_and_si256 (x y: bit_vec 256): bit_vec 256 + = mk_bv (fun i -> if y i = 0 + then 0 + else x i + ) + +let mm256_set1_epi16 (constant: i16) + (#[Tactics.exact (match unify_app (quote constant) (quote (fun n -> ((1s < `(mm256_set1_epi16_pow2_minus_one (`#x)) + | _ -> (quote (mm256_set1_epi16_no_semantics constant)) + )]result: bit_vec 256) + : bit_vec 256 = result + private let saturate8 (v: bit_vec 16): bit_vec 8 = let on_upper_bits (+) (f: (n:nat{n >= 8 && n <= 15}) -> _) = f 8 + f 9 + f 10 + f 11 + f 12 + f 13 + f 14 + f 15 @@ -60,29 +96,6 @@ let mm_movemask_epi8_bv (a: bit_vec 128): bit_vec 128 let mm_movemask_epi8 (a: bit_vec 128): i32 = bit_vec_to_int_t 32 (mk_bv (fun i -> mm_movemask_epi8_bv a i)) -let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) - : bit_vec 256 - = mk_bv (fun i -> - let offset = i % 16 in - match i / 16 with - | 0 -> get_bit x15 (sz offset) - | 1 -> get_bit x14 (sz offset) - | 2 -> get_bit x13 (sz offset) - | 3 -> get_bit x12 (sz offset) - | 4 -> get_bit x11 (sz offset) - | 5 -> get_bit x10 (sz offset) - | 6 -> get_bit x9 (sz offset) - | 7 -> get_bit x8 (sz offset) - | 8 -> get_bit x7 (sz offset) - | 9 -> get_bit x6 (sz offset) - | 10 -> get_bit x5 (sz offset) - | 11 -> get_bit x4 (sz offset) - | 12 -> get_bit x3 (sz offset) - | 13 -> get_bit x2 (sz offset) - | 14 -> get_bit x1 (sz offset) - | 15 -> get_bit x0 (sz offset) - ) - let mm_packs_epi16 (a b: bit_vec 128): bit_vec 128 = mk_bv (fun i -> let nth_block = i / 8 in @@ -96,24 +109,85 @@ let mm_packs_epi16 (a b: bit_vec 128): bit_vec 128 // This is a very specialized version of mm256_mullo_epi16 -let specialized_mm256_mullo_epi16 (a: bit_vec 256): bit_vec 256 = +let mm256_mullo_epi16_specialized1 (a: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in let nth_i16 = i / 16 in let shift = if nth_i16 >= 8 then 23 - nth_i16 else 15 - nth_i16 in if nth_bit >= shift then a (i - shift) else 0 ) + +// This is a very specialized version of mm256_mullo_epi16 +let mm256_mullo_epi16_specialized2 (a: bit_vec 256): bit_vec 256 = + mk_bv (fun i -> + let nth_bit = i % 16 in + let nth_i16 = i / 16 in + let shift = if nth_i16 % 2 = 0 then 4 else 0 in + if nth_bit >= shift then a (i - shift) else 0 + ) // This term will be stuck, we don't know anything about it val mm256_mullo_epi16_no_semantics (a count: bit_vec 256): bit_vec 256 -let mm256_mullo_epi16 (a count: bit_vec 256): bit_vec 256 = - if count `bv_equality` mm256_set_epi16 (1s < mm256_set_epi16 (1s < unquote x = 1s + | _ -> false + then Tactics.exact (quote (mm256_mullo_epi16_specialized1 a)) + else if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + | _ -> false + then Tactics.exact (quote (mm256_mullo_epi16_specialized2 a)) + else + Tactics.exact (quote (mm256_mullo_epi16_no_semantics a count)) + )]result: bit_vec 256): bit_vec 256 = result + +let madd_rhs (n: nat {n < 16}) = + mm256_set_epi16 + (1s < bit_vec 256 -> bit_vec 256 + +let mm256_madd_epi16_specialized (x: bit_vec 256) (n: nat {n < 16}) = + x + +let mm256_madd_epi16 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) (quote (fun n -> madd_rhs n)) [delta_only [`%madd_rhs]] with + | Some [n] -> `(mm256_madd_epi16_specialized (`@x) (`#n)) + | _ -> quote (mm256_madd_epi16_no_semantic x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result open FStar.Stubs.Tactics.V2.Builtins open FStar.Stubs.Tactics.V2 diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 46f9f507f..44e4fbab6 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -1,12 +1,12 @@ module Tactics.Utils open Core +open FStar.Option module L = FStar.List.Tot open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable open FStar.Mul -open FStar.Option (*** Let operators *) let (let?#) (x: option 'a) (f: 'a -> Tac (option 'b)): Tac (option 'b) @@ -204,6 +204,56 @@ let rewrite_rhs (): Tac _ = let uvar = fresh_uvar (Some (tc (cur_env ()) rhs)) in tcut (`squash (`#rhs == `#uvar)) +open FStar.Tactics +(*** Unification *) +(** Unifies `t` with `fn x1 ... xN`, where `x1` and `xN` are +unification variables. This returns a list of terms to substitute `x1` +... `xN` with. You probably want `norm_steps` to be `[delta_only +[`%the_name_of_function_fn]]` *) +exception UnifyAppReturn of (option (list term)) +let unify_app (t fn: term) norm_steps: Tac (option (list term)) + = let (* Tactic types are confusing, seems like we need V1 here *) + open FStar.Tactics.V1 in + let bds = fst (collect_arr_bs (tc (cur_env ()) fn)) in + try + let _fake_goal = + (* create a goal `b1 -> ... -> bn -> squash True` *) + let trivial = `squash True in + let trivial_comp = pack_comp (C_Total trivial) in + unshelve (fresh_uvar (Some (match bds with | [] -> trivial | _ -> mk_arr bds trivial_comp))) + in + (* get back the binders `b1`, ..., `bn` *) + let bds = intros () in + let args = FStar.Tactics.Util.map (fun (b: binder) -> b <: term) bds in + let norm_term = norm_term (hnf::norm_steps) in + let fn, t = norm_term (mk_e_app fn args), norm_term t in + let fn = `(((`#fn), ())) in + let dummy_var = fresh_namedv_named "dummy_var" in + let t = `(((`#t), (`#dummy_var))) in + let vars = map (fun b -> + let b = inspect_binder b in + let {bv_index = uniq; bv_ppname = ppname} = inspect_bv b.binder_bv in + let sort = b.binder_sort in + let nv: namedv_view = {uniq; ppname; sort = seal sort} in + (FStar.Reflection.V2.pack_namedv nv, sort) + ) bds in + let vars = + List.Tot.append + vars + [(FStar.Reflection.V2.pack_namedv dummy_var, `())] + in + let?# substs = fst (try_unify (cur_env ()) vars fn t) in + raise (UnifyAppReturn ( + if List.Tot.length substs <> List.Tot.length bds + 1 + then (print "unify_app: WARNING: inconsistent lengths"; None) + else ( + match substs with + | [] -> None + | _::substs -> Some (List.Tot.rev (map (fun (_, t) -> t) substs)) + ))) + with | UnifyAppReturn result -> result + | e -> raise e + (*** Logging and time *) let time_tactic_ms (t: 'a -> Tac 'b) (x: 'a): Tac ('b & int) = let time0 = curms () in @@ -246,14 +296,14 @@ let focus_first_forall_goal (t : unit -> Tac unit) : Tac unit = /// Proves `forall (i:nat{i < bound})` for `bound` being a concrete int let rec prove_forall_nat_pointwise (tactic: unit -> Tac unit): Tac unit - = let _ = - (* hacky way of printing the progress *) - let goal = term_to_string (cur_goal ()) in - let goal = match String.split ['\n'] goal with - | s::_ -> s | _ -> "" in - print ("prove_forall_pointwise: " ^ goal ^ "...") - in - focus_first_forall_goal (fun _ -> + = focus_first_forall_goal (fun _ -> + let _ = + (* hacky way of printing the progress *) + let goal = term_to_string (cur_goal ()) in + let goal = match String.split ['\n'] goal with + | s::_ -> s | _ -> "" in + print ("prove_forall_pointwise: " ^ goal ^ "...") + in apply_lemma (`_split_forall_nat); trivial `or_else` (fun _ -> if try norm [primops]; diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 8d68fd457..2d6e7c8ec 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -13,7 +13,8 @@ val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_and_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} +// val mm256_and_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -23,14 +24,14 @@ val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) val mm256_castsi128_si256 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 +include BitVec.Intrinsics {mm256_castsi256_si128 as mm256_castsi256_si128} val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 +include BitVec.Intrinsics {mm256_extracti128_si256 as mm256_extracti128_si256} val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -47,7 +48,7 @@ val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 +include BitVec.Intrinsics {mm256_mullo_epi16 as mm256_mullo_epi16} val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -62,13 +63,14 @@ val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) val mm256_permutevar8x32_epi32 (vector control: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} +// val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 +include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -86,7 +88,7 @@ val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) val mm256_shuffle_epi8 (vector control: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 +include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -103,7 +105,7 @@ val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 +include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -136,13 +138,13 @@ val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ - val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 +include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 +include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 6215c7de7..365dd8137 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -122,13 +122,17 @@ pub fn mm256_set_epi8( unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_set1_epi16 as ${mm256_set1_epi16}}" +)] pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unimplemented!() } #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16" + "include BitVec.Intrinsics {mm256_set_epi16 as ${mm256_set_epi16}}" )] pub fn mm256_set_epi16( input15: i16, @@ -193,7 +197,7 @@ pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16" + "include BitVec.Intrinsics {mm256_mullo_epi16 as ${mm256_mullo_epi16}}" )] pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() @@ -242,7 +246,7 @@ pub fn mm256_srai_epi32(vector: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_srli_epi16::<0>} = BitVec.Intrinsics.mm256_srli_epi16" + "include BitVec.Intrinsics {mm256_srli_epi16 as ${mm256_srli_epi16::<0>}}" )] pub fn mm256_srli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); @@ -260,7 +264,7 @@ pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_slli_epi16::<0>} = BitVec.Intrinsics.mm256_slli_epi16" + "include BitVec.Intrinsics {mm256_slli_epi16 as ${mm256_slli_epi16::<0>}}" )] pub fn mm256_slli_epi16(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 16); @@ -302,7 +306,7 @@ pub fn mm256_unpackhi_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_castsi256_si128} = BitVec.Intrinsics.mm256_castsi256_si128" + "include BitVec.Intrinsics {mm256_castsi256_si128 as ${mm256_castsi256_si128}}" )] pub fn mm256_castsi256_si128(vector: Vec256) -> Vec128 { unimplemented!() @@ -317,7 +321,7 @@ pub fn mm256_cvtepi16_epi32(vector: Vec128) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm_packs_epi16} = BitVec.Intrinsics.mm_packs_epi16" + "include BitVec.Intrinsics {mm_packs_epi16 as ${mm_packs_epi16}}" )] pub fn mm_packs_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() @@ -328,7 +332,7 @@ pub fn mm256_packs_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_extracti128_si256::<0>} = BitVec.Intrinsics.mm256_extracti128_si256" + "include BitVec.Intrinsics {mm256_extracti128_si256 as ${mm256_extracti128_si256::<0>}}" )] pub fn mm256_extracti128_si256(vector: Vec256) -> Vec128 { debug_assert!(CONTROL == 0 || CONTROL == 1); @@ -347,7 +351,7 @@ pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 #[hax_lib::fstar::replace( interface, - "unfold let ${mm_movemask_epi8} = BitVec.Intrinsics.mm_movemask_epi8" + "include BitVec.Intrinsics {mm_movemask_epi8 as ${mm_movemask_epi8}}" )] pub fn mm_movemask_epi8(vector: Vec128) -> i32 { unimplemented!() diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index f10ac8ca3..9d394b3da 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -9,7 +9,30 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -let deserialize_1_ (bytes: t_Slice u8) = +open FStar.Tactics + +open Tactics.Utils + +let rw_get_bit_cast #t #u + (x: int_t t) (nth: usize) + : Lemma (requires v nth < bits u /\ v nth < bits u) + (ensures eq2 #bit (get_bit (cast_mod #t #u x) nth) (if v nth < bits t then get_bit x nth else 0)) + [SMTPat (get_bit (cast_mod #t #u x) nth)] + = () + +let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t) + (ensures eq2 #bit (get_bit (x >>! y) i ) + (if v i < bits t - v y + then get_bit x (mk_int (v i + v y)) + else if signed t + then get_bit x (mk_int (bits t - 1)) + else 0)) + = () + +#push-options "--compat_pre_core 2" +// [@@Tactics.postprocess_with (fun _ -> norm [delta_only [`%Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16]]; fail "x")] +let deserialize_1_ (bytes: t_Slice u8 {Seq.length bytes == 2}) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) @@ -28,9 +51,50 @@ let deserialize_1_ (bytes: t_Slice u8) = (1s < + light_norm (); + // norm index rewrites `Seq.index (Seq.seq_of_list ...) N` or + // `List.Tot.index ... N` when we have list literals + Tactics.Seq.norm_index (); + // Reduce more aggressively + norm [iota; primops; zeta_full; + delta_namespace [ + "FStar"; + "BitVec"; + ]; unascribe + ]; + // Rewrite and normalize machine integers, hopefully in ints + Tactics.MachineInts.(transform norm_machine_int_term); + // norm: primops to get rid of >=, <=, +, *, -, etc. + // zeta delta iota: normalize bitvectors + norm [iota; primops; zeta; delta]; + dump' "Goal:"; + // ask the smt to solve now + smt_sync () + )) + ); + result let deserialize_10_ (bytes: t_Slice u8) = let shift_lsbs_to_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -149,6 +213,7 @@ let deserialize_12_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) let deserialize_4_ (bytes: t_Slice u8) = + assume (Seq.length bytes == 8); let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 7 ] <: u8) <: i16) (cast (bytes.[ sz 7 ] <: u8) <: i16) (cast (bytes.[ sz 6 ] <: u8) <: i16) @@ -160,22 +225,53 @@ let deserialize_4_ (bytes: t_Slice u8) = (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) in - let shift_lsbs_to_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + light_norm (); + Tactics.Seq.norm_index (); + norm [iota; primops; zeta_full; + delta_namespace [ + "FStar"; + "BitVec"; + ]; unascribe + ]; + Tactics.MachineInts.(transform norm_machine_int_term); + norm [iota; primops; zeta_full; + delta_namespace [ + "FStar"; + "BitVec"; + ]; unascribe + ]; + dump' "Goal:"; + smt_sync () + )) + ); + result let deserialize_5_ (bytes: t_Slice u8) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = @@ -210,6 +306,9 @@ let deserialize_5_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 11l coefficients +open Tactics.Utils + + let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15l vector @@ -226,7 +325,50 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); - Rust_primitives.Hax.array_of_list 2 list + let result: t_Array u8 (sz 2) = Rust_primitives.Hax.array_of_list 2 list in + let bv = bit_vec_of_int_t_array result 8 in + assert (forall (i: nat {i < 16}). bv i == vector (i * 16)) by ( + Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + let light_norm () = + // get rid of indirections (array_of_list, funext, casts, etc.) + norm [ iota; primops + ; delta_only [ + `%cast; `%cast_tc_integers + ; `%bit_vec_of_int_t_array + ; `%Rust_primitives.Hax.array_of_list + ; `%FunctionalExtensionality.on + ; `%bits;`%Lib.IntTypes.bits + ] + ] in + light_norm (); + // normalize List.index / Seq.index when we have literals + Tactics.Seq.norm_index (); + // here, we need to take care of (1) the cast and (2) the shift + // (introduced in `list`) and (3) bv<->i16 indirection + // introduced by `bit_vec_to_int_t`. Thus, we repeat the tactic + // three times. It's basically the same thing. + let _ = repeatn 3 (fun _ -> + // Try to rewrite any subterm using the following three lemmas (corresponding to (1) (3) and (2)) + l_to_r[`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `rw_get_bit_shr]; + // get rid of useless indirections + light_norm (); + // after using those lemmas, more mk_int and v appears, let's get rid of those + Tactics.MachineInts.(transform norm_machine_int_term); + // Special treatment for case (3) + norm [primops; iota; zeta_full; delta_only [ + `%BitVec.Intrinsics.mm_movemask_epi8; + ]] + ) in + // Now we normalize away all the FunExt / mk_bv terms + norm [primops; iota; zeta_full; delta_namespace ["BitVec"; "FStar"]]; + // Ask the SMT to solve now + // dump' "Goal:"; + smt_sync (); + // dump' "Success"; + smt () + )) + ); + result let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 69da39197..9d389017a 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -87,25 +87,27 @@ pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { // And this vector, when multiplied with the previous one, ensures that the // bit we'd like to keep in each lane becomes the most significant bit upon // multiplication. - let shift_lsb_to_msb = mm256_set_epi16( - 1 << 8, - 1 << 9, - 1 << 10, - 1 << 11, - 1 << 12, - 1 << 13, - 1 << 14, - -32768, - 1 << 8, - 1 << 9, - 1 << 10, - 1 << 11, - 1 << 12, - 1 << 13, - 1 << 14, - -32768, + let coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 8, + 1 << 9, + 1 << 10, + 1 << 11, + 1 << 12, + 1 << 13, + 1 << 14, + -32768, + 1 << 8, + 1 << 9, + 1 << 10, + 1 << 11, + 1 << 12, + 1 << 13, + 1 << 14, + -32768, + ), ); - let coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsb_to_msb); // Now that they're all in the most significant bit position, shift them // down to the least significant bit. @@ -208,29 +210,30 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> Vec256 { bytes[0] as i16, ); - let shift_lsbs_to_msbs = mm256_set_epi16( - // These constants are chosen to shift the bits of the values - // that we loaded into |coefficients|. - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, + let coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + // These constants are chosen to shift the bits of the values + // that we loaded into |coefficients|. + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + ), ); - let coefficients_in_msb = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - // Once the 4-bit coefficients are in the most significant positions (of // an 8-bit value), shift them all down by 4. let coefficients_in_lsb = mm256_srli_epi16::<4>(coefficients_in_msb); diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 35516c01f..0b77def1e 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -41,11 +41,5 @@ val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val init__cpuid (leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - -val init__cpuid_count (leaf sub_leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - /// Check hardware [`Feature`] support. val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) From 574a60b5afd515ef8ac7249727b85d8f396cb8a2 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 3 Sep 2024 21:45:19 +0200 Subject: [PATCH 213/348] feat: tactic: do nothing if smt queries are admitted --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index e79d70661..5e6b563ba 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -39,7 +39,7 @@ let compute_one_round (): Tac _ = let compute': unit -> Tac unit = goal_fixpoint compute_one_round /// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) -let prove_bit_vector_equality' (): Tac unit = +let prove_bit_vector_equality'' (): Tac unit = norm [ iota; primops; @@ -58,6 +58,10 @@ let prove_bit_vector_equality' (): Tac unit = print ("Ask SMT: " ^ term_to_string (cur_goal ())); focus smt_sync )) +let prove_bit_vector_equality' (): Tac unit = + if lax_on () + then iterAll tadmit + else prove_bit_vector_equality'' () let prove_bit_vector_equality (): Tac unit = set_rlimit 100; with_compat_pre_core 0 prove_bit_vector_equality' From 16af53b115c81ba9c5610c1e2d71fc6da389a845 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 21:47:40 +0200 Subject: [PATCH 214/348] serialize --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 002992afa..e6d9a72c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -11,7 +11,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ - Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ Libcrux_ml_kem.Vector.Rej_sample_table.fsti \ Libcrux_ml_kem.Vector.Neon.Arithmetic.fst \ @@ -20,6 +19,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Neon.fst \ Libcrux_ml_kem.Vector.Neon.Ntt.fst \ Libcrux_ml_kem.Vector.Neon.Serialize.fst \ - Libcrux_ml_kem.Vector.Neon.Vector_type.fst \ + Libcrux_ml_kem.Vector.Neon.Vector_type.fst include $(shell git rev-parse --show-toplevel)/fstar-helpers/Makefile.base From 9be19e9d33e9945c170e42eae523088253ef1ce3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 3 Sep 2024 21:45:19 +0200 Subject: [PATCH 215/348] feat: tactic: do nothing if smt queries are admitted --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index 2bcd5dd0f..ae0567aef 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -38,7 +38,7 @@ let compute_one_round (): Tac _ = let compute': unit -> Tac unit = goal_fixpoint compute_one_round /// Proves a goal of the shape `forall (i:nat{i < N}). get_bit ... i == get_bit ... i` (`N` is expected to be a literal) -let prove_bit_vector_equality' (): Tac unit = +let prove_bit_vector_equality'' (): Tac unit = norm [ iota; primops; @@ -57,6 +57,10 @@ let prove_bit_vector_equality' (): Tac unit = print ("Ask SMT: " ^ term_to_string (cur_goal ())); focus smt_sync )) +let prove_bit_vector_equality' (): Tac unit = + if lax_on () + then iterAll tadmit + else prove_bit_vector_equality'' () let prove_bit_vector_equality (): Tac unit = set_rlimit 100; with_compat_pre_core 0 prove_bit_vector_equality' From e6aa9afe897c24f7bdf0367283086098fc917757 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 19:48:54 +0000 Subject: [PATCH 216/348] Backport proof for compare in constant_time_ops --- .../Libcrux_ml_kem.Constant_time_ops.fst | 48 ++++++++++++++++--- .../Libcrux_ml_kem.Constant_time_ops.fsti | 12 ++++- libcrux-ml-kem/src/constant_time_ops.rs | 39 +++++++++++++-- 3 files changed, 89 insertions(+), 10 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index fe1b2ed01..b4c84b46f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -4,14 +4,14 @@ open Core open FStar.Mul let inz (value: u8) = - let orig_value:u8 = value in + let v__orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in let result:u8 = cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) <: u8 in let res:u8 = result &. 1uy in let _:Prims.unit = - if v orig_value = 0 + if v v__orig_value = 0 then (assert (value == zero); lognot_lemma value; @@ -49,15 +49,51 @@ let compare (lhs rhs: t_Slice u8) = let r:u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #u8 lhs <: usize) - (fun r temp_1_ -> + (fun r i -> let r:u8 = r in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i <= Seq.length lhs /\ + (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then r == 0uy else ~(r == 0uy))) r (fun r i -> let r:u8 = r in let i:usize = i in - r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8) + let nr:u8 = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) in + let _:Prims.unit = + if r =. 0uy + then + (if (Seq.index lhs (v i) = Seq.index rhs (v i)) + then + (logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); + assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) = zero); + logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); + assert (nr = r); + assert (forall j. Seq.index (Seq.slice lhs 0 (v i)) j == Seq.index lhs j); + assert (forall j. Seq.index (Seq.slice rhs 0 (v i)) j == Seq.index rhs j); + eq_intro (Seq.slice lhs 0 ((v i) + 1)) (Seq.slice rhs 0 ((v i) + 1))) + else + (logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); + assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <> zero); + logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); + assert (v nr > 0); + assert (Seq.index (Seq.slice lhs 0 ((v i) + 1)) (v i) <> + Seq.index (Seq.slice rhs 0 ((v i) + 1)) (v i)); + assert (Seq.slice lhs 0 ((v i) + 1) <> Seq.slice rhs 0 ((v i) + 1)))) + else + (logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); + assert (v nr >= v r); + assert (Seq.slice lhs 0 (v i) <> Seq.slice rhs 0 (v i)); + if (Seq.slice lhs 0 ((v i) + 1) = Seq.slice rhs 0 ((v i) + 1)) + then + (assert (forall j. + j < (v i) + 1 ==> + Seq.index (Seq.slice lhs 0 ((v i) + 1)) j == + Seq.index (Seq.slice rhs 0 ((v i) + 1)) j); + eq_intro (Seq.slice lhs 0 (v i)) (Seq.slice rhs 0 (v i)); + assert (False))) + in + let r:u8 = nr in + r) in is_non_zero r diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index a827672e1..4216b9d22 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -39,7 +39,17 @@ val is_non_zero (value: u8) val compare (lhs rhs: t_Slice u8) : Prims.Pure u8 (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:u8 = result in + Hax_lib.implies (lhs =. rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 0uy <: bool) && + Hax_lib.implies (lhs <>. rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 1uy <: bool)) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) : Prims.Pure u8 diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index 27369139a..0c95594fe 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -20,11 +20,11 @@ use crate::constants::SHARED_SECRET_SIZE; let _:Prims.unit = temp_0_ in $result =. 1uy <: bool)"))] fn inz(value: u8) -> u8 { - let orig_value = value; + let _orig_value = value; let value = value as u16; let result = ((!value).wrapping_add(1) >> 8) as u8; let res = result & 1; - hax_lib::fstar!("if v $orig_value = 0 then ( + hax_lib::fstar!("if v $_orig_value = 0 then ( assert($value == zero); lognot_lemma $value; assert((~.$value +. 1us) == zero); @@ -85,7 +85,40 @@ fn is_non_zero(value: u8) -> u8 { fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { let mut r: u8 = 0; for i in 0..lhs.len() { - r |= lhs[i] ^ rhs[i]; + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i <= Seq.length $lhs /\\ + (if (Seq.slice $lhs 0 (v $i) = Seq.slice $rhs 0 (v $i)) then + $r == 0uy + else ~ ($r == 0uy))") }); + let nr = r | (lhs[i] ^ rhs[i]); + hax_lib::fstar!("if $r =. 0uy then ( + if (Seq.index $lhs (v $i) = Seq.index $rhs (v $i)) then ( + logxor_lemma (Seq.index $lhs (v $i)) (Seq.index $rhs (v $i)); + assert (((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8) = zero); + logor_lemma $r ((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8); + assert ($nr = $r); + assert (forall j. Seq.index (Seq.slice $lhs 0 (v $i)) j == Seq.index $lhs j); + assert (forall j. Seq.index (Seq.slice $rhs 0 (v $i)) j == Seq.index $rhs j); + eq_intro (Seq.slice $lhs 0 ((v $i) + 1)) (Seq.slice $rhs 0 ((v $i) + 1)) + ) + else ( + logxor_lemma (Seq.index $lhs (v $i)) (Seq.index $rhs (v $i)); + assert (((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8) <> zero); + logor_lemma r ((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8); + assert (v $nr > 0); + assert (Seq.index (Seq.slice $lhs 0 ((v $i)+1)) (v $i) <> + Seq.index (Seq.slice $rhs 0 ((v $i)+1)) (v $i)); + assert (Seq.slice $lhs 0 ((v $i)+1) <> Seq.slice $rhs 0 ((v $i) + 1)) + ) + ) else ( + logor_lemma $r ((${lhs}.[ $i ] <: u8) ^. (${rhs}.[ $i ] <: u8) <: u8); + assert (v $nr >= v $r); + assert (Seq.slice $lhs 0 (v $i) <> Seq.slice $rhs 0 (v $i)); + if (Seq.slice $lhs 0 ((v $i)+1) = Seq.slice $rhs 0 ((v $i) + 1)) then + (assert (forall j. j < (v $i) + 1 ==> Seq.index (Seq.slice $lhs 0 ((v $i)+1)) j == Seq.index (Seq.slice $rhs 0 ((v $i)+1)) j); + eq_intro (Seq.slice $lhs 0 (v $i)) (Seq.slice $rhs 0 (v $i)); + assert(False)) + )"); + r = nr; } is_non_zero(r) From 4b5a63b02af87e4b8a339faf5adc6403aac64598 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 3 Sep 2024 20:52:12 +0000 Subject: [PATCH 217/348] Backport proofs for constant_time_ops.rs --- .../Libcrux_ml_kem.Constant_time_ops.fst | 80 +++++++++++++++++-- .../Libcrux_ml_kem.Constant_time_ops.fsti | 31 ++++++- libcrux-ml-kem/src/constant_time_ops.rs | 78 +++++++++++++++--- 3 files changed, 164 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index b4c84b46f..b89424665 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -100,28 +100,92 @@ let compare (lhs rhs: t_Slice u8) = let compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) = Core.Hint.black_box #u8 (compare lhs rhs <: u8) +#push-options "--ifuel 0 --z3rlimit 50" + let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in + let _:Prims.unit = + assert (if selector = 0uy then mask = ones else mask = zero); + lognot_lemma mask; + assert (if selector = 0uy then ~.mask = zero else ~.mask = ones) + in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - (fun out temp_1_ -> + (fun out i -> let out:t_Array u8 (sz 32) = out in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i <= v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE /\ + (forall j. + j < v i ==> + (if (selector =. 0uy) + then Seq.index out j == Seq.index lhs j + else Seq.index out j == Seq.index rhs j)) /\ + (forall j. j >= v i ==> Seq.index out j == 0uy)) out (fun out i -> let out:t_Array u8 (sz 32) = out in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) - <: - t_Array u8 (sz 32)) + let _:Prims.unit = assert ((out.[ i ] <: u8) = 0uy) in + let outi:u8 = + ((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + in + let _:Prims.unit = + if (selector = 0uy) + then + (logand_lemma (lhs.[ i ] <: u8) mask; + assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8)); + logand_lemma (rhs.[ i ] <: u8) (~.mask); + assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == zero); + logor_lemma ((lhs.[ i ] <: u8) &. mask <: u8) + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8); + assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) == + (lhs.[ i ] <: u8)); + logor_lemma (out.[ i ] <: u8) (lhs.[ i ] <: u8); + assert (((out.[ i ] <: u8) |. + (((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) + <: + u8) == + (lhs.[ i ] <: u8)); + assert (outi = (lhs.[ i ] <: u8))) + else + (logand_lemma (lhs.[ i ] <: u8) mask; + assert (((lhs.[ i ] <: u8) &. mask <: u8) == zero); + logand_lemma (rhs.[ i ] <: u8) (~.mask); + assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == (rhs.[ i ] <: u8)); + logor_lemma (rhs.[ i ] <: u8) zero; + assert ((logor zero (rhs.[ i ] <: u8)) == (rhs.[ i ] <: u8)); + assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)) == + (rhs.[ i ] <: u8)); + logor_lemma (out.[ i ] <: u8) (rhs.[ i ] <: u8); + assert (((out.[ i ] <: u8) |. + (((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) + <: + u8) == + (rhs.[ i ] <: u8)); + assert (outi = (rhs.[ i ] <: u8))) + in + let out:t_Array u8 (sz 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i outi + in + out) in + let _:Prims.unit = if (selector =. 0uy) then (eq_intro out lhs) else (eq_intro out rhs) in out +#pop-options + let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = Core.Hint.black_box #(t_Array u8 (sz 32)) (select_ct lhs rhs selector <: t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 4216b9d22..1816f37b4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -54,7 +54,17 @@ val compare (lhs rhs: t_Slice u8) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) : Prims.Pure u8 (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:u8 = result in + Hax_lib.implies (lhs =. rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 0uy <: bool) && + Hax_lib.implies (lhs <>. rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + result =. 1uy <: bool)) /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. @@ -63,14 +73,22 @@ val select_ct (lhs rhs: t_Slice u8) (selector: u8) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) : Prims.Pure (t_Array u8 (sz 32)) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) @@ -78,4 +96,9 @@ val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s (Core.Slice.impl__len #u8 lhs_c <: usize) =. (Core.Slice.impl__len #u8 rhs_c <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. (Core.Slice.impl__len #u8 rhs_s <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + let selector = if lhs_c =. rhs_c then 0uy else 1uy in + Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs_s <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs_s <: bool)) diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index 0c95594fe..a1f9df644 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -71,9 +71,7 @@ fn is_non_zero(value: u8) -> u8 { /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. -#[cfg_attr(hax, hax_lib::requires( - lhs.len() == rhs.len() -))] +#[hax_lib::requires(lhs.len() == rhs.len())] #[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($lhs =. $rhs <: bool) (fun temp_0_ -> let _:Prims.unit = temp_0_ in @@ -126,25 +124,72 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. -#[cfg_attr(hax, hax_lib::requires( +#[hax_lib::requires( lhs.len() == rhs.len() && lhs.len() == SHARED_SECRET_SIZE -))] +)] +#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($selector =. 0uy <: bool) + (fun _ -> $result =. $lhs <: bool) && + Hax_lib.implies ($selector <>. 0uy <: bool) (fun _ -> $result =. $rhs <: bool)"))] +#[hax_lib::fstar::options("--ifuel 0 --z3rlimit 50")] fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { let mask = is_non_zero(selector).wrapping_sub(1); + hax_lib::fstar!("assert (if $selector = 0uy then $mask = ones else $mask = zero); + lognot_lemma $mask; + assert (if $selector = 0uy then ~.$mask = zero else ~.$mask = ones)"); let mut out = [0u8; SHARED_SECRET_SIZE]; for i in 0..SHARED_SECRET_SIZE { - out[i] = (lhs[i] & mask) | (rhs[i] & !mask); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i <= v $SHARED_SECRET_SIZE /\\ + (forall j. j < v $i ==> (if ($selector =. 0uy) then Seq.index $out j == Seq.index $lhs j else Seq.index $out j == Seq.index $rhs j)) /\\ + (forall j. j >= v $i ==> Seq.index $out j == 0uy)") }); + hax_lib::fstar!("assert ((${out}.[ $i ] <: u8) = 0uy)"); + let outi = (lhs[i] & mask) | (rhs[i] & !mask); + hax_lib::fstar!("if ($selector = 0uy) then ( + logand_lemma (${lhs}.[ $i ] <: u8) $mask; + assert (((${lhs}.[ $i ] <: u8) &. $mask <: u8) == (${lhs}.[ $i ] <: u8)); + logand_lemma (${rhs}.[ $i ] <: u8) (~.$mask); + assert (((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8) == zero); + logor_lemma ((${lhs}.[ $i ] <: u8) &. $mask <: u8) ((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8); + assert ((((${lhs}.[ $i ] <: u8) &. $mask <: u8) |. ((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8) <: u8) == (${lhs}.[ $i ] <: u8)); + logor_lemma (${out}.[ $i ] <: u8) (${lhs}.[ $i ] <: u8); + assert (((${out}.[ $i ] <: u8) |. (((${lhs}.[ $i ] <: u8) &. $mask <: u8) |. ((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8) <: u8) <: u8) == (${lhs}.[ $i ] <: u8)); + assert ($outi = (${lhs}.[ $i ] <: u8)) + ) + else ( + logand_lemma (${lhs}.[ $i ] <: u8) $mask; + assert (((${lhs}.[ $i ] <: u8) &. $mask <: u8) == zero); + logand_lemma (${rhs}.[ $i ] <: u8) (~.$mask); + assert (((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8) == (${rhs}.[ $i ] <: u8)); + logor_lemma (${rhs}.[ $i ] <: u8) zero; + assert ((logor zero (${rhs}.[ $i ] <: u8)) == (${rhs}.[ $i ] <: u8)); + assert ((((${lhs}.[ $i ] <: u8) &. $mask <: u8) |. ((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8)) == (${rhs}.[ $i ] <: u8)); + logor_lemma (${out}.[ $i ] <: u8) (${rhs}.[ $i ] <: u8); + assert (((${out}.[ $i ] <: u8) |. (((${lhs}.[ $i ] <: u8) &. $mask <: u8) |. ((${rhs}.[ $i ] <: u8) &. (~.$mask <: u8) <: u8) <: u8) <: u8) == (${rhs}.[ $i ] <: u8)); + assert ($outi = (${rhs}.[ $i ] <: u8)) + )"); + out[i] = outi; } + hax_lib::fstar!("if ($selector =. 0uy) then ( + eq_intro $out $lhs + ) + else ( + eq_intro $out $rhs + )"); out } #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. -#[cfg_attr(hax, hax_lib::requires( - lhs.len() == rhs.len() -))] +#[hax_lib::requires(lhs.len() == rhs.len())] +#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($lhs =. $rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 0uy <: bool) && + Hax_lib.implies ($lhs <>. $rhs <: bool) + (fun temp_0_ -> + let _:Prims.unit = temp_0_ in + $result =. 1uy <: bool)"))] pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 { #[cfg(eurydice)] return compare(lhs, rhs); @@ -154,10 +199,13 @@ pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 } #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. -#[cfg_attr(hax, hax_lib::requires( +#[hax_lib::requires( lhs.len() == rhs.len() && lhs.len() == SHARED_SECRET_SIZE -))] +)] +#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($selector =. 0uy <: bool) + (fun _ -> $result =. $lhs <: bool) && + Hax_lib.implies ($selector <>. 0uy <: bool) (fun _ -> $result =. $rhs <: bool)"))] pub(crate) fn select_shared_secret_in_constant_time( lhs: &[u8], rhs: &[u8], @@ -170,11 +218,15 @@ pub(crate) fn select_shared_secret_in_constant_time( core::hint::black_box(select_ct(lhs, rhs, selector)) } -#[cfg_attr(hax, hax_lib::requires( +#[hax_lib::requires( lhs_c.len() == rhs_c.len() && lhs_s.len() == rhs_s.len() && lhs_s.len() == SHARED_SECRET_SIZE -))] +)] +#[hax_lib::ensures(|result| fstar!("let selector = if $lhs_c =. $rhs_c then 0uy else 1uy in + Hax_lib.implies (selector =. 0uy <: bool) + (fun _ -> $result =. $lhs_s <: bool) && + Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> $result =. $rhs_s <: bool)"))] pub(crate) fn compare_ciphertexts_select_shared_secret_in_constant_time( lhs_c: &[u8], rhs_c: &[u8], From 7dc12e9cb94f5f26d02773caea2525620fb59d5d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 3 Sep 2024 23:38:19 +0200 Subject: [PATCH 218/348] port --- libcrux-ml-kem/hax.py | 2 ++ .../extraction/Libcrux_ml_kem.Ind_cca.fst | 4 +++ .../Libcrux_ml_kem.Vector.Portable.fsti | 2 +- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ind_cca.rs | 1 + libcrux-ml-kem/src/vector/avx2.rs | 18 ++++++------- libcrux-ml-kem/src/vector/neon.rs | 6 ++--- libcrux-ml-kem/src/vector/portable.rs | 27 +++++++------------ .../extraction/Libcrux_platform.Platform.fsti | 2 +- 9 files changed, 32 insertions(+), 31 deletions(-) diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index b95b864ab..8df66c304 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -40,6 +40,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: "-i", include_str, "fstar", + "--z3rlimit", + "80", "--interfaces", interface_include, ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index a037dd8e4..2576b5c73 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -11,6 +11,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--z3rlimit 150" + let serialize_kem_secret_key (v_K v_SERIALIZED_KEY_LEN: usize) (#v_Hasher: Type0) @@ -157,6 +159,8 @@ let serialize_kem_secret_key in out +#pop-options + let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 461660a87..00d0a1e3d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 300 --split_queries always" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index e6d9a72c4..5886525fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,6 +3,7 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Serialize.fst \ Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index dae6d21b5..a709a62e7 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -39,6 +39,7 @@ pub(crate) mod instantiations; /// Serialize the secret key. #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 150")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SERIALIZED_KEY_LEN == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ ${private_key.len()} == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index e82054ba0..e5a205174 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -53,44 +53,44 @@ impl crate::vector::traits::Repr for SIMD256Vector { #[hax_lib::attributes] impl Operations for SIMD256Vector { #[inline(always)] - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] + #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { vec_zero() } #[requires(array.len() == 16)] - #[ensures(|result| fstar!("impl.f_repr out == $array"))] + #[ensures(|out| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { vec_from_i16_array(array) } - #[ensures(|result| fstar!("out == impl.f_repr $x"))] + #[ensures(|out| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { vec_to_i16_array(x) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::add(lhs.elements, rhs.elements), } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::sub(lhs.elements, rhs.elements), } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self { Self { elements: arithmetic::multiply_by_constant(v.elements, c), } } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. $constant) (impl.f_repr $vector)"))] fn bitwise_and_with_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::bitwise_and_with_constant(vector.elements, constant), @@ -98,7 +98,7 @@ impl Operations for SIMD256Vector { } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"))] + #[ensures(|out| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $vector)"))] fn shift_right(vector: Self) -> Self { Self { elements: arithmetic::shift_right::<{ SHIFT_BY }>(vector.elements), @@ -106,7 +106,7 @@ impl Operations for SIMD256Vector { } #[requires(true)] - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] fn cond_subtract_3329(vector: Self) -> Self { Self { elements: arithmetic::cond_subtract_3329(vector.elements), diff --git a/libcrux-ml-kem/src/vector/neon.rs b/libcrux-ml-kem/src/vector/neon.rs index 394434cc7..bd3be862a 100644 --- a/libcrux-ml-kem/src/vector/neon.rs +++ b/libcrux-ml-kem/src/vector/neon.rs @@ -26,18 +26,18 @@ impl crate::vector::traits::Repr for SIMD128Vector { #[hax_lib::attributes] impl Operations for SIMD128Vector { #[inline(always)] - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] + #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { ZERO() } #[requires(array.len() == 16)] - #[ensures(|result| fstar!("impl.f_repr out == $array"))] + #[ensures(|out| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } - #[ensures(|result| fstar!("out == impl.f_repr $x"))] + #[ensures(|out| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { to_i16_array(x) } diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 766276e56..1b34df9bc 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -23,51 +23,52 @@ impl crate::vector::traits::Repr for PortableVector { } #[hax_lib::attributes] +#[hax_lib::fstar::options("--z3rlimit 300")] impl Operations for PortableVector { - #[ensures(|result| fstar!("impl.f_repr out == Seq.create 16 0s"))] + #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { zero() } #[requires(array.len() == 16)] - #[ensures(|result| fstar!("impl.f_repr out == $array"))] + #[ensures(|out| fstar!("impl.f_repr out == $array"))] fn from_i16_array(array: &[i16]) -> Self { from_i16_array(array) } - #[ensures(|result| fstar!("out == impl.f_repr $x"))] + #[ensures(|out| fstar!("out == impl.f_repr $x"))] fn to_i16_array(x: Self) -> [i16; 16] { to_i16_array(x) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] fn sub(lhs: Self, rhs: &Self) -> Self { sub(lhs, rhs) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] fn multiply_by_constant(v: Self, c: i16) -> Self { multiply_by_constant(v, c) } - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] fn bitwise_and_with_constant(v: Self, c: i16) -> Self { bitwise_and_with_constant(v, c) } #[requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] - #[ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (impl.f_repr $v)"))] fn shift_right(v: Self) -> Self { shift_right::<{ SHIFT_BY }>(v) } #[requires(true)] - #[ensures(|result| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] + #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $v)"))] fn cond_subtract_3329(v: Self) -> Self { cond_subtract_3329(v) } @@ -134,7 +135,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); @@ -142,7 +142,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 2)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); @@ -150,7 +149,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); @@ -158,7 +156,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 8)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); @@ -175,7 +172,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] fn serialize_10(a: Self) -> [u8; 20] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); @@ -183,7 +179,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 20)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); @@ -200,7 +195,6 @@ impl Operations for PortableVector { } #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] fn serialize_12(a: Self) -> [u8; 24] { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); @@ -208,7 +202,6 @@ impl Operations for PortableVector { } #[requires(a.len() == 24)] - // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti index e8713dad5..95dad6932 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.Platform.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.Platform -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul From 2d5878d1b970e3d3980f421d834b7b2c74657774 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 4 Sep 2024 11:31:33 +0200 Subject: [PATCH 219/348] arith wip --- .../Libcrux_ml_kem.Vector.Avx2.fsti | 18 +- .../Libcrux_ml_kem.Vector.Neon.fsti | 9 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 378 +++++++++--------- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 57 +-- .../Libcrux_ml_kem.Vector.Portable.fsti | 21 +- .../proofs/fstar/extraction/Makefile | 1 - .../proofs/fstar/spec/Spec.Utils.fst | 9 +- libcrux-ml-kem/src/vector/portable/ntt.rs | 171 ++++---- 8 files changed, 347 insertions(+), 317 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 28029c8c7..99900b2fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -58,24 +58,24 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); + (fun (_: Prims.unit) (result: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> vec_zero ()); f_from_i16_array_pre = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array); + (fun (array: t_Slice i16) (result: t_SIMD256Vector) -> impl.f_repr out == array); f_from_i16_array = (fun (array: t_Slice i16) -> vec_from_i16_array array); f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true); f_to_i16_array_post = - (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); + (fun (x: t_SIMD256Vector) (result: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x); f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); f_add_post = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_add = @@ -86,7 +86,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); f_sub_post = - (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_sub = @@ -97,7 +97,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); f_multiply_by_constant_post = - (fun (v: t_SIMD256Vector) (c: i16) (out: t_SIMD256Vector) -> + (fun (v: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); f_multiply_by_constant = @@ -108,7 +108,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); f_bitwise_and_with_constant_post = - (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> + (fun (vector: t_SIMD256Vector) (constant: i16) (result: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> x &. constant) (impl.f_repr vector)); f_bitwise_and_with_constant = @@ -125,7 +125,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); f_shift_right_post = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (result: t_SIMD256Vector) -> (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr vector)); f_shift_right @@ -143,7 +143,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector)); f_cond_subtract_3329_post = - (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (fun (vector: t_SIMD256Vector) (result: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector)); f_cond_subtract_3329_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti index 8093d76b3..d9c8f5bfe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti @@ -39,7 +39,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + (fun (_: Prims.unit) (result: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ()); f_from_i16_array_pre @@ -47,7 +47,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + (fun (array: t_Slice i16) (result: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> impl.f_repr out == array); f_from_i16_array = @@ -55,7 +55,10 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_to_i16_array_post = - (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> + (fun + (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) + (result: t_Array i16 (sz 16)) + -> out == impl.f_repr x); f_to_i16_array = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 856328a84..082580f77 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -4,27 +4,27 @@ open Core open FStar.Mul let inv_ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) = let a_minus_b:i16 = - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((v + (Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i16) <: @@ -33,12 +33,12 @@ let inv_ntt_step <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j (Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta @@ -48,165 +48,167 @@ let inv_ntt_step <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - v + vec let inv_ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 0) (sz 2) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 0) (sz 2) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 1) (sz 3) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 1) (sz 3) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 4) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 4) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 5) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 5) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta2 (sz 8) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta2 (sz 8) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta2 (sz 9) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta2 (sz 9) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta3 (sz 12) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta3 (sz 12) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta3 (sz 13) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta3 (sz 13) (sz 15) in - v + vec let inv_ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 0) (sz 4) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 0) (sz 4) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 1) (sz 5) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 1) (sz 5) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 2) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 2) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta0 (sz 3) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta0 (sz 3) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 8) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 8) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 9) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 9) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 10) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 10) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta1 (sz 11) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta1 (sz 11) (sz 15) in - v + vec let inv_ntt_layer_3_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 0) (sz 8) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 0) (sz 8) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 1) (sz 9) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 1) (sz 9) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 2) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 2) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 3) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 3) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 4) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 4) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 5) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 5) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 6) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 6) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - inv_ntt_step v zeta (sz 7) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + inv_ntt_step vec zeta (sz 7) (sz 15) in - v + vec -let vu16 (b1:u16) : nat = - let r = v b1 in - assert (r >= 0); - r - - -#push-options "--z3rlimit 150" -val mul_i16b (b1 b2:u16) (n1 n2:i16): - Pure i32 - (requires (let vb1: nat = v b1 in Spec.Utils.is_i16b vb1 n1)) - (ensures (fun _ -> True)) - - //z /\ Spec.Utils.is_i16b (v b2) n2)) - (ensures (fun _ -> Spec.Utils.is_i32b (v b1 * v b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) - -let mul_i16b (b1 b2:u16) (n1 n2:i16) = - -#push-options "--z3rlimit 300 --query_stats --split_queries always" let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let ai = (cast (a + let _:Prims.unit = + Spec.Utils.lemma_mul_i16b 3328 + 3328 + (Seq.index (a.f_elements) (v i)) + (Seq.index (b.f_elements) (v i)) + in + let _:Prims.unit = + Spec.Utils.lemma_mul_i16b 3328 + 3328 + (Seq.index (a.f_elements) (v j)) + (Seq.index (b.f_elements) (v j)) + in + let ai_bi:i32 = + (cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) *! + (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) + in + let aj_bj:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ((cast (a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] + <: + i16) + <: + i32) *! + (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) + <: + i32) + in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 1664 aj_bj zeta in + let o0:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (ai_bi +! + ((cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) <: i32) + <: + i32) + in + let _:Prims.unit = + Spec.Utils.lemma_mul_i16b 3328 + 3328 + (Seq.index (a.f_elements) (v i)) + (Seq.index (b.f_elements) (v j)) + in + let _:Prims.unit = + Spec.Utils.lemma_mul_i16b 3328 + 3328 + (Seq.index (a.f_elements) (v j)) + (Seq.index (b.f_elements) (v i)) + in + let o1:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: - i32) in - assert (Spec.Utils.is_i32b 3328 ai); - let bi = (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) in - assert (Spec.Utils.is_i32b 3328 bi); - let aj = (cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] - <: - i16) - <: - i32) in - assert (Spec.Utils.is_i32b 3328 aj); - let bj = (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) in - assert (Spec.Utils.is_i32b 3328 bj); - Spec.Utils.lemma_mul_intb 3328 3328 (v ai) (v bi); - Spec.Utils.lemma_mul_intb 3328 3328 (v ai) (v bj); - Spec.Utils.lemma_mul_intb 3328 3328 (v aj) (v bi); - Spec.Utils.lemma_mul_intb 3328 3328 (v aj) (v bj); - let ai_bi = ai *! bi in - let aj_bj = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (aj *! bj) in - assert (Spec.Utils.is_i16b 3328 aj_bj); - Spec.Utils.lemma_mul_intb 3328 1664 (v aj_bj) (v zeta); - let aj_bj_zeta = (cast aj_bj <: i32) *. (cast (zeta <: i16) <: i32) in - assert (v aj_bj_zeta = v aj_bj * v zeta); - assert (Spec.Utils.is_i32b (3328 * 1664) aj_bj_zeta); - let sum = ai_bi +! aj_bj_zeta in - assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 1664) sum); - let red = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element sum in - assert (Spec.Utils.is_i16b (3328 + 1665) red); - Spec.Utils.lemma_mul_intb (3328 + 1665) 1664 (v red) (v zeta); - let mul = (cast red <: i32) *! (cast (zeta <: i16) <: i32) in - let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element mul in - let ai_bj = ai *! bj in - let aj_bi = aj *! bi in - let sum = ai_bj +! aj_bi in - assert (Spec.Utils.is_i32b (2 * 3328 * 3328) sum); - let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element sum - in - admit() + i32) *! + (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) + <: + i32) +! + ((cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) *! + (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) + <: + i32) + <: + i32) + in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -236,131 +238,131 @@ let ntt_multiply_binomials out let ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) = let t:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer (v + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer (vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) zeta in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16) + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16) + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in - v + vec let ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 0) (sz 2) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 0) (sz 2) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 1) (sz 3) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 1) (sz 3) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 4) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 4) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 5) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 5) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta2 (sz 8) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta2 (sz 8) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta2 (sz 9) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta2 (sz 9) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta3 (sz 12) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta3 (sz 12) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta3 (sz 13) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta3 (sz 13) (sz 15) in - v + vec let ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 0) (sz 4) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 0) (sz 4) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 1) (sz 5) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 1) (sz 5) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 2) (sz 6) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 2) (sz 6) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta0 (sz 3) (sz 7) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta0 (sz 3) (sz 7) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 8) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 8) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 9) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 9) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 10) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 10) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta1 (sz 11) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta1 (sz 11) (sz 15) in - v + vec -let ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 0) (sz 8) +let ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 0) (sz 8) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 1) (sz 9) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 1) (sz 9) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 2) (sz 10) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 2) (sz 10) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 3) (sz 11) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 3) (sz 11) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 4) (sz 12) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 4) (sz 12) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 5) (sz 13) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 5) (sz 13) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 6) (sz 14) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 6) (sz 14) in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_step v zeta (sz 7) (sz 15) + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + ntt_step vec zeta (sz 7) (sz 15) in - v + vec let ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 57c66ac27..737021089 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -4,32 +4,34 @@ open Core open FStar.Mul val inv_ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) (fun _ -> Prims.l_True) val inv_ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) (fun _ -> Prims.l_True) val inv_ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1) (fun _ -> Prims.l_True) val inv_ntt_layer_3_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Spec.Utils.is_i16b 1664 zeta) (fun _ -> Prims.l_True) /// Compute the product of two Kyber binomials with respect to the @@ -54,48 +56,47 @@ val ntt_multiply_binomials (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires (v i < 16 /\ v j < 16 /\ - Spec.Utils.is_i16b_array 3328 a.f_elements /\ - Spec.Utils.is_i16b_array 3328 b.f_elements /\ - Spec.Utils.is_i16b 1664 zeta)) + (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) (ensures fun out_future -> let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in - let (x,y) = - Spec.MLKEM.Math.poly_base_case_multiply - (v (Seq.index a.f_elements (v i)) % 3329) - (v (Seq.index a.f_elements (v j)) % 3329) - (v (Seq.index b.f_elements (v i)) % 3329) - (v (Seq.index b.f_elements (v j)) % 3329) - ((v zeta * 169) % 3329) in + let x, y = + Spec.MLKEM.Math.poly_base_case_multiply (v (Seq.index a.f_elements (v i)) % 3329) + (v (Seq.index a.f_elements (v j)) % 3329) + (v (Seq.index b.f_elements (v i)) % 3329) + (v (Seq.index b.f_elements (v j)) % 3329) + ((v zeta * 169) % 3329) + in (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\ - y == v (Seq.index out_future.f_elements (v j)) % 3329)) + y == v (Seq.index out_future.f_elements (v j)) % 3329)) val ntt_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) (fun _ -> Prims.l_True) val ntt_layer_1_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) (fun _ -> Prims.l_True) val ntt_layer_2_step - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1) (fun _ -> Prims.l_True) -val ntt_layer_3_step (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) +val ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires Spec.Utils.is_i16b 1664 zeta) (fun _ -> Prims.l_True) val ntt_multiply diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index e27af183b..eb10082b6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -40,7 +40,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + (fun (_: Prims.unit) (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()); f_from_i16_array_pre @@ -48,7 +48,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + (fun + (array: t_Slice i16) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + -> impl.f_repr out == array); f_from_i16_array = @@ -60,7 +63,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: t_Array i16 (sz 16)) + (result: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array @@ -79,7 +82,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_add @@ -101,7 +104,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); f_sub @@ -119,7 +122,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); f_multiply_by_constant @@ -134,7 +137,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr v)); f_bitwise_and_with_constant @@ -150,7 +153,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr v)); @@ -166,7 +169,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr v)); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index c51c6275e..bea5579aa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -9,7 +9,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 6e64597f0..bc1675a95 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -163,9 +163,12 @@ let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): Lemma ((v / p) @% p == v / p) = - assert ((v / p) < p); - assert ((v / p) @% p == v / p); - () + let m = (v / p) % p in + if m >= p/2 then( + assert ((v/p) < 0); + assert (m - p == v/p) + ) + else () #push-options "--z3rlimit 1200 --split_queries always" val lemma_mont_red_i32 (x:i32): Lemma diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index f23f6e34c..67a8e3f92 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -2,111 +2,119 @@ use super::arithmetic::*; use super::vector_type::*; #[inline(always)] -pub(crate) fn ntt_step(v: &mut PortableVector, zeta: i16, i: usize, j: usize) { - let t = montgomery_multiply_fe_by_fer(v.elements[j], zeta); - v.elements[j] = v.elements[i] - t; - v.elements[i] = v.elements[i] + t; +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { + let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); + vec.elements[j] = vec.elements[i] - t; + vec.elements[i] = vec.elements[i] + t; } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn ntt_layer_1_step( - mut v: PortableVector, + mut vec: PortableVector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, ) -> PortableVector { - ntt_step(&mut v, zeta0, 0, 2); - ntt_step(&mut v, zeta0, 1, 3); - ntt_step(&mut v, zeta1, 4, 6); - ntt_step(&mut v, zeta1, 5, 7); - ntt_step(&mut v, zeta2, 8, 10); - ntt_step(&mut v, zeta2, 9, 11); - ntt_step(&mut v, zeta3, 12, 14); - ntt_step(&mut v, zeta3, 13, 15); - v + ntt_step(&mut vec, zeta0, 0, 2); + ntt_step(&mut vec, zeta0, 1, 3); + ntt_step(&mut vec, zeta1, 4, 6); + ntt_step(&mut vec, zeta1, 5, 7); + ntt_step(&mut vec, zeta2, 8, 10); + ntt_step(&mut vec, zeta2, 9, 11); + ntt_step(&mut vec, zeta3, 12, 14); + ntt_step(&mut vec, zeta3, 13, 15); + vec } #[inline(always)] -pub(crate) fn ntt_layer_2_step(mut v: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { - ntt_step(&mut v, zeta0, 0, 4); - ntt_step(&mut v, zeta0, 1, 5); - ntt_step(&mut v, zeta0, 2, 6); - ntt_step(&mut v, zeta0, 3, 7); - ntt_step(&mut v, zeta1, 8, 12); - ntt_step(&mut v, zeta1, 9, 13); - ntt_step(&mut v, zeta1, 10, 14); - ntt_step(&mut v, zeta1, 11, 15); - v +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] +pub(crate) fn ntt_layer_2_step(mut vec: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { + ntt_step(&mut vec, zeta0, 0, 4); + ntt_step(&mut vec, zeta0, 1, 5); + ntt_step(&mut vec, zeta0, 2, 6); + ntt_step(&mut vec, zeta0, 3, 7); + ntt_step(&mut vec, zeta1, 8, 12); + ntt_step(&mut vec, zeta1, 9, 13); + ntt_step(&mut vec, zeta1, 10, 14); + ntt_step(&mut vec, zeta1, 11, 15); + vec } #[inline(always)] -pub(crate) fn ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { - ntt_step(&mut v, zeta, 0, 8); - ntt_step(&mut v, zeta, 1, 9); - ntt_step(&mut v, zeta, 2, 10); - ntt_step(&mut v, zeta, 3, 11); - ntt_step(&mut v, zeta, 4, 12); - ntt_step(&mut v, zeta, 5, 13); - ntt_step(&mut v, zeta, 6, 14); - ntt_step(&mut v, zeta, 7, 15); - v +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] +pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { + ntt_step(&mut vec, zeta, 0, 8); + ntt_step(&mut vec, zeta, 1, 9); + ntt_step(&mut vec, zeta, 2, 10); + ntt_step(&mut vec, zeta, 3, 11); + ntt_step(&mut vec, zeta, 4, 12); + ntt_step(&mut vec, zeta, 5, 13); + ntt_step(&mut vec, zeta, 6, 14); + ntt_step(&mut vec, zeta, 7, 15); + vec } #[inline(always)] -pub(crate) fn inv_ntt_step(v: &mut PortableVector, zeta: i16, i: usize, j: usize) { - let a_minus_b = v.elements[j] - v.elements[i]; - v.elements[i] = barrett_reduce_element(v.elements[i] + v.elements[j]); - v.elements[j] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { + let a_minus_b = vec.elements[j] - vec.elements[i]; + vec.elements[i] = barrett_reduce_element(vec.elements[i] + vec.elements[j]); + vec.elements[j] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn inv_ntt_layer_1_step( - mut v: PortableVector, + mut vec: PortableVector, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16, ) -> PortableVector { - inv_ntt_step(&mut v, zeta0, 0, 2); - inv_ntt_step(&mut v, zeta0, 1, 3); - inv_ntt_step(&mut v, zeta1, 4, 6); - inv_ntt_step(&mut v, zeta1, 5, 7); - inv_ntt_step(&mut v, zeta2, 8, 10); - inv_ntt_step(&mut v, zeta2, 9, 11); - inv_ntt_step(&mut v, zeta3, 12, 14); - inv_ntt_step(&mut v, zeta3, 13, 15); - v + inv_ntt_step(&mut vec, zeta0, 0, 2); + inv_ntt_step(&mut vec, zeta0, 1, 3); + inv_ntt_step(&mut vec, zeta1, 4, 6); + inv_ntt_step(&mut vec, zeta1, 5, 7); + inv_ntt_step(&mut vec, zeta2, 8, 10); + inv_ntt_step(&mut vec, zeta2, 9, 11); + inv_ntt_step(&mut vec, zeta3, 12, 14); + inv_ntt_step(&mut vec, zeta3, 13, 15); + vec } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] pub(crate) fn inv_ntt_layer_2_step( - mut v: PortableVector, + mut vec: PortableVector, zeta0: i16, zeta1: i16, ) -> PortableVector { - inv_ntt_step(&mut v, zeta0, 0, 4); - inv_ntt_step(&mut v, zeta0, 1, 5); - inv_ntt_step(&mut v, zeta0, 2, 6); - inv_ntt_step(&mut v, zeta0, 3, 7); - inv_ntt_step(&mut v, zeta1, 8, 12); - inv_ntt_step(&mut v, zeta1, 9, 13); - inv_ntt_step(&mut v, zeta1, 10, 14); - inv_ntt_step(&mut v, zeta1, 11, 15); - v + inv_ntt_step(&mut vec, zeta0, 0, 4); + inv_ntt_step(&mut vec, zeta0, 1, 5); + inv_ntt_step(&mut vec, zeta0, 2, 6); + inv_ntt_step(&mut vec, zeta0, 3, 7); + inv_ntt_step(&mut vec, zeta1, 8, 12); + inv_ntt_step(&mut vec, zeta1, 9, 13); + inv_ntt_step(&mut vec, zeta1, 10, 14); + inv_ntt_step(&mut vec, zeta1, 11, 15); + vec } #[inline(always)] -pub(crate) fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> PortableVector { - inv_ntt_step(&mut v, zeta, 0, 8); - inv_ntt_step(&mut v, zeta, 1, 9); - inv_ntt_step(&mut v, zeta, 2, 10); - inv_ntt_step(&mut v, zeta, 3, 11); - inv_ntt_step(&mut v, zeta, 4, 12); - inv_ntt_step(&mut v, zeta, 5, 13); - inv_ntt_step(&mut v, zeta, 6, 14); - inv_ntt_step(&mut v, zeta, 7, 15); - v +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] +pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { + inv_ntt_step(&mut vec, zeta, 0, 8); + inv_ntt_step(&mut vec, zeta, 1, 9); + inv_ntt_step(&mut vec, zeta, 2, 10); + inv_ntt_step(&mut vec, zeta, 3, 11); + inv_ntt_step(&mut vec, zeta, 4, 12); + inv_ntt_step(&mut vec, zeta, 5, 13); + inv_ntt_step(&mut vec, zeta, 6, 14); + inv_ntt_step(&mut vec, zeta, 7, 15); + vec } /// Compute the product of two Kyber binomials with respect to the @@ -130,11 +138,17 @@ pub(crate) fn inv_ntt_layer_3_step(mut v: PortableVector, zeta: i16) -> Portable /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] -#[hax_lib::ensures(|()| fstar!("(Seq.index out_future (v i), Seq.index out_future (v j)) == - Spec.MLKEM.Math.poly_base_case_multiply - (Seq.index a (v i)) (Seq.index a (v j)) - (Seq.index b (v i)) (Seq.index b (v j)) - (v zeta) "))] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::ensures(|()| fstar!(" + let (x,y) = + Spec.MLKEM.Math.poly_base_case_multiply + (v (Seq.index a.f_elements (v i)) % 3329) + (v (Seq.index a.f_elements (v j)) % 3329) + (v (Seq.index b.f_elements (v i)) % 3329) + (v (Seq.index b.f_elements (v j)) % 3329) + ((v zeta * 169) % 3329) in + (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\\ + y == v (Seq.index out_future.f_elements (v j)) % 3329))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, @@ -143,11 +157,16 @@ pub(crate) fn ntt_multiply_binomials( j: usize, out: &mut PortableVector, ) { + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v i)) (Seq.index (${b}.f_elements) (v i))"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v j)) (Seq.index (${b}.f_elements) (v j))"); + let ai_bi = (a.elements[i] as i32) * (b.elements[i] as i32); + let aj_bj = montgomery_reduce_element((a.elements[j] as i32) * (b.elements[j] as i32)); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta"); let o0 = montgomery_reduce_element( - (a.elements[i] as i32) * (b.elements[i] as i32) - + (montgomery_reduce_element((a.elements[j] as i32) * (b.elements[j] as i32)) as i32) - * (zeta as i32), + ai_bi + (aj_bj as i32)* (zeta as i32), ); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v i)) (Seq.index (${b}.f_elements) (v j))"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v j)) (Seq.index (${b}.f_elements) (v i))"); let o1 = montgomery_reduce_element( (a.elements[i] as i32) * (b.elements[j] as i32) + (a.elements[j] as i32) * (b.elements[i] as i32), From 9b026b557cdb988de69326aaa61e04a26313134e Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 4 Sep 2024 11:36:43 +0200 Subject: [PATCH 220/348] merged --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0da78d60b..1f9f0f6d1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" dependencies = [ "proc-macro2", "quote", From b01cd8c03de34db391e8a7ba96a746838f338f1b Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 4 Sep 2024 13:52:38 +0000 Subject: [PATCH 221/348] Remove curly brackets from Tactics.GetBit.fst --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index e79d70661..a59c72fba 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -12,8 +12,8 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 -open BitVecEq {} -open Tactics.Seq {norm_index, tactic_list_index} +open BitVecEq +open Tactics.Seq let _ = Rust_primitives.Hax.array_of_list From 0907ca1bfdb245f48b89fe70ea936da4f715e2f3 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 9 Sep 2024 16:15:01 +0000 Subject: [PATCH 222/348] Mark functions at samplings.rs and serialize.rs as lax --- .../extraction/Libcrux_ml_kem.Sampling.fst | 20 ++++++++++++++++ .../extraction/Libcrux_ml_kem.Serialize.fst | 24 +++++++++++++++++++ .../proofs/fstar/extraction/Makefile | 2 -- libcrux-ml-kem/src/sampling.rs | 5 ++++ libcrux-ml-kem/src/serialize.rs | 6 +++++ 5 files changed, 55 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 1a7aefd49..467fe0554 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -10,6 +10,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let sample_from_uniform_distribution_next (#v_Vector: Type0) (v_K v_N: usize) @@ -144,6 +146,10 @@ let sample_from_uniform_distribution_next <: (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_binomial_distribution_2_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -205,6 +211,10 @@ let sample_from_binomial_distribution_2_ in Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_binomial_distribution_3_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -264,6 +274,10 @@ let sample_from_binomial_distribution_3_ in Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_binomial_distribution (v_ETA: usize) (#v_Vector: Type0) @@ -281,6 +295,10 @@ let sample_from_binomial_distribution <: Rust_primitives.Hax.t_Never) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_xof (v_K: usize) (#v_Vector #v_Hasher: Type0) @@ -374,3 +392,5 @@ let sample_from_xof t_Slice i16) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 01d461dd8..0aff4b996 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -9,6 +9,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let compress_then_serialize_10_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -68,6 +70,10 @@ let compress_then_serialize_10_ in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -127,6 +133,10 @@ let compress_then_serialize_11_ in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_4_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -187,6 +197,10 @@ let compress_then_serialize_4_ let hax_temp_output:Prims.unit = () <: Prims.unit in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_5_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -247,6 +261,10 @@ let compress_then_serialize_5_ let hax_temp_output:Prims.unit = () <: Prims.unit in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -305,6 +323,8 @@ let compress_then_serialize_message in serialized +#pop-options + let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) (#v_Vector: Type0) @@ -801,6 +821,8 @@ let deserialize_to_uncompressed_ring_element in re +#push-options "--admit_smt_queries true" + let serialize_uncompressed_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -853,3 +875,5 @@ let serialize_uncompressed_ring_element serialized) in serialized + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 5886525fd..7d120b457 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,8 +3,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 81d126afa..0404ad177 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -42,6 +42,7 @@ use crate::{ /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] fn sample_from_uniform_distribution_next( randomness: [[u8; N]; K], sampled_coefficients: &mut [usize; K], @@ -71,6 +72,7 @@ fn sample_from_uniform_distribution_next>( seeds: [[u8; 34]; K], ) -> [PolynomialRingElement; K] { @@ -158,6 +160,7 @@ pub(super) fn sample_from_xof( randomness: &[u8], ) -> PolynomialRingElement { @@ -195,6 +198,7 @@ fn sample_from_binomial_distribution_2( // hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 3 // ))))] #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] fn sample_from_binomial_distribution_3( randomness: &[u8], ) -> PolynomialRingElement { @@ -226,6 +230,7 @@ fn sample_from_binomial_distribution_3( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn sample_from_binomial_distribution( randomness: &[u8], ) -> PolynomialRingElement { diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 57f05368a..5ca732a6b 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -6,6 +6,7 @@ use crate::{ }; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn compress_then_serialize_message( re: PolynomialRingElement, ) -> [u8; SHARED_SECRET_SIZE] { @@ -33,6 +34,7 @@ pub(super) fn deserialize_then_decompress_message( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn serialize_uncompressed_ring_element( re: &PolynomialRingElement, ) -> [u8; BYTES_PER_RING_ELEMENT] { @@ -115,6 +117,7 @@ pub(super) fn deserialize_ring_elements_reduced< } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( OUT_LEN == 320 )] @@ -133,6 +136,7 @@ fn compress_then_serialize_10( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( OUT_LEN == 352 )] @@ -173,6 +177,7 @@ pub(super) fn compress_then_serialize_ring_element_u< } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == 128 )] @@ -195,6 +200,7 @@ fn compress_then_serialize_4( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == 160 )] From 3eb8ac810edc50c01256cbc6d5f734826eabbe7e Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 10 Sep 2024 12:39:53 +0000 Subject: [PATCH 223/348] Make two functions in sampling.rs panic-free --- Cargo.lock | 50 +++++++++---------- Cargo.toml | 2 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 23 +++++++-- .../Libcrux_ml_kem.Vector.Traits.fsti | 7 ++- libcrux-ml-kem/src/sampling.rs | 14 +++++- libcrux-ml-kem/src/vector/traits.rs | 4 ++ 6 files changed, 66 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0da78d60b..e866ee994 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.15" +version = "1.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.16" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" +checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" dependencies = [ "anstream", "anstyle", @@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#c707da15965f76d0ee3792a96e73a46394c5e01a" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" dependencies = [ "proc-macro2", "quote", @@ -1265,9 +1265,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" dependencies = [ "num-traits", "plotters-backend", @@ -1278,15 +1278,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" [[package]] name = "plotters-svg" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" dependencies = [ "plotters-backend", ] @@ -1569,9 +1569,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.35" +version = "0.38.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" +checksum = "3f55e80d50763938498dd5ebb18647174e0c76dc38c5505294bb224624f30f36" dependencies = [ "bitflags", "errno", @@ -1623,18 +1623,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", @@ -1643,9 +1643,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.127" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", diff --git a/Cargo.toml b/Cargo.toml index 6eec956ec..8eb9dac07 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,7 +77,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax", branch = "fold-step-boundary" } #hax-lib = { path = "../hax/hax-lib" } [dev-dependencies] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 467fe0554..d234b44b1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -10,8 +10,6 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--admit_smt_queries true" - let sample_from_uniform_distribution_next (#v_Vector: Type0) (v_K v_N: usize) @@ -146,9 +144,7 @@ let sample_from_uniform_distribution_next <: (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) -#pop-options - -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 800" let sample_from_binomial_distribution_2_ (#v_Vector: Type0) @@ -157,6 +153,10 @@ let sample_from_binomial_distribution_2_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = + assert (v (sz 2 *! sz 64) == 128); + assert (Seq.length randomness == 128) + in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) @@ -181,6 +181,10 @@ let sample_from_binomial_distribution_2_ in let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in + let _:Prims.unit = + logand_lemma random_bits_as_u32 1431655765ul; + logand_lemma (random_bits_as_u32 >>! 1l) 1431655765ul + in let coin_toss_outcomes:u32 = even_bits +! odd_bits in Rust_primitives.Hax.Folds.fold_range_step_by 0ul Core.Num.impl__u32__BITS @@ -201,6 +205,15 @@ let sample_from_binomial_distribution_2_ <: i16 in + let _:Prims.unit = + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul; + logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul; + assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3); + assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3); + assert (v chunk_number <= 31); + assert (v (sz 8 *! chunk_number <: usize) <= 248); + assert (v (cast (outcome_set >>! 2l <: u32) <: usize) <= 7) + in let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index a1de0f9af..1df7c1846 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -289,7 +289,12 @@ class t_Operations (v_Self: Type0) = { f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; - f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; + f_rej_sample_post:a: t_Slice u8 -> out: t_Slice i16 -> x: (t_Slice i16 & usize) + -> pred: + Type0 + { pred ==> + (let out_future, result:(t_Slice i16 & usize) = x in + Seq.length out_future == Seq.length out /\ range (v result + 255) usize_inttype) }; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) (f_rej_sample_pre x0 x1) diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 0404ad177..ab4e73ae1 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -42,7 +42,6 @@ use crate::{ /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] fn sample_from_uniform_distribution_next( randomness: [[u8; N]; K], sampled_coefficients: &mut [usize; K], @@ -160,10 +159,12 @@ pub(super) fn sample_from_xof( randomness: &[u8], ) -> PolynomialRingElement { + hax_lib::fstar!("assert (v (sz 2 *! sz 64) == 128); + assert (Seq.length $randomness == 128)"); let mut sampled_i16s = [0i16; 256]; cloop! { @@ -175,12 +176,21 @@ fn sample_from_binomial_distribution_2( let even_bits = random_bits_as_u32 & 0x55555555; let odd_bits = (random_bits_as_u32 >> 1) & 0x55555555; + hax_lib::fstar!("logand_lemma $random_bits_as_u32 1431655765ul; + logand_lemma ($random_bits_as_u32 >>! 1l) 1431655765ul"); let coin_toss_outcomes = even_bits + odd_bits; cloop! { for outcome_set in (0..u32::BITS).step_by(4) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x3) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as i16; + hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul; + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 2ul <: u32) <: u32) 3ul; + assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 3); + assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 3); + assert (v $chunk_number <= 31); + assert (v (sz 8 *! $chunk_number <: usize) <= 248); + assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)"); let offset = (outcome_set >> 2) as usize; sampled_i16s[8 * chunk_number + offset] = outcome_1 - outcome_2; diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index f11137c50..d965a9581 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -129,6 +129,10 @@ pub trait Operations: Copy + Clone + Repr { fn deserialize_12(a: &[u8]) -> Self; #[requires(true)] + #[ensures(|result| + fstar!("Seq.length $out_future == Seq.length $out /\\ + range (v $result + 255) usize_inttype") + )] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } From a8e27d46c3e7f5575f1952018a194fdbe4f2a33b Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 10 Sep 2024 15:47:29 +0000 Subject: [PATCH 224/348] Make remaining functions in sampling.rs panic-free --- .../extraction/Libcrux_ml_kem.Sampling.fst | 25 +++++++++++++++---- .../extraction/Libcrux_ml_kem.Sampling.fsti | 4 ++- libcrux-ml-kem/src/sampling.rs | 25 ++++++++++++++----- 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index d234b44b1..9cd6b1bcb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -226,7 +226,7 @@ let sample_from_binomial_distribution_2_ #pop-options -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 800" let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -235,6 +235,10 @@ let sample_from_binomial_distribution_3_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = + assert (v (sz 3 *! sz 64) == 192); + assert (Seq.length randomness == 192) + in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) @@ -257,6 +261,11 @@ let sample_from_binomial_distribution_3_ let first_bits:u32 = random_bits_as_u24 &. 2396745ul in let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in + let _:Prims.unit = + logand_lemma random_bits_as_u24 2396745ul; + logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul; + logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul + in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in Rust_primitives.Hax.Folds.fold_range_step_by 0l 24l @@ -277,6 +286,15 @@ let sample_from_binomial_distribution_3_ <: i16 in + let _:Prims.unit = + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul; + logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul; + assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7); + assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7); + assert (v chunk_number <= 63); + assert (v (sz 4 *! chunk_number <: usize) <= 252); + assert (v (cast (outcome_set /! 6l <: i32) <: usize) <= 3) + in let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s @@ -289,8 +307,6 @@ let sample_from_binomial_distribution_3_ #pop-options -#push-options "--admit_smt_queries true" - let sample_from_binomial_distribution (v_ETA: usize) (#v_Vector: Type0) @@ -299,6 +315,7 @@ let sample_from_binomial_distribution Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = assert ((v (cast v_ETA <: u32) == 2) \/ (v (cast v_ETA <: u32) == 3)) in match cast (v_ETA <: usize) <: u32 with | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness @@ -308,8 +325,6 @@ let sample_from_binomial_distribution <: Rust_primitives.Hax.t_Never) -#pop-options - #push-options "--admit_smt_queries true" let sample_from_xof diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index 5f5ac19d3..ed52e1e25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -114,7 +114,9 @@ val sample_from_binomial_distribution {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (v_ETA =. sz 2 || v_ETA =. sz 3) && + (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_xof diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index ab4e73ae1..a4999ffa2 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -152,7 +152,7 @@ pub(super) fn sample_from_xof. -#[cfg_attr(hax, hax_lib::requires(randomness.len() == 2 * 64))] +#[hax_lib::requires(randomness.len() == 2 * 64)] // TODO: Remove or replace with something that works and is useful for the proof. // #[cfg_attr(hax, hax_lib::ensures(|result| // hax_lib::forall(|i:usize| @@ -201,17 +201,19 @@ fn sample_from_binomial_distribution_2( PolynomialRingElement::from_i16_array(&sampled_i16s) } -#[cfg_attr(hax, hax_lib::requires(randomness.len() == 3 * 64))] +#[hax_lib::requires(randomness.len() == 3 * 64)] // TODO: Remove or replace with something that works and is useful for the proof. // #[cfg_attr(hax, hax_lib::ensures(|result| // hax_lib::forall(|i:usize| // hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 3 // ))))] #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::options("--z3rlimit 800")] fn sample_from_binomial_distribution_3( randomness: &[u8], ) -> PolynomialRingElement { + hax_lib::fstar!("assert (v (sz 3 *! sz 64) == 192); + assert (Seq.length $randomness == 192)"); let mut sampled_i16s = [0i16; 256]; cloop! { @@ -222,6 +224,9 @@ fn sample_from_binomial_distribution_3( let first_bits = random_bits_as_u24 & 0x00249249; let second_bits = (random_bits_as_u24 >> 1) & 0x00249249; let third_bits = (random_bits_as_u24 >> 2) & 0x00249249; + hax_lib::fstar!("logand_lemma $random_bits_as_u24 2396745ul; + logand_lemma ($random_bits_as_u24 >>! 1l <: u32) 2396745ul; + logand_lemma ($random_bits_as_u24 >>! 2l <: u32) 2396745ul"); let coin_toss_outcomes = first_bits + second_bits + third_bits; @@ -229,6 +234,13 @@ fn sample_from_binomial_distribution_3( for outcome_set in (0..24).step_by(6) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x7) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as i16; + hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul; + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 3l <: i32) <: u32) 7ul; + assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 7); + assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 7); + assert (v $chunk_number <= 63); + assert (v (sz 4 *! $chunk_number <: usize) <= 252); + assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)"); let offset = (outcome_set / 6) as usize; sampled_i16s[4 * chunk_number + offset] = outcome_1 - outcome_2; @@ -240,12 +252,13 @@ fn sample_from_binomial_distribution_3( } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires((ETA == 2 || ETA == 3) && randomness.len() == ETA * 64)] pub(super) fn sample_from_binomial_distribution( randomness: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(randomness.len() == ETA * 64); - + hax_lib::fstar!("assert ( + (v (cast $ETA <: u32) == 2) \\/ + (v (cast $ETA <: u32) == 3))"); match ETA as u32 { 2 => sample_from_binomial_distribution_2(randomness), 3 => sample_from_binomial_distribution_3(randomness), From 3ee84f3003e06aea31792b62c8564f1f492e7b78 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 10 Sep 2024 17:16:43 +0000 Subject: [PATCH 225/348] Fix verifying ZETAS_TIMES_MONTGOMERY_R --- .../extraction/Libcrux_ml_kem.Polynomial.fst | 71 +++++++++---------- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 1 + .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/polynomial.rs | 25 ++++--- libcrux-ml-kem/src/sampling.rs | 2 +- 5 files changed, 52 insertions(+), 48 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index df19c569e..fd9edcef5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -36,6 +36,7 @@ let impl_1__add_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -86,6 +87,7 @@ let impl_1__add_message_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self message result: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let result:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -142,6 +144,7 @@ let impl_1__add_standard_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -275,6 +278,7 @@ let impl_1__ntt_multiply Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let out:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -287,46 +291,39 @@ let impl_1__ntt_multiply (fun out i -> let out:t_PolynomialRingElement v_Vector = out in let i:usize = i in - let _:Prims.unit = - assert (64 + 4 * v i < 128); - assert (64 + 4 * v i + 1 < 128); - assert (64 + 4 * v i + 2 < 128); - assert (64 + 4 * v i + 3 < 128) - in - let out:t_PolynomialRingElement v_Vector = - { - out with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients - i - (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector - #FStar.Tactics.Typeclasses.solve - (self.f_coefficients.[ i ] <: v_Vector) - (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 - <: - usize ] + { + out with + f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients + i + (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector + #FStar.Tactics.Typeclasses.solve + (self.f_coefficients.[ i ] <: v_Vector) + (rhs.f_coefficients.[ i ] <: v_Vector) + (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 - <: - usize ] + usize ] + <: + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 - <: - usize ] + usize ] + <: + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: - i16) - <: - v_Vector) - } + usize ] + <: + i16) + <: + v_Vector) <: - t_PolynomialRingElement v_Vector - in - out) + t_Array v_Vector (sz 16) + } + <: + t_PolynomialRingElement v_Vector) in out @@ -337,6 +334,7 @@ let impl_1__poly_barrett_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -375,6 +373,7 @@ let impl_1__subtract_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self b: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let b:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 98b6cc98d..c28d83a96 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -10,6 +10,7 @@ let _ = () let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = + let _:Prims.unit = assert_norm (pow2 16 == 65536) in let list = [ (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 7d120b457..25b90a266 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,7 +3,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index b508af0e8..a622ad805 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,6 +1,7 @@ use crate::vector::{to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR}; -pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ +pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = { + hax_lib::fstar!("assert_norm (pow2 16 == 65536)"); [ -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, @@ -9,7 +10,7 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628, -]; +]}; pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; @@ -66,6 +67,8 @@ impl PolynomialRingElement { #[inline(always)] pub fn poly_barrett_reduce(&mut self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { @@ -76,6 +79,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn subtract_reduce(&self, mut b: Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient_normal_form = Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441); @@ -87,6 +92,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_message_error_reduce(&self, message: &Self, mut result: Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient_normal_form = Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); @@ -116,6 +123,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_error_reduce(&mut self, error: &Self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..VECTORS_IN_RING_ELEMENT { @@ -132,6 +141,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_standard_error_reduce(&mut self, error: &Self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..VECTORS_IN_RING_ELEMENT { @@ -187,6 +198,8 @@ impl PolynomialRingElement { // ))))] #[inline(always)] pub(crate) fn ntt_multiply(&self, rhs: &Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // hax_debug_debug_assert!(lhs // .coefficients // .into_iter() @@ -195,14 +208,6 @@ impl PolynomialRingElement { let mut out = PolynomialRingElement::ZERO(); for i in 0..VECTORS_IN_RING_ELEMENT { - // hax_lib::assert!(64 + 4 * i < 128); - // hax_lib::assert!(64 + 4 * i + 1 < 128); - // hax_lib::assert!(64 + 4 * i + 2 < 128); - // hax_lib::assert!(64 + 4 * i + 3 < 128); - hax_lib::fstar!("assert(64 + 4 * v $i < 128); - assert(64 + 4 * v $i + 1 < 128); - assert(64 + 4 * v $i + 2 < 128); - assert(64 + 4 * v $i + 3 < 128)"); out.coefficients[i] = Vector::ntt_multiply( &self.coefficients[i], &rhs.coefficients[i], diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index a4999ffa2..094334c58 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -1,5 +1,5 @@ use crate::{ - constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, hax_utils::hax_debug_assert, + constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, helper::cloop, polynomial::PolynomialRingElement, vector::Operations, }; From 2b4497bb89012452905bf5725be7c65f2296ee3a Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 12 Sep 2024 09:25:30 +0200 Subject: [PATCH 226/348] wip --- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 28 +++----- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 28 +++----- .../extraction/Libcrux_ml_kem.Polynomial.fst | 25 +++---- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 8 +++ ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 25 +++++-- .../Libcrux_ml_kem.Vector.Avx2.fsti | 53 ++++++++++----- .../Libcrux_ml_kem.Vector.Neon.fsti | 9 +-- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 32 ++++----- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 28 ++++++-- .../Libcrux_ml_kem.Vector.Portable.fsti | 65 ++++++++++++------- .../Libcrux_ml_kem.Vector.Traits.fst | 24 +++---- .../Libcrux_ml_kem.Vector.Traits.fsti | 61 ++++++++++++++--- .../proofs/fstar/extraction/Makefile | 1 + .../proofs/fstar/spec/Spec.Utils.fst | 9 +-- libcrux-ml-kem/src/invert_ntt.rs | 18 ++--- libcrux-ml-kem/src/ntt.rs | 18 ++--- libcrux-ml-kem/src/polynomial.rs | 18 +++-- libcrux-ml-kem/src/vector/avx2.rs | 22 +++++-- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 13 +++- libcrux-ml-kem/src/vector/portable.rs | 28 ++++++-- .../src/vector/portable/arithmetic.rs | 36 ++++++---- libcrux-ml-kem/src/vector/traits.rs | 34 +++++++--- 22 files changed, 367 insertions(+), 216 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 9ebede517..d28d5325a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -65,19 +65,10 @@ let invert_ntt_at_layer_1_ (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_1_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 2 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 3 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 3 <: usize) <: i16) <: v_Vector) } @@ -126,11 +117,8 @@ let invert_ntt_at_layer_2_ (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_2_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i -! sz 1 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i -! sz 1 <: usize) <: i16) <: v_Vector) } @@ -179,7 +167,7 @@ let invert_ntt_at_layer_3_ (Libcrux_ml_kem.Vector.Traits.f_inv_ntt_layer_3_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) <: v_Vector) } @@ -239,7 +227,7 @@ let invert_ntt_at_layer_4_plus (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 139ad22c3..abfd4e93b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -62,19 +62,10 @@ let ntt_at_layer_1_ (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_1_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 2 <: usize - ] - <: - i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 3 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 1 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 2 <: usize) <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 3 <: usize) <: i16) <: v_Vector) } @@ -123,11 +114,8 @@ let ntt_at_layer_2_ (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_2_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i +! sz 1 <: usize - ] - <: - i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta (zeta_i +! sz 1 <: usize) <: i16) <: v_Vector) } @@ -176,7 +164,7 @@ let ntt_at_layer_3_ (Libcrux_ml_kem.Vector.Traits.f_ntt_layer_3_step #v_Vector #FStar.Tactics.Typeclasses.solve (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ round ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) <: v_Vector) } @@ -240,7 +228,7 @@ let ntt_at_layer_4_plus (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j +! step_vec <: usize ] <: v_Vector) - (Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ zeta_i ] <: i16) + (Libcrux_ml_kem.Polynomial.get_zeta zeta_i <: i16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index df19c569e..626cc27cb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -9,6 +9,11 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let get_zeta (i: usize) = + let result:i16 = v_ZETAS_TIMES_MONTGOMERY_R.[ i ] in + let _:Prims.unit = admit () (* Panic freedom *) in + result + let impl_1__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -304,22 +309,10 @@ let impl_1__ntt_multiply #FStar.Tactics.Typeclasses.solve (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 - <: - usize ] - <: - i16) + (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) <: v_Vector) } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 98b6cc98d..3c1224b05 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -28,6 +28,14 @@ let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 128); Rust_primitives.Hax.array_of_list 128 list +val get_zeta (i: usize) + : Prims.Pure i16 + (requires i <. sz 128) + (ensures + fun result -> + let result:i16 = result in + Spec.Utils.is_i16b 1664 result) + let v_VECTORS_IN_RING_ELEMENT: usize = Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 8a38e9fe9..a629007bb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -7,12 +7,17 @@ let v_BARRETT_MULTIPLIER: i16 = 20159s val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) + + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map2 ( +. ) + Spec.Utils.map2 ( +! ) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) @@ -28,7 +33,12 @@ val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 31) + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) i) * v constant) + ) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in @@ -49,12 +59,17 @@ val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) = + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map2 ( -. ) + Spec.Utils.map2 ( -! ) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index c5bc98f4f..28e3c4446 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -58,57 +58,80 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (result: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); + (fun (_: Prims.unit) (out: t_SIMD256Vector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> vec_zero ()); f_from_i16_array_pre = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun (array: t_Slice i16) (result: t_SIMD256Vector) -> impl.f_repr out == array); + (fun (array: t_Slice i16) (out: t_SIMD256Vector) -> impl.f_repr out == array); f_from_i16_array = (fun (array: t_Slice i16) -> vec_from_i16_array array); f_to_i16_array_pre = (fun (x: t_SIMD256Vector) -> true); f_to_i16_array_post = - (fun (x: t_SIMD256Vector) (result: t_Array i16 (sz 16)) -> out == impl.f_repr x); + (fun (x: t_SIMD256Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array = (fun (x: t_SIMD256Vector) -> vec_to_i16_array x); - f_add_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_add_pre + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i))); f_add_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) -> - impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); + forall i. + i < 16 ==> + (v (Seq.index (impl.f_repr result) i) == + v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i))); f_add = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.add lhs.f_elements rhs.f_elements } <: t_SIMD256Vector); - f_sub_pre = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> true); + f_sub_pre + = + (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i))); f_sub_post = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) (result: t_SIMD256Vector) -> - impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); + forall i. + i < 16 ==> + (v (Seq.index (impl.f_repr result) i) == + v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i))); f_sub = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.sub lhs.f_elements rhs.f_elements } <: t_SIMD256Vector); - f_multiply_by_constant_pre = (fun (v: t_SIMD256Vector) (c: i16) -> true); + f_multiply_by_constant_pre + = + (fun (vec: t_SIMD256Vector) (c: i16) -> + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index (impl.f_repr vec) i) * v c)); f_multiply_by_constant_post = - (fun (v: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) -> - impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); + (fun (vec: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) -> + forall i. + i < 16 ==> + (v (Seq.index (impl.f_repr result) i) == v (Seq.index (impl.f_repr vec) i) * v c)); f_multiply_by_constant = - (fun (v: t_SIMD256Vector) (c: i16) -> - { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant v.f_elements c } + (fun (vec: t_SIMD256Vector) (c: i16) -> + { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.multiply_by_constant vec.f_elements c } <: t_SIMD256Vector); f_bitwise_and_with_constant_pre = (fun (vector: t_SIMD256Vector) (constant: i16) -> true); f_bitwise_and_with_constant_post = - (fun (vector: t_SIMD256Vector) (constant: i16) (result: t_SIMD256Vector) -> + (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> x &. constant) (impl.f_repr vector)); f_bitwise_and_with_constant = @@ -125,7 +148,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) -> v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l); f_shift_right_post = - (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (result: t_SIMD256Vector) -> + (fun (v_SHIFT_BY: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr vector)); f_shift_right @@ -143,7 +166,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr vector)); f_cond_subtract_3329_post = - (fun (vector: t_SIMD256Vector) (result: t_SIMD256Vector) -> + (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr vector)); f_cond_subtract_3329_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti index d9c8f5bfe..8093d76b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti @@ -39,7 +39,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (result: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Neon.Vector_type.v_ZERO ()); f_from_i16_array_pre @@ -47,7 +47,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun (array: t_Slice i16) (result: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> + (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> impl.f_repr out == array); f_from_i16_array = @@ -55,10 +55,7 @@ Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector = f_to_i16_array_pre = (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) -> true); f_to_i16_array_post = - (fun - (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (result: t_Array i16 (sz 16)) - -> + (fun (x: Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 117dc37fe..94e119b51 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -183,7 +183,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = (forall j. j < v i ==> (Seq.index lhs.f_elements j) == - (Seq.index v__lhs0.f_elements j) +. (Seq.index rhs.f_elements j)) /\ + (Seq.index v__lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> @@ -197,11 +197,8 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Core.Num.impl__i16__wrapping_add (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i16) } @@ -211,7 +208,7 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = lhs) in let _:Prims.unit = - Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( +. ) v__lhs0.f_elements rhs.f_elements) + Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( +! ) v__lhs0.f_elements rhs.f_elements) in lhs @@ -409,7 +406,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in (forall j. - j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *. c) /\ + j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *! c) /\ (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) vec (fun vec i -> @@ -423,11 +420,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Core.Num.impl__i16__wrapping_mul (vec - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - c + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) *! c <: i16) } @@ -437,7 +430,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port vec) in let _:Prims.unit = - Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x *. c) v__vec0.f_elements) + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x *! c) v__vec0.f_elements) in vec @@ -492,7 +485,7 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = (forall j. j < v i ==> (Seq.index lhs.f_elements j) == - (Seq.index v__lhs0.f_elements j) -. (Seq.index rhs.f_elements j)) /\ + (Seq.index v__lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> @@ -506,11 +499,8 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Core.Num.impl__i16__wrapping_sub (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i16) } @@ -520,6 +510,6 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = lhs) in let _:Prims.unit = - Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( -. ) v__lhs0.f_elements rhs.f_elements) + Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( -! ) v__lhs0.f_elements rhs.f_elements) in lhs diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 22337b580..79bed8506 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -70,11 +70,18 @@ val montgomery_multiply_fe_by_fer (fe fer: i16) val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map2 ( +. ) (lhs.f_elements) (rhs.f_elements)) + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))) val barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -117,11 +124,13 @@ val montgomery_multiply_by_constant val multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index vec.f_elements i) * v c)) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map_array (fun x -> x *. c) (vec.f_elements)) + forall i. + i < 16 ==> (v (Seq.index result.f_elements i) == v (Seq.index vec.f_elements i) * v c)) val shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -134,8 +143,15 @@ val shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_ty val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True + (requires + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - result.f_elements == Spec.Utils.map2 ( -. ) (lhs.f_elements) (rhs.f_elements)) + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 144f38e3c..d05fb62fd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 300 --split_queries always" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul @@ -40,7 +40,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_ZERO_pre = (fun (_: Prims.unit) -> true); f_ZERO_post = - (fun (_: Prims.unit) (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + (fun (_: Prims.unit) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Seq.create 16 0s); f_ZERO = (fun (_: Prims.unit) -> Libcrux_ml_kem.Vector.Portable.Vector_type.zero ()); f_from_i16_array_pre @@ -48,10 +48,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (array: t_Slice i16) -> (Core.Slice.impl__len #i16 array <: usize) =. sz 16); f_from_i16_array_post = - (fun - (array: t_Slice i16) - (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - -> + (fun (array: t_Slice i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == array); f_from_i16_array = @@ -63,7 +60,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (x: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (result: t_Array i16 (sz 16)) + (out: t_Array i16 (sz 16)) -> out == impl.f_repr x); f_to_i16_array @@ -76,7 +73,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))); f_add_post = (fun @@ -84,7 +84,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Spec.Utils.map2 ( +. ) (impl.f_repr lhs) (impl.f_repr rhs)); + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))); f_add = (fun @@ -98,7 +101,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (lhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))); f_sub_post = (fun @@ -106,7 +112,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Spec.Utils.map2 ( -. ) (impl.f_repr lhs) (impl.f_repr rhs)); + forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) == + v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))); f_sub = (fun @@ -116,19 +125,21 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.sub lhs rhs); f_multiply_by_constant_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> true); + (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index vec.f_elements i) * v c)); f_multiply_by_constant_post = (fun - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr v)); + forall i. + i < 16 ==> (v (Seq.index result.f_elements i) == v (Seq.index vec.f_elements i) * v c)); f_multiply_by_constant = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> - Libcrux_ml_kem.Vector.Portable.Arithmetic.multiply_by_constant v c); + (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> + Libcrux_ml_kem.Vector.Portable.Arithmetic.multiply_by_constant vec c); f_bitwise_and_with_constant_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> true); @@ -137,7 +148,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) - (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr v)); f_bitwise_and_with_constant @@ -153,7 +164,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> (v_SHIFT_BY >=. 0l /\ v_SHIFT_BY <. 16l) ==> impl.f_repr out == Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (impl.f_repr v)); @@ -169,7 +180,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (result: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr v)); @@ -278,7 +289,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); f_ntt_layer_1_step_post = (fun @@ -307,7 +319,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta0: i16) (zeta1: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); f_ntt_layer_2_step_post = (fun @@ -327,7 +339,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Ntt.ntt_layer_2_step a zeta0 zeta1); f_ntt_layer_3_step_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta); f_ntt_layer_3_step_post = (fun @@ -349,7 +362,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); f_inv_ntt_layer_1_step_post = (fun @@ -378,7 +392,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta0: i16) (zeta1: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); f_inv_ntt_layer_2_step_post = (fun @@ -398,7 +412,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Ntt.inv_ntt_layer_2_step a zeta0 zeta1); f_inv_ntt_layer_3_step_pre = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta); f_inv_ntt_layer_3_step_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index be631a15d..4633db34b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -3,21 +3,23 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul +#push-options "--z3rlimit 50" + let decompress_1_ (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) - (v: v_T) + (vec: v_T) = - let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre (i1.f_ZERO ()) 0s) in - f_bitwise_and_with_constant #v_T - #FStar.Tactics.Typeclasses.solve - (f_sub #v_T - #FStar.Tactics.Typeclasses.solve - (f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () <: v_T) - v - <: - v_T) - 1665s + let s:v_T = + f_sub #v_T + #FStar.Tactics.Typeclasses.solve + (f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () <: v_T) + vec + in + let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in + f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s + +#pop-options let montgomery_multiply_fe (#v_T: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 245b3d2d1..a1c8ca919 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -42,19 +42,53 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure (t_Array i16 (sz 16)) (f_to_i16_array_pre x0) (fun result -> f_to_i16_array_post x0 result); - f_add_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; + f_add_pre:lhs: v_Self -> rhs: v_Self + -> pred: + Type0 + { (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index (f_repr lhs) i) + v (Seq.index (f_repr rhs) i))) ==> + pred }; f_add_post:lhs: v_Self -> rhs: v_Self -> result: v_Self - -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( +. ) (f_repr lhs) (f_repr rhs)}; + -> pred: + Type0 + { pred ==> + (forall i. + i < 16 ==> + (v (Seq.index (f_repr result) i) == + v (Seq.index (f_repr lhs) i) + v (Seq.index (f_repr rhs) i))) }; f_add:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result); - f_sub_pre:lhs: v_Self -> rhs: v_Self -> pred: Type0{true ==> pred}; + f_sub_pre:lhs: v_Self -> rhs: v_Self + -> pred: + Type0 + { (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15) + (v (Seq.index (f_repr lhs) i) - v (Seq.index (f_repr rhs) i))) ==> + pred }; f_sub_post:lhs: v_Self -> rhs: v_Self -> result: v_Self - -> pred: Type0{pred ==> f_repr result == Spec.Utils.map2 ( -. ) (f_repr lhs) (f_repr rhs)}; + -> pred: + Type0 + { pred ==> + (forall i. + i < 16 ==> + (v (Seq.index (f_repr result) i) == + v (Seq.index (f_repr lhs) i) - v (Seq.index (f_repr rhs) i))) }; f_sub:x0: v_Self -> x1: v_Self -> Prims.Pure v_Self (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result); - f_multiply_by_constant_pre:v: v_Self -> c: i16 -> pred: Type0{true ==> pred}; - f_multiply_by_constant_post:v: v_Self -> c: i16 -> result: v_Self - -> pred: Type0{pred ==> f_repr result == Spec.Utils.map_array (fun x -> x *. c) (f_repr v)}; + f_multiply_by_constant_pre:vec: v_Self -> c: i16 + -> pred: + Type0 + { (forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index (f_repr vec) i) * v c)) ==> + pred }; + f_multiply_by_constant_post:vec: v_Self -> c: i16 -> result: v_Self + -> pred: + Type0 + { pred ==> + (forall i. + i < 16 ==> (v (Seq.index (f_repr result) i) == v (Seq.index (f_repr vec) i) * v c)) }; f_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_multiply_by_constant_pre x0 x1) @@ -319,8 +353,13 @@ let v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R: u32 = 62209ul let v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS: i16 = 1353s -val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) +val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) + : Prims.Pure v_T + (requires + forall i. + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + (x == 0s \/ x == 1s)) + (fun _ -> Prims.l_True) val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) : Prims.Pure v_T (requires Spec.Utils.is_i16b 3328 fer) (fun _ -> Prims.l_True) @@ -329,4 +368,6 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure v_T + (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 7c98f2153..393946021 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -9,6 +9,7 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ + Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index bc1675a95..b44ac897e 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -101,19 +101,20 @@ let update_at_range_lemma #n /// Bounded integers -let is_i16b (l:nat) (x:i16) = (v x <= l) && (v x >= -l) +let is_intb (l:nat) (x:int) = (x <= l) && (x >= -l) +let is_i16b (l:nat) (x:i16) = is_intb l (v x) let is_i16b_array (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = forall i. i < v r ==> is_i16b_array l (Seq.index x i) let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) -let is_i32b (l:nat) (x:i32) = (v x <= l) && (v x >= -l) +let is_i32b (l:nat) (x:i32) = is_intb l (v x) let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 val lemma_mul_intb (b1 b2: nat) (n1 n2: int) - : Lemma (requires (n1 <= b1 /\ n1 >= -b1 /\ n2 <= b2 /\ n2 >= -b2)) - (ensures ((n1 * n2) <= (b1 * b2) /\ (n1 * n2) >= - (b1 * b2))) + : Lemma (requires (is_intb b1 n1 /\ is_intb b2 n2)) + (ensures (is_intb (b1 * b2) (n1 * n2))) let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = () val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 12b60f3cf..6693e3343 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -1,6 +1,6 @@ use crate::{ hax_utils::hax_debug_assert, - polynomial::{PolynomialRingElement, ZETAS_TIMES_MONTGOMERY_R}, + polynomial::{PolynomialRingElement, get_zeta}, vector::{montgomery_multiply_fe, Operations, FIELD_ELEMENTS_IN_VECTOR}, }; @@ -16,10 +16,10 @@ pub(crate) fn invert_ntt_at_layer_1( *zeta_i -= 1; re.coefficients[round] = Vector::inv_ntt_layer_1_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 1], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 2], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 3], + get_zeta (*zeta_i), + get_zeta (*zeta_i - 1), + get_zeta (*zeta_i - 2), + get_zeta (*zeta_i - 3), ); *zeta_i -= 3; } @@ -38,8 +38,8 @@ pub(crate) fn invert_ntt_at_layer_2( *zeta_i -= 1; re.coefficients[round] = Vector::inv_ntt_layer_2_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i - 1], + get_zeta (*zeta_i), + get_zeta (*zeta_i - 1), ); *zeta_i -= 1; } @@ -57,7 +57,7 @@ pub(crate) fn invert_ntt_at_layer_3( for round in 0..16 { *zeta_i -= 1; re.coefficients[round] = - Vector::inv_ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); + Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); } () } @@ -94,7 +94,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus( let (x, y) = inv_ntt_layer_int_vec_step_reduce( re.coefficients[j], re.coefficients[j + step_vec], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], + get_zeta (*zeta_i), ); re.coefficients[j] = x; re.coefficients[j + step_vec] = y; diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index d33d9c077..3afdbd267 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -1,6 +1,6 @@ use crate::{ hax_utils::hax_debug_assert, - polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, ZETAS_TIMES_MONTGOMERY_R}, + polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT, get_zeta}, vector::{montgomery_multiply_fe, Operations}, }; @@ -17,10 +17,10 @@ pub(crate) fn ntt_at_layer_1( *zeta_i += 1; re.coefficients[round] = Vector::ntt_layer_1_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 1], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 2], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 3], + get_zeta (*zeta_i), + get_zeta (*zeta_i + 1), + get_zeta (*zeta_i + 2), + get_zeta (*zeta_i + 3), ); *zeta_i += 3; } @@ -40,8 +40,8 @@ pub(crate) fn ntt_at_layer_2( *zeta_i += 1; re.coefficients[round] = Vector::ntt_layer_2_step( re.coefficients[round], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i + 1], + get_zeta (*zeta_i), + get_zeta (*zeta_i + 1), ); *zeta_i += 1; } @@ -60,7 +60,7 @@ pub(crate) fn ntt_at_layer_3( for round in 0..16 { *zeta_i += 1; re.coefficients[round] = - Vector::ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); + Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); } () } @@ -99,7 +99,7 @@ pub(crate) fn ntt_at_layer_4_plus( let (x, y) = ntt_layer_int_vec_step( re.coefficients[j], re.coefficients[j + step_vec], - ZETAS_TIMES_MONTGOMERY_R[*zeta_i], + get_zeta (*zeta_i), ); re.coefficients[j] = x; re.coefficients[j + step_vec] = y; diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index b508af0e8..f77848f1f 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,6 +1,6 @@ use crate::vector::{to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR}; -pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ +const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, @@ -11,6 +11,14 @@ pub(crate) const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628, ]; +#[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(i < 128)] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 1664 result"))] +pub fn get_zeta(i:usize) -> i16 { + ZETAS_TIMES_MONTGOMERY_R[i] +} + pub(crate) const VECTORS_IN_RING_ELEMENT: usize = super::constants::COEFFICIENTS_IN_RING_ELEMENT / FIELD_ELEMENTS_IN_VECTOR; @@ -206,10 +214,10 @@ impl PolynomialRingElement { out.coefficients[i] = Vector::ntt_multiply( &self.coefficients[i], &rhs.coefficients[i], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i + 1], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i + 2], - ZETAS_TIMES_MONTGOMERY_R[64 + 4 * i + 3], + get_zeta (64 + 4 * i), + get_zeta (64 + 4 * i + 1), + get_zeta (64 + 4 * i + 2), + get_zeta (64 + 4 * i + 3), ); } diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 3668394ce..6b5dfdef4 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -69,24 +69,36 @@ impl Operations for SIMD256Vector { vec_to_i16_array(x) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (impl.f_repr ${result}) i) == + v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] fn add(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::add(lhs.elements, rhs.elements), } } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (impl.f_repr ${result}) i) == + v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] fn sub(lhs: Self, rhs: &Self) -> Self { Self { elements: arithmetic::sub(lhs.elements, rhs.elements), } } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] - fn multiply_by_constant(v: Self, c: i16) -> Self { + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 31) (v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (impl.f_repr ${result}) i) == + v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] + fn multiply_by_constant(vec: Self, c: i16) -> Self { Self { - elements: arithmetic::multiply_by_constant(v.elements, c), + elements: arithmetic::multiply_by_constant(vec.elements, c), } } diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index f6e4bc29d..1c36a8be8 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,20 +3,29 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) + + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map2 (+.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] + Spec.Utils.map2 (+!) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_add_epi16(lhs, rhs) } #[inline(always)] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) = + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map2 (-.) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] + Spec.Utils.map2 (-!) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_sub_epi16(lhs, rhs) } #[inline(always)] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 31) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) i) * + v constant)"))] #[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 799a088b0..13eda81be 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -41,19 +41,31 @@ impl Operations for PortableVector { to_i16_array(x) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (+.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] fn add(lhs: Self, rhs: &Self) -> Self { add(lhs, rhs) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map2 (-.) (impl.f_repr $lhs) (impl.f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] fn sub(lhs: Self, rhs: &Self) -> Self { sub(lhs, rhs) } - #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x *. c) (impl.f_repr $v)"))] - fn multiply_by_constant(v: Self, c: i16) -> Self { - multiply_by_constant(v, c) + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 31) (v (Seq.index ${vec}.f_elements i) * v c)"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${vec}.f_elements i) * v c)"))] + fn multiply_by_constant(vec: Self, c: i16) -> Self { + multiply_by_constant(vec, c) } #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> x &. c) (impl.f_repr $v)"))] @@ -99,26 +111,32 @@ impl Operations for PortableVector { decompress_ciphertext_coefficient::(v) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { ntt_layer_2_step(a, zeta0, zeta1) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self { ntt_layer_3_step(a, zeta) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { inv_ntt_layer_2_step(a, zeta0, zeta1) } + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self { inv_ntt_layer_3_step(a, zeta) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 98767bd57..106a658f5 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -41,47 +41,59 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 150")] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (+.) (${lhs}.f_elements) (${rhs}.f_elements)"))] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { let _lhs0 = lhs; for i in 0..FIELD_ELEMENTS_IN_VECTOR { hax_lib::loop_invariant!(|i: usize| { fstar!(" (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == - (Seq.index ${_lhs0}.f_elements j) +. (Seq.index ${rhs}.f_elements j)) /\\ + (Seq.index ${_lhs0}.f_elements j) +! (Seq.index ${rhs}.f_elements j)) /\\ (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); - lhs.elements[i] = lhs.elements[i].wrapping_add(rhs.elements[i]); + lhs.elements[i] += rhs.elements[i]; } - hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (+.) ${_lhs0}.f_elements ${rhs}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (+!) ${_lhs0}.f_elements ${rhs}.f_elements)"); lhs } #[inline(always)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (-.) (${lhs}.f_elements) (${rhs}.f_elements)"))] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { let _lhs0 = lhs; for i in 0..FIELD_ELEMENTS_IN_VECTOR { hax_lib::loop_invariant!(|i: usize| { fstar!(" (forall j. j < v i ==> (Seq.index ${lhs}.f_elements j) == - (Seq.index ${_lhs0}.f_elements j) -. (Seq.index ${rhs}.f_elements j)) /\\ + (Seq.index ${_lhs0}.f_elements j) -! (Seq.index ${rhs}.f_elements j)) /\\ (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); - lhs.elements[i] = lhs.elements[i].wrapping_sub(rhs.elements[i]); + lhs.elements[i] -= rhs.elements[i]; } - hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (-.) ${_lhs0}.f_elements ${rhs}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (-!) ${_lhs0}.f_elements ${rhs}.f_elements)"); lhs } #[inline(always)] -#[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${vec}.f_elements)"))] +#[hax_lib::requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 31) (v (Seq.index ${vec}.f_elements i) * v c)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) == + v (Seq.index ${vec}.f_elements i) * v c)"))] pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { hax_lib::loop_invariant!(|i: usize| { fstar!(" (forall j. j < v i ==> (Seq.index ${vec}.f_elements j) == - (Seq.index ${_vec0}.f_elements j) *. c) /\\ + (Seq.index ${_vec0}.f_elements j) *! c) /\\ (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); - vec.elements[i] = vec.elements[i].wrapping_mul(c); + vec.elements[i] *= c; } - hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x *. c) ${_vec0}.f_elements)"); + hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x *! c) ${_vec0}.f_elements)"); vec } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 8704edbd3..c59ee1582 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -29,17 +29,26 @@ pub trait Operations: Copy + Clone + Repr { fn to_i16_array(x: Self) -> [i16; 16]; // Basic arithmetic - #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map2 (+.) (f_repr $lhs) (f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (f_repr ${result}) i) == + v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] fn add(lhs: Self, rhs: &Self) -> Self; - #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map2 (-.) (f_repr $lhs) (f_repr $rhs)"))] + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15) (v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (f_repr ${result}) i) == + v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] fn sub(lhs: Self, rhs: &Self) -> Self; - #[requires(true)] - #[ensures(|result| fstar!("f_repr $result == Spec.Utils.map_array (fun x -> x *. c) (f_repr $v)"))] - fn multiply_by_constant(v: Self, c: i16) -> Self; + #[requires(fstar!("forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 31) (v (Seq.index (f_repr ${vec}) i) * v c)"))] + #[ensures(|result| fstar!("forall i. i < 16 ==> + (v (Seq.index (f_repr ${result}) i) == + v (Seq.index (f_repr ${vec}) i) * v c)"))] + fn multiply_by_constant(vec: Self, c: i16) -> Self; // Bitwise operations #[requires(true)] @@ -182,15 +191,20 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); let fm = T::bitwise_and_with_constant(t, FIELD_MODULUS); T::add(a, &fm) } -pub fn decompress_1(v: T) -> T { - hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre (i1.f_ZERO ()) 0s)"); // No idea why, but this helps F* typeclass inference - T::bitwise_and_with_constant(T::sub(T::ZERO(), &v), 1665) +#[hax_lib::fstar::options("--z3rlimit 50")] +#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in + (x == 0s \\/ x == 1s)"))] +pub fn decompress_1(vec: T) -> T { + let s = T::sub(T::ZERO(), &vec); + hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); + T::bitwise_and_with_constant(s, 1665) } /// Internal vectors. From ef7dcf2cf7d1592f62da116a596fc3bbd5264929 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:27:20 +0000 Subject: [PATCH 227/348] updated hax and fstar extraction --- Cargo.lock | 14 +++++++------- .../extraction/Libcrux_ml_kem.Vector.Portable.fsti | 2 +- .../fstar/extraction/Libcrux_platform.X86.fsti | 8 +------- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e866ee994..cb8b4b0b9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" dependencies = [ "proc-macro2", "quote", @@ -1569,9 +1569,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.36" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f55e80d50763938498dd5ebb18647174e0c76dc38c5505294bb224624f30f36" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags", "errno", @@ -1773,9 +1773,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 00d0a1e3d..461660a87 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 300 --split_queries always" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 35516c01f..968a5585c 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.X86 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul @@ -41,11 +41,5 @@ val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val init__cpuid (leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - -val init__cpuid_count (leaf sub_leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - /// Check hardware [`Feature`] support. val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) From 97fc0f79be9041bd2e0d8601d529b89bf14a8161 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:41:45 +0000 Subject: [PATCH 228/348] cargo --- Cargo.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8eb9dac07..5ecbea800 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,8 +77,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "fold-step-boundary" } -#hax-lib = { path = "../hax/hax-lib" } +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } From 5100963692c531e01fc4a729aae4f802e1786718 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:42:00 +0000 Subject: [PATCH 229/348] cargo --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cb8b4b0b9..daf0b8c91 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" +source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" +source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" +source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "proc-macro2", "quote", From 5f60d887b3183cae5508de58a9fcd7ceed56f537 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:58:13 +0000 Subject: [PATCH 230/348] removed new F* feature use --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index ae0567aef..abec9b4fe 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -12,8 +12,8 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 -open BitVecEq {} -open Tactics.Seq {norm_index, tactic_list_index} +open BitVecEq +open Tactics.Seq let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) From 6284a1e6d0c32b2ff7498002f22e85e5d7edb29c Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 10:25:09 +0000 Subject: [PATCH 231/348] seq --- fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 1e8ba7372..0a7015968 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -2,7 +2,7 @@ module Tactics.Seq open Core module L = FStar.List.Tot -module S = FStar.Seq.Base +module S = FStar.Seq open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable From 277b1ff968c9164463205d2776cd876959a53ff1 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Tue, 3 Sep 2024 21:45:19 +0200 Subject: [PATCH 232/348] feat: tactic: do nothing if smt queries are admitted From 5cb76a308d9917075a99825e1881852009a4a910 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 14:54:20 +0000 Subject: [PATCH 233/348] fixing c extraction --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 200 +- libcrux-ml-kem/c/internal/libcrux_core.h | 91 +- .../c/internal/libcrux_mlkem_avx2.h | 50 +- .../c/internal/libcrux_mlkem_portable.h | 50 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 46 +- libcrux-ml-kem/c/libcrux_core.c | 98 +- libcrux-ml-kem/c/libcrux_core.h | 15 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 54 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1551 ++++++------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2079 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 14 +- libcrux-ml-kem/c/libcrux_sha3.h | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 470 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 770 +++--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 1 - libcrux-ml-kem/cg/libcrux_core.h | 72 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 900 ++++--- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 1427 +++++------ libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 470 ++-- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 820 +++---- 44 files changed, 4787 insertions(+), 4813 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 50e2aa7a6..7b27401b5 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 -Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb -Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 +Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index d9b08f6ad..ad026b9e1 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -46,7 +53,7 @@ typedef struct { // (included), and an end index in x (excluded). The argument x must be suitably // cast to something that can decay (see remark above about how pointer // arithmetic works in C), meaning either pointer or array type. -#define EURYDICE_SLICE(x, start, end) \ +#define EURYDICE_SLICE(x, start, end) \ (CLITERAL(Eurydice_slice){.ptr = (void *)(x + start), .len = end - start}) #define EURYDICE_SLICE_LEN(s, _) s.len // This macro is a pain because in case the dereferenced element type is an @@ -55,42 +62,42 @@ typedef struct { // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. #define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" #define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) -#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ +#define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) -#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ - len, src, dst, elem_type, _ret_t) \ +#define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ + len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ @@ -99,21 +106,21 @@ typedef struct { sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, ((a2)->ptr), t, _) -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ - Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ + Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, @@ -130,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -137,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -169,28 +181,14 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } -// wraparound semantics in C +// unsigned overflow wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } - static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } -static inline uint16_t core_num__i16_1__wrapping_add(int16_t x, int16_t y) { - return x + y; -} - -static inline uint16_t core_num__i16_1__wrapping_sub(int16_t x, int16_t y) { - return x - y; -} - -static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { - return x * y; -} - - static inline void core_ops_arith__i32_319__add_assign(int32_t *x0, int32_t *x1) { *x0 = *x0 + *x1; @@ -202,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -211,10 +212,10 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N } // ITERATORS -#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ - (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ +#define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ + (((iter_ptr)->start == (iter_ptr)->end) \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){.tag = core_option_Some, \ .f0 = (iter_ptr)->start++})) // Old name (TODO: remove once everyone has upgraded to the latest Charon) @@ -224,6 +225,9 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ @@ -254,25 +258,25 @@ static inline Eurydice_slice chunk_next(Eurydice_chunks *chunks, return curr_chunk; } -#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ +#define core_slice___Slice_T___chunks(slice_, sz_, t, _ret_t) \ ((Eurydice_chunks){.slice = slice_, .chunk_size = sz_}) -#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ - ((Eurydice_chunks){ \ - .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ +#define core_slice___Slice_T___chunks_exact(slice_, sz_, t, _ret_t) \ + ((Eurydice_chunks){ \ + .slice = {.ptr = slice_.ptr, .len = slice_.len - (slice_.len % sz_)}, \ .chunk_size = sz_}) #define core_slice_iter_Chunks Eurydice_chunks #define core_slice_iter_ChunksExact Eurydice_chunks -#define Eurydice_chunks_next(iter, t, ret_t) \ - (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ - : ((ret_t){.tag = core_option_Some, \ +#define Eurydice_chunks_next(iter, t, ret_t) \ + (((iter)->slice.len == 0) ? ((ret_t){.tag = core_option_None}) \ + : ((ret_t){.tag = core_option_Some, \ .f0 = chunk_next(iter, sizeof(t))})) #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___70__next \ Eurydice_chunks_next // This name changed on 20240627 #define core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next \ Eurydice_chunks_next -#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ - iter, t, _ret_t) \ +#define core_slice_iter__core__slice__iter__ChunksExact__a__T__89__next( \ + iter, t, _ret_t) \ core_slice_iter__core__slice__iter__Chunks__a__T__70__next(iter, t) typedef struct { @@ -280,17 +284,17 @@ typedef struct { size_t index; } Eurydice_slice_iterator; -#define core_slice___Slice_T___iter(x, t, _ret_t) \ +#define core_slice___Slice_T___iter(x, t, _ret_t) \ ((Eurydice_slice_iterator){.s = x, .index = 0}) #define core_slice_iter_Iter Eurydice_slice_iterator -#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ - ret_t) \ - (((iter)->index == (iter)->s.len) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = \ - ((iter)->index++, \ - &((t *)((iter)->s.ptr))[(iter)->index - 1])})) +#define core_slice_iter__core__slice__iter__Iter__a__T__181__next(iter, t, \ + ret_t) \ + (((iter)->index == (iter)->s.len) \ + ? (CLITERAL(ret_t){.tag = core_option_None}) \ + : (CLITERAL(ret_t){ \ + .tag = core_option_Some, \ + .f0 = ((iter)->index++, \ + &((t *)((iter)->s.ptr))[(iter)->index - 1])})) // STRINGS @@ -301,8 +305,8 @@ typedef const char *Prims_string; typedef void *core_fmt_Formatter; typedef void *core_fmt_Arguments; typedef void *core_fmt_rt_Argument; -#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ - x4) \ +#define core_fmt_rt__core__fmt__rt__Argument__a__1__new_display(x1, x2, x3, \ + x4) \ NULL // VECTORS (ANCIENT, POSSIBLY UNTESTED) @@ -320,49 +324,49 @@ typedef struct { * statement-expression -- this suitably initializes ptr to NULL and len and * size to 0. */ #define EURYDICE_VEC_NEW(_) calloc(1, sizeof(Eurydice_vec_s)) -#define EURYDICE_VEC_PUSH(v, x, t) \ - do { \ - /* Grow the vector if capacity has been reached. */ \ - if (v->len == v->alloc_size / sizeof(t)) { \ - /* Assuming that this does not exceed SIZE_MAX, because code proven \ - * correct by Aeneas. Would this even happen in practice? */ \ - size_t new_size; \ - if (v->alloc_size == 0) \ - new_size = 8 * sizeof(t); \ - else if (v->alloc_size <= SIZE_MAX / 2) \ - /* TODO: discuss growth policy */ \ - new_size = 2 * v->alloc_size; \ - else \ - new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ - v->ptr = realloc(v->ptr, new_size); \ - v->alloc_size = new_size; \ - } \ - ((t *)v->ptr)[v->len] = x; \ - v->len++; \ +#define EURYDICE_VEC_PUSH(v, x, t) \ + do { \ + /* Grow the vector if capacity has been reached. */ \ + if (v->len == v->alloc_size / sizeof(t)) { \ + /* Assuming that this does not exceed SIZE_MAX, because code proven \ + * correct by Aeneas. Would this even happen in practice? */ \ + size_t new_size; \ + if (v->alloc_size == 0) \ + new_size = 8 * sizeof(t); \ + else if (v->alloc_size <= SIZE_MAX / 2) \ + /* TODO: discuss growth policy */ \ + new_size = 2 * v->alloc_size; \ + else \ + new_size = (SIZE_MAX / sizeof(t)) * sizeof(t); \ + v->ptr = realloc(v->ptr, new_size); \ + v->alloc_size = new_size; \ + } \ + ((t *)v->ptr)[v->len] = x; \ + v->len++; \ } while (0) -#define EURYDICE_VEC_DROP(v, t) \ - do { \ - free(v->ptr); \ - free(v); \ +#define EURYDICE_VEC_DROP(v, t) \ + do { \ + free(v->ptr); \ + free(v); \ } while (0) #define EURYDICE_VEC_INDEX(v, i, t) &((t *)v->ptr)[i] #define EURYDICE_VEC_LEN(v, t) (v)->len /* TODO: remove GCC-isms */ -#define EURYDICE_BOX_NEW(x, t) \ - ({ \ - t *p = malloc(sizeof(t)); \ - *p = x; \ - p; \ +#define EURYDICE_BOX_NEW(x, t) \ + ({ \ + t *p = malloc(sizeof(t)); \ + *p = x; \ + p; \ }) -#define EURYDICE_REPLACE(ptr, new_v, t) \ - ({ \ - t old_v = *ptr; \ - *ptr = new_v; \ - old_v; \ +#define EURYDICE_REPLACE(ptr, new_v, t) \ + ({ \ + t old_v = *ptr; \ + *ptr = new_v; \ + old_v; \ }) #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3ef2beef6..22b185ce6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __internal_libcrux_core_H @@ -81,7 +81,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_391( uint8_t value[1568U]); /** @@ -94,7 +94,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_521( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_921( uint8_t value[3168U]); /** @@ -119,7 +119,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_9a1( uint8_t value[1568U]); /** @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_941( +uint8_t *libcrux_ml_kem_types_as_slice_f6_bd1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b41( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -153,7 +153,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, uint8_t ret[1600U]); /** @@ -165,7 +165,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_390( uint8_t value[1184U]); /** @@ -178,7 +178,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_520( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -191,7 +191,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_920( uint8_t value[2400U]); /** @@ -203,7 +203,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_9a0( uint8_t value[1088U]); /** @@ -214,7 +214,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_940( +uint8_t *libcrux_ml_kem_types_as_slice_f6_bd0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +226,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b40( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, uint8_t ret[1120U]); /** @@ -249,7 +249,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_39( uint8_t value[800U]); /** @@ -262,7 +262,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_52( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -275,7 +275,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_92( uint8_t value[1632U]); /** @@ -287,7 +287,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_9a( uint8_t value[768U]); /** @@ -298,7 +298,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +uint8_t *libcrux_ml_kem_types_as_slice_f6_bd( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -309,7 +309,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -326,14 +326,15 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -343,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -355,7 +356,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b4( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -366,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, uint8_t ret[800U]); /** @@ -377,7 +378,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -394,14 +395,15 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -417,14 +419,15 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -440,14 +443,15 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -463,14 +467,15 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index debf82f1a..23b5e95d0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_5b1(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_5a1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_251( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_251( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_5b0(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_5a0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_250( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_250( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_5b(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5a( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_25( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_25( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 3c3c0e9d3..08ceedd03 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_781(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_151(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c81( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_531( +void libcrux_ml_kem_ind_cca_decapsulate_aa1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_780(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_150(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c80( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_530( +void libcrux_ml_kem_ind_cca_decapsulate_aa0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_78(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_53( +void libcrux_ml_kem_ind_cca_decapsulate_aa( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a2365b0a1..3e33889ea 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 1002e489a..227f8506d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_89_ba(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f3(s, buf); } /** @@ -50,7 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -58,15 +58,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); } /** @@ -76,7 +76,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f30(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_89_ba(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 3fd2a5aa7..f1a6373ac 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_3a1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_391( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_751( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_521( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_201( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_921( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_301( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_9a1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_941( +uint8_t *libcrux_ml_kem_types_as_slice_f6_bd1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc1( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b41( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -196,7 +196,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_3a0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_390( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_750( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_520( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_200( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_920( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_300( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_9a0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_940( +uint8_t *libcrux_ml_kem_types_as_slice_f6_bd0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc0( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b40( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -316,7 +316,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_3a( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_39( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_75( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_52( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_20( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_92( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_30( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_9a( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +uint8_t *libcrux_ml_kem_types_as_slice_f6_bd( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -421,7 +421,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -433,14 +433,15 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -460,7 +461,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -480,7 +481,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_cc( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b4( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -493,7 +494,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; @@ -512,7 +513,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -524,14 +525,15 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -544,14 +546,15 @@ void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -564,14 +567,15 @@ void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -584,14 +588,15 @@ void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -604,14 +609,15 @@ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 66b054b12..a85fc33ed 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_core_H @@ -222,14 +222,15 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 82fd34954..a3cd6e9ca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 9fc3014b2..0e1b10720 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_f3( +static void decapsulate_db0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_250(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_f3(private_key, ciphertext, ret); + decapsulate_db0(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_d1( +static void decapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d1(private_key, ciphertext, ret); + decapsulate_unpacked_310(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_6c( +static tuple_21 encapsulate_bd0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_250(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6c(uu____0, copy_of_randomness); + return encapsulate_bd0(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_e9( +static tuple_21 encapsulate_unpacked_b20( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_e9( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e9(uu____0, copy_of_randomness); + return encapsulate_unpacked_b20(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a3( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6c0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_210(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5a0(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a3(copy_of_randomness); + return generate_keypair_6c0(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_3e(uint8_t randomness[64U]) { +generate_keypair_unpacked_050(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_3e(copy_of_randomness); + return generate_keypair_unpacked_050(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_ea0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a0(public_key); +static bool validate_public_key_970(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_5b0(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_ea0(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_ea0(public_key.value)) { + if (validate_public_key_970(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 1e4429f30..c9e3168c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 7d72cc93a..adf54b96f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_aa( +static void decapsulate_041( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_531(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_aa1(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_aa(private_key, ciphertext, ret); + decapsulate_041(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_0b( +static void decapsulate_unpacked_621( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0b(private_key, ciphertext, ret); + decapsulate_unpacked_621(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_07( +static tuple_21 encapsulate_701( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_231(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c81(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_07(uu____0, copy_of_randomness); + return encapsulate_701(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_7c( +static tuple_21 encapsulate_unpacked_451( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_7c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_7c(uu____0, copy_of_randomness); + return encapsulate_unpacked_451(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_99( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a11( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_651(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_151(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_99(copy_of_randomness); + return generate_keypair_a11(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_60(uint8_t randomness[64U]) { +generate_keypair_unpacked_df1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_60(copy_of_randomness); + return generate_keypair_unpacked_df1(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_931(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_361(public_key); +static bool validate_public_key_bf1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_781(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_931(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_931(public_key.value)) { + if (validate_public_key_bf1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 3bc0c4199..c4989c4c2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index d603ac13b..7639b49f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d7a9eb950..20a103c75 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_db(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_25(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_1c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1c(private_key, ciphertext, ret); + decapsulate_db(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_36( +static void decapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_36( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_36(private_key, ciphertext, ret); + decapsulate_unpacked_31(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_93( +static tuple_ec encapsulate_bd( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_25(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_93(uu____0, copy_of_randomness); + return encapsulate_bd(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ff( +static tuple_ec encapsulate_unpacked_b2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_ff( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ff(uu____0, copy_of_randomness); + return encapsulate_unpacked_b2(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c6( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6c( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5a(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c6(copy_of_randomness); + return generate_keypair_6c(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_7a(uint8_t randomness[64U]) { +generate_keypair_unpacked_05(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_7a(copy_of_randomness); + return generate_keypair_unpacked_05(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_ea(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); +static bool validate_public_key_97(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_5b(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ea(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_ea(public_key.value)) { + if (validate_public_key_97(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 0aa147efe..a56d56ee9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e8f8433ad..36d6e95ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_530(private_key, ciphertext, ret); +static void decapsulate_040( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_aa0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_3e(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_040(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_0e( +static void decapsulate_unpacked_620( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_0e( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0e(private_key, ciphertext, ret); + decapsulate_unpacked_620(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_d8( +static tuple_ec encapsulate_700( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c80(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d8(uu____0, copy_of_randomness); + return encapsulate_700(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_d7( +static tuple_ec encapsulate_unpacked_450( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_d7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d7(uu____0, copy_of_randomness); + return encapsulate_unpacked_450(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_a10( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_650(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_150(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_25(copy_of_randomness); + return generate_keypair_a10(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d1(uint8_t randomness[64U]) { +generate_keypair_unpacked_df0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d1(copy_of_randomness); + return generate_keypair_unpacked_df0(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_930(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_360(public_key); +static bool validate_public_key_bf0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_780(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_930(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_930(public_key.value)) { + if (validate_public_key_bf0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 28f2a9ad7..2964911a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 6d41768b1..0c254b54e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 71ed1a8ac..8871fbc11 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_10( +static void decapsulate_db1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_251(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_10( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_10(private_key, ciphertext, ret); + decapsulate_db1(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_1f( +static void decapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_1f( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_1f(private_key, ciphertext, ret); + decapsulate_unpacked_311(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_6f( +static tuple_3c encapsulate_bd1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e91(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_251(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6f(uu____0, copy_of_randomness); + return encapsulate_bd1(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_b8( +static tuple_3c encapsulate_unpacked_b21( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_b8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b8(uu____0, copy_of_randomness); + return encapsulate_unpacked_b21(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_75( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6c1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_211(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5a1(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_75(copy_of_randomness); + return generate_keypair_6c1(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_4c(uint8_t randomness[64U]) { +generate_keypair_unpacked_051(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4c(copy_of_randomness); + return generate_keypair_unpacked_051(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_ea1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a1(public_key); +static bool validate_public_key_971(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_5b1(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_ea1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_ea1(public_key.value)) { + if (validate_public_key_971(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 1c88c7072..0d842f9c3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1420d7a72..c3675c628 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_64( +static void decapsulate_04( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_53(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_aa(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_64( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_64(private_key, ciphertext, ret); + decapsulate_04(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_87( +static void decapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_87( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_87(private_key, ciphertext, ret); + decapsulate_unpacked_62(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_eb( +static tuple_3c encapsulate_70( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c8(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_eb(uu____0, copy_of_randomness); + return encapsulate_70(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_d0( +static tuple_3c encapsulate_unpacked_45( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_d0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d0(uu____0, copy_of_randomness); + return encapsulate_unpacked_45(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_0a( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_a1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_15(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0a(copy_of_randomness); + return generate_keypair_a1(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_0f(uint8_t randomness[64U]) { +generate_keypair_unpacked_df(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0f(copy_of_randomness); + return generate_keypair_unpacked_df(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_93(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); +static bool validate_public_key_bf(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_78(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_93(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_93(public_key.value)) { + if (validate_public_key_bf(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index f51ce81d2..6c2cb6610 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index db101ec95..46344e9de 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "internal/libcrux_mlkem_avx2.h" @@ -599,7 +599,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, ret0); + core_result_unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -690,7 +690,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_e8(dst, ret0); + core_result_unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -793,7 +793,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_34(dst, ret0); + core_result_unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -920,7 +920,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_1c(dst, ret0); + core_result_unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1027,15 +1027,16 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_98(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_48(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1063,8 +1064,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_ce(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_to_reduced_ring_element_ae(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1083,12 +1084,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_451( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1100,7 +1101,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_ae(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1113,7 +1114,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_fb(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_20(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1126,8 +1127,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_cf(__m256i vector) { - return shift_right_fb(vector); +static __m256i shift_right_09_58(__m256i vector) { + return shift_right_20(vector); } /** @@ -1136,8 +1137,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_4b(__m256i a) { - __m256i t = shift_right_09_cf(a); +static __m256i to_unsigned_representative_7a(__m256i a) { + __m256i t = shift_right_09_58(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1149,13 +1150,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_4b(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_7a(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1173,7 +1174,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_801( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1191,7 +1192,7 @@ static KRML_MUSTINLINE void serialize_secret_key_801( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_ea(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1206,14 +1207,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_ac1( +static KRML_MUSTINLINE void serialize_public_key_5a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_801(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1233,15 +1234,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_5b1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_f51( + deserialize_ring_elements_reduced_451( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_5a1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1272,7 +1273,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1282,10 +1283,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_d61( +static void closure_131( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_ef_48();); } /** @@ -1295,7 +1296,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_501(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1317,11 +1318,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_3f1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d1(copy_of_input); + return shake128_init_absorb_final_501(copy_of_input); } /** @@ -1330,7 +1331,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_001( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1364,9 +1365,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_941( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_6b1(self, ret); + shake128_squeeze_first_three_blocks_001(self, ret); } /** @@ -1417,7 +1418,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_973( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_523( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1455,7 +1456,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1489,9 +1490,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_1b1(self, ret); + shake128_squeeze_next_block_dd1(self, ret); } /** @@ -1542,7 +1543,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_974( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_524( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1576,17 +1577,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_974( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_84(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); +from_i16_array_ef_3a(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1603,9 +1605,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e91( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_3d1( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_ef_3a( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1615,7 +1617,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_0c1( +static KRML_MUSTINLINE void sample_from_xof_1d1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1624,25 +1626,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca1(copy_of_seeds); + shake128_init_absorb_final_a9_3f1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_4d1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_941(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_973( + bool done = sample_from_uniform_distribution_next_523( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_5a1(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_974( + done = sample_from_uniform_distribution_next_524( copy_of_randomness, sampled_coefficients, out); } } @@ -1651,7 +1653,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_e91(copy_of_out[i]);); + ret0[i] = closure_3d1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1663,12 +1665,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_431( +static KRML_MUSTINLINE void sample_matrix_A_c61( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_d61(A_transpose[i]);); + closure_131(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1683,7 +1685,7 @@ static KRML_MUSTINLINE void sample_matrix_A_431( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_0c1(copy_of_seeds, sampled); + sample_from_xof_1d1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1727,7 +1729,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1765,60 +1767,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_412(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); + PRFxN_ef2(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1826,7 +1779,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_bb(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1860,7 +1813,7 @@ sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_ef_3a( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1871,7 +1824,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_ec(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1904,7 +1857,7 @@ sample_from_binomial_distribution_3_41(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_ef_3a( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1915,8 +1868,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_cf0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_9b(randomness); +sample_from_binomial_distribution_400(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_bb(randomness); } /** @@ -1925,7 +1878,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_68( +static KRML_MUSTINLINE void ntt_at_layer_7_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -1950,7 +1903,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_7b(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_bd(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1961,8 +1914,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_c5(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_7b(b, zeta_r); +ntt_layer_int_vec_step_af(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_bd(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1975,7 +1928,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1988,7 +1941,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_c5( + ntt_layer_int_vec_step_af( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2005,7 +1958,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2021,7 +1974,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_70( +static KRML_MUSTINLINE void ntt_at_layer_2_6b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2040,7 +1993,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_7e( +static KRML_MUSTINLINE void ntt_at_layer_1_93( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2059,15 +2012,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_7e( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_78( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2083,17 +2037,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_c7( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_68(re); + ntt_at_layer_7_2f(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1d(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_93(&zeta_i, re); + poly_barrett_reduce_ef_a0(re); } /** @@ -2104,11 +2058,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_811( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_ef_48();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2120,12 +2074,12 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf0( + re_as_ntt[i0] = sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2141,18 +2095,19 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_571( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_15(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_cc(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_48(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2175,15 +2130,16 @@ ntt_multiply_20_15(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f31( +static KRML_MUSTINLINE void add_to_ring_element_ef_a23( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2203,29 +2159,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_6b(__m256i v) { +static __m256i to_standard_domain_55(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_a1( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_27( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_6b(self->coefficients[j]); + to_standard_domain_55(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2238,14 +2195,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b1( +static KRML_MUSTINLINE void compute_As_plus_e_041( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_ef_48();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2266,10 +2223,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f31(&result0[i1], &product); + ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_a23(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_27(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2288,10 +2245,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_f81( +static tuple_9b0 generate_keypair_unpacked_1f1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); + G_a9_ab1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2299,15 +2256,15 @@ static tuple_9b0 generate_keypair_unpacked_f81( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_431(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_c61(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_811(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2319,14 +2276,14 @@ static tuple_9b0 generate_keypair_unpacked_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_571(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_811(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_4b1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_041(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -2374,23 +2331,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1c1( +static void closure_611( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_ef_48();); } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_4a( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_8d_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2409,7 +2367,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_311(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2427,7 +2385,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2436,18 +2394,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_f81(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_1f1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_611(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_8d_61(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2457,19 +2415,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_5a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_a9_311(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -2505,17 +2463,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_f81( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a01( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_f81(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_1f1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_ac1( + serialize_public_key_5a1( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_801(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2539,7 +2497,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c91( +static KRML_MUSTINLINE void serialize_kem_secret_key_181( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2565,7 +2523,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c91( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_651(public_key, ret0); + H_a9_311(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2594,7 +2552,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2603,13 +2561,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_f81(ind_cpa_keypair_randomness); + generate_keypair_a01(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_c91( + serialize_kem_secret_key_181( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2618,13 +2576,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_211(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_920(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_750( - uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_520( + uu____2, libcrux_ml_kem_types_from_07_390(copy_of_public_key)); } /** @@ -2636,10 +2594,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2a1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_ef_48();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2651,11 +2609,11 @@ sample_ring_element_cbd_b31(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2676,7 +2634,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_c90(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2693,9 +2651,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_264(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -2704,7 +2662,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2728,7 +2686,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2748,7 +2706,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_55( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2766,11 +2724,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_e9(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_e7(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_7b(a_minus_b, zeta_r); + b = montgomery_multiply_fe_bd(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2781,7 +2739,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_11( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2796,7 +2754,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_e9( + inv_ntt_layer_int_vec_step_reduce_e7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2813,31 +2771,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c51( +static KRML_MUSTINLINE void invert_ntt_montgomery_401( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_55(&zeta_i, re); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_a0(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_87( +static KRML_MUSTINLINE void add_error_reduce_ef_38( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2858,14 +2817,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_641( +static KRML_MUSTINLINE void compute_vector_u_341( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_ef_48();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2885,11 +2844,11 @@ static KRML_MUSTINLINE void compute_vector_u_641( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f31(&result0[i1], &product); + ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_a23(&result0[i1], &product); } - invert_ntt_montgomery_c51(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_401(&result0[i1]); + add_error_reduce_ef_38(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2906,7 +2865,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_05(__m256i v) { +static __m256i decompress_1_23(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -2920,8 +2879,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2929,22 +2888,23 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_05(coefficient_compressed);); + re.coefficients[i0] = decompress_1_23(coefficient_compressed);); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_86( +add_message_error_reduce_ef_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2971,18 +2931,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c1( +compute_ring_element_v_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f31(&result, &product);); - invert_ntt_montgomery_c51(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_a23(&result, &product);); + invert_ntt_montgomery_401(&result); + result = add_message_error_reduce_ef_ca(error_2, message, result); return result; } @@ -2993,7 +2953,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a7(__m256i vector) { +compress_ciphertext_coefficient_72(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3040,8 +3000,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_b5(__m256i vector) { - return compress_ciphertext_coefficient_a7(vector); +static __m256i compress_09_fa(__m256i vector) { + return compress_ciphertext_coefficient_72(vector); } /** @@ -3050,14 +3010,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_a8( +static KRML_MUSTINLINE void compress_then_serialize_10_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_b5(to_unsigned_representative_4b(re->coefficients[i0])); + compress_09_fa(to_unsigned_representative_7a(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3075,7 +3035,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a70(__m256i vector) { +compress_ciphertext_coefficient_720(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3122,8 +3082,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_b50(__m256i vector) { - return compress_ciphertext_coefficient_a70(vector); +static __m256i compress_09_fa0(__m256i vector) { + return compress_ciphertext_coefficient_720(vector); } /** @@ -3133,10 +3093,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_a8(re, uu____0); + compress_then_serialize_10_58(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3149,7 +3109,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_521( +static void compress_then_serialize_u_5c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3165,7 +3125,7 @@ static void compress_then_serialize_u_521( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); + compress_then_serialize_ring_element_u_fb(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3178,7 +3138,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a71(__m256i vector) { +compress_ciphertext_coefficient_721(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3225,8 +3185,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_b51(__m256i vector) { - return compress_ciphertext_coefficient_a71(vector); +static __m256i compress_09_fa1(__m256i vector) { + return compress_ciphertext_coefficient_721(vector); } /** @@ -3235,7 +3195,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_42( +static KRML_MUSTINLINE void compress_then_serialize_4_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3244,7 +3204,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_42( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_b51(to_unsigned_representative_4b(re.coefficients[i0])); + compress_09_fa1(to_unsigned_representative_7a(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3261,7 +3221,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_a72(__m256i vector) { +compress_ciphertext_coefficient_722(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3308,8 +3268,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_b52(__m256i vector) { - return compress_ciphertext_coefficient_a72(vector); +static __m256i compress_09_fa2(__m256i vector) { + return compress_ciphertext_coefficient_722(vector); } /** @@ -3318,7 +3278,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_8a( +static KRML_MUSTINLINE void compress_then_serialize_5_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3327,7 +3287,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8a( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_b52(to_unsigned_representative_4b(re.coefficients[i0])); + compress_09_fa2(to_unsigned_representative_7a(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3344,9 +3304,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_42(re, out); + compress_then_serialize_4_b5(re, out); } /** @@ -3366,15 +3326,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac1( +static void encrypt_unpacked_8d1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_571(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_811(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3384,7 +3344,7 @@ static void encrypt_unpacked_ac1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_b31(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2a1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3392,31 +3352,31 @@ static void encrypt_unpacked_ac1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_641(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_341(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3a1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_521( + compress_then_serialize_u_5c1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_7a( + compress_then_serialize_ring_element_v_ff( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3440,11 +3400,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -3454,7 +3414,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3467,7 +3427,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_ac1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3477,7 +3437,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_871( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3498,11 +3458,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_2e1(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -3522,22 +3482,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_f51( + deserialize_ring_elements_reduced_451( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_431(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_c61(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -3567,7 +3527,7 @@ static void encrypt_f01(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_ac1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8d1(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3582,11 +3542,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_e51(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_191(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -3608,27 +3568,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_251( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d1( + entropy_preprocess_af_2e1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), + H_a9_311(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3636,19 +3596,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e91( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e51(shared_secret, shared_secret_array); + kdf_af_191(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3668,7 +3628,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f(__m256i vector) { +decompress_ciphertext_coefficient_d9(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3712,8 +3672,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_ab(__m256i vector) { - return decompress_ciphertext_coefficient_2f(vector); +static __m256i decompress_ciphertext_coefficient_09_b9(__m256i vector) { + return decompress_ciphertext_coefficient_d9(vector); } /** @@ -3723,8 +3683,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_04(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_10_c8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3736,7 +3696,7 @@ deserialize_then_decompress_10_04(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_b9(coefficient); } return re; } @@ -3748,7 +3708,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f0(__m256i vector) { +decompress_ciphertext_coefficient_d90(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3792,8 +3752,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_ab0(__m256i vector) { - return decompress_ciphertext_coefficient_2f0(vector); +static __m256i decompress_ciphertext_coefficient_09_b90(__m256i vector) { + return decompress_ciphertext_coefficient_d90(vector); } /** @@ -3803,15 +3763,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_0a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_11_91(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_b90(coefficient); } return re; } @@ -3823,8 +3783,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_07(Eurydice_slice serialized) { - return deserialize_then_decompress_10_04(serialized); +deserialize_then_decompress_ring_element_u_f3(Eurydice_slice serialized) { + return deserialize_then_decompress_10_c8(serialized); } /** @@ -3833,17 +3793,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_bf( +static KRML_MUSTINLINE void ntt_vector_u_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1d(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_93(&zeta_i, re); + poly_barrett_reduce_ef_a0(re); } /** @@ -3854,12 +3814,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_831( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3877,8 +3837,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); - ntt_vector_u_bf(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f3(u_bytes); + ntt_vector_u_7c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3892,7 +3852,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f1(__m256i vector) { +decompress_ciphertext_coefficient_d91(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3936,8 +3896,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_ab1(__m256i vector) { - return decompress_ciphertext_coefficient_2f1(vector); +static __m256i decompress_ciphertext_coefficient_09_b91(__m256i vector) { + return decompress_ciphertext_coefficient_d91(vector); } /** @@ -3947,15 +3907,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_4_e7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ab1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_b91(coefficient); } return re; } @@ -3967,7 +3927,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_2f2(__m256i vector) { +decompress_ciphertext_coefficient_d92(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4011,8 +3971,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_ab2(__m256i vector) { - return decompress_ciphertext_coefficient_2f2(vector); +static __m256i decompress_ciphertext_coefficient_09_b92(__m256i vector) { + return decompress_ciphertext_coefficient_d92(vector); } /** @@ -4022,8 +3982,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_then_decompress_5_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4031,7 +3991,7 @@ deserialize_then_decompress_5_fe(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_ab2(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_b92(re.coefficients[i0]); } return re; } @@ -4043,22 +4003,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_bb(Eurydice_slice serialized) { - return deserialize_then_decompress_4_f0(serialized); +deserialize_then_decompress_ring_element_v_ae(Eurydice_slice serialized) { + return deserialize_then_decompress_4_e7(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_45(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_67(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4080,17 +4041,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c81( +compute_message_771( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f31(&result, &product);); - invert_ntt_montgomery_c51(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_a23(&result, &product);); + invert_ntt_montgomery_401(&result); + result = subtract_reduce_ef_67(v, result); return result; } @@ -4100,12 +4061,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_fc( +static KRML_MUSTINLINE void compress_then_serialize_message_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_4b(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_7a(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4128,19 +4089,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_071( +static void decrypt_unpacked_cf1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_831(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb( + deserialize_then_decompress_ring_element_v_ae( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c81(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_771(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_47(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4149,7 +4110,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_c9(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4166,8 +4127,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_263(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -4191,14 +4152,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_071(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_cf1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4209,7 +4170,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4217,17 +4178,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_173( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -4235,11 +4196,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_ac1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8d1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4257,8 +4218,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_98(); +deserialize_to_uncompressed_ring_element_c1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4275,12 +4236,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a21( +static KRML_MUSTINLINE void deserialize_secret_key_481( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4292,7 +4253,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a21( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_c1(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4314,10 +4275,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_a21(secret_key, secret_as_ntt); + deserialize_secret_key_481(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4329,7 +4290,7 @@ static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_071(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_cf1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4355,7 +4316,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_251( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4373,9 +4334,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4383,7 +4344,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4391,31 +4352,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_251( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f01(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5a1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e51(Eurydice_array_to_slice( + kdf_af_191(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e51(shared_secret0, shared_secret1); + kdf_af_191(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4432,12 +4393,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_450( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4449,7 +4410,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_ae(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4464,7 +4425,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_800( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4482,7 +4443,7 @@ static KRML_MUSTINLINE void serialize_secret_key_800( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_ea(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4497,14 +4458,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_ac0( +static KRML_MUSTINLINE void serialize_public_key_5a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_800(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4524,15 +4485,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_5b0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_f50( + deserialize_ring_elements_reduced_450( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_5a0( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4563,7 +4524,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4573,10 +4534,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_d60( +static void closure_130( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_ef_48();); } /** @@ -4586,7 +4547,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_500(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4608,11 +4569,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca0(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_3f0(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d0(copy_of_input); + return shake128_init_absorb_final_500(copy_of_input); } /** @@ -4621,7 +4582,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_000( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4658,9 +4619,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_940( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_6b0(self, ret); + shake128_squeeze_first_three_blocks_000(self, ret); } /** @@ -4711,7 +4672,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_971( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_521( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4749,7 +4710,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4786,9 +4747,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_1b0(self, ret); + shake128_squeeze_next_block_dd0(self, ret); } /** @@ -4839,7 +4800,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_972( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_522( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4877,9 +4838,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e90( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_3d0( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_ef_3a( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4889,7 +4850,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_0c0( +static KRML_MUSTINLINE void sample_from_xof_1d0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4898,25 +4859,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c0( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca0(copy_of_seeds); + shake128_init_absorb_final_a9_3f0(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_4d0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_940(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_971( + bool done = sample_from_uniform_distribution_next_521( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_5a0(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_972( + done = sample_from_uniform_distribution_next_522( copy_of_randomness, sampled_coefficients, out); } } @@ -4925,7 +4886,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_e90(copy_of_out[i]);); + ret0[i] = closure_3d0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4937,12 +4898,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_430( +static KRML_MUSTINLINE void sample_matrix_A_c60( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_d60(A_transpose[i]);); + closure_130(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4957,7 +4918,7 @@ static KRML_MUSTINLINE void sample_matrix_A_430( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_0c0(copy_of_seeds, sampled); + sample_from_xof_1d0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5001,7 +4962,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef1(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5042,9 +5003,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_411(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); + PRFxN_ef1(input, ret); } /** @@ -5055,11 +5016,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_810( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_ef_48();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5071,12 +5032,12 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf0( + re_as_ntt[i0] = sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5092,15 +5053,16 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_570( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f30( +static KRML_MUSTINLINE void add_to_ring_element_ef_a22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5120,14 +5082,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b0( +static KRML_MUSTINLINE void compute_As_plus_e_040( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_ef_48();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5148,10 +5110,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f30(&result0[i1], &product); + ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_a22(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_27(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5170,10 +5132,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_f80( +static tuple_54 generate_keypair_unpacked_1f0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); + G_a9_ab0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5181,15 +5143,15 @@ static tuple_54 generate_keypair_unpacked_f80( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_430(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_c60(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_810(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5201,14 +5163,14 @@ static tuple_54 generate_keypair_unpacked_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_570(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_810(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_4b0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_040(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5256,10 +5218,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1c0( +static void closure_610( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_ef_48();); } /** @@ -5271,7 +5233,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_310(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5289,7 +5251,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5298,18 +5260,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_f80(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_1f0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_610(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_8d_61(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5319,19 +5281,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d0( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_5a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_a9_310(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5367,17 +5329,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_f80( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a00( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_f80(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_1f0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_ac0( + serialize_public_key_5a0( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_800(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5401,7 +5363,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c90( +static KRML_MUSTINLINE void serialize_kem_secret_key_180( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5427,7 +5389,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c90( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_650(public_key, ret0); + H_a9_310(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5456,7 +5418,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5465,13 +5427,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_f80(ind_cpa_keypair_randomness); + generate_keypair_a00(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_c90( + serialize_kem_secret_key_180( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5480,13 +5442,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_210(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_921(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_751( - uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_521( + uu____2, libcrux_ml_kem_types_from_07_391(copy_of_public_key)); } /** @@ -5498,10 +5460,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2a0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_ef_48();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5513,11 +5475,11 @@ sample_ring_element_cbd_b30(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5543,9 +5505,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_262(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -5554,18 +5516,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c50( +static KRML_MUSTINLINE void invert_ntt_montgomery_400( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_55(&zeta_i, re); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_a0(re); } /** @@ -5574,14 +5536,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_640( +static KRML_MUSTINLINE void compute_vector_u_340( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_ef_48();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5601,11 +5563,11 @@ static KRML_MUSTINLINE void compute_vector_u_640( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f30(&result0[i1], &product); + ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_a22(&result0[i1], &product); } - invert_ntt_montgomery_c50(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_400(&result0[i1]); + add_error_reduce_ef_38(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5623,18 +5585,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c0( +compute_ring_element_v_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f30(&result, &product);); - invert_ntt_montgomery_c50(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_a22(&result, &product);); + invert_ntt_montgomery_400(&result); + result = add_message_error_reduce_ef_ca(error_2, message, result); return result; } @@ -5644,14 +5606,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_a50( +static KRML_MUSTINLINE void compress_then_serialize_11_6e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_b50(to_unsigned_representative_4b(re->coefficients[i0])); + compress_09_fa0(to_unsigned_representative_7a(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5669,10 +5631,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fb0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_a50(re, uu____0); + compress_then_serialize_11_6e0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5685,7 +5647,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_520( +static void compress_then_serialize_u_5c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5701,7 +5663,7 @@ static void compress_then_serialize_u_520( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_970(&re, ret); + compress_then_serialize_ring_element_u_fb0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5714,9 +5676,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_8a(re, out); + compress_then_serialize_5_43(re, out); } /** @@ -5736,15 +5698,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac0( +static void encrypt_unpacked_8d0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_570(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_810(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5754,7 +5716,7 @@ static void encrypt_unpacked_ac0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_b30(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2a0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5762,31 +5724,31 @@ static void encrypt_unpacked_ac0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_640(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_340(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3a0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_520( + compress_then_serialize_u_5c0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_7a0( + compress_then_serialize_ring_element_v_ff0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5810,11 +5772,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -5824,7 +5786,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5837,7 +5799,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_ac0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5847,7 +5809,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_870( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5868,11 +5830,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_2e0(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -5892,22 +5854,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_f50( + deserialize_ring_elements_reduced_450( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_430(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_c60(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5937,7 +5899,7 @@ static void encrypt_f00(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_ac0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8d0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5952,11 +5914,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_e50(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_190(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -5978,27 +5940,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_250( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d0( + entropy_preprocess_af_2e0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), + H_a9_310(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6006,19 +5968,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e90( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e50(shared_secret, shared_secret_array); + kdf_af_190(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6038,8 +6000,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_070(Eurydice_slice serialized) { - return deserialize_then_decompress_11_0a(serialized); +deserialize_then_decompress_ring_element_u_f30(Eurydice_slice serialized) { + return deserialize_then_decompress_11_91(serialized); } /** @@ -6048,17 +6010,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_bf0( +static KRML_MUSTINLINE void ntt_vector_u_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_70(&zeta_i, re); - ntt_at_layer_1_7e(&zeta_i, re); - poly_barrett_reduce_20_78(re); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1d(&zeta_i, re); + ntt_at_layer_2_6b(&zeta_i, re); + ntt_at_layer_1_93(&zeta_i, re); + poly_barrett_reduce_ef_a0(re); } /** @@ -6069,12 +6031,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_830( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6092,8 +6054,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_070(u_bytes); - ntt_vector_u_bf0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f30(u_bytes); + ntt_vector_u_7c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6107,8 +6069,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_bb0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_fe(serialized); +deserialize_then_decompress_ring_element_v_ae0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_f5(serialized); } /** @@ -6118,17 +6080,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c80( +compute_message_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f30(&result, &product);); - invert_ntt_montgomery_c50(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_a22(&result, &product);); + invert_ntt_montgomery_400(&result); + result = subtract_reduce_ef_67(v, result); return result; } @@ -6142,19 +6104,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_070( +static void decrypt_unpacked_cf0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_830(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb0( + deserialize_then_decompress_ring_element_v_ae0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c80(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_770(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_47(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6168,8 +6130,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_261(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -6193,15 +6155,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_070(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_cf0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -6212,7 +6174,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6220,17 +6182,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_174( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -6238,11 +6200,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_ac0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8d0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6259,12 +6221,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a20( +static KRML_MUSTINLINE void deserialize_secret_key_480( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6276,7 +6238,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a20( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_c1(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6298,10 +6260,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_a20(secret_key, secret_as_ntt); + deserialize_secret_key_480(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6313,7 +6275,7 @@ static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_070(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_cf0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6339,7 +6301,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_250( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6358,9 +6320,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6368,7 +6330,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6376,31 +6338,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_250( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f00(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5a0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e50(Eurydice_array_to_slice( + kdf_af_190(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e50(shared_secret0, shared_secret1); + kdf_af_190(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6417,12 +6379,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_45( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_98();); + deserialized_pk[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6434,7 +6396,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ce(ring_element); + deserialize_to_reduced_ring_element_ae(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6449,7 +6411,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_80( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6467,7 +6429,7 @@ static KRML_MUSTINLINE void serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_ea(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6482,14 +6444,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_ac( +static KRML_MUSTINLINE void serialize_public_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_80(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6509,15 +6471,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2a(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_5b(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_f5( + deserialize_ring_elements_reduced_45( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_5a( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6548,7 +6510,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_ab(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6558,10 +6520,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_d6( +static void closure_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_ef_48();); } /** @@ -6571,7 +6533,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_4d(uint8_t input[2U][34U]) { +shake128_init_absorb_final_50(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6593,11 +6555,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_ca(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_3f(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_4d(copy_of_input); + return shake128_init_absorb_final_50(copy_of_input); } /** @@ -6606,7 +6568,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_6b( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_00( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6637,9 +6599,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_4d( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_94( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_6b(self, ret); + shake128_squeeze_first_three_blocks_00(self, ret); } /** @@ -6690,7 +6652,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_97( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_52( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6728,7 +6690,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_1b( +static KRML_MUSTINLINE void shake128_squeeze_next_block_dd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6759,9 +6721,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_5a( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_1b(self, ret); + shake128_squeeze_next_block_dd(self, ret); } /** @@ -6812,7 +6774,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_970( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_520( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6850,9 +6812,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e9( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_3d( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_ef_3a( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6862,7 +6824,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_0c( +static KRML_MUSTINLINE void sample_from_xof_1d( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6871,25 +6833,25 @@ static KRML_MUSTINLINE void sample_from_xof_0c( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_ca(copy_of_seeds); + shake128_init_absorb_final_a9_3f(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_4d(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_94(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_97( + bool done = sample_from_uniform_distribution_next_52( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_5a(&xof_state, randomness); + shake128_squeeze_next_block_a9_bf(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_970( + done = sample_from_uniform_distribution_next_520( copy_of_randomness, sampled_coefficients, out); } } @@ -6898,7 +6860,7 @@ static KRML_MUSTINLINE void sample_from_xof_0c( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_e9(copy_of_out[i]);); + ret0[i] = closure_3d(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6910,12 +6872,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_43( +static KRML_MUSTINLINE void sample_matrix_A_c6( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_d6(A_transpose[i]);); + closure_13(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6930,7 +6892,7 @@ static KRML_MUSTINLINE void sample_matrix_A_43( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_0c(copy_of_seeds, sampled); + sample_from_xof_1d(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6974,7 +6936,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -7009,9 +6971,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); + PRFxN_ef(input, ret); } /** @@ -7021,8 +6983,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_cf(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_41(randomness); +sample_from_binomial_distribution_40(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_ec(randomness); } /** @@ -7033,11 +6995,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_81( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_98();); + re_as_ntt[i] = ZERO_ef_48();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7049,12 +7011,12 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); + PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_cf( + re_as_ntt[i0] = sample_from_binomial_distribution_40( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7070,15 +7032,16 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_57( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_f3( +static KRML_MUSTINLINE void add_to_ring_element_ef_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7098,14 +7061,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_4b( +static KRML_MUSTINLINE void compute_As_plus_e_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_ef_48();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7126,10 +7089,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_f3(&result0[i1], &product); + ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_a2(&result0[i1], &product); } - add_standard_error_reduce_20_a1(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_27(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7148,10 +7111,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_f8( +static tuple_4c generate_keypair_unpacked_1f( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); + G_a9_ab(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7159,15 +7122,15 @@ static tuple_4c generate_keypair_unpacked_f8( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_43(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_c6(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_81(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7179,14 +7142,14 @@ static tuple_4c generate_keypair_unpacked_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_57(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_81(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_4b(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_04(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7234,10 +7197,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_1c( +static void closure_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_98();); + ret[i] = ZERO_ef_48();); } /** @@ -7249,7 +7212,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_31(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -7267,7 +7230,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7276,18 +7239,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_f8(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_1f(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_61(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_4a(&ind_cpa_public_key.A[j][i1]); + clone_8d_61(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7297,19 +7260,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_3d( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_5a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_a9_31(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -7345,17 +7308,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_f8( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_f8(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_1f(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_ac( + serialize_public_key_5a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7379,7 +7342,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c9( +static KRML_MUSTINLINE void serialize_kem_secret_key_18( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7405,7 +7368,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_c9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_65(public_key, ret0); + H_a9_31(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7433,7 +7396,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5a( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7443,13 +7406,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_f8(ind_cpa_keypair_randomness); + generate_keypair_a0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_c9( + serialize_kem_secret_key_18( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7458,13 +7421,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_21( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_52( + uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); } /** @@ -7473,7 +7436,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_ef0(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7508,9 +7471,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_410(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); + PRFxN_ef0(input, ret); } /** @@ -7522,10 +7485,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2a(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_98();); + error_1[i] = ZERO_ef_48();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7537,11 +7500,11 @@ sample_ring_element_cbd_b3(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); + PRFxN_a9_410(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7567,9 +7530,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_260(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_c90(input, ret); } /** @@ -7578,18 +7541,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_c5( +static KRML_MUSTINLINE void invert_ntt_montgomery_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_e4(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9d(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_78(re); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_55(&zeta_i, re); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_a0(re); } /** @@ -7598,14 +7561,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_64( +static KRML_MUSTINLINE void compute_vector_u_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_98();); + result0[i] = ZERO_ef_48();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7625,11 +7588,11 @@ static KRML_MUSTINLINE void compute_vector_u_64( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(a_element, &r_as_ntt[j]); - add_to_ring_element_20_f3(&result0[i1], &product); + ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_a2(&result0[i1], &product); } - invert_ntt_montgomery_c5(&result0[i1]); - add_error_reduce_20_87(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_40(&result0[i1]); + add_error_reduce_ef_38(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7647,18 +7610,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_6c( +compute_ring_element_v_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_f3(&result, &product);); - invert_ntt_montgomery_c5(&result); - result = add_message_error_reduce_20_86(error_2, message, result); + ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_a2(&result, &product);); + invert_ntt_montgomery_40(&result); + result = add_message_error_reduce_ef_ca(error_2, message, result); return result; } @@ -7671,7 +7634,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_52( +static void compress_then_serialize_u_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7687,7 +7650,7 @@ static void compress_then_serialize_u_52( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); + compress_then_serialize_ring_element_u_fb(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7710,15 +7673,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ac( +static void encrypt_unpacked_8d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_57(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_81(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7728,7 +7691,7 @@ static void encrypt_unpacked_ac( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_b3(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2a(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7736,31 +7699,31 @@ static void encrypt_unpacked_ac( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_cf0( + sample_from_binomial_distribution_400( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_64(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_34(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_6c(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_3a(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_52( + compress_then_serialize_u_5c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_7a( + compress_then_serialize_ring_element_v_ff( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7784,11 +7747,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -7798,7 +7761,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7811,7 +7774,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_ac(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_8d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7821,7 +7784,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_87( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7842,11 +7805,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_8d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_2e(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -7866,22 +7829,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_f5( + deserialize_ring_elements_reduced_45( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_43(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_c6(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7911,7 +7874,7 @@ static void encrypt_f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_ac(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_8d(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7926,11 +7889,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e5(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_19(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -7952,27 +7915,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_25( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_8d( + entropy_preprocess_af_2e( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), + H_a9_31(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7980,19 +7943,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e9( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e5(shared_secret, shared_secret_array); + kdf_af_19(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8013,12 +7976,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_83( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_98();); + u_as_ntt[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8036,8 +7999,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_07(u_bytes); - ntt_vector_u_bf(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f3(u_bytes); + ntt_vector_u_7c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8051,17 +8014,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_c8( +compute_message_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_98(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_15(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_f3(&result, &product);); - invert_ntt_montgomery_c5(&result); - result = subtract_reduce_20_45(v, result); + ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_a2(&result, &product);); + invert_ntt_montgomery_40(&result); + result = subtract_reduce_ef_67(v, result); return result; } @@ -8075,19 +8038,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_07( +static void decrypt_unpacked_cf( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_83(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_bb( + deserialize_then_decompress_ring_element_v_ae( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_c8(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_77(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_fc(message, ret0); + compress_then_serialize_message_47(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8101,8 +8064,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_26(Eurydice_slice input, uint8_t ret[32U]) { + PRF_c9(input, ret); } /** @@ -8126,14 +8089,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_07(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_cf(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -8144,7 +8107,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8152,17 +8115,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -8170,11 +8133,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_ac(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_8d(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8191,12 +8154,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a2( +static KRML_MUSTINLINE void deserialize_secret_key_48( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_98();); + secret_as_ntt[i] = ZERO_ef_48();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8208,7 +8171,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); + deserialize_to_uncompressed_ring_element_c1(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8230,10 +8193,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_a2(secret_key, secret_as_ntt); + deserialize_secret_key_48(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8245,7 +8208,7 @@ static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_07(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_cf(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8271,7 +8234,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_25( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8289,9 +8252,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8299,7 +8262,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8307,30 +8270,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_25( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e5(Eurydice_array_to_slice((size_t)32U, + kdf_af_19(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e5(shared_secret0, shared_secret1); + kdf_af_19(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index edb0c9772..58792e040 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index fe31da61f..31abaeae8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index a85df9d5b..57a2ec23f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 0dd9bf381..758cfa25d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_f9(dst, ret); + core_result_unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -171,30 +171,28 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + ret[0U] = r0_10.fst; + ret[1U] = r0_10.snd; + ret[2U] = r0_10.thd; + ret[3U] = r0_10.f3; + ret[4U] = r0_10.f4; + ret[5U] = r0_10.f5; + ret[6U] = r0_10.f6; + ret[7U] = r0_10.f7; + ret[8U] = r0_10.f8; + ret[9U] = r0_10.f9; + ret[10U] = r0_10.f10; + ret[11U] = r11_21.fst; + ret[12U] = r11_21.snd; + ret[13U] = r11_21.thd; + ret[14U] = r11_21.f3; + ret[15U] = r11_21.f4; + ret[16U] = r11_21.f5; + ret[17U] = r11_21.f6; + ret[18U] = r11_21.f7; + ret[19U] = r11_21.f8; + ret[20U] = r11_21.f9; + ret[21U] = r11_21.f10; } /** @@ -270,28 +268,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -299,25 +275,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -860,6 +835,28 @@ const uint8_t {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U}}; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1489,18 +1486,24 @@ libcrux_ml_kem_vector_portable_ntt_multiply_0d( KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0;); - KRML_MAYBE_FOR8(i, (size_t)8U, (size_t)16U, (size_t)1U, size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = (uint32_t)result[uu____1] | - (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U);); - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + uint8_t result0 = (((((((uint32_t)(uint8_t)v.elements[0U] | + (uint32_t)(uint8_t)v.elements[1U] << 1U) | + (uint32_t)(uint8_t)v.elements[2U] << 2U) | + (uint32_t)(uint8_t)v.elements[3U] << 3U) | + (uint32_t)(uint8_t)v.elements[4U] << 4U) | + (uint32_t)(uint8_t)v.elements[5U] << 5U) | + (uint32_t)(uint8_t)v.elements[6U] << 6U) | + (uint32_t)(uint8_t)v.elements[7U] << 7U; + uint8_t result1 = (((((((uint32_t)(uint8_t)v.elements[8U] | + (uint32_t)(uint8_t)v.elements[9U] << 1U) | + (uint32_t)(uint8_t)v.elements[10U] << 2U) | + (uint32_t)(uint8_t)v.elements[11U] << 3U) | + (uint32_t)(uint8_t)v.elements[12U] << 4U) | + (uint32_t)(uint8_t)v.elements[13U] << 5U) | + (uint32_t)(uint8_t)v.elements[14U] << 6U) | + (uint32_t)(uint8_t)v.elements[15U] << 7U; + ret[0U] = result0; + ret[1U] = result1; } /** @@ -1515,23 +1518,86 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; + int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) & + 1U); + int16_t result1 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result2 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result3 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result4 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result5 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result6 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result7 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 7U & + 1U); + int16_t result8 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) & + 1U); + int16_t result9 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result10 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result11 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result12 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result13 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result14 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result15 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 7U & + 1U); + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = result0; + lit.elements[1U] = result1; + lit.elements[2U] = result2; + lit.elements[3U] = result3; + lit.elements[4U] = result4; + lit.elements[5U] = result5; + lit.elements[6U] = result6; + lit.elements[7U] = result7; + lit.elements[8U] = result8; + lit.elements[9U] = result9; + lit.elements[10U] = result10; + lit.elements[11U] = result11; + lit.elements[12U] = result12; + lit.elements[13U] = result13; + lit.elements[14U] = result14; + lit.elements[15U] = result15; + return lit; } /** @@ -1580,16 +1646,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); + ret[0U] = result0_3.fst; + ret[1U] = result0_3.snd; + ret[2U] = result0_3.thd; + ret[3U] = result0_3.f3; + ret[4U] = result4_7.fst; + ret[5U] = result4_7.snd; + ret[6U] = result4_7.thd; + ret[7U] = result4_7.f3; } /** @@ -1649,25 +1713,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -1712,18 +1775,16 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; } /** @@ -1794,25 +1855,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -1873,28 +1933,26 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; + ret[10U] = r10_14.fst; + ret[11U] = r10_14.snd; + ret[12U] = r10_14.thd; + ret[13U] = r10_14.f3; + ret[14U] = r10_14.f4; + ret[15U] = r15_19.fst; + ret[16U] = r15_19.snd; + ret[17U] = r15_19.thd; + ret[18U] = r15_19.f3; + ret[19U] = r15_19.f4; } /** @@ -1973,25 +2031,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -2042,32 +2099,30 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); + ret[0U] = r0_2.fst; + ret[1U] = r0_2.snd; + ret[2U] = r0_2.thd; + ret[3U] = r3_5.fst; + ret[4U] = r3_5.snd; + ret[5U] = r3_5.thd; + ret[6U] = r6_8.fst; + ret[7U] = r6_8.snd; + ret[8U] = r6_8.thd; + ret[9U] = r9_11.fst; + ret[10U] = r9_11.snd; + ret[11U] = r9_11.thd; + ret[12U] = r12_14.fst; + ret[13U] = r12_14.snd; + ret[14U] = r12_14.thd; + ret[15U] = r15_17.fst; + ret[16U] = r15_17.snd; + ret[17U] = r15_17.thd; + ret[18U] = r18_20.fst; + ret[19U] = r18_20.snd; + ret[20U] = r18_20.thd; + ret[21U] = r21_23.fst; + ret[22U] = r21_23.snd; + ret[23U] = r21_23.thd; } /** @@ -2115,25 +2170,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_1.fst; + lit.elements[1U] = v0_1.snd; + lit.elements[2U] = v2_3.fst; + lit.elements[3U] = v2_3.snd; + lit.elements[4U] = v4_5.fst; + lit.elements[5U] = v4_5.snd; + lit.elements[6U] = v6_7.fst; + lit.elements[7U] = v6_7.snd; + lit.elements[8U] = v8_9.fst; + lit.elements[9U] = v8_9.snd; + lit.elements[10U] = v10_11.fst; + lit.elements[11U] = v10_11.snd; + lit.elements[12U] = v12_13.fst; + lit.elements[13U] = v12_13.snd; + lit.elements[14U] = v14_15.fst; + lit.elements[15U] = v14_15.snd; + return lit; } /** @@ -2226,15 +2280,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_9a(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_b2(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,8 +2317,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_to_reduced_ring_element_ed(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2284,12 +2339,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_941( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2301,7 +2356,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_ed(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2315,7 +2370,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_53(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2334,8 +2389,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_e7(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_53(v); +shift_right_0d_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f1(v); } /** @@ -2345,10 +2400,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_39( +to_unsigned_representative_91( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_e7(a); + shift_right_0d_be(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2361,14 +2416,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_a6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_39(re->coefficients[i0]); + to_unsigned_representative_91(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2386,7 +2441,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f01( +static KRML_MUSTINLINE void serialize_secret_key_2b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2404,7 +2459,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f01( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_8e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2419,14 +2474,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_951( +static KRML_MUSTINLINE void serialize_public_key_601( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_f01(t_as_ntt, ret0); + serialize_secret_key_2b1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2446,15 +2501,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_361(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_781(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_c71( + deserialize_ring_elements_reduced_941( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_601( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2485,7 +2540,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d01(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2496,10 +2551,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_441( +static void closure_071( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_ef_b2();); } /** @@ -2518,7 +2573,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_751(uint8_t input[4U][34U]) { +shake128_init_absorb_final_401(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2549,11 +2604,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_831(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_751(copy_of_input); + return shake128_init_absorb_final_401(copy_of_input); } /** @@ -2562,7 +2617,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a1( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2583,9 +2638,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_201( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_101(self, ret); + shake128_squeeze_first_three_blocks_9a1(self, ret); } /** @@ -2636,7 +2691,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_833( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_853( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2674,7 +2729,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea1( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2695,9 +2750,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_041( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ed1(self, ret); + shake128_squeeze_next_block_ea1(self, ret); } /** @@ -2748,7 +2803,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_834( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_854( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2782,17 +2837,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_834( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_8d(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); +from_i16_array_ef_cb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2812,9 +2868,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_b31( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_ef_cb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2825,7 +2881,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_611( +static KRML_MUSTINLINE void sample_from_xof_081( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2833,25 +2889,25 @@ static KRML_MUSTINLINE void sample_from_xof_611( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_111(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_831(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_201(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_833( + bool done = sample_from_uniform_distribution_next_853( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_c11(&xof_state, randomness); + shake128_squeeze_next_block_f1_041(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_834( + done = sample_from_uniform_distribution_next_854( copy_of_randomness, sampled_coefficients, out); } } @@ -2860,7 +2916,7 @@ static KRML_MUSTINLINE void sample_from_xof_611( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_6a1(copy_of_out[i]);); + ret0[i] = closure_b31(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2873,12 +2929,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_451( +static KRML_MUSTINLINE void sample_matrix_A_a11( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_441(A_transpose[i]);); + closure_071(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2893,7 +2949,7 @@ static KRML_MUSTINLINE void sample_matrix_A_451( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_611(copy_of_seeds, sampled); + sample_from_xof_081(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2937,7 +2993,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d32(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2958,60 +3014,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_d32(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3019,7 +3026,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_b2(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3053,7 +3060,7 @@ sample_from_binomial_distribution_2_b3(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_8d( + return from_i16_array_ef_cb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3064,7 +3071,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_6f(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3097,7 +3104,7 @@ sample_from_binomial_distribution_3_25(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_8d( + return from_i16_array_ef_cb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3108,8 +3115,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_b3(randomness); +sample_from_binomial_distribution_36(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_b2(randomness); } /** @@ -3118,7 +3125,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_3e( +static KRML_MUSTINLINE void ntt_at_layer_7_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3146,7 +3153,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_10( +montgomery_multiply_fe_5e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3160,12 +3167,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_1e( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_10(b, zeta_r); + montgomery_multiply_fe_5e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3179,7 +3186,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_b2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3192,7 +3199,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_5b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_59( + ntt_layer_int_vec_step_1e( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3209,7 +3216,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_9c( +static KRML_MUSTINLINE void ntt_at_layer_3_ed( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3227,7 +3234,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_6b( +static KRML_MUSTINLINE void ntt_at_layer_2_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3247,7 +3254,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_37( +static KRML_MUSTINLINE void ntt_at_layer_1_85( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3267,15 +3274,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_37( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_8e( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3293,17 +3301,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_37( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_3e(re); + ntt_at_layer_7_f0(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ed(&zeta_i, re); + ntt_at_layer_2_2b(&zeta_i, re); + ntt_at_layer_1_85(&zeta_i, re); + poly_barrett_reduce_ef_de(re); } /** @@ -3315,11 +3323,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ed1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_ef_b2();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3331,12 +3339,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c3( + re_as_ntt[i0] = sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3352,18 +3360,19 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_561( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_7a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3388,15 +3397,16 @@ ntt_multiply_20_ff(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e1( +static KRML_MUSTINLINE void add_to_ring_element_ef_a24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3421,7 +3431,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_d6( +to_standard_domain_c8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3429,22 +3439,23 @@ to_standard_domain_d6( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_7d( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_d6(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_c8(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3459,14 +3470,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e1( +static KRML_MUSTINLINE void compute_As_plus_e_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_ef_b2();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3487,10 +3498,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e1(&result0[i1], &product); + ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_a24(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_7f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3510,10 +3521,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a11( +static tuple_540 generate_keypair_unpacked_d31( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_d01(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3521,15 +3532,15 @@ static tuple_540 generate_keypair_unpacked_a11( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_451(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_a11(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_ed1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3541,14 +3552,14 @@ static tuple_540 generate_keypair_unpacked_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_561(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_ed1(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_0e1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0f1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -3597,23 +3608,24 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a11( +static void closure_121( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_ef_b2();); } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_20( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_8d_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3635,7 +3647,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3654,7 +3666,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3663,18 +3675,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_a11(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_d31(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a11(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_121(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_8d_62(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3684,19 +3696,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e21( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_601( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_fd1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -3733,17 +3745,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c01( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_481( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a11(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_d31(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_951( + serialize_public_key_601( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f01(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_2b1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3767,7 +3779,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_50( +static KRML_MUSTINLINE void serialize_kem_secret_key_c5( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3793,7 +3805,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_fd1(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3823,7 +3835,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_151(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3832,13 +3844,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_c01(ind_cpa_keypair_randomness); + generate_keypair_481(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_50( + serialize_kem_secret_key_c5( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3847,13 +3859,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_651(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_201(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_921(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_751( - uu____2, libcrux_ml_kem_types_from_07_3a1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_521( + uu____2, libcrux_ml_kem_types_from_07_391(copy_of_public_key)); } /** @@ -3866,10 +3878,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_901(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_ef_b2();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3881,11 +3893,11 @@ sample_ring_element_cbd_151(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3906,7 +3918,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_030(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3923,9 +3935,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c84(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -3934,7 +3946,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3958,7 +3970,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_12( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3978,7 +3990,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_72( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_76( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3998,7 +4010,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4006,7 +4018,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_10(a_minus_b, zeta_r); + b = montgomery_multiply_fe_5e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4018,7 +4030,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4033,7 +4045,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_b0( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4050,31 +4062,32 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_271( +static KRML_MUSTINLINE void invert_ntt_montgomery_981( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_17(&zeta_i, re); + invert_ntt_at_layer_3_76(&zeta_i, re); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_de(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_fc( +static KRML_MUSTINLINE void add_error_reduce_ef_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4098,14 +4111,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a21( +static KRML_MUSTINLINE void compute_vector_u_b81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_ef_b2();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4125,11 +4138,11 @@ static KRML_MUSTINLINE void compute_vector_u_a21( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e1(&result0[i1], &product); + ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_a24(&result0[i1], &product); } - invert_ntt_montgomery_271(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_981(&result0[i1]); + add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4147,7 +4160,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_5a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4161,8 +4174,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_08(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_message_21(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4172,23 +4185,24 @@ deserialize_then_decompress_message_08(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5f(coefficient_compressed); + decompress_1_5a(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_0f( +add_message_error_reduce_ef_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4218,18 +4232,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_041( +compute_ring_element_v_f31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e1(&result, &product);); - invert_ntt_montgomery_271(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_a24(&result, &product);); + invert_ntt_montgomery_981(&result); + result = add_message_error_reduce_ef_f9(error_2, message, result); return result; } @@ -4239,7 +4253,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4260,9 +4274,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_73( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_17( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f(v); + return compress_0e(v); } /** @@ -4271,7 +4285,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4293,8 +4307,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_730(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f0(v); +compress_0d_170(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0e0(v); } /** @@ -4303,14 +4317,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_250( +static KRML_MUSTINLINE void compress_then_serialize_11_cf0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_730(to_unsigned_representative_39(re->coefficients[i0])); + compress_0d_170(to_unsigned_representative_91(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4328,10 +4342,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_250(re, uu____0); + compress_then_serialize_11_cf0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4344,7 +4358,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_a41( +static void compress_then_serialize_u_0c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4360,7 +4374,7 @@ static void compress_then_serialize_u_a41( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4c0(&re, ret); + compress_then_serialize_ring_element_u_860(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4372,7 +4386,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4394,8 +4408,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_731(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f1(v); +compress_0d_171(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0e1(v); } /** @@ -4404,7 +4418,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_53( +static KRML_MUSTINLINE void compress_then_serialize_4_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4413,7 +4427,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_53( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_731(to_unsigned_representative_39(re.coefficients[i0])); + compress_0d_171(to_unsigned_representative_91(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4429,7 +4443,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_5f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0e2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4451,8 +4465,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_732(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_5f2(v); +compress_0d_172(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0e2(v); } /** @@ -4461,7 +4475,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_94( +static KRML_MUSTINLINE void compress_then_serialize_5_af( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4470,7 +4484,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_732(to_unsigned_representative_39(re.coefficients[i0])); + compress_0d_172(to_unsigned_representative_91(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4487,9 +4501,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_350( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_94(re, out); + compress_then_serialize_5_af(re, out); } /** @@ -4510,15 +4524,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e1( +static void encrypt_unpacked_1b1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_561(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_ed1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4528,7 +4542,7 @@ static void encrypt_unpacked_8e1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_151(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_901(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4536,31 +4550,31 @@ static void encrypt_unpacked_8e1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a21(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_21(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f31(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a41( + compress_then_serialize_u_0c1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc0( + compress_then_serialize_ring_element_v_350( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4585,11 +4599,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4599,7 +4613,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4612,7 +4626,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_8e1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_1b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4622,7 +4636,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f01( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4643,11 +4657,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_9b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_66(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -4668,22 +4682,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_1f1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_c71( + deserialize_ring_elements_reduced_941( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_451(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_a11(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -4713,7 +4727,7 @@ static void encrypt_971(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_8e1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_1b1(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4728,11 +4742,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_4a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_29(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -4754,27 +4768,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c81( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_9b( + entropy_preprocess_af_66( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), + H_f1_fd1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4782,19 +4796,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_231( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_941(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_971(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_1f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_301(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_4a(shared_secret, shared_secret_array); + kdf_af_29(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4814,7 +4828,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_63( +decompress_ciphertext_coefficient_e3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4839,9 +4853,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_80( +decompress_ciphertext_coefficient_0d_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_63(v); + return decompress_ciphertext_coefficient_e3(v); } /** @@ -4851,8 +4865,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_26(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_10_ed(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4868,7 +4882,7 @@ deserialize_then_decompress_10_26(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_80(coefficient); + decompress_ciphertext_coefficient_0d_9f(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4881,7 +4895,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_630( +decompress_ciphertext_coefficient_e30( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4906,9 +4920,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_800( +decompress_ciphertext_coefficient_0d_9f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_630(v); + return decompress_ciphertext_coefficient_e30(v); } /** @@ -4918,8 +4932,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_11_1e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4928,7 +4942,7 @@ deserialize_then_decompress_11_fe(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_800(coefficient); + decompress_ciphertext_coefficient_0d_9f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4941,8 +4955,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_110(Eurydice_slice serialized) { - return deserialize_then_decompress_11_fe(serialized); +deserialize_then_decompress_ring_element_u_600(Eurydice_slice serialized) { + return deserialize_then_decompress_11_1e(serialized); } /** @@ -4951,17 +4965,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2e0( +static KRML_MUSTINLINE void ntt_vector_u_960( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ed(&zeta_i, re); + ntt_at_layer_2_2b(&zeta_i, re); + ntt_at_layer_1_85(&zeta_i, re); + poly_barrett_reduce_ef_de(re); } /** @@ -4972,12 +4986,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_031( +static KRML_MUSTINLINE void deserialize_then_decompress_u_5a1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4995,8 +5009,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_031( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_110(u_bytes); - ntt_vector_u_2e0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_600(u_bytes); + ntt_vector_u_960(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5010,7 +5024,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_631( +decompress_ciphertext_coefficient_e31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5035,9 +5049,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_801( +decompress_ciphertext_coefficient_0d_9f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_631(v); + return decompress_ciphertext_coefficient_e31(v); } /** @@ -5047,8 +5061,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_ab(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_4_a4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5057,7 +5071,7 @@ deserialize_then_decompress_4_ab(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_801(coefficient); + decompress_ciphertext_coefficient_0d_9f1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5070,7 +5084,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_632( +decompress_ciphertext_coefficient_e32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5095,9 +5109,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_802( +decompress_ciphertext_coefficient_0d_9f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_632(v); + return decompress_ciphertext_coefficient_e32(v); } /** @@ -5107,8 +5121,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_5c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_then_decompress_5_cb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5117,7 +5131,7 @@ deserialize_then_decompress_5_5c(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_802(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_9f2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5130,22 +5144,23 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_9f0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_5c(serialized); +deserialize_then_decompress_ring_element_v_f60(Eurydice_slice serialized) { + return deserialize_then_decompress_5_cb(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_4b(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_e3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5170,17 +5185,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a1( +compute_message_7f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e1(&result, &product);); - invert_ntt_montgomery_271(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_a24(&result, &product);); + invert_ntt_montgomery_981(&result); + result = subtract_reduce_ef_e3(v, result); return result; } @@ -5190,13 +5205,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_80( +static KRML_MUSTINLINE void compress_then_serialize_message_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_39(re.coefficients[i0]); + to_unsigned_representative_91(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5220,19 +5235,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_681( +static void decrypt_unpacked_ff1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_031(ciphertext, u_as_ntt); + deserialize_then_decompress_u_5a1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f0( + deserialize_then_decompress_ring_element_v_f60( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7f1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5241,7 +5256,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_03(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5258,8 +5273,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c83(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -5284,15 +5299,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_681(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_ff1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5303,7 +5318,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5311,17 +5326,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_174( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -5329,11 +5344,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_621( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_8e1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_1b1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5351,8 +5366,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_30(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_9a(); +deserialize_to_uncompressed_ring_element_bb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5371,12 +5386,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_681( +static KRML_MUSTINLINE void deserialize_secret_key_4c1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5388,7 +5403,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_681( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_bb(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5410,10 +5425,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_511(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_681(secret_key, secret_as_ntt); + deserialize_secret_key_4c1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5425,7 +5440,7 @@ static void decrypt_b41(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_681(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ff1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5451,7 +5466,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_531( +void libcrux_ml_kem_ind_cca_decapsulate_aa1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5470,9 +5485,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b41(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_511(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5480,7 +5495,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5488,31 +5503,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_531( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_971(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_1f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4a(Eurydice_array_to_slice((size_t)32U, + kdf_af_29(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_4a(shared_secret0, shared_secret1); + kdf_af_29(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc1(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5529,12 +5544,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_940( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5546,7 +5561,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_ed(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5561,7 +5576,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f00( +static KRML_MUSTINLINE void serialize_secret_key_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5579,7 +5594,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f00( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_8e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5594,14 +5609,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_950( +static KRML_MUSTINLINE void serialize_public_key_600( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_f00(t_as_ntt, ret0); + serialize_secret_key_2b0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5621,15 +5636,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_360(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_780(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_c70( + deserialize_ring_elements_reduced_940( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_950( + serialize_public_key_600( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5660,7 +5675,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d00(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5671,10 +5686,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_440( +static void closure_070( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_ef_b2();); } /** @@ -5693,7 +5708,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_750(uint8_t input[2U][34U]) { +shake128_init_absorb_final_400(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5724,11 +5739,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_830(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_750(copy_of_input); + return shake128_init_absorb_final_400(copy_of_input); } /** @@ -5737,7 +5752,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a0( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5758,9 +5773,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_200( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_100(self, ret); + shake128_squeeze_first_three_blocks_9a0(self, ret); } /** @@ -5811,7 +5826,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_831( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_851( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5849,7 +5864,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea0( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5870,9 +5885,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_040( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ed0(self, ret); + shake128_squeeze_next_block_ea0(self, ret); } /** @@ -5923,7 +5938,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_832( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_852( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5962,9 +5977,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_b30( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_ef_cb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5975,7 +5990,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_610( +static KRML_MUSTINLINE void sample_from_xof_080( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5983,25 +5998,25 @@ static KRML_MUSTINLINE void sample_from_xof_610( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_110(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_830(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_200(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_831( + bool done = sample_from_uniform_distribution_next_851( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_c10(&xof_state, randomness); + shake128_squeeze_next_block_f1_040(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_832( + done = sample_from_uniform_distribution_next_852( copy_of_randomness, sampled_coefficients, out); } } @@ -6010,7 +6025,7 @@ static KRML_MUSTINLINE void sample_from_xof_610( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_6a0(copy_of_out[i]);); + ret0[i] = closure_b30(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6023,12 +6038,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_450( +static KRML_MUSTINLINE void sample_matrix_A_a10( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_440(A_transpose[i]);); + closure_070(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6043,7 +6058,7 @@ static KRML_MUSTINLINE void sample_matrix_A_450( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_610(copy_of_seeds, sampled); + sample_from_xof_080(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6087,7 +6102,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d30(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6108,9 +6123,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_d30(input, ret); } /** @@ -6120,8 +6135,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_c30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_25(randomness); +sample_from_binomial_distribution_360(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_6f(randomness); } /** @@ -6133,11 +6148,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ed0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_ef_b2();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6149,12 +6164,12 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_bf0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c30( + re_as_ntt[i0] = sample_from_binomial_distribution_360( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6170,15 +6185,16 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_560( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e0( +static KRML_MUSTINLINE void add_to_ring_element_ef_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6202,14 +6218,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e0( +static KRML_MUSTINLINE void compute_As_plus_e_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_ef_b2();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6230,10 +6246,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e0(&result0[i1], &product); + ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_a21(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_7f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6253,10 +6269,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_a10( +static tuple_4c0 generate_keypair_unpacked_d30( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_d00(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6264,15 +6280,15 @@ static tuple_4c0 generate_keypair_unpacked_a10( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_450(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_a10(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_ed0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6284,14 +6300,14 @@ static tuple_4c0 generate_keypair_unpacked_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_560(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_ed0(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_0e0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -6340,10 +6356,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_a10( +static void closure_120( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_ef_b2();); } /** @@ -6355,7 +6371,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6374,7 +6390,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6383,18 +6399,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_a10(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_d30(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a10(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_120(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_8d_62(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6404,19 +6420,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e20( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_950( + serialize_public_key_600( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_fd0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6453,17 +6469,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c00( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_480( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_a10(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_d30(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_950( + serialize_public_key_600( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f00(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_2b0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6487,7 +6503,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_fb( +static KRML_MUSTINLINE void serialize_kem_secret_key_e1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6513,7 +6529,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_fb( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_fd0(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6543,7 +6559,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_150(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6552,13 +6568,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_c00(ind_cpa_keypair_randomness); + generate_keypair_480(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_fb( + serialize_kem_secret_key_e1( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6567,13 +6583,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_650(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_52( + uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); } /** @@ -6582,7 +6598,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d31(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6603,9 +6619,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_d31(input, ret); } /** @@ -6618,10 +6634,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_900(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_ef_b2();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6633,11 +6649,11 @@ sample_ring_element_cbd_150(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_bf1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6663,9 +6679,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c82(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -6674,18 +6690,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_270( +static KRML_MUSTINLINE void invert_ntt_montgomery_980( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_17(&zeta_i, re); + invert_ntt_at_layer_3_76(&zeta_i, re); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_de(re); } /** @@ -6694,14 +6710,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a20( +static KRML_MUSTINLINE void compute_vector_u_b80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_ef_b2();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6721,11 +6737,11 @@ static KRML_MUSTINLINE void compute_vector_u_a20( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e0(&result0[i1], &product); + ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_a21(&result0[i1], &product); } - invert_ntt_montgomery_270(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_980(&result0[i1]); + add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6743,18 +6759,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_040( +compute_ring_element_v_f30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e0(&result, &product);); - invert_ntt_montgomery_270(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_a21(&result, &product);); + invert_ntt_montgomery_980(&result); + result = add_message_error_reduce_ef_f9(error_2, message, result); return result; } @@ -6764,14 +6780,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_51( +static KRML_MUSTINLINE void compress_then_serialize_10_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_73(to_unsigned_representative_39(re->coefficients[i0])); + compress_0d_17(to_unsigned_representative_91(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6789,10 +6805,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4c( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_51(re, uu____0); + compress_then_serialize_10_ee(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6805,7 +6821,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a40( +static void compress_then_serialize_u_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6821,7 +6837,7 @@ static void compress_then_serialize_u_a40( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4c(&re, ret); + compress_then_serialize_ring_element_u_86(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6834,9 +6850,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_fc( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_35( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_53(re, out); + compress_then_serialize_4_83(re, out); } /** @@ -6857,15 +6873,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e0( +static void encrypt_unpacked_1b0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_560(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_ed0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6875,7 +6891,7 @@ static void encrypt_unpacked_8e0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_150(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_900(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6883,31 +6899,31 @@ static void encrypt_unpacked_8e0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a20(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_21(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f30(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a40( + compress_then_serialize_u_0c0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc( + compress_then_serialize_ring_element_v_35( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6932,11 +6948,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -6946,7 +6962,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6959,7 +6975,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_8e0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_1b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6969,7 +6985,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f00( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6990,11 +7006,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_b2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_dc(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -7015,22 +7031,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_1f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_c70( + deserialize_ring_elements_reduced_940( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_450(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_a10(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -7060,7 +7076,7 @@ static void encrypt_970(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_8e0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_1b0(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7075,11 +7091,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9f(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -7101,27 +7117,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c80( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_b2( + entropy_preprocess_af_dc( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), + H_f1_fd0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7129,19 +7145,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_970(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_1f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ff(shared_secret, shared_secret_array); + kdf_af_9f(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7161,8 +7177,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_11(Eurydice_slice serialized) { - return deserialize_then_decompress_10_26(serialized); +deserialize_then_decompress_ring_element_u_60(Eurydice_slice serialized) { + return deserialize_then_decompress_10_ed(serialized); } /** @@ -7171,17 +7187,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2e( +static KRML_MUSTINLINE void ntt_vector_u_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_9c(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_37(&zeta_i, re); - poly_barrett_reduce_20_8e(re); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ed(&zeta_i, re); + ntt_at_layer_2_2b(&zeta_i, re); + ntt_at_layer_1_85(&zeta_i, re); + poly_barrett_reduce_ef_de(re); } /** @@ -7192,12 +7208,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_030( +static KRML_MUSTINLINE void deserialize_then_decompress_u_5a0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7215,8 +7231,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_030( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); - ntt_vector_u_2e(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_60(u_bytes); + ntt_vector_u_96(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7230,8 +7246,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_9f(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ab(serialized); +deserialize_then_decompress_ring_element_v_f6(Eurydice_slice serialized) { + return deserialize_then_decompress_4_a4(serialized); } /** @@ -7241,17 +7257,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a0( +compute_message_7f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e0(&result, &product);); - invert_ntt_montgomery_270(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_a21(&result, &product);); + invert_ntt_montgomery_980(&result); + result = subtract_reduce_ef_e3(v, result); return result; } @@ -7265,19 +7281,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_680( +static void decrypt_unpacked_ff0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_030(ciphertext, u_as_ntt); + deserialize_then_decompress_u_5a0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f( + deserialize_then_decompress_ring_element_v_f6( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7f0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7291,8 +7307,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c81(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -7317,14 +7333,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_680(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_ff0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -7335,7 +7351,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7343,17 +7359,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -7361,11 +7377,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_620( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_8e0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_1b0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7382,12 +7398,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_680( +static KRML_MUSTINLINE void deserialize_secret_key_4c0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7399,7 +7415,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_680( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_bb(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7421,10 +7437,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_510(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_680(secret_key, secret_as_ntt); + deserialize_secret_key_4c0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7436,7 +7452,7 @@ static void decrypt_b40(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_680(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ff0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7462,7 +7478,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_530( +void libcrux_ml_kem_ind_cca_decapsulate_aa0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7480,9 +7496,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b40(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_510(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7490,7 +7506,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7498,31 +7514,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_530( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_970(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_1f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ff(Eurydice_array_to_slice((size_t)32U, + kdf_af_9f(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_ff(shared_secret0, shared_secret1); + kdf_af_9f(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7539,12 +7555,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_94( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_9a();); + deserialized_pk[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7556,7 +7572,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a2(ring_element); + deserialize_to_reduced_ring_element_ed(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7571,7 +7587,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f0( +static KRML_MUSTINLINE void serialize_secret_key_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7589,7 +7605,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_a6(&re, ret0); + serialize_uncompressed_ring_element_8e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7604,14 +7620,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_95( +static KRML_MUSTINLINE void serialize_public_key_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_f0(t_as_ntt, ret0); + serialize_secret_key_2b(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7631,15 +7647,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_36(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_78(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_c7( + deserialize_ring_elements_reduced_94( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_60( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7670,7 +7686,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_d0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7681,10 +7697,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_44( +static void closure_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_ef_b2();); } /** @@ -7703,7 +7719,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_75(uint8_t input[3U][34U]) { +shake128_init_absorb_final_40(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7734,11 +7750,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_83(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_75(copy_of_input); + return shake128_init_absorb_final_40(copy_of_input); } /** @@ -7747,7 +7763,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7768,9 +7784,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_20( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_10(self, ret); + shake128_squeeze_first_three_blocks_9a(self, ret); } /** @@ -7821,7 +7837,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_83( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_85( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7859,7 +7875,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_ed( +static KRML_MUSTINLINE void shake128_squeeze_next_block_ea( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7880,9 +7896,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_04( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ed(self, ret); + shake128_squeeze_next_block_ea(self, ret); } /** @@ -7933,7 +7949,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_830( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_850( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7972,9 +7988,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_6a( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_b3( int16_t s[272U]) { - return from_i16_array_20_8d( + return from_i16_array_ef_cb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7985,7 +8001,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_61( +static KRML_MUSTINLINE void sample_from_xof_08( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7993,25 +8009,25 @@ static KRML_MUSTINLINE void sample_from_xof_61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_11(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_83(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_20(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_83( + bool done = sample_from_uniform_distribution_next_85( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_c1(&xof_state, randomness); + shake128_squeeze_next_block_f1_04(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_830( + done = sample_from_uniform_distribution_next_850( copy_of_randomness, sampled_coefficients, out); } } @@ -8020,7 +8036,7 @@ static KRML_MUSTINLINE void sample_from_xof_61( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_6a(copy_of_out[i]);); + ret0[i] = closure_b3(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8033,12 +8049,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_45( +static KRML_MUSTINLINE void sample_matrix_A_a1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_44(A_transpose[i]);); + closure_07(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8053,7 +8069,7 @@ static KRML_MUSTINLINE void sample_matrix_A_45( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_61(copy_of_seeds, sampled); + sample_from_xof_08(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8097,7 +8113,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_d3(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -8118,9 +8134,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_bf(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_d3(input, ret); } /** @@ -8132,11 +8148,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ed( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_9a();); + re_as_ntt[i] = ZERO_ef_b2();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8148,12 +8164,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_c3( + re_as_ntt[i0] = sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8169,15 +8185,16 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_56( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_0e( +static KRML_MUSTINLINE void add_to_ring_element_ef_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8201,14 +8218,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_0e( +static KRML_MUSTINLINE void compute_As_plus_e_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_ef_b2();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8229,10 +8246,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_0e(&result0[i1], &product); + ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_a20(&result0[i1], &product); } - add_standard_error_reduce_20_7d(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_7f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8252,10 +8269,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a1( +static tuple_9b generate_keypair_unpacked_d3( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8263,15 +8280,15 @@ static tuple_9b generate_keypair_unpacked_a1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_45(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + sample_matrix_A_a1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_ed(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8283,14 +8300,14 @@ static tuple_9b generate_keypair_unpacked_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_56(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_ed(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_0e(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_0f(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8339,10 +8356,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a1( +static void closure_12( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_9a();); + ret[i] = ZERO_ef_b2();); } /** @@ -8354,7 +8371,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8373,7 +8390,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8382,18 +8399,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_a1(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_d3(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_12(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_20(&ind_cpa_public_key.A[j][i1]); + clone_8d_62(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8403,19 +8420,19 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_60( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_fd(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, implicit_rejection_value); + core_result_unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -8452,17 +8469,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c0( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_48( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a1(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_d3(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_95( + serialize_public_key_60( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_2b(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8486,7 +8503,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_cd( +static KRML_MUSTINLINE void serialize_kem_secret_key_42( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8512,7 +8529,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_cd( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8542,7 +8559,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8551,13 +8568,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_c0(ind_cpa_keypair_randomness); + generate_keypair_48(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_cd( + serialize_kem_secret_key_42( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8566,13 +8583,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_200(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_920(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_750( - uu____2, libcrux_ml_kem_types_from_07_3a0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_520( + uu____2, libcrux_ml_kem_types_from_07_390(copy_of_public_key)); } /** @@ -8585,10 +8602,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_90(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_9a();); + error_1[i] = ZERO_ef_b2();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8600,11 +8617,11 @@ sample_ring_element_cbd_15(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8630,9 +8647,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_c80(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_030(input, ret); } /** @@ -8641,18 +8658,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_27( +static KRML_MUSTINLINE void invert_ntt_montgomery_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_1e(&zeta_i, re); - invert_ntt_at_layer_2_12(&zeta_i, re); - invert_ntt_at_layer_3_72(&zeta_i, re); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_8e(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_17(&zeta_i, re); + invert_ntt_at_layer_3_76(&zeta_i, re); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_de(re); } /** @@ -8661,14 +8678,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a2( +static KRML_MUSTINLINE void compute_vector_u_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_9a();); + result0[i] = ZERO_ef_b2();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8688,11 +8705,11 @@ static KRML_MUSTINLINE void compute_vector_u_a2( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - add_to_ring_element_20_0e(&result0[i1], &product); + ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_a20(&result0[i1], &product); } - invert_ntt_montgomery_27(&result0[i1]); - add_error_reduce_20_fc(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_98(&result0[i1]); + add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8710,18 +8727,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_04( +compute_ring_element_v_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_0e(&result, &product);); - invert_ntt_montgomery_27(&result); - result = add_message_error_reduce_20_0f(error_2, message, result); + ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_a20(&result, &product);); + invert_ntt_montgomery_98(&result); + result = add_message_error_reduce_ef_f9(error_2, message, result); return result; } @@ -8734,7 +8751,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_a4( +static void compress_then_serialize_u_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8750,7 +8767,7 @@ static void compress_then_serialize_u_a4( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4c(&re, ret); + compress_then_serialize_ring_element_u_86(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8774,15 +8791,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8e( +static void encrypt_unpacked_1b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_56(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_ed(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8792,7 +8809,7 @@ static void encrypt_unpacked_8e( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_15(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_90(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8800,31 +8817,31 @@ static void encrypt_unpacked_8e( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_c3( + sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a2(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_08(copy_of_message); + deserialize_then_decompress_message_21(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f3(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_a4( + compress_then_serialize_u_0c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_fc( + compress_then_serialize_ring_element_v_35( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8849,11 +8866,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -8863,7 +8880,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8876,7 +8893,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_8e(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_1b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8886,7 +8903,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_f0( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8907,11 +8924,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_ac(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_dd(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -8932,22 +8949,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_1f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_c7( + deserialize_ring_elements_reduced_94( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_45(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + sample_matrix_A_a1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + core_result_unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8977,7 +8994,7 @@ static void encrypt_97(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_8e(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_1b(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8992,11 +9009,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_3f(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_20(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, ret); + core_result_unwrap_26_33(dst, ret); } /** @@ -9018,27 +9035,27 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_ac( + entropy_preprocess_af_dd( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), + H_f1_fd(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9046,19 +9063,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_940(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_97(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_1f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_300(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_3f(shared_secret, shared_secret_array); + kdf_af_20(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9079,12 +9096,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_03( +static KRML_MUSTINLINE void deserialize_then_decompress_u_5a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_9a();); + u_as_ntt[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9102,8 +9119,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_03( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_11(u_bytes); - ntt_vector_u_2e(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_60(u_bytes); + ntt_vector_u_96(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9117,17 +9134,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_9a( +compute_message_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_9a(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_ff(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_0e(&result, &product);); - invert_ntt_montgomery_27(&result); - result = subtract_reduce_20_4b(v, result); + ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_a20(&result, &product);); + invert_ntt_montgomery_98(&result); + result = subtract_reduce_ef_e3(v, result); return result; } @@ -9141,19 +9158,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_68( +static void decrypt_unpacked_ff( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_03(ciphertext, u_as_ntt); + deserialize_then_decompress_u_5a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_9f( + deserialize_then_decompress_ring_element_v_f6( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_9a(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_80(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9167,8 +9184,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_c8(Eurydice_slice input, uint8_t ret[32U]) { + PRF_03(input, ret); } /** @@ -9193,14 +9210,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_68(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_ff(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -9211,7 +9228,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9219,17 +9236,17 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_173( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -9237,11 +9254,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_62( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_8e(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_1b(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9258,12 +9275,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_68( +static KRML_MUSTINLINE void deserialize_secret_key_4c( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_9a();); + secret_as_ntt[i] = ZERO_ef_b2();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9275,7 +9292,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_68( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_30(secret_bytes); + deserialize_to_uncompressed_ring_element_bb(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9297,10 +9314,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_51(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_68(secret_key, secret_as_ntt); + deserialize_secret_key_4c(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9312,7 +9329,7 @@ static void decrypt_b4(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_68(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9338,7 +9355,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_53( +void libcrux_ml_kem_ind_cca_decapsulate_aa( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9356,9 +9373,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b4(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_51(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9366,7 +9383,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9374,30 +9391,30 @@ void libcrux_ml_kem_ind_cca_decapsulate_53( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_97(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_1f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3f(Eurydice_array_to_slice((size_t)32U, + kdf_af_20(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3f(shared_secret0, shared_secret1); + kdf_af_20(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_cc0(ciphertext), + libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 71eea2534..b5297e32c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem_portable_H @@ -96,9 +96,6 @@ typedef struct int16_t_x8_s { int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -125,6 +122,9 @@ extern const uint8_t libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] [16U]; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index dbca50d4c..bc7827005 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_97(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_970(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_971(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_972(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_973(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_974(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 633f1d30a..0d2f42cc7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "internal/libcrux_sha3_avx2.h" @@ -46,14 +46,14 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_21(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), mm256_srli_epi64((int32_t)63, x, __m256i)); } static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; - return mm256_xor_si256(uu____0, rotate_left_58(b)); + return mm256_xor_si256(uu____0, rotate_left_21(b)); } /** @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { +new_89_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -211,7 +211,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -331,13 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_ef_16(__m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); + load_block_fe(uu____0, copy_of_b); } /** @@ -346,7 +346,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_210(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), mm256_srli_epi64((int32_t)28, x, __m256i)); } @@ -357,9 +357,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_13(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_580(ab); + return rotate_left_210(ab); } /** @@ -372,8 +372,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { - return _vxarq_u64_c1(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c(__m256i a, __m256i b) { + return _vxarq_u64_13(a, b); } /** @@ -382,7 +382,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_211(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), mm256_srli_epi64((int32_t)61, x, __m256i)); } @@ -393,9 +393,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_130(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_581(ab); + return rotate_left_211(ab); } /** @@ -408,8 +408,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { - return _vxarq_u64_c10(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c0(__m256i a, __m256i b) { + return _vxarq_u64_130(a, b); } /** @@ -418,7 +418,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_212(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), mm256_srli_epi64((int32_t)23, x, __m256i)); } @@ -429,9 +429,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_131(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_582(ab); + return rotate_left_212(ab); } /** @@ -444,8 +444,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { - return _vxarq_u64_c11(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c1(__m256i a, __m256i b) { + return _vxarq_u64_131(a, b); } /** @@ -454,7 +454,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_213(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), mm256_srli_epi64((int32_t)46, x, __m256i)); } @@ -465,9 +465,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_132(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_583(ab); + return rotate_left_213(ab); } /** @@ -480,8 +480,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { - return _vxarq_u64_c12(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c2(__m256i a, __m256i b) { + return _vxarq_u64_132(a, b); } /** @@ -490,9 +490,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_133(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_58(ab); + return rotate_left_21(ab); } /** @@ -505,8 +505,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { - return _vxarq_u64_c13(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c3(__m256i a, __m256i b) { + return _vxarq_u64_133(a, b); } /** @@ -515,7 +515,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_214(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), mm256_srli_epi64((int32_t)20, x, __m256i)); } @@ -526,9 +526,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_134(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_584(ab); + return rotate_left_214(ab); } /** @@ -541,8 +541,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { - return _vxarq_u64_c14(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c4(__m256i a, __m256i b) { + return _vxarq_u64_134(a, b); } /** @@ -551,7 +551,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_215(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), mm256_srli_epi64((int32_t)54, x, __m256i)); } @@ -562,9 +562,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_135(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_585(ab); + return rotate_left_215(ab); } /** @@ -577,8 +577,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { - return _vxarq_u64_c15(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c5(__m256i a, __m256i b) { + return _vxarq_u64_135(a, b); } /** @@ -587,7 +587,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_216(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), mm256_srli_epi64((int32_t)19, x, __m256i)); } @@ -598,9 +598,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_136(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_586(ab); + return rotate_left_216(ab); } /** @@ -613,8 +613,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { - return _vxarq_u64_c16(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c6(__m256i a, __m256i b) { + return _vxarq_u64_136(a, b); } /** @@ -623,7 +623,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_217(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), mm256_srli_epi64((int32_t)62, x, __m256i)); } @@ -634,9 +634,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_137(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_587(ab); + return rotate_left_217(ab); } /** @@ -649,8 +649,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { - return _vxarq_u64_c17(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c7(__m256i a, __m256i b) { + return _vxarq_u64_137(a, b); } /** @@ -659,7 +659,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_218(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), mm256_srli_epi64((int32_t)2, x, __m256i)); } @@ -670,9 +670,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_138(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_588(ab); + return rotate_left_218(ab); } /** @@ -685,8 +685,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { - return _vxarq_u64_c18(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c8(__m256i a, __m256i b) { + return _vxarq_u64_138(a, b); } /** @@ -695,7 +695,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_219(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), mm256_srli_epi64((int32_t)58, x, __m256i)); } @@ -706,9 +706,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_139(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_589(ab); + return rotate_left_219(ab); } /** @@ -721,8 +721,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { - return _vxarq_u64_c19(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c9(__m256i a, __m256i b) { + return _vxarq_u64_139(a, b); } /** @@ -731,7 +731,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2110(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), mm256_srli_epi64((int32_t)21, x, __m256i)); } @@ -742,9 +742,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1310(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5810(ab); + return rotate_left_2110(ab); } /** @@ -757,8 +757,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return _vxarq_u64_c110(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c10(__m256i a, __m256i b) { + return _vxarq_u64_1310(a, b); } /** @@ -767,7 +767,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2111(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), mm256_srli_epi64((int32_t)49, x, __m256i)); } @@ -778,9 +778,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1311(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5811(ab); + return rotate_left_2111(ab); } /** @@ -793,8 +793,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return _vxarq_u64_c111(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c11(__m256i a, __m256i b) { + return _vxarq_u64_1311(a, b); } /** @@ -803,7 +803,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2112(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), mm256_srli_epi64((int32_t)3, x, __m256i)); } @@ -814,9 +814,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1312(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5812(ab); + return rotate_left_2112(ab); } /** @@ -829,8 +829,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return _vxarq_u64_c112(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c12(__m256i a, __m256i b) { + return _vxarq_u64_1312(a, b); } /** @@ -839,7 +839,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2113(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), mm256_srli_epi64((int32_t)36, x, __m256i)); } @@ -850,9 +850,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1313(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5813(ab); + return rotate_left_2113(ab); } /** @@ -865,8 +865,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return _vxarq_u64_c113(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c13(__m256i a, __m256i b) { + return _vxarq_u64_1313(a, b); } /** @@ -875,7 +875,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2114(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), mm256_srli_epi64((int32_t)9, x, __m256i)); } @@ -886,9 +886,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1314(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5814(ab); + return rotate_left_2114(ab); } /** @@ -901,8 +901,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return _vxarq_u64_c114(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c14(__m256i a, __m256i b) { + return _vxarq_u64_1314(a, b); } /** @@ -911,7 +911,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2115(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), mm256_srli_epi64((int32_t)39, x, __m256i)); } @@ -922,9 +922,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1315(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5815(ab); + return rotate_left_2115(ab); } /** @@ -937,8 +937,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return _vxarq_u64_c115(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c15(__m256i a, __m256i b) { + return _vxarq_u64_1315(a, b); } /** @@ -947,7 +947,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2116(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), mm256_srli_epi64((int32_t)43, x, __m256i)); } @@ -958,9 +958,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1316(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5816(ab); + return rotate_left_2116(ab); } /** @@ -973,8 +973,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return _vxarq_u64_c116(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c16(__m256i a, __m256i b) { + return _vxarq_u64_1316(a, b); } /** @@ -983,7 +983,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2117(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), mm256_srli_epi64((int32_t)8, x, __m256i)); } @@ -994,9 +994,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1317(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5817(ab); + return rotate_left_2117(ab); } /** @@ -1009,8 +1009,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return _vxarq_u64_c117(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c17(__m256i a, __m256i b) { + return _vxarq_u64_1317(a, b); } /** @@ -1019,7 +1019,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2118(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), mm256_srli_epi64((int32_t)37, x, __m256i)); } @@ -1030,9 +1030,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1318(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5818(ab); + return rotate_left_2118(ab); } /** @@ -1045,8 +1045,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return _vxarq_u64_c118(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c18(__m256i a, __m256i b) { + return _vxarq_u64_1318(a, b); } /** @@ -1055,7 +1055,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2119(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), mm256_srli_epi64((int32_t)44, x, __m256i)); } @@ -1066,9 +1066,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1319(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5819(ab); + return rotate_left_2119(ab); } /** @@ -1081,8 +1081,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return _vxarq_u64_c119(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c19(__m256i a, __m256i b) { + return _vxarq_u64_1319(a, b); } /** @@ -1091,7 +1091,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2120(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), mm256_srli_epi64((int32_t)25, x, __m256i)); } @@ -1102,9 +1102,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1320(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5820(ab); + return rotate_left_2120(ab); } /** @@ -1117,8 +1117,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return _vxarq_u64_c120(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c20(__m256i a, __m256i b) { + return _vxarq_u64_1320(a, b); } /** @@ -1127,7 +1127,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2121(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), mm256_srli_epi64((int32_t)56, x, __m256i)); } @@ -1138,9 +1138,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1321(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5821(ab); + return rotate_left_2121(ab); } /** @@ -1153,8 +1153,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return _vxarq_u64_c121(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c21(__m256i a, __m256i b) { + return _vxarq_u64_1321(a, b); } /** @@ -1163,7 +1163,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_2122(__m256i x) { return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), mm256_srli_epi64((int32_t)50, x, __m256i)); } @@ -1174,9 +1174,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { +static KRML_MUSTINLINE __m256i _vxarq_u64_1322(__m256i a, __m256i b) { __m256i ab = mm256_xor_si256(a, b); - return rotate_left_5822(ab); + return rotate_left_2122(ab); } /** @@ -1189,8 +1189,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return _vxarq_u64_c122(a, b); +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_5c22(__m256i a, __m256i b) { + return _vxarq_u64_1322(a, b); } /** @@ -1199,7 +1199,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_71( +static KRML_MUSTINLINE void theta_rho_3f( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]), @@ -1228,30 +1228,30 @@ static KRML_MUSTINLINE void theta_rho_71( rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1261,7 +1261,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_01( +static KRML_MUSTINLINE void pi_d8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1297,7 +1297,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_9b( +static KRML_MUSTINLINE void chi_95( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1315,7 +1315,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_09( +static KRML_MUSTINLINE void iota_c9( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1327,14 +1327,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_07( +static KRML_MUSTINLINE void keccakf1600_4e( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); + theta_rho_3f(s); + pi_d8(s); + chi_95(s); + iota_c9(s, i0); } } @@ -1345,13 +1345,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_37( +static KRML_MUSTINLINE void absorb_block_26( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); + load_block_ef_16(uu____0, uu____1); + keccakf1600_4e(s); } /** @@ -1359,14 +1359,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_1d(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c7(s, buf); + load_block_fe(s, buf); } /** @@ -1378,13 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_40(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); + load_block_full_1d(uu____0, copy_of_b); } /** @@ -1395,7 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e( +static KRML_MUSTINLINE void absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1411,8 +1411,8 @@ static KRML_MUSTINLINE void absorb_final_5e( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_40(uu____3, uu____4); + keccakf1600_4e(s); } /** @@ -1420,7 +1420,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_78(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1542,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_full_61(__m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1553,7 +1553,7 @@ static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - store_block_e9(s, buf); + store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1580,9 +1580,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_full_ef_83(__m256i (*a)[5U], uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); + store_block_full_61(a, ret); } /** @@ -1592,10 +1592,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( +static KRML_MUSTINLINE void squeeze_first_and_last_ac( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); + store_block_full_ef_83(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1616,9 +1616,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_aa(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e9(a, b); + store_block_78(a, b); } /** @@ -1628,9 +1628,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_e9( +static KRML_MUSTINLINE void squeeze_first_block_b7( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); + store_block_ef_aa(s->st, out); } /** @@ -1640,10 +1640,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_1c( +static KRML_MUSTINLINE void squeeze_next_block_ff( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); + keccakf1600_4e(s); + store_block_ef_aa(s->st, out); } /** @@ -1653,11 +1653,11 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_77( +static KRML_MUSTINLINE void squeeze_last_0a( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); + keccakf1600_4e(&s); uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); + store_block_full_ef_83(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1677,9 +1677,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1689,7 +1689,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); + absorb_block_26(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1699,12 +1699,12 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - absorb_final_5e(uu____2, ret); + absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); + squeeze_first_and_last_ac(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1712,14 +1712,14 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); + squeeze_first_block_b7(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1730,12 +1730,12 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); + squeeze_next_block_ff(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_77(s, o1); + squeeze_last_0a(s, o1); } } } @@ -1749,7 +1749,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); + keccak_9b(buf0, buf); } /** @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); + return new_89_fa(); } /** @@ -1765,7 +1765,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_fe0(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -1881,14 +1881,14 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_full_1d0(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - load_block_c70(s, buf); + load_block_fe0(s, buf); } /** @@ -1900,13 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], +static KRML_MUSTINLINE void load_block_full_ef_400(__m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); + load_block_full_1d0(uu____0, copy_of_b); } /** @@ -1917,7 +1917,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e0( +static KRML_MUSTINLINE void absorb_final_800( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1933,8 +1933,8 @@ static KRML_MUSTINLINE void absorb_final_5e0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_400(uu____3, uu____4); + keccakf1600_4e(s); } /** @@ -1944,7 +1944,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + absorb_final_800(s, buf); } /** @@ -1952,7 +1952,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_780(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2078,9 +2078,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], +static KRML_MUSTINLINE void store_block_ef_aa0(__m256i (*a)[5U], Eurydice_slice b[4U]) { - store_block_e90(a, b); + store_block_780(a, b); } /** @@ -2090,9 +2090,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_e90( +static KRML_MUSTINLINE void squeeze_first_block_b70( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); + store_block_ef_aa0(s->st, out); } /** @@ -2102,10 +2102,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_1c0( +static KRML_MUSTINLINE void squeeze_next_block_ff0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + keccakf1600_4e(s); + store_block_ef_aa0(s->st, out); } /** @@ -2115,7 +2115,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_three_blocks_27( +static KRML_MUSTINLINE void squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2123,15 +2123,15 @@ static KRML_MUSTINLINE void squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_ff0(s, o1); + squeeze_next_block_ff0(s, o2); } /** @@ -2141,7 +2141,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_three_blocks_27(s, buf); + squeeze_first_three_blocks_6d(s, buf); } /** @@ -2151,7 +2151,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); + squeeze_next_block_ff0(s, buf); } /** @@ -2161,7 +2161,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( +static KRML_MUSTINLINE void squeeze_first_five_blocks_58( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2169,29 +2169,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); + squeeze_next_block_ff0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_ff0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + squeeze_next_block_ff0(s, o3); + squeeze_next_block_ff0(s, o4); } /** @@ -2202,7 +2202,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + squeeze_first_five_blocks_58(s, buf); } /** @@ -2212,7 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e(s, buf); + absorb_final_80(s, buf); } /** @@ -2223,7 +2223,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + squeeze_first_block_b7(s, buf); } /** @@ -2234,5 +2234,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + squeeze_next_block_ff(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index da062e426..9c45a9de3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 63801aeae..a339306f0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); } /** @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_89_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -260,11 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_28(s, buf); } /** @@ -276,13 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_0d(s); + libcrux_sha3_generic_keccak_pi_f0(s); + libcrux_sha3_generic_keccak_chi_e2(s); + libcrux_sha3_generic_keccak_iota_ae(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1419,9 +1419,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_3d(a, b); } /** @@ -1431,9 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1443,10 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1454,7 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1478,11 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_280(s, buf); } /** @@ -1494,13 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); } /** @@ -1511,7 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1530,8 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1539,7 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1561,9 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_3d0(a, b); } /** @@ -1573,9 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1585,10 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1600,13 +1600,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); } /** @@ -1616,13 +1616,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1630,12 +1630,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_3d(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1652,9 +1652,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_853(a, ret); } /** @@ -1665,10 +1665,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1691,11 +1691,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1719,10 +1719,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1733,7 +1733,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1743,12 +1743,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,14 +1756,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1774,12 +1774,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); } } } @@ -1790,12 +1790,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); } /** @@ -1803,7 +1803,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1814,7 +1814,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1831,13 +1831,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); } /** @@ -1847,13 +1847,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1861,11 +1861,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_283(s, buf); } /** @@ -1877,13 +1877,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); } /** @@ -1894,7 +1894,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1913,8 +1913,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1922,7 +1922,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1940,12 +1940,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_3d3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1962,9 +1962,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_852(a, ret); } /** @@ -1975,10 +1975,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2003,9 +2003,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_3d3(a, b); } /** @@ -2015,9 +2015,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -2027,10 +2027,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -2040,11 +2040,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2068,10 +2068,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2082,7 +2082,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2092,12 +2092,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,14 +2105,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2123,12 +2123,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); } } } @@ -2139,12 +2139,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2163,7 +2163,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2180,13 +2180,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); } /** @@ -2196,13 +2196,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2210,11 +2210,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_282(s, buf); } /** @@ -2226,13 +2226,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); } /** @@ -2243,7 +2243,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2262,8 +2262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2271,7 +2271,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2289,12 +2289,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_3d2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2311,9 +2311,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_851(a, ret); } /** @@ -2324,10 +2324,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2352,9 +2352,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_3d2(a, b); } /** @@ -2364,9 +2364,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2376,10 +2376,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2389,11 +2389,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2417,10 +2417,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2431,7 +2431,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2441,12 +2441,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,14 +2454,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2472,12 +2472,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); } } } @@ -2488,12 +2488,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); } /** @@ -2505,13 +2505,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); } /** @@ -2521,13 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2535,12 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_3d0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2557,9 +2557,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_850(a, ret); } /** @@ -2570,10 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2596,11 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2624,10 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2638,7 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2648,12 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,14 +2661,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2679,12 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2695,12 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); } /** @@ -2711,7 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2730,8 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2742,10 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2756,7 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2766,12 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,14 +2779,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2797,12 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2813,12 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); } /** @@ -2826,7 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_ac(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2854,13 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); } /** @@ -2870,13 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2884,11 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_281(s, buf); } /** @@ -2900,13 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); } /** @@ -2917,7 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2936,8 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2945,7 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2963,12 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_3d1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2984,9 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_85(a, ret); } /** @@ -2997,10 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3025,9 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_3d1(a, b); } /** @@ -3037,9 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -3049,10 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -3062,11 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3090,10 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3104,7 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3114,12 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,14 +3127,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3145,12 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); } } } @@ -3161,12 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a0c87071b..d999debf0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f644d380f..42295c921 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 50e2aa7a6..7b27401b5 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 -Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb -Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 +Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index b5c5fa751..886176809 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -168,7 +168,6 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { return x * y; } - // ITERATORS #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 5ac03509a..f0ad6796d 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_core_H @@ -103,14 +103,15 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -136,14 +137,15 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -169,14 +171,15 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -224,7 +227,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_14( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_28( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -239,7 +242,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_3a(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_39(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -273,7 +276,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_75(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_52(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -289,7 +292,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_20(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_92(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -319,7 +322,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_30(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_9a(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -336,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_94( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_bd( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -349,7 +352,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_172( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -374,14 +377,15 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -401,7 +405,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_171( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -421,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_49( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_32( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -434,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_170( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -453,7 +457,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_17( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -478,14 +482,15 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -511,14 +516,15 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index ea2f6e973..96ff3f14f 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 54540cb08..5d54c891c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem768_avx2_H @@ -719,7 +719,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, ret0); + unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -819,7 +819,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_e8(dst, ret0); + unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -932,7 +932,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_34(dst, ret0); + unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1077,7 +1077,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_1c(dst, ret0); + unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1201,17 +1201,18 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_98(void) { +libcrux_ml_kem_polynomial_ZERO_ef_48(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1240,8 +1241,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -1252,10 +1253,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_be( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,12 +1274,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_54( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1291,7 +1292,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ca( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_be( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1324,8 +1325,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_98(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_aa(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -1336,7 +1337,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1388,9 +1389,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e5( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a( vector); } @@ -1402,10 +1403,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1418,7 +1419,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_11( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b( coefficient); } return re; @@ -1432,7 +1433,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1484,9 +1485,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e50( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a0( vector); } @@ -1498,10 +1499,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_4e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1509,7 +1510,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_87( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_110( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b0( coefficient); } return re; @@ -1523,9 +1524,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_09( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1540,7 +1541,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_bd( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1553,9 +1554,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_af(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_bd(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1569,7 +1570,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1582,7 +1583,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c5( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_af( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1600,7 +1601,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1619,7 +1620,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_70( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1641,7 +1642,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_93( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1662,16 +1663,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7e( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1688,21 +1690,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_1d(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_93(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0(re); } /** @@ -1715,12 +1717,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_31( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1740,9 +1742,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_32( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_09( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_f9(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1757,7 +1759,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1809,9 +1811,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e51( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a1( vector); } @@ -1823,10 +1825,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_89( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1834,7 +1836,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_58( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_111( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b1( coefficient); } return re; @@ -1848,7 +1850,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1900,9 +1902,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e52( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a2( vector); } @@ -1914,10 +1916,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_e3( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1925,7 +1927,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ab( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_112( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b2( re.coefficients[i0]); } return re; @@ -1939,28 +1941,29 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_5a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_58(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_89(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_15( +libcrux_ml_kem_polynomial_ntt_multiply_ef_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1983,16 +1986,18 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_15( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_f3( +static KRML_MUSTINLINE void +libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2013,7 +2018,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2040,7 +2045,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2063,7 +2068,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_55( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2084,13 +2089,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e7(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7b(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_bd(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2103,7 +2108,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2118,7 +2123,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2136,37 +2141,38 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9b(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e4(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_55(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9d(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_c4( +libcrux_ml_kem_polynomial_subtract_reduce_ef_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2190,21 +2196,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_12( +libcrux_ml_kem_matrix_compute_message_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_c4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_73(v, result); return result; } @@ -2215,7 +2221,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_bc(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2229,9 +2235,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_06( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_f0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_da(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_bc(vector); } /** @@ -2242,8 +2248,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_4b(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_06(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_7a(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_f0(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2257,13 +2263,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_33( +libcrux_ml_kem_serialize_compress_then_serialize_message_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2288,20 +2294,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ab( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_aa(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_31(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_85( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_5a( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_12(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_62(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_33(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_0d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2316,11 +2322,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_94(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_4f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_54(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2332,7 +2338,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_e9(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_02(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ab(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2347,7 +2353,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2358,7 +2364,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c9( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2377,9 +2383,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_c9(input, ret); } /** @@ -2390,9 +2396,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_9a( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_e0( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -2403,10 +2409,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ae( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2427,12 +2433,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2445,7 +2451,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ce( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ae( ring_element); deserialized_pk[i0] = uu____0; } @@ -2462,8 +2468,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2b(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_6f(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -2473,10 +2479,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_d6( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_13( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } } @@ -2491,7 +2497,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2515,12 +2521,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_4d( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( copy_of_input); } @@ -2532,7 +2538,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2568,9 +2574,9 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_6b( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( self, ret); } @@ -2624,7 +2630,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_52( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2667,7 +2673,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2703,9 +2709,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_1b(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd(self, ret); } /** @@ -2758,7 +2764,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_520( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2795,19 +2801,20 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_3a(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2826,8 +2833,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_e9(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_84( +libcrux_ml_kem_sampling_sample_from_xof_closure_3d(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_ef_3a( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2838,7 +2845,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1d( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2847,28 +2854,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_ca( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_4d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_97( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_52( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_5a( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_970( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_520( copy_of_randomness, sampled_coefficients, out); } } @@ -2878,7 +2885,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_e9(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_3d(copy_of_out[i]); } memcpy( ret, ret0, @@ -2892,12 +2899,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_c6( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_d6(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_13(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2917,7 +2924,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_43( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_0c(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_1d(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2977,8 +2984,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_48(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_69(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -2988,7 +2995,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_ef( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3027,60 +3034,11 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_ef(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3089,7 +3047,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bb( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3124,7 +3082,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_ef_3a( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3136,7 +3094,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ec( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3170,7 +3128,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_41( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_ef_3a( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3182,9 +3140,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bb( randomness); } @@ -3195,7 +3153,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_68( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3217,20 +3175,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_68(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_2f(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_70(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7e(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_78(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_1d(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_93(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0(re); } /** @@ -3243,11 +3201,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3262,13 +3220,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_c7(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3293,8 +3251,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_2a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3b(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -3307,11 +3265,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2a(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3326,11 +3284,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3353,7 +3311,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c90( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3372,9 +3330,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_c90(input, ret); } /** @@ -3385,22 +3343,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_73(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_compute_vector_u_closure_c0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_87( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_38( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3422,14 +3381,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3450,12 +3409,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_64( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], - &product); + libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result0[i1], + &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_87(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_38(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3474,7 +3433,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_05(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_23(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -3489,10 +3448,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3500,24 +3459,25 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_05(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_23(coefficient_compressed); } return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3545,22 +3505,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_6c( +libcrux_ml_kem_matrix_compute_ring_element_v_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_98(); + libcrux_ml_kem_polynomial_ZERO_ef_48(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_c5(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_86( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_ca( error_2, message, result); return result; } @@ -3573,7 +3533,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_54( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3628,9 +3588,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_92( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_54( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_54( vector); } @@ -3642,14 +3602,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_a8( +libcrux_ml_kem_serialize_compress_then_serialize_10_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_92( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_54( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3669,7 +3629,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_540( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3724,9 +3684,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_920( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_540( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_540( vector); } @@ -3738,14 +3698,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_a5( +libcrux_ml_kem_serialize_compress_then_serialize_11_6e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_920( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_540( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3766,10 +3726,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a8(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_58(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3783,7 +3743,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3799,7 +3759,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3814,7 +3774,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_541( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3869,9 +3829,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_921( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_541( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_541( vector); } @@ -3883,7 +3843,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_42( +libcrux_ml_kem_serialize_compress_then_serialize_4_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3891,8 +3851,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_42( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_921( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_541( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3911,7 +3871,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_542( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3966,9 +3926,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_922( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_542( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_7d2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_542( vector); } @@ -3980,7 +3940,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_8a( +libcrux_ml_kem_serialize_compress_then_serialize_5_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3988,8 +3948,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8a( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_922( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_542( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -4009,9 +3969,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_42(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_b5(re, out); } /** @@ -4032,15 +3992,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4050,7 +4010,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_b3( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2a( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4059,33 +4019,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_cf( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_64(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_34(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_cb( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_6c( + libcrux_ml_kem_matrix_compute_ring_element_v_3a( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_52( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_5c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4109,24 +4069,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_43(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_c6(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4156,7 +4116,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_f0(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4173,12 +4133,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_11( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_80( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_26_33(dst, ret); } /** @@ -4204,7 +4164,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4222,10 +4182,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_94(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -4233,7 +4193,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4242,14 +4202,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4257,18 +4217,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11( + libcrux_ml_kem_ind_cca_kdf_43_80( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_80(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_32(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4300,10 +4260,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_94( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_f5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_26(private_key, ciphertext, ret); } /** @@ -4317,7 +4277,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_8a(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_94(private_key, ciphertext, ret); } @@ -4377,14 +4337,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_02( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ab( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -4395,7 +4355,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4404,17 +4364,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = @@ -4423,11 +4383,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_32(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4464,10 +4424,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_51( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2e(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2b(key_pair, ciphertext, ret); } @@ -4482,7 +4442,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_a5( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_51( private_key, ciphertext, ret); } @@ -4497,11 +4457,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b5( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_26_33(dst, ret); } /** @@ -4514,7 +4474,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4539,28 +4499,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_25( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_95( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_b5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4569,20 +4529,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e9( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_11(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_80(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4615,14 +4575,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e9(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_25(uu____0, copy_of_randomness); } /** @@ -4640,7 +4600,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_11( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0e( uu____0, copy_of_randomness); } @@ -4663,11 +4623,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -4677,7 +4637,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4691,7 +4651,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_ac(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4701,7 +4661,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4735,7 +4695,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_16( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4743,7 +4703,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_eb( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_4d( uu____0, copy_of_randomness); } @@ -4764,7 +4724,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_18( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_16( uu____0, copy_of_randomness); } @@ -4789,8 +4749,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_02(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_a3(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -4800,7 +4760,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_6b( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_55( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4808,24 +4768,25 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_6b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_27( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_6b( + libcrux_ml_kem_vector_traits_to_standard_domain_55( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4840,14 +4801,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4869,12 +4830,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_15(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_f3(&result0[i1], - &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result0[i1], + &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_a1( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_27( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4895,10 +4856,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4906,15 +4867,15 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_43(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_c6(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4927,17 +4888,17 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_57(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_4b(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_04(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4980,14 +4941,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_4b( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -5007,7 +4968,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5025,7 +4986,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5041,14 +5002,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5073,17 +5034,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_f8(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_a0(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5109,7 +5070,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_18( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5135,7 +5096,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_31(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5165,7 +5126,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_5a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5174,13 +5135,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_f8(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_a0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c9( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_18( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5189,13 +5150,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_21(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_52( + uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); } /** @@ -5211,12 +5172,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_33( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_5a(copy_of_randomness); } /** @@ -5228,7 +5189,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_75( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_33( copy_of_randomness); } @@ -5247,9 +5208,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_87( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_54( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_98(); + return libcrux_ml_kem_polynomial_ZERO_ef_48(); } /** @@ -5267,26 +5228,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_98(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_4f( +libcrux_ml_kem_polynomial_clone_8d_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5311,7 +5273,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5320,7 +5282,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f8( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5328,7 +5290,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_4c(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5336,7 +5298,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_4f(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_8d_b3(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5348,20 +5310,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, implicit_rejection_value); + unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5403,12 +5365,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_68( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ee( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( copy_of_randomness); } @@ -5422,7 +5384,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_7d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_68( copy_of_randomness); } @@ -5438,24 +5400,24 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_27( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_14(ciphertext), + libcrux_ml_kem_types_as_slice_a8_28(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5483,7 +5445,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5501,10 +5463,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_e9(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_94(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5512,7 +5474,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5521,14 +5483,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5536,18 +5498,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_f50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f( + libcrux_ml_kem_ind_cca_kdf_6c_27( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_27(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_32(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5583,10 +5545,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_f50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_260(private_key, ciphertext, ret); } /** @@ -5600,7 +5562,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_11( private_key, ciphertext, ret); } @@ -5615,9 +5577,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_90( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); } /** @@ -5640,28 +5602,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_250( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_73( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_90( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( + libcrux_ml_kem_hash_functions_avx2_G_a9_ab( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5670,20 +5632,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e90( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_f0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_2f(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_27(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5719,14 +5681,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e90(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_250(uu____0, copy_of_randomness); } /** @@ -5744,7 +5706,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_86( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( uu____0, copy_of_randomness); } @@ -5757,16 +5719,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_2a( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_5b( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ac( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5785,9 +5747,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_cf( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2a(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_5b(public_key); } /** @@ -5799,7 +5761,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_1b( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_cf( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 7882cc122..2e98736f3 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_mlkem768_portable_H @@ -140,7 +140,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_f9(dst, ret); + unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -251,30 +251,28 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); + ret[0U] = r0_10.fst; + ret[1U] = r0_10.snd; + ret[2U] = r0_10.thd; + ret[3U] = r0_10.f3; + ret[4U] = r0_10.f4; + ret[5U] = r0_10.f5; + ret[6U] = r0_10.f6; + ret[7U] = r0_10.f7; + ret[8U] = r0_10.f8; + ret[9U] = r0_10.f9; + ret[10U] = r0_10.f10; + ret[11U] = r11_21.fst; + ret[12U] = r11_21.snd; + ret[13U] = r11_21.thd; + ret[14U] = r11_21.f3; + ret[15U] = r11_21.f4; + ret[16U] = r11_21.f5; + ret[17U] = r11_21.f6; + ret[18U] = r11_21.f7; + ret[19U] = r11_21.f8; + ret[20U] = r11_21.f9; + ret[21U] = r11_21.f10; } /** @@ -361,28 +359,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } -static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -390,25 +366,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -952,6 +927,28 @@ static const uint8_t {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U}}; +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1601,21 +1598,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]) { - uint8_t result[2U] = {0U}; - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - size_t uu____0 = (size_t)0U; - result[uu____0] = (uint32_t)result[uu____0] | - (uint32_t)(uint8_t)v.elements[i0] << (uint32_t)i0; - } - for (size_t i = (size_t)8U; i < (size_t)16U; i++) { - size_t i0 = i; - size_t uu____1 = (size_t)1U; - result[uu____1] = - (uint32_t)result[uu____1] | (uint32_t)(uint8_t)v.elements[i0] - << (uint32_t)(i0 - (size_t)8U); - } - memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); + uint8_t result0 = (((((((uint32_t)(uint8_t)v.elements[0U] | + (uint32_t)(uint8_t)v.elements[1U] << 1U) | + (uint32_t)(uint8_t)v.elements[2U] << 2U) | + (uint32_t)(uint8_t)v.elements[3U] << 3U) | + (uint32_t)(uint8_t)v.elements[4U] << 4U) | + (uint32_t)(uint8_t)v.elements[5U] << 5U) | + (uint32_t)(uint8_t)v.elements[6U] << 6U) | + (uint32_t)(uint8_t)v.elements[7U] << 7U; + uint8_t result1 = (((((((uint32_t)(uint8_t)v.elements[8U] | + (uint32_t)(uint8_t)v.elements[9U] << 1U) | + (uint32_t)(uint8_t)v.elements[10U] << 2U) | + (uint32_t)(uint8_t)v.elements[11U] << 3U) | + (uint32_t)(uint8_t)v.elements[12U] << 4U) | + (uint32_t)(uint8_t)v.elements[13U] << 5U) | + (uint32_t)(uint8_t)v.elements[14U] << 6U) | + (uint32_t)(uint8_t)v.elements[15U] << 7U; + ret[0U] = result0; + ret[1U] = result1; } /** @@ -1630,24 +1630,86 @@ static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; + int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) & + 1U); + int16_t result1 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result2 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result3 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result4 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result5 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result6 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result7 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + 7U & + 1U); + int16_t result8 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) & + 1U); + int16_t result9 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 1U & + 1U); + int16_t result10 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 2U & + 1U); + int16_t result11 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 3U & + 1U); + int16_t result12 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 4U & + 1U); + int16_t result13 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 5U & + 1U); + int16_t result14 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 6U & + 1U); + int16_t result15 = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + 7U & + 1U); + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = result0; + lit.elements[1U] = result1; + lit.elements[2U] = result2; + lit.elements[3U] = result3; + lit.elements[4U] = result4; + lit.elements[5U] = result5; + lit.elements[6U] = result6; + lit.elements[7U] = result7; + lit.elements[8U] = result8; + lit.elements[9U] = result9; + lit.elements[10U] = result10; + lit.elements[11U] = result11; + lit.elements[12U] = result12; + lit.elements[13U] = result13; + lit.elements[14U] = result14; + lit.elements[15U] = result15; + return lit; } /** @@ -1704,16 +1766,14 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); + ret[0U] = result0_3.fst; + ret[1U] = result0_3.snd; + ret[2U] = result0_3.thd; + ret[3U] = result0_3.f3; + ret[4U] = result4_7.fst; + ret[5U] = result4_7.snd; + ret[6U] = result4_7.thd; + ret[7U] = result4_7.f3; } /** @@ -1773,25 +1833,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -1845,18 +1904,16 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; } /** @@ -1927,25 +1984,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -2007,28 +2063,26 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); + ret[0U] = r0_4.fst; + ret[1U] = r0_4.snd; + ret[2U] = r0_4.thd; + ret[3U] = r0_4.f3; + ret[4U] = r0_4.f4; + ret[5U] = r5_9.fst; + ret[6U] = r5_9.snd; + ret[7U] = r5_9.thd; + ret[8U] = r5_9.f3; + ret[9U] = r5_9.f4; + ret[10U] = r10_14.fst; + ret[11U] = r10_14.snd; + ret[12U] = r10_14.thd; + ret[13U] = r10_14.f3; + ret[14U] = r10_14.f4; + ret[15U] = r15_19.fst; + ret[16U] = r15_19.snd; + ret[17U] = r15_19.thd; + ret[18U] = r15_19.f3; + ret[19U] = r15_19.f4; } /** @@ -2107,25 +2161,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_7.fst; + lit.elements[1U] = v0_7.snd; + lit.elements[2U] = v0_7.thd; + lit.elements[3U] = v0_7.f3; + lit.elements[4U] = v0_7.f4; + lit.elements[5U] = v0_7.f5; + lit.elements[6U] = v0_7.f6; + lit.elements[7U] = v0_7.f7; + lit.elements[8U] = v8_15.fst; + lit.elements[9U] = v8_15.snd; + lit.elements[10U] = v8_15.thd; + lit.elements[11U] = v8_15.f3; + lit.elements[12U] = v8_15.f4; + lit.elements[13U] = v8_15.f5; + lit.elements[14U] = v8_15.f6; + lit.elements[15U] = v8_15.f7; + return lit; } /** @@ -2183,32 +2236,30 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); + ret[0U] = r0_2.fst; + ret[1U] = r0_2.snd; + ret[2U] = r0_2.thd; + ret[3U] = r3_5.fst; + ret[4U] = r3_5.snd; + ret[5U] = r3_5.thd; + ret[6U] = r6_8.fst; + ret[7U] = r6_8.snd; + ret[8U] = r6_8.thd; + ret[9U] = r9_11.fst; + ret[10U] = r9_11.snd; + ret[11U] = r9_11.thd; + ret[12U] = r12_14.fst; + ret[13U] = r12_14.snd; + ret[14U] = r12_14.thd; + ret[15U] = r15_17.fst; + ret[16U] = r15_17.snd; + ret[17U] = r15_17.thd; + ret[18U] = r18_20.fst; + ret[19U] = r18_20.snd; + ret[20U] = r18_20.thd; + ret[21U] = r21_23.fst; + ret[22U] = r21_23.snd; + ret[23U] = r21_23.thd; } /** @@ -2261,25 +2312,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = v0_1.fst; + lit.elements[1U] = v0_1.snd; + lit.elements[2U] = v2_3.fst; + lit.elements[3U] = v2_3.snd; + lit.elements[4U] = v4_5.fst; + lit.elements[5U] = v4_5.snd; + lit.elements[6U] = v6_7.fst; + lit.elements[7U] = v6_7.snd; + lit.elements[8U] = v8_9.fst; + lit.elements[9U] = v8_9.snd; + lit.elements[10U] = v10_11.fst; + lit.elements[11U] = v10_11.snd; + lit.elements[12U] = v12_13.fst; + lit.elements[13U] = v12_13.snd; + lit.elements[14U] = v14_15.fst; + lit.elements[15U] = v14_15.snd; + return lit; } /** @@ -2435,16 +2485,17 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_9a(void) { +libcrux_ml_kem_polynomial_ZERO_ef_b2(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2472,8 +2523,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_c8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_d1(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -2483,10 +2534,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_1b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2505,12 +2556,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_0c( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2523,7 +2574,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_74( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_b6( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_1b( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2555,8 +2606,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_32(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -2566,7 +2617,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2591,9 +2642,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_63( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( v); } @@ -2604,10 +2655,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_8f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2623,7 +2674,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_80( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( coefficient); re.coefficients[i0] = uu____0; } @@ -2637,7 +2688,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2662,9 +2713,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_630( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( v); } @@ -2675,10 +2726,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_63( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2687,7 +2738,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_30( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_800( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( coefficient); re.coefficients[i0] = uu____0; } @@ -2701,9 +2752,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_53( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4d(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8f(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2718,7 +2769,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2732,12 +2783,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_1e( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2751,7 +2802,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2764,7 +2815,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_59( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_1e( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2781,7 +2832,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ed( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2801,7 +2852,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2823,7 +2874,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_85( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2845,15 +2896,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_37( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2871,21 +2923,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_d3( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_ed(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2b(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_85(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de(re); } /** @@ -2897,12 +2949,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_79( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2922,9 +2974,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_53( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_d3(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_08(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2938,7 +2990,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2963,9 +3015,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_631( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( v); } @@ -2976,10 +3028,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_27( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2988,7 +3040,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_70( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_801( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( coefficient); re.coefficients[i0] = uu____0; } @@ -3002,7 +3054,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3027,9 +3079,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_632( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( v); } @@ -3040,10 +3092,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_ce( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3052,7 +3104,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_36( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_802( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3066,27 +3118,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d9( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_70(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_27(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_ff( +libcrux_ml_kem_polynomial_ntt_multiply_ef_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3111,15 +3164,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_ff( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3143,7 +3197,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3169,7 +3223,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3191,7 +3245,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3213,7 +3267,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3221,7 +3275,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_10(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3234,7 +3288,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3249,7 +3303,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_0d( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_b0( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3266,36 +3320,37 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_12(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_72(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_17(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_56( +libcrux_ml_kem_polynomial_subtract_reduce_ef_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3321,21 +3376,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_29( +libcrux_ml_kem_matrix_compute_message_81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_56(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_5b(v, result); return result; } @@ -3345,7 +3400,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_53( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3365,9 +3420,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_e7( +libcrux_ml_kem_vector_portable_shift_right_0d_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_53(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1(v); } /** @@ -3377,10 +3432,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_39( +libcrux_ml_kem_vector_traits_to_unsigned_representative_91( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_e7(a); + libcrux_ml_kem_vector_portable_shift_right_0d_be(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3394,13 +3449,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_7d( +libcrux_ml_kem_serialize_compress_then_serialize_message_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_traits_to_unsigned_representative_91( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3426,20 +3481,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_76( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_79(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d9( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_29(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_81(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_7d(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_06(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3453,11 +3508,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_b2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_74(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_0c(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3469,7 +3524,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_27(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_76(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3483,7 +3538,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3493,7 +3548,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_03( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3511,9 +3566,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_03(input, ret); } /** @@ -3523,9 +3578,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_47( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_32( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -3535,10 +3590,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3560,12 +3615,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3578,7 +3633,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_a2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( ring_element); deserialized_pk[i0] = uu____0; } @@ -3595,8 +3650,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_0f(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_de(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -3606,10 +3661,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_44( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_07( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } } @@ -3629,7 +3684,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3662,12 +3717,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( copy_of_input); } @@ -3678,7 +3733,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3702,10 +3757,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_10( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( self, ret); } @@ -3758,7 +3813,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_85( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3800,7 +3855,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3824,10 +3879,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ed(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea(self, ret); } @@ -3880,7 +3935,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_850( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3917,18 +3972,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_8d(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_cb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3949,8 +4005,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_6a(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( +libcrux_ml_kem_sampling_sample_from_xof_closure_b3(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_ef_cb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3961,7 +4017,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_08( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3970,28 +4026,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_83( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_85( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_830( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_850( copy_of_randomness, sampled_coefficients, out); } } @@ -4001,7 +4057,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_6a(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_b3(copy_of_out[i]); } memcpy( ret, ret0, @@ -4015,12 +4071,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_44(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_07(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4040,7 +4096,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_45( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_61(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_08(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4100,8 +4156,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_49(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_b8(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -4110,7 +4166,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d3( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4132,60 +4188,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_d3(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4193,7 +4200,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b2( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4228,7 +4235,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( + return libcrux_ml_kem_polynomial_from_i16_array_ef_cb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4239,7 +4246,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_6f( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4273,7 +4280,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_25( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_8d( + return libcrux_ml_kem_polynomial_from_i16_array_ef_cb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4284,9 +4291,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b3( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b2( randomness); } @@ -4296,7 +4303,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4319,20 +4326,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_3e(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_f0(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5b(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_9c(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_37(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_8e(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_ed(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2b(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_85(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de(re); } /** @@ -4345,11 +4352,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4364,13 +4371,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_37(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4395,8 +4402,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_69(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_de(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -4409,11 +4416,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_90(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4428,11 +4435,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4454,7 +4461,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_030( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4472,9 +4479,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_030(input, ret); } /** @@ -4484,21 +4491,22 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_e0(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_compute_vector_u_closure_bc(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_fc( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4522,14 +4530,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4550,12 +4558,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a2( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_fc(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4574,7 +4582,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_5f( +libcrux_ml_kem_vector_traits_decompress_1_5a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4589,10 +4597,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_21( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4602,7 +4610,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_5f(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_5a(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4610,16 +4618,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4649,22 +4658,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_04( +libcrux_ml_kem_matrix_compute_ring_element_v_f3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_9a(); + libcrux_ml_kem_polynomial_ZERO_ef_b2(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_27(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0f( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f9( error_2, message, result); return result; } @@ -4675,7 +4684,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f( +libcrux_ml_kem_vector_portable_compress_compress_0e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4698,9 +4707,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_73( +libcrux_ml_kem_vector_portable_compress_0d_17( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e(v); } /** @@ -4710,15 +4719,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_51( +libcrux_ml_kem_serialize_compress_then_serialize_10_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_73( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_17( + libcrux_ml_kem_vector_traits_to_unsigned_representative_91( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4736,7 +4745,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f0( +libcrux_ml_kem_vector_portable_compress_compress_0e0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4759,9 +4768,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_730( +libcrux_ml_kem_vector_portable_compress_0d_170( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f0(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e0(v); } /** @@ -4771,15 +4780,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_25( +libcrux_ml_kem_serialize_compress_then_serialize_11_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_730( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_170( + libcrux_ml_kem_vector_traits_to_unsigned_representative_91( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4799,10 +4808,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_51(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_ee(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4815,7 +4824,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4831,7 +4840,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4c(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_86(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4844,7 +4853,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f1( +libcrux_ml_kem_vector_portable_compress_compress_0e1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4867,9 +4876,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_731( +libcrux_ml_kem_vector_portable_compress_0d_171( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f1(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e1(v); } /** @@ -4879,7 +4888,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_53( +libcrux_ml_kem_serialize_compress_then_serialize_4_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4888,8 +4897,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_53( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_731( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_171( + libcrux_ml_kem_vector_traits_to_unsigned_representative_91( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4906,7 +4915,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_5f2( +libcrux_ml_kem_vector_portable_compress_compress_0e2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4929,9 +4938,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_732( +libcrux_ml_kem_vector_portable_compress_0d_172( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_5f2(v); + return libcrux_ml_kem_vector_portable_compress_compress_0e2(v); } /** @@ -4941,7 +4950,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_94( +libcrux_ml_kem_serialize_compress_then_serialize_5_af( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4950,8 +4959,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_94( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_732( - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_portable_compress_0d_172( + libcrux_ml_kem_vector_traits_to_unsigned_representative_91( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4970,9 +4979,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_35( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_53(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_83(re, out); } /** @@ -4993,15 +5002,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5011,7 +5020,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_15( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_90( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5020,33 +5029,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_c3( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a2(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_08( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_21( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( + libcrux_ml_kem_matrix_compute_ring_element_v_f3( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_a4( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_fc( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_35( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5070,24 +5079,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_1f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_45(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_a1(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5117,7 +5126,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_97(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5133,12 +5142,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0f( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_26_33(dst, ret); } /** @@ -5163,7 +5172,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( +static inline void libcrux_ml_kem_ind_cca_decapsulate_bb( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5181,10 +5190,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5192,7 +5201,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5201,14 +5210,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5216,18 +5225,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_1f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de( + libcrux_ml_kem_ind_cca_kdf_43_0f( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_0f(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_32(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5259,10 +5268,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_df( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ee(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_bb(private_key, ciphertext, ret); } /** @@ -5275,7 +5284,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_0f( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_df( private_key, ciphertext, ret); } @@ -5335,14 +5344,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7f( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_76( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, @@ -5353,7 +5362,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5362,17 +5371,17 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_170( Eurydice_array_to_slice( (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -5381,11 +5390,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_32(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5421,10 +5430,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_41( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83(key_pair, ciphertext, ret); } @@ -5438,7 +5447,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a2( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_41( private_key, ciphertext, ret); } @@ -5452,11 +5461,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b3( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, ret); + unwrap_26_33(dst, ret); } /** @@ -5468,7 +5477,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5492,28 +5501,28 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_f4( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_b3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5522,20 +5531,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_23( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_1f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_de(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_0f(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5567,14 +5576,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_92( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_23(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c8(uu____0, copy_of_randomness); } /** @@ -5591,7 +5600,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_34( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_92( uu____0, copy_of_randomness); } @@ -5614,11 +5623,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, @@ -5628,7 +5637,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5642,7 +5651,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5652,7 +5661,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5685,7 +5694,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5693,7 +5702,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3c( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_1b( uu____0, copy_of_randomness); } @@ -5713,7 +5722,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_1d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d2( uu____0, copy_of_randomness); } @@ -5737,8 +5746,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_54(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -5748,7 +5757,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_d6( +libcrux_ml_kem_vector_traits_to_standard_domain_c8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5756,16 +5765,17 @@ libcrux_ml_kem_vector_traits_to_standard_domain_d6( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5773,7 +5783,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_d6( + libcrux_ml_kem_vector_traits_to_standard_domain_c8( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5789,14 +5799,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5818,12 +5828,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_ff(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_0e(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_7d( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_7f( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5844,10 +5854,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5855,15 +5865,15 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_45(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_a1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5876,17 +5886,17 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_56(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_0e(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_0f(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); + unwrap_26_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5928,14 +5938,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_39( + libcrux_ml_kem_vector_traits_to_unsigned_representative_91( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5954,7 +5964,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5972,7 +5982,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_a6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5987,14 +5997,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_2b(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6019,17 +6029,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_c0(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_48(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_60( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f0(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_2b(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6054,7 +6064,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_42( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6080,7 +6090,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_fd(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6110,7 +6120,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6119,13 +6129,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_48(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_cd( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_42( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6134,13 +6144,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_65(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_20(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_75( - uu____2, libcrux_ml_kem_types_from_07_3a(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_52( + uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); } /** @@ -6156,12 +6166,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_a1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_65(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_15(copy_of_randomness); } /** @@ -6172,7 +6182,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_0a( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_a1( copy_of_randomness); } @@ -6191,9 +6201,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_e8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_1f( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_9a(); + return libcrux_ml_kem_polynomial_ZERO_ef_b2(); } /** @@ -6211,25 +6221,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ec( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_9a(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_78( +libcrux_ml_kem_polynomial_clone_8d_67( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6257,7 +6268,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6266,7 +6277,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a1( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6274,7 +6285,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_71(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ec(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6282,7 +6293,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_8d_67(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6294,20 +6305,20 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_60( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, implicit_rejection_value); + unwrap_26_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6348,12 +6359,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_ed( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( copy_of_randomness); } @@ -6366,7 +6377,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_90( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_ed( copy_of_randomness); } @@ -6381,24 +6392,24 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_7b( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_14(ciphertext), + libcrux_ml_kem_types_as_slice_a8_28(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6425,7 +6436,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_bb0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6443,10 +6454,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_27(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6454,7 +6465,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6463,14 +6474,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( + libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -6478,18 +6489,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_ee0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_1f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8( + libcrux_ml_kem_ind_cca_kdf_6c_7b( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_7b(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_49(ciphertext), + libcrux_ml_kem_types_as_ref_ba_32(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6525,10 +6536,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ee0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_bb0(private_key, ciphertext, ret); } /** @@ -6541,7 +6552,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_8e( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1e( private_key, ciphertext, ret); } @@ -6555,9 +6566,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2d( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); } /** @@ -6579,28 +6590,28 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c80( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_ff( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_94(public_key), + libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( + libcrux_ml_kem_hash_functions_portable_G_f1_d0( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6609,20 +6620,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_230( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_94(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_97(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_1f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_30(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a8(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_7b(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6658,14 +6669,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_230(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c80(uu____0, copy_of_randomness); } /** @@ -6682,7 +6693,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_35( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7e( uu____0, copy_of_randomness); } @@ -6694,16 +6705,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_36( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_78( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c7( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_95( + libcrux_ml_kem_ind_cpa_serialize_public_key_60( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6721,9 +6732,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_bf( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_36(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_78(public_key); } /** @@ -6734,7 +6745,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_93( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_bf( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 7141feb4f..f964dc08d 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_sha3_avx2_H @@ -59,7 +59,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_21(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); @@ -70,7 +70,7 @@ static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( - uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); + uu____0, libcrux_sha3_simd_avx2_rotate_left_21(b)); } /** @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { +libcrux_sha3_generic_keccak_new_89_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -258,7 +258,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -388,13 +388,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_16( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[4U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_fe(uu____0, copy_of_b); } /** @@ -405,7 +405,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_580(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_210(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); @@ -418,10 +418,10 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_c1(__m256i a, +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_13(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_580(ab); + return libcrux_sha3_simd_avx2_rotate_left_210(ab); } /** @@ -436,8 +436,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_13(a, b); } /** @@ -448,7 +448,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_581(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_211(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); @@ -462,9 +462,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_130(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_581(ab); + return libcrux_sha3_simd_avx2_rotate_left_211(ab); } /** @@ -479,8 +479,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_130(a, b); } /** @@ -491,7 +491,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_582(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_212(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); @@ -505,9 +505,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_131(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_582(ab); + return libcrux_sha3_simd_avx2_rotate_left_212(ab); } /** @@ -522,8 +522,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_131(a, b); } /** @@ -534,7 +534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_583(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_213(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); @@ -548,9 +548,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_132(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_583(ab); + return libcrux_sha3_simd_avx2_rotate_left_213(ab); } /** @@ -565,8 +565,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_132(a, b); } /** @@ -577,9 +577,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_133(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_58(ab); + return libcrux_sha3_simd_avx2_rotate_left_21(ab); } /** @@ -594,8 +594,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_133(a, b); } /** @@ -606,7 +606,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_584(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_214(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); @@ -620,9 +620,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_134(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_584(ab); + return libcrux_sha3_simd_avx2_rotate_left_214(ab); } /** @@ -637,8 +637,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_134(a, b); } /** @@ -649,7 +649,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_585(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_215(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); @@ -663,9 +663,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_135(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_585(ab); + return libcrux_sha3_simd_avx2_rotate_left_215(ab); } /** @@ -680,8 +680,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_135(a, b); } /** @@ -692,7 +692,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_586(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_216(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); @@ -706,9 +706,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_136(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_586(ab); + return libcrux_sha3_simd_avx2_rotate_left_216(ab); } /** @@ -723,8 +723,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_136(a, b); } /** @@ -735,7 +735,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_587(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_217(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); @@ -749,9 +749,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_137(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_587(ab); + return libcrux_sha3_simd_avx2_rotate_left_217(ab); } /** @@ -766,8 +766,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_137(a, b); } /** @@ -778,7 +778,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_588(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_218(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); @@ -792,9 +792,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_138(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_588(ab); + return libcrux_sha3_simd_avx2_rotate_left_218(ab); } /** @@ -809,8 +809,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_138(a, b); } /** @@ -821,7 +821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_589(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_219(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); @@ -835,9 +835,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_139(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_589(ab); + return libcrux_sha3_simd_avx2_rotate_left_219(ab); } /** @@ -852,8 +852,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_139(a, b); } /** @@ -864,7 +864,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5810(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2110(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); @@ -878,9 +878,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1310(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5810(ab); + return libcrux_sha3_simd_avx2_rotate_left_2110(ab); } /** @@ -895,8 +895,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1310(a, b); } /** @@ -907,7 +907,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5811(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2111(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); @@ -921,9 +921,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1311(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5811(ab); + return libcrux_sha3_simd_avx2_rotate_left_2111(ab); } /** @@ -938,8 +938,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1311(a, b); } /** @@ -950,7 +950,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5812(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2112(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); @@ -964,9 +964,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1312(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5812(ab); + return libcrux_sha3_simd_avx2_rotate_left_2112(ab); } /** @@ -981,8 +981,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1312(a, b); } /** @@ -993,7 +993,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5813(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2113(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); @@ -1007,9 +1007,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1313(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5813(ab); + return libcrux_sha3_simd_avx2_rotate_left_2113(ab); } /** @@ -1024,8 +1024,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1313(a, b); } /** @@ -1036,7 +1036,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5814(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2114(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); @@ -1050,9 +1050,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1314(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5814(ab); + return libcrux_sha3_simd_avx2_rotate_left_2114(ab); } /** @@ -1067,8 +1067,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1314(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5815(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2115(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); @@ -1093,9 +1093,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1315(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5815(ab); + return libcrux_sha3_simd_avx2_rotate_left_2115(ab); } /** @@ -1110,8 +1110,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1315(a, b); } /** @@ -1122,7 +1122,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5816(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2116(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); @@ -1136,9 +1136,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1316(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5816(ab); + return libcrux_sha3_simd_avx2_rotate_left_2116(ab); } /** @@ -1153,8 +1153,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1316(a, b); } /** @@ -1165,7 +1165,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5817(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2117(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); @@ -1179,9 +1179,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1317(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5817(ab); + return libcrux_sha3_simd_avx2_rotate_left_2117(ab); } /** @@ -1196,8 +1196,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1317(a, b); } /** @@ -1208,7 +1208,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5818(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2118(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); @@ -1222,9 +1222,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1318(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5818(ab); + return libcrux_sha3_simd_avx2_rotate_left_2118(ab); } /** @@ -1239,8 +1239,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1318(a, b); } /** @@ -1251,7 +1251,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5819(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2119(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); @@ -1265,9 +1265,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1319(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5819(ab); + return libcrux_sha3_simd_avx2_rotate_left_2119(ab); } /** @@ -1282,8 +1282,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1319(a, b); } /** @@ -1294,7 +1294,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5820(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2120(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); @@ -1308,9 +1308,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1320(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5820(ab); + return libcrux_sha3_simd_avx2_rotate_left_2120(ab); } /** @@ -1325,8 +1325,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1320(a, b); } /** @@ -1337,7 +1337,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5821(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2121(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); @@ -1351,9 +1351,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1321(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5821(ab); + return libcrux_sha3_simd_avx2_rotate_left_2121(ab); } /** @@ -1368,8 +1368,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1321(a, b); } /** @@ -1380,7 +1380,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_rotate_left_5822(__m256i x) { +libcrux_sha3_simd_avx2_rotate_left_2122(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); @@ -1394,9 +1394,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(__m256i a, __m256i b) { +libcrux_sha3_simd_avx2__vxarq_u64_1322(__m256i a, __m256i b) { __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return libcrux_sha3_simd_avx2_rotate_left_5822(ab); + return libcrux_sha3_simd_avx2_rotate_left_2122(ab); } /** @@ -1411,8 +1411,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); +libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(__m256i a, __m256i b) { + return libcrux_sha3_simd_avx2__vxarq_u64_1322(a, b); } /** @@ -1422,7 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_3f( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1457,53 +1457,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c21(s->st[3U][4U], t[4U]); __m256i uu____27 = - libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + libcrux_sha3_simd_avx2_xor_and_rotate_ef_5c22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1514,7 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1551,7 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_95( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1573,7 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_c9( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1586,14 +1586,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_4e( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); + libcrux_sha3_generic_keccak_theta_rho_3f(s); + libcrux_sha3_generic_keccak_pi_d8(s); + libcrux_sha3_generic_keccak_chi_95(s); + libcrux_sha3_generic_keccak_iota_c9(s, i0); } } @@ -1605,13 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_26( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_ef_16(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -1620,14 +1620,14 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c7(s, buf); + libcrux_sha3_simd_avx2_load_block_fe(s, buf); } /** @@ -1640,13 +1640,13 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_40( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d(uu____0, copy_of_b); } /** @@ -1658,7 +1658,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1677,8 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_40(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -1687,7 +1687,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_78( __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; @@ -1810,7 +1810,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_61( __m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; @@ -1821,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out1, uint8_t), Eurydice_array_to_slice((size_t)200U, out2, uint8_t), Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; - libcrux_sha3_simd_avx2_store_block_e9(s, buf); + libcrux_sha3_simd_avx2_store_block_78(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); @@ -1849,9 +1849,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_83( __m256i (*a)[5U], uint8_t ret[4U][200U]) { - libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); + libcrux_sha3_simd_avx2_store_block_full_61(a, ret); } /** @@ -1863,10 +1863,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( +libcrux_sha3_generic_keccak_squeeze_first_and_last_ac( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_83(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1892,9 +1892,9 @@ with const generics - BLOCKSIZE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa( __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e9(a, b); + libcrux_sha3_simd_avx2_store_block_78(a, b); } /** @@ -1905,9 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b7( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); } /** @@ -1918,10 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); } /** @@ -1932,11 +1932,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_0a( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); + libcrux_sha3_generic_keccak_keccakf1600_4e(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_83(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1961,10 +1961,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); + libcrux_sha3_generic_keccak_new_89_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1975,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_26(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1985,12 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_ac(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -1998,14 +1998,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b7(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2016,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_ff(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_0a(s, o1); } } } @@ -2036,7 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + libcrux_sha3_generic_keccak_keccak_9b(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); + return libcrux_sha3_generic_keccak_new_89_fa(); } /** @@ -2057,7 +2057,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_fe0( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2183,14 +2183,14 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_1d0( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; - libcrux_sha3_simd_avx2_load_block_c70(s, buf); + libcrux_sha3_simd_avx2_load_block_fe0(s, buf); } /** @@ -2203,13 +2203,13 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_400( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[4U][200U]; memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); + libcrux_sha3_simd_avx2_load_block_full_1d0(uu____0, copy_of_b); } /** @@ -2221,7 +2221,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2240,8 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_400(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); } /** @@ -2253,7 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); + libcrux_sha3_generic_keccak_absorb_final_800(s, buf); } /** @@ -2262,7 +2262,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_780( __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; @@ -2389,9 +2389,9 @@ with const generics - BLOCKSIZE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa0( __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_e90(a, b); + libcrux_sha3_simd_avx2_store_block_780(a, b); } /** @@ -2402,9 +2402,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b70( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); } /** @@ -2415,10 +2415,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_4e(s); + libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); } /** @@ -2430,7 +2430,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2438,15 +2438,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); } /** @@ -2458,7 +2458,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); } /** @@ -2470,7 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, buf); } /** @@ -2482,7 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2490,29 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o4); } /** @@ -2524,7 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58(s, buf); } /** @@ -2536,7 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_80(s, buf); } /** @@ -2548,7 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_b7(s, buf); } /** @@ -2560,7 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_ff(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index b3f8ff4fb..03077e146 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 6b5e110342a771a3e1c739b10294b1778e4be8b4 - * Eurydice: 31be7d65ca5d6acdacfb33652e478d24dd85c1cb - * Karamel: 3205d3365ea2790b02368f79fcee38e38d0b5908 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 33d08ed8cc74e9d1b2c29d754e70a5b2998bd6e5 + * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); } /** @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_89_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -264,13 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); } /** @@ -280,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -291,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); } /** @@ -307,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); } /** @@ -318,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -329,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); } /** @@ -345,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); } /** @@ -356,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -367,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); } /** @@ -383,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); } /** @@ -394,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -405,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); } /** @@ -421,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); } /** @@ -432,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc(ab); } /** @@ -448,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); } /** @@ -459,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -470,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); } /** @@ -486,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); } /** @@ -497,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -508,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); } /** @@ -524,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); } /** @@ -535,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -546,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); } /** @@ -562,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); } /** @@ -573,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -584,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); } /** @@ -600,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); } /** @@ -611,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -622,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); } /** @@ -638,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); } /** @@ -649,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -660,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); } /** @@ -676,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); } /** @@ -687,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -698,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); } /** @@ -714,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); } /** @@ -725,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -736,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); } /** @@ -752,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); } /** @@ -763,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -774,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); } /** @@ -790,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); } /** @@ -801,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -812,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); } /** @@ -828,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); } /** @@ -839,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -850,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); } /** @@ -866,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); } /** @@ -877,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -888,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); } /** @@ -904,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); } /** @@ -915,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -926,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); } /** @@ -942,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); } /** @@ -953,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -964,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); } /** @@ -980,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); } /** @@ -991,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1002,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); } /** @@ -1018,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); } /** @@ -1029,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1040,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); } /** @@ -1056,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); } /** @@ -1067,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1078,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); } /** @@ -1094,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); } /** @@ -1105,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1116,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); } /** @@ -1132,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); } /** @@ -1143,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1154,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); } /** @@ -1170,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); } /** @@ -1180,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1216,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1272,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1308,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1329,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1341,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_0d(s); + libcrux_sha3_generic_keccak_pi_f0(s); + libcrux_sha3_generic_keccak_chi_e2(s); + libcrux_sha3_generic_keccak_iota_ae(s, i0); } } @@ -1359,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1373,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_28(s, buf); } /** @@ -1389,13 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); } /** @@ -1406,7 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1425,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1434,7 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1452,12 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_3d(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1473,9 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_85(a, ret); } /** @@ -1486,10 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1514,9 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_3d(a, b); } /** @@ -1526,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1538,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); } /** @@ -1551,11 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1579,10 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1593,7 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1603,12 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1616,14 +1616,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1634,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); } } } @@ -1650,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); } /** @@ -1665,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_97(buf0, buf); } /** @@ -1673,7 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1701,13 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); } /** @@ -1717,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1731,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_280(s, buf); } /** @@ -1747,13 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); } /** @@ -1764,7 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1783,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -1792,7 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1810,12 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_3d0(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1832,9 +1832,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_850(a, ret); } /** @@ -1845,10 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1873,9 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_3d0(a, b); } /** @@ -1885,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1897,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); } /** @@ -1910,11 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1938,10 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1952,7 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -1962,12 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1975,14 +1975,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1993,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2009,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); } /** @@ -2024,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_970(buf0, buf); } /** @@ -2035,7 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2054,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2066,10 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2080,7 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2090,12 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2103,14 +2103,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2121,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); } } } @@ -2137,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); } /** @@ -2152,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_971(buf0, buf); } /** @@ -2249,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_89_ba(); } /** @@ -2257,7 +2257,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2268,7 +2268,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2281,11 +2281,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_281(s, buf); } /** @@ -2297,13 +2297,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); } /** @@ -2314,7 +2314,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2333,8 +2333,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2344,7 +2344,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f32(s, buf); } /** @@ -2352,7 +2352,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2374,9 +2374,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_3d1(a, b); } /** @@ -2386,9 +2386,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -2398,10 +2398,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); } /** @@ -2412,7 +2412,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2420,15 +2420,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); } /** @@ -2438,7 +2438,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); } /** @@ -2448,7 +2448,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2494,7 +2494,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2505,7 +2505,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2522,13 +2522,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); } /** @@ -2538,13 +2538,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2552,11 +2552,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_282(s, buf); } /** @@ -2568,13 +2568,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); } /** @@ -2585,7 +2585,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2604,8 +2604,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2613,7 +2613,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2631,12 +2631,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_3d2(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2653,9 +2653,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_851(a, ret); } /** @@ -2666,10 +2666,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2694,9 +2694,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_3d2(a, b); } /** @@ -2706,9 +2706,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2718,10 +2718,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); } /** @@ -2731,11 +2731,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2759,10 +2759,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2773,7 +2773,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2783,12 +2783,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2796,14 +2796,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2814,12 +2814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); } } } @@ -2830,12 +2830,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); } /** @@ -2845,7 +2845,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_972(buf0, buf); } /** @@ -2853,7 +2853,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2864,7 +2864,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_ac(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2881,13 +2881,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); } /** @@ -2897,13 +2897,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2911,11 +2911,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_283(s, buf); } /** @@ -2927,13 +2927,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); } /** @@ -2944,7 +2944,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2963,8 +2963,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -2972,7 +2972,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2990,12 +2990,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_3d3(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3012,9 +3012,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_852(a, ret); } /** @@ -3025,10 +3025,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3053,9 +3053,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_3d3(a, b); } /** @@ -3065,9 +3065,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -3077,10 +3077,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); + libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); } /** @@ -3090,11 +3090,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3118,10 +3118,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3132,7 +3132,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3142,12 +3142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3155,14 +3155,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3173,12 +3173,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); } } } @@ -3189,12 +3189,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); } /** @@ -3204,7 +3204,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_973(buf0, buf); } /** @@ -3295,13 +3295,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); } /** @@ -3311,13 +3311,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_7e(s); } /** @@ -3325,12 +3325,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_3d1(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3347,9 +3347,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_853(a, ret); } /** @@ -3360,10 +3360,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3386,11 +3386,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_7e(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3414,10 +3414,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_89_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3428,7 +3428,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3438,12 +3438,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3451,14 +3451,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3469,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); } } } @@ -3485,12 +3485,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); } /** @@ -3500,7 +3500,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_974(buf0, buf); } /** @@ -3565,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3573,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o4); } /** @@ -3605,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); } /** @@ -3615,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_f31(s, buf); } /** @@ -3623,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_89_ba(); } /** @@ -3633,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); } /** @@ -3643,7 +3643,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); } /** From 3782ca77d1d5160b47dcb7062797cafef85be327 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 15:00:25 +0000 Subject: [PATCH 234/348] regen --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 44 +- .../c/internal/libcrux_mlkem_avx2.h | 44 +- .../c/internal/libcrux_mlkem_portable.h | 44 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1124 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1100 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 22 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 663 +++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 658 +++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 46 +- .../src/vector/portable/arithmetic.rs | 12 +- 44 files changed, 2043 insertions(+), 2070 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7b27401b5..07d54243f 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 +Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 22b185ce6..3cf980a85 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __internal_libcrux_core_H @@ -21,12 +21,6 @@ extern "C" { #include "../libcrux_core.h" #include "eurydice_glue.h" -static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_mul(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_sub(int16_t x0, int16_t x1); - #define CORE_NUM__U32_8__BITS (32U) static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); @@ -81,7 +75,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_391( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_fd1( uint8_t value[1568U]); /** @@ -94,7 +88,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_521( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_7d1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -107,7 +101,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_921( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_9a1( uint8_t value[3168U]); /** @@ -119,7 +113,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_9a1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_5f1( uint8_t value[1568U]); /** @@ -130,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_bd1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_891( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b41( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_681( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -165,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_390( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_fd0( uint8_t value[1184U]); /** @@ -178,7 +172,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_520( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_7d0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -191,7 +185,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_920( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_9a0( uint8_t value[2400U]); /** @@ -203,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_9a0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_5f0( uint8_t value[1088U]); /** @@ -214,7 +208,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_bd0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_890( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -226,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b40( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_680( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -249,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_39( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_fd( uint8_t value[800U]); /** @@ -262,7 +256,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_52( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_7d( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -275,7 +269,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_92( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_9a( uint8_t value[1632U]); /** @@ -287,7 +281,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_9a( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_5f( uint8_t value[768U]); /** @@ -298,7 +292,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_bd( +uint8_t *libcrux_ml_kem_types_as_slice_f6_89( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -356,7 +350,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b4( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_68( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 23b5e95d0..e2616ccfa 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5b1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_681(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ed1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_251( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_371( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_811( +void libcrux_ml_kem_ind_cca_decapsulate_221( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5b0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_680(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ed0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_250( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_810( +void libcrux_ml_kem_ind_cca_decapsulate_220( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5b(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_68(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5a( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_ed( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_25( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_81( +void libcrux_ml_kem_ind_cca_decapsulate_22( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 08ceedd03..70b8a1a9d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_781(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_381(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_151(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f51(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c81( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_461( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_aa1( +void libcrux_ml_kem_ind_cca_decapsulate_2d1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_780(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_380(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_150(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f50(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c80( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_460( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_aa0( +void libcrux_ml_kem_ind_cca_decapsulate_2d0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_78(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_38(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_aa( +void libcrux_ml_kem_ind_cca_decapsulate_2d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 3e33889ea..e86ffdc72 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 227f8506d..2192214d9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index f1a6373ac..92e8efc3d 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_391( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_fd1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_521( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_7d1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_921( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_9a1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_9a1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_5f1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_bd1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_891( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b41( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_681( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_390( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_fd0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_520( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_7d0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_920( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_9a0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_9a0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_5f0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_bd0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_890( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b40( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_680( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_39( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_fd( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_52( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_7d( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_92( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_9a( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_9a( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_5f( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_bd( +uint8_t *libcrux_ml_kem_types_as_slice_f6_89( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -481,7 +481,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_b4( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_68( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a85fc33ed..ca862cd50 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index a3cd6e9ca..266f27048 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 0e1b10720..d3071148f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_db0( +static void decapsulate_e00( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_220(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_db0(private_key, ciphertext, ret); + decapsulate_e00(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_310( +static void decapsulate_unpacked_3d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_310(private_key, ciphertext, ret); + decapsulate_unpacked_3d0(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_bd0( +static tuple_21 encapsulate_360( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_250(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_370(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_bd0(uu____0, copy_of_randomness); + return encapsulate_360(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_b20( +static tuple_21 encapsulate_unpacked_c90( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_b20( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b20(uu____0, copy_of_randomness); + return encapsulate_unpacked_c90(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6c0( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7e0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5a0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_ed0(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6c0(copy_of_randomness); + return generate_keypair_7e0(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_050(uint8_t randomness[64U]) { +generate_keypair_unpacked_5c0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_050(copy_of_randomness); + return generate_keypair_unpacked_5c0(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_970(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5b0(public_key); +static bool validate_public_key_c20(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_680(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_970(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_970(public_key.value)) { + if (validate_public_key_c20(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index c9e3168c4..99d485fb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index adf54b96f..bcab81171 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_041( +static void decapsulate_531( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_aa1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2d1(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_041(private_key, ciphertext, ret); + decapsulate_531(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_621( +static void decapsulate_unpacked_451( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_621(private_key, ciphertext, ret); + decapsulate_unpacked_451(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_701( +static tuple_21 encapsulate_e81( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c81(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_461(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_701(uu____0, copy_of_randomness); + return encapsulate_e81(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_451( +static tuple_21 encapsulate_unpacked_fe1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_451( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_451(uu____0, copy_of_randomness); + return encapsulate_unpacked_fe1(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a11( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_3d1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_151(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f51(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a11(copy_of_randomness); + return generate_keypair_3d1(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_df1(uint8_t randomness[64U]) { +generate_keypair_unpacked_b81(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_df1(copy_of_randomness); + return generate_keypair_unpacked_b81(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_bf1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_781(public_key); +static bool validate_public_key_8a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_381(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_bf1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_bf1(public_key.value)) { + if (validate_public_key_8a1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c4989c4c2..8e22c3d5d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 7639b49f1..e8b148130 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 20a103c75..24b8cbb78 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_db(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_22(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_db(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_db(private_key, ciphertext, ret); + decapsulate_e0(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_31( +static void decapsulate_unpacked_3d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_31( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_31(private_key, ciphertext, ret); + decapsulate_unpacked_3d(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_bd( +static tuple_ec encapsulate_36( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_25(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_37(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_bd(uu____0, copy_of_randomness); + return encapsulate_36(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_b2( +static tuple_ec encapsulate_unpacked_c9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_b2( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b2(uu____0, copy_of_randomness); + return encapsulate_unpacked_c9(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6c( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_ed(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6c(copy_of_randomness); + return generate_keypair_7e(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_05(uint8_t randomness[64U]) { +generate_keypair_unpacked_5c(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_05(copy_of_randomness); + return generate_keypair_unpacked_5c(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_97(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5b(public_key); +static bool validate_public_key_c2(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_97(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_97(public_key.value)) { + if (validate_public_key_c2(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index a56d56ee9..ebb77c78d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 36d6e95ab..a9d8bdd5b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_040( +static void decapsulate_530( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_aa0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2d0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_040( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_040(private_key, ciphertext, ret); + decapsulate_530(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_620( +static void decapsulate_unpacked_450( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_620( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_620(private_key, ciphertext, ret); + decapsulate_unpacked_450(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_700( +static tuple_ec encapsulate_e80( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c80(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_460(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_700(uu____0, copy_of_randomness); + return encapsulate_e80(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_450( +static tuple_ec encapsulate_unpacked_fe0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_450( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_450(uu____0, copy_of_randomness); + return encapsulate_unpacked_fe0(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_a10( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_3d0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_150(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f50(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a10(copy_of_randomness); + return generate_keypair_3d0(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_df0(uint8_t randomness[64U]) { +generate_keypair_unpacked_b80(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_df0(copy_of_randomness); + return generate_keypair_unpacked_b80(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_bf0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_780(public_key); +static bool validate_public_key_8a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_380(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_bf0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_bf0(public_key.value)) { + if (validate_public_key_8a0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 2964911a3..68b9a9289 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 0c254b54e..04bd7b678 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 8871fbc11..9fea406f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_db1( +static void decapsulate_e01( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_221(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_db1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_db1(private_key, ciphertext, ret); + decapsulate_e01(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_311( +static void decapsulate_unpacked_3d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_311( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_311(private_key, ciphertext, ret); + decapsulate_unpacked_3d1(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_bd1( +static tuple_3c encapsulate_361( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_251(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_371(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_bd1(uu____0, copy_of_randomness); + return encapsulate_361(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_b21( +static tuple_3c encapsulate_unpacked_c91( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_b21( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b21(uu____0, copy_of_randomness); + return encapsulate_unpacked_c91(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6c1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7e1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5a1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_ed1(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6c1(copy_of_randomness); + return generate_keypair_7e1(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_051(uint8_t randomness[64U]) { +generate_keypair_unpacked_5c1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_051(copy_of_randomness); + return generate_keypair_unpacked_5c1(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_971(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5b1(public_key); +static bool validate_public_key_c21(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_681(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_971(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_971(public_key.value)) { + if (validate_public_key_c21(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 0d842f9c3..c5f26da90 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index c3675c628..025f8ce29 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_04( +static void decapsulate_53( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_aa(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2d(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_04( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_04(private_key, ciphertext, ret); + decapsulate_53(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_62( +static void decapsulate_unpacked_45( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_62( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_62(private_key, ciphertext, ret); + decapsulate_unpacked_45(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_70( +static tuple_3c encapsulate_e8( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c8(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_46(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_70(uu____0, copy_of_randomness); + return encapsulate_e8(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_45( +static tuple_3c encapsulate_unpacked_fe( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_45( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_45(uu____0, copy_of_randomness); + return encapsulate_unpacked_fe(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_a1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_3d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_15(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f5(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a1(copy_of_randomness); + return generate_keypair_3d(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_df(uint8_t randomness[64U]) { +generate_keypair_unpacked_b8(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_df(copy_of_randomness); + return generate_keypair_unpacked_b8(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_bf(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_78(public_key); +static bool validate_public_key_8a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_38(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_bf(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_bf(public_key.value)) { + if (validate_public_key_8a(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 6c2cb6610..0f85d67e7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 46344e9de..cf7880b9e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1036,7 +1036,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_48(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_db(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1064,8 +1064,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_ae(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_to_reduced_ring_element_17(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1084,12 +1084,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_451( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c61( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_48();); + deserialized_pk[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1101,7 +1101,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_451( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ae(ring_element); + deserialize_to_reduced_ring_element_17(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1114,7 +1114,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_20(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_71(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1127,8 +1127,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_58(__m256i vector) { - return shift_right_20(vector); +static __m256i shift_right_09_7c(__m256i vector) { + return shift_right_71(vector); } /** @@ -1137,8 +1137,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_7a(__m256i a) { - __m256i t = shift_right_09_58(a); +static __m256i to_unsigned_representative_38(__m256i a) { + __m256i t = shift_right_09_7c(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1150,13 +1150,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_ea( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_36( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_7a(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_38(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1174,7 +1174,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_011( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1192,7 +1192,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_ea(&re, ret0); + serialize_uncompressed_ring_element_36(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1207,14 +1207,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_5a1( +static KRML_MUSTINLINE void serialize_public_key_851( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_011(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1234,15 +1234,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5b1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_681(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_451( + deserialize_ring_elements_reduced_c61( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_5a1( + serialize_public_key_851( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1283,10 +1283,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_131( +static void closure_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_48();); + ret[i] = ZERO_ef_db();); } /** @@ -1418,7 +1418,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_523( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_513( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1543,7 +1543,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_524( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_514( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1587,8 +1587,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_ef_3a(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); +from_i16_array_ef_ce(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1605,9 +1605,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_3d1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d61( int16_t s[272U]) { - return from_i16_array_ef_3a( + return from_i16_array_ef_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1617,7 +1617,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_1d1( +static KRML_MUSTINLINE void sample_from_xof_231( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1632,7 +1632,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_523( + bool done = sample_from_uniform_distribution_next_513( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1644,7 +1644,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d1( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_524( + done = sample_from_uniform_distribution_next_514( copy_of_randomness, sampled_coefficients, out); } } @@ -1653,7 +1653,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_3d1(copy_of_out[i]);); + ret0[i] = closure_d61(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1665,12 +1665,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_c61( +static KRML_MUSTINLINE void sample_matrix_A_051( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_131(A_transpose[i]);); + closure_0f1(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1685,7 +1685,7 @@ static KRML_MUSTINLINE void sample_matrix_A_c61( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_1d1(copy_of_seeds, sampled); + sample_from_xof_231(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1779,7 +1779,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_bb(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_65(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1813,7 +1813,7 @@ sample_from_binomial_distribution_2_bb(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_3a( + return from_i16_array_ef_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1824,7 +1824,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_ec(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_c5(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1857,7 +1857,7 @@ sample_from_binomial_distribution_3_ec(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_3a( + return from_i16_array_ef_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1868,8 +1868,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_400(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_bb(randomness); +sample_from_binomial_distribution_fd0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_65(randomness); } /** @@ -1878,7 +1878,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_2f( +static KRML_MUSTINLINE void ntt_at_layer_7_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -1903,7 +1903,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_bd(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_40(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1914,8 +1914,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_af(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_bd(b, zeta_r); +ntt_layer_int_vec_step_d2(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_40(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1928,7 +1928,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c3( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1941,7 +1941,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c3( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_af( + ntt_layer_int_vec_step_d2( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1958,7 +1958,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_1d( +static KRML_MUSTINLINE void ntt_at_layer_3_d2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -1974,7 +1974,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_6b( +static KRML_MUSTINLINE void ntt_at_layer_2_0a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -1993,7 +1993,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_93( +static KRML_MUSTINLINE void ntt_at_layer_1_7f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2021,7 +2021,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_a0( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2037,17 +2037,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f9( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_2f(re); + ntt_at_layer_7_75(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_1d(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_93(&zeta_i, re); - poly_barrett_reduce_ef_a0(re); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_d2(&zeta_i, re); + ntt_at_layer_2_0a(&zeta_i, re); + ntt_at_layer_1_7f(&zeta_i, re); + poly_barrett_reduce_ef_52(re); } /** @@ -2058,11 +2058,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_811( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3e1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_48();); + re_as_ntt[i] = ZERO_ef_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2077,9 +2077,9 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_811( PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_400( + re_as_ntt[i0] = sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2105,9 +2105,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_ef_cc(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2139,7 +2139,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_a23( +static KRML_MUSTINLINE void add_to_ring_element_ef_331( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2159,7 +2159,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_55(__m256i v) { +static __m256i to_standard_domain_03(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2175,14 +2175,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_27( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_55(self->coefficients[j]); + to_standard_domain_03(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2195,14 +2195,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_041( +static KRML_MUSTINLINE void compute_As_plus_e_dc1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_48();); + result0[i] = ZERO_ef_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2223,10 +2223,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_041( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_a23(&result0[i1], &product); + ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_331(&result0[i1], &product); } - add_standard_error_reduce_ef_27(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_0f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2245,7 +2245,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_1f1( +static tuple_9b0 generate_keypair_unpacked_dc1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab1(key_generation_seed, hashed); @@ -2257,14 +2257,14 @@ static tuple_9b0 generate_keypair_unpacked_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_c61(ret, true, A_transpose); + sample_matrix_A_051(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_811(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_3e1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2276,10 +2276,10 @@ static tuple_9b0 generate_keypair_unpacked_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_811(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_3e1(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_041(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_dc1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -2331,10 +2331,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_611( +static void closure_4a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_48();); + ret[i] = ZERO_ef_db();); } /** @@ -2348,7 +2348,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_8d_61( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_8d_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2385,7 +2385,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2394,18 +2394,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_1f1(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_dc1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_611(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_4a1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_8d_61(&ind_cpa_public_key.A[j][i1]); + clone_8d_eb(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2415,7 +2415,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_5a1( + serialize_public_key_851( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -2463,17 +2463,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a01( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a21( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_1f1(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_dc1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_5a1( + serialize_public_key_851( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_011(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2497,7 +2497,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_181( +static KRML_MUSTINLINE void serialize_kem_secret_key_e61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2552,7 +2552,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ed1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2561,13 +2561,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5a1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_a01(ind_cpa_keypair_randomness); + generate_keypair_a21(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_181( + serialize_kem_secret_key_e61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2576,13 +2576,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5a1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_920(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_520( - uu____2, libcrux_ml_kem_types_from_07_390(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d0( + uu____2, libcrux_ml_kem_types_from_07_fd0(copy_of_public_key)); } /** @@ -2594,10 +2594,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_2a1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_48();); + error_1[i] = ZERO_ef_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2613,7 +2613,7 @@ sample_ring_element_cbd_2a1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_400( + sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2662,7 +2662,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_3d( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2686,7 +2686,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_e9( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ef( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2706,7 +2706,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_55( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2724,11 +2724,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_e7(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_61(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_bd(a_minus_b, zeta_r); + b = montgomery_multiply_fe_40(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2739,7 +2739,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_11( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2754,7 +2754,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_11( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_e7( + inv_ntt_layer_int_vec_step_reduce_61( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2771,18 +2771,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_401( +static KRML_MUSTINLINE void invert_ntt_montgomery_491( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_3d(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_55(&zeta_i, re); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a0(re); + invert_ntt_at_layer_1_42(&zeta_i, re); + invert_ntt_at_layer_2_ef(&zeta_i, re); + invert_ntt_at_layer_3_51(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_52(re); } /** @@ -2796,7 +2796,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_38( +static KRML_MUSTINLINE void add_error_reduce_ef_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2817,14 +2817,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_341( +static KRML_MUSTINLINE void compute_vector_u_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_48();); + result0[i] = ZERO_ef_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2844,11 +2844,11 @@ static KRML_MUSTINLINE void compute_vector_u_341( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_a23(&result0[i1], &product); + ntt_multiply_ef_48(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_331(&result0[i1], &product); } - invert_ntt_montgomery_401(&result0[i1]); - add_error_reduce_ef_38(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_491(&result0[i1]); + add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2865,7 +2865,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_23(__m256i v) { +static __m256i decompress_1_ed(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -2879,8 +2879,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_then_decompress_message_f9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2888,7 +2888,7 @@ deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_23(coefficient_compressed);); + re.coefficients[i0] = decompress_1_ed(coefficient_compressed);); return re; } @@ -2904,7 +2904,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_ef_ca( +add_message_error_reduce_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2931,18 +2931,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_3a1( +compute_ring_element_v_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_a23(&result, &product);); - invert_ntt_montgomery_401(&result); - result = add_message_error_reduce_ef_ca(error_2, message, result); + ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_331(&result, &product);); + invert_ntt_montgomery_491(&result); + result = add_message_error_reduce_ef_76(error_2, message, result); return result; } @@ -2953,7 +2953,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_72(__m256i vector) { +compress_ciphertext_coefficient_d6(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3000,8 +3000,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_fa(__m256i vector) { - return compress_ciphertext_coefficient_72(vector); +static __m256i compress_09_a7(__m256i vector) { + return compress_ciphertext_coefficient_d6(vector); } /** @@ -3010,14 +3010,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_58( +static KRML_MUSTINLINE void compress_then_serialize_10_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_fa(to_unsigned_representative_7a(re->coefficients[i0])); + compress_09_a7(to_unsigned_representative_38(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3035,7 +3035,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_720(__m256i vector) { +compress_ciphertext_coefficient_d60(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3082,8 +3082,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_fa0(__m256i vector) { - return compress_ciphertext_coefficient_720(vector); +static __m256i compress_09_a70(__m256i vector) { + return compress_ciphertext_coefficient_d60(vector); } /** @@ -3093,10 +3093,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fb( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_58(re, uu____0); + compress_then_serialize_10_4e(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3109,7 +3109,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_5c1( +static void compress_then_serialize_u_4c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3125,7 +3125,7 @@ static void compress_then_serialize_u_5c1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_fb(&re, ret); + compress_then_serialize_ring_element_u_1e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3138,7 +3138,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_721(__m256i vector) { +compress_ciphertext_coefficient_d61(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3185,8 +3185,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_fa1(__m256i vector) { - return compress_ciphertext_coefficient_721(vector); +static __m256i compress_09_a71(__m256i vector) { + return compress_ciphertext_coefficient_d61(vector); } /** @@ -3195,7 +3195,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_b5( +static KRML_MUSTINLINE void compress_then_serialize_4_60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3204,7 +3204,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_fa1(to_unsigned_representative_7a(re.coefficients[i0])); + compress_09_a71(to_unsigned_representative_38(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3221,7 +3221,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_722(__m256i vector) { +compress_ciphertext_coefficient_d62(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3268,8 +3268,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_fa2(__m256i vector) { - return compress_ciphertext_coefficient_722(vector); +static __m256i compress_09_a72(__m256i vector) { + return compress_ciphertext_coefficient_d62(vector); } /** @@ -3278,7 +3278,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_43( +static KRML_MUSTINLINE void compress_then_serialize_5_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3287,7 +3287,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_43( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_fa2(to_unsigned_representative_7a(re.coefficients[i0])); + compress_09_a72(to_unsigned_representative_38(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3304,9 +3304,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b5(re, out); + compress_then_serialize_4_60(re, out); } /** @@ -3326,7 +3326,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8d1( +static void encrypt_unpacked_681( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3334,7 +3334,7 @@ static void encrypt_unpacked_8d1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_811(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_3e1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3344,7 +3344,7 @@ static void encrypt_unpacked_8d1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_2a1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f11(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3355,28 +3355,28 @@ static void encrypt_unpacked_8d1( PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_400( + sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_341(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_c81(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_f9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_3a1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f41(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_5c1( + compress_then_serialize_u_4c1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_ff( + compress_then_serialize_ring_element_v_c7( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3400,7 +3400,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3427,7 +3427,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_8d1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_681(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3437,7 +3437,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d11( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3458,7 +3458,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_2e1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_231(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -3482,10 +3482,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_771(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_451( + deserialize_ring_elements_reduced_c61( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -3493,7 +3493,7 @@ static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_c61(ret0, false, A); + sample_matrix_A_051(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -3527,7 +3527,7 @@ static void encrypt_5a1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_8d1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_681(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3542,7 +3542,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_191(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b91(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -3568,11 +3568,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_251( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_371( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_2e1( + entropy_preprocess_af_231( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -3582,7 +3582,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_251( size_t); uint8_t ret[32U]; H_a9_311(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3596,19 +3596,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_251( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_5a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_771(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_191(shared_secret, shared_secret_array); + kdf_af_b91(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3628,7 +3628,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_d9(__m256i vector) { +decompress_ciphertext_coefficient_73(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3672,8 +3672,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_b9(__m256i vector) { - return decompress_ciphertext_coefficient_d9(vector); +static __m256i decompress_ciphertext_coefficient_09_fc(__m256i vector) { + return decompress_ciphertext_coefficient_73(vector); } /** @@ -3683,8 +3683,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_c8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_then_decompress_10_71(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3696,7 +3696,7 @@ deserialize_then_decompress_10_c8(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_b9(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_fc(coefficient); } return re; } @@ -3708,7 +3708,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_d90(__m256i vector) { +decompress_ciphertext_coefficient_730(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3752,8 +3752,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_b90(__m256i vector) { - return decompress_ciphertext_coefficient_d90(vector); +static __m256i decompress_ciphertext_coefficient_09_fc0(__m256i vector) { + return decompress_ciphertext_coefficient_730(vector); } /** @@ -3763,15 +3763,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_91(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_then_decompress_11_3f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_b90(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_fc0(coefficient); } return re; } @@ -3783,8 +3783,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_f3(Eurydice_slice serialized) { - return deserialize_then_decompress_10_c8(serialized); +deserialize_then_decompress_ring_element_u_55(Eurydice_slice serialized) { + return deserialize_then_decompress_10_71(serialized); } /** @@ -3793,17 +3793,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_7c( +static KRML_MUSTINLINE void ntt_vector_u_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_1d(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_93(&zeta_i, re); - poly_barrett_reduce_ef_a0(re); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_d2(&zeta_i, re); + ntt_at_layer_2_0a(&zeta_i, re); + ntt_at_layer_1_7f(&zeta_i, re); + poly_barrett_reduce_ef_52(re); } /** @@ -3814,12 +3814,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_831( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_48();); + u_as_ntt[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3837,8 +3837,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_831( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f3(u_bytes); - ntt_vector_u_7c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_55(u_bytes); + ntt_vector_u_8b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3852,7 +3852,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_d91(__m256i vector) { +decompress_ciphertext_coefficient_731(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3896,8 +3896,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_b91(__m256i vector) { - return decompress_ciphertext_coefficient_d91(vector); +static __m256i decompress_ciphertext_coefficient_09_fc1(__m256i vector) { + return decompress_ciphertext_coefficient_731(vector); } /** @@ -3907,15 +3907,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_e7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_then_decompress_4_43(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_b91(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_fc1(coefficient); } return re; } @@ -3927,7 +3927,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_d92(__m256i vector) { +decompress_ciphertext_coefficient_732(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3971,8 +3971,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_b92(__m256i vector) { - return decompress_ciphertext_coefficient_d92(vector); +static __m256i decompress_ciphertext_coefficient_09_fc2(__m256i vector) { + return decompress_ciphertext_coefficient_732(vector); } /** @@ -3982,8 +3982,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_then_decompress_5_94(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3991,7 +3991,7 @@ deserialize_then_decompress_5_f5(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_b92(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_fc2(re.coefficients[i0]); } return re; } @@ -4003,8 +4003,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ae(Eurydice_slice serialized) { - return deserialize_then_decompress_4_e7(serialized); +deserialize_then_decompress_ring_element_v_80(Eurydice_slice serialized) { + return deserialize_then_decompress_4_43(serialized); } /** @@ -4019,7 +4019,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_ef_67(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_87(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4041,17 +4041,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_771( +compute_message_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_a23(&result, &product);); - invert_ntt_montgomery_401(&result); - result = subtract_reduce_ef_67(v, result); + ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_331(&result, &product);); + invert_ntt_montgomery_491(&result); + result = subtract_reduce_ef_87(v, result); return result; } @@ -4061,12 +4061,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_47( +static KRML_MUSTINLINE void compress_then_serialize_message_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_7a(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_38(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4089,19 +4089,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_cf1( +static void decrypt_unpacked_0e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_831(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a81(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ae( + deserialize_then_decompress_ring_element_v_80( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_771(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_d81(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_47(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4152,11 +4152,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_cf1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_0e1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4185,7 +4185,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4196,11 +4196,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_8d1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_681(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + libcrux_ml_kem_types_as_ref_ba_680(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4218,8 +4218,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_c1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_48(); +deserialize_to_uncompressed_ring_element_97(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4236,12 +4236,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_481( +static KRML_MUSTINLINE void deserialize_secret_key_b41( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_48();); + secret_as_ntt[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4253,7 +4253,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_481( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_c1(secret_bytes); + deserialize_to_uncompressed_ring_element_97(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4275,10 +4275,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_481(secret_key, secret_as_ntt); + deserialize_secret_key_b41(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4290,7 +4290,7 @@ static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_cf1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_0e1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4316,7 +4316,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_811( +void libcrux_ml_kem_ind_cca_decapsulate_221( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4334,7 +4334,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_811( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4356,7 +4356,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_811( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4366,17 +4366,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_811( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_5a1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_771(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_191(Eurydice_array_to_slice( + kdf_af_b91(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_191(shared_secret0, shared_secret1); + kdf_af_b91(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + libcrux_ml_kem_types_as_ref_ba_680(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4393,12 +4393,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_450( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c60( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_48();); + deserialized_pk[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4410,7 +4410,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_450( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ae(ring_element); + deserialize_to_reduced_ring_element_17(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4425,7 +4425,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_010( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4443,7 +4443,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_ea(&re, ret0); + serialize_uncompressed_ring_element_36(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4458,14 +4458,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_5a0( +static KRML_MUSTINLINE void serialize_public_key_850( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_010(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4485,15 +4485,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5b0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_680(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_450( + deserialize_ring_elements_reduced_c60( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_5a0( + serialize_public_key_850( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4534,10 +4534,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_130( +static void closure_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_48();); + ret[i] = ZERO_ef_db();); } /** @@ -4672,7 +4672,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_521( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_511( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4800,7 +4800,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_522( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_512( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4838,9 +4838,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_3d0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d60( int16_t s[272U]) { - return from_i16_array_ef_3a( + return from_i16_array_ef_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4850,7 +4850,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_1d0( +static KRML_MUSTINLINE void sample_from_xof_230( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4865,7 +4865,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_521( + bool done = sample_from_uniform_distribution_next_511( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4877,7 +4877,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d0( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_522( + done = sample_from_uniform_distribution_next_512( copy_of_randomness, sampled_coefficients, out); } } @@ -4886,7 +4886,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_3d0(copy_of_out[i]);); + ret0[i] = closure_d60(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4898,12 +4898,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_c60( +static KRML_MUSTINLINE void sample_matrix_A_050( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_130(A_transpose[i]);); + closure_0f0(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4918,7 +4918,7 @@ static KRML_MUSTINLINE void sample_matrix_A_c60( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_1d0(copy_of_seeds, sampled); + sample_from_xof_230(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5016,11 +5016,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_810( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3e0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_48();); + re_as_ntt[i] = ZERO_ef_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5035,9 +5035,9 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_810( PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_400( + re_as_ntt[i0] = sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5062,7 +5062,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_a22( +static KRML_MUSTINLINE void add_to_ring_element_ef_330( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5082,14 +5082,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_040( +static KRML_MUSTINLINE void compute_As_plus_e_dc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_48();); + result0[i] = ZERO_ef_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5110,10 +5110,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_040( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_a22(&result0[i1], &product); + ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_330(&result0[i1], &product); } - add_standard_error_reduce_ef_27(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_0f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5132,7 +5132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_1f0( +static tuple_54 generate_keypair_unpacked_dc0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab0(key_generation_seed, hashed); @@ -5144,14 +5144,14 @@ static tuple_54 generate_keypair_unpacked_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_c60(ret, true, A_transpose); + sample_matrix_A_050(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_810(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_3e0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5163,10 +5163,10 @@ static tuple_54 generate_keypair_unpacked_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_810(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_3e0(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_040(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_dc0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -5218,10 +5218,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_610( +static void closure_4a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_48();); + ret[i] = ZERO_ef_db();); } /** @@ -5251,7 +5251,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5260,18 +5260,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_1f0(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_dc0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_610(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_4a0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_8d_61(&ind_cpa_public_key.A[j][i1]); + clone_8d_eb(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5281,7 +5281,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a0( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_5a0( + serialize_public_key_850( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5329,17 +5329,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a00( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a20( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_1f0(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_dc0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_5a0( + serialize_public_key_850( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_010(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5363,7 +5363,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_180( +static KRML_MUSTINLINE void serialize_kem_secret_key_e60( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5418,7 +5418,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ed0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5427,13 +5427,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_a00(ind_cpa_keypair_randomness); + generate_keypair_a20(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_180( + serialize_kem_secret_key_e60( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5442,13 +5442,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5a0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_921(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_521( - uu____2, libcrux_ml_kem_types_from_07_391(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d1( + uu____2, libcrux_ml_kem_types_from_07_fd1(copy_of_public_key)); } /** @@ -5460,10 +5460,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_2a0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_48();); + error_1[i] = ZERO_ef_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5479,7 +5479,7 @@ sample_ring_element_cbd_2a0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_400( + sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5516,18 +5516,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_400( +static KRML_MUSTINLINE void invert_ntt_montgomery_490( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_3d(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_55(&zeta_i, re); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a0(re); + invert_ntt_at_layer_1_42(&zeta_i, re); + invert_ntt_at_layer_2_ef(&zeta_i, re); + invert_ntt_at_layer_3_51(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_52(re); } /** @@ -5536,14 +5536,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_340( +static KRML_MUSTINLINE void compute_vector_u_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_48();); + result0[i] = ZERO_ef_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5563,11 +5563,11 @@ static KRML_MUSTINLINE void compute_vector_u_340( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_a22(&result0[i1], &product); + ntt_multiply_ef_48(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_330(&result0[i1], &product); } - invert_ntt_montgomery_400(&result0[i1]); - add_error_reduce_ef_38(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_490(&result0[i1]); + add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5585,18 +5585,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_3a0( +compute_ring_element_v_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_a22(&result, &product);); - invert_ntt_montgomery_400(&result); - result = add_message_error_reduce_ef_ca(error_2, message, result); + ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_330(&result, &product);); + invert_ntt_montgomery_490(&result); + result = add_message_error_reduce_ef_76(error_2, message, result); return result; } @@ -5606,14 +5606,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_6e0( +static KRML_MUSTINLINE void compress_then_serialize_11_dd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_fa0(to_unsigned_representative_7a(re->coefficients[i0])); + compress_09_a70(to_unsigned_representative_38(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5631,10 +5631,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_fb0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_6e0(re, uu____0); + compress_then_serialize_11_dd0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5647,7 +5647,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_5c0( +static void compress_then_serialize_u_4c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5663,7 +5663,7 @@ static void compress_then_serialize_u_5c0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_fb0(&re, ret); + compress_then_serialize_ring_element_u_1e0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5676,9 +5676,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ff0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_43(re, out); + compress_then_serialize_5_86(re, out); } /** @@ -5698,7 +5698,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8d0( +static void encrypt_unpacked_680( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5706,7 +5706,7 @@ static void encrypt_unpacked_8d0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_810(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_3e0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5716,7 +5716,7 @@ static void encrypt_unpacked_8d0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_2a0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f10(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5727,28 +5727,28 @@ static void encrypt_unpacked_8d0( PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_400( + sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_340(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_c80(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_f9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_3a0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f40(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_5c0( + compress_then_serialize_u_4c0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_ff0( + compress_then_serialize_ring_element_v_c70( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5772,7 +5772,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5799,7 +5799,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_8d0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_680(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5809,7 +5809,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d10( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5830,7 +5830,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_2e0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_230(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5854,10 +5854,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_770(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_450( + deserialize_ring_elements_reduced_c60( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5865,7 +5865,7 @@ static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_c60(ret0, false, A); + sample_matrix_A_050(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5899,7 +5899,7 @@ static void encrypt_5a0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_8d0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_680(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5914,7 +5914,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_190(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b90(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -5940,11 +5940,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_250( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_2e0( + entropy_preprocess_af_230( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5954,7 +5954,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_250( size_t); uint8_t ret[32U]; H_a9_310(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5968,19 +5968,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_250( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_5a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_770(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_190(shared_secret, shared_secret_array); + kdf_af_b90(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6000,8 +6000,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_f30(Eurydice_slice serialized) { - return deserialize_then_decompress_11_91(serialized); +deserialize_then_decompress_ring_element_u_550(Eurydice_slice serialized) { + return deserialize_then_decompress_11_3f(serialized); } /** @@ -6010,17 +6010,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_7c0( +static KRML_MUSTINLINE void ntt_vector_u_8b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_1d(&zeta_i, re); - ntt_at_layer_2_6b(&zeta_i, re); - ntt_at_layer_1_93(&zeta_i, re); - poly_barrett_reduce_ef_a0(re); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_d2(&zeta_i, re); + ntt_at_layer_2_0a(&zeta_i, re); + ntt_at_layer_1_7f(&zeta_i, re); + poly_barrett_reduce_ef_52(re); } /** @@ -6031,12 +6031,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_830( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_48();); + u_as_ntt[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6054,8 +6054,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_830( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f30(u_bytes); - ntt_vector_u_7c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_550(u_bytes); + ntt_vector_u_8b0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6069,8 +6069,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ae0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_f5(serialized); +deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { + return deserialize_then_decompress_5_94(serialized); } /** @@ -6080,17 +6080,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_770( +compute_message_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_a22(&result, &product);); - invert_ntt_montgomery_400(&result); - result = subtract_reduce_ef_67(v, result); + ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_330(&result, &product);); + invert_ntt_montgomery_490(&result); + result = subtract_reduce_ef_87(v, result); return result; } @@ -6104,19 +6104,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_cf0( +static void decrypt_unpacked_0e0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_830(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a80(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ae0( + deserialize_then_decompress_ring_element_v_800( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_770(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_d80(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_47(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6155,12 +6155,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_cf0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_0e0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6189,7 +6189,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6200,11 +6200,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_8d0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_680(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_681(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6221,12 +6221,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_480( +static KRML_MUSTINLINE void deserialize_secret_key_b40( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_48();); + secret_as_ntt[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6238,7 +6238,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_480( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_c1(secret_bytes); + deserialize_to_uncompressed_ring_element_97(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6260,10 +6260,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_480(secret_key, secret_as_ntt); + deserialize_secret_key_b40(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6275,7 +6275,7 @@ static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_cf0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_0e0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6301,7 +6301,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_810( +void libcrux_ml_kem_ind_cca_decapsulate_220( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6320,7 +6320,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_810( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6342,7 +6342,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_810( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6352,17 +6352,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_810( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_5a0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_770(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_190(Eurydice_array_to_slice( + kdf_af_b90(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_190(shared_secret0, shared_secret1); + kdf_af_b90(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_681(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6379,12 +6379,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_45( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c6( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_48();); + deserialized_pk[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6396,7 +6396,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_45( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ae(ring_element); + deserialize_to_reduced_ring_element_17(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6411,7 +6411,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6429,7 +6429,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_ea(&re, ret0); + serialize_uncompressed_ring_element_36(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6444,14 +6444,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_5a( +static KRML_MUSTINLINE void serialize_public_key_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_01(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6471,15 +6471,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5b(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_68(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_45( + deserialize_ring_elements_reduced_c6( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_5a( + serialize_public_key_85( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6520,10 +6520,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_13( +static void closure_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_48();); + ret[i] = ZERO_ef_db();); } /** @@ -6652,7 +6652,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_52( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_51( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6774,7 +6774,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_520( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_510( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6812,9 +6812,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_3d( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d6( int16_t s[272U]) { - return from_i16_array_ef_3a( + return from_i16_array_ef_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6824,7 +6824,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_1d( +static KRML_MUSTINLINE void sample_from_xof_23( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6839,7 +6839,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_52( + bool done = sample_from_uniform_distribution_next_51( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6851,7 +6851,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_520( + done = sample_from_uniform_distribution_next_510( copy_of_randomness, sampled_coefficients, out); } } @@ -6860,7 +6860,7 @@ static KRML_MUSTINLINE void sample_from_xof_1d( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_3d(copy_of_out[i]);); + ret0[i] = closure_d6(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6872,12 +6872,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_c6( +static KRML_MUSTINLINE void sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_13(A_transpose[i]);); + closure_0f(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6892,7 +6892,7 @@ static KRML_MUSTINLINE void sample_matrix_A_c6( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_1d(copy_of_seeds, sampled); + sample_from_xof_23(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6983,8 +6983,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_40(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_ec(randomness); +sample_from_binomial_distribution_fd(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_c5(randomness); } /** @@ -6995,11 +6995,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_81( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3e( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_48();); + re_as_ntt[i] = ZERO_ef_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7014,9 +7014,9 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_81( PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_40( + re_as_ntt[i0] = sample_from_binomial_distribution_fd( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7041,7 +7041,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_a2( +static KRML_MUSTINLINE void add_to_ring_element_ef_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7061,14 +7061,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_04( +static KRML_MUSTINLINE void compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_48();); + result0[i] = ZERO_ef_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7089,10 +7089,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_a2(&result0[i1], &product); + ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_33(&result0[i1], &product); } - add_standard_error_reduce_ef_27(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_0f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7111,7 +7111,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_1f( +static tuple_4c generate_keypair_unpacked_dc( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab(key_generation_seed, hashed); @@ -7123,14 +7123,14 @@ static tuple_4c generate_keypair_unpacked_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_c6(ret, true, A_transpose); + sample_matrix_A_05(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_81(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_3e(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7142,10 +7142,10 @@ static tuple_4c generate_keypair_unpacked_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_81(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_3e(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_04(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_dc(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -7197,10 +7197,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_61( +static void closure_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_48();); + ret[i] = ZERO_ef_db();); } /** @@ -7230,7 +7230,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7239,18 +7239,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_1f(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_dc(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_61(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_4a(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_8d_61(&ind_cpa_public_key.A[j][i1]); + clone_8d_eb(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7260,7 +7260,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_8a( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_5a( + serialize_public_key_85( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -7308,17 +7308,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a2( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_1f(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_dc(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_5a( + serialize_public_key_85( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_01(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7342,7 +7342,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_18( +static KRML_MUSTINLINE void serialize_kem_secret_key_e6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7396,7 +7396,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5a( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_ed( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7406,13 +7406,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5a( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_a0(ind_cpa_keypair_randomness); + generate_keypair_a2(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_18( + serialize_kem_secret_key_e6( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7421,13 +7421,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_5a( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_52( - uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d( + uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); } /** @@ -7485,10 +7485,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_2a(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_48();); + error_1[i] = ZERO_ef_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7504,7 +7504,7 @@ sample_ring_element_cbd_2a(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_400( + sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7541,18 +7541,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_40( +static KRML_MUSTINLINE void invert_ntt_montgomery_49( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_3d(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_55(&zeta_i, re); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_11(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a0(re); + invert_ntt_at_layer_1_42(&zeta_i, re); + invert_ntt_at_layer_2_ef(&zeta_i, re); + invert_ntt_at_layer_3_51(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_52(re); } /** @@ -7561,14 +7561,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_34( +static KRML_MUSTINLINE void compute_vector_u_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_48();); + result0[i] = ZERO_ef_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7588,11 +7588,11 @@ static KRML_MUSTINLINE void compute_vector_u_34( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_a2(&result0[i1], &product); + ntt_multiply_ef_48(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_33(&result0[i1], &product); } - invert_ntt_montgomery_40(&result0[i1]); - add_error_reduce_ef_38(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_49(&result0[i1]); + add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7610,18 +7610,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_3a( +compute_ring_element_v_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_a2(&result, &product);); - invert_ntt_montgomery_40(&result); - result = add_message_error_reduce_ef_ca(error_2, message, result); + ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_33(&result, &product);); + invert_ntt_montgomery_49(&result); + result = add_message_error_reduce_ef_76(error_2, message, result); return result; } @@ -7634,7 +7634,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_5c( +static void compress_then_serialize_u_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7650,7 +7650,7 @@ static void compress_then_serialize_u_5c( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_fb(&re, ret); + compress_then_serialize_ring_element_u_1e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7673,7 +7673,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_8d( +static void encrypt_unpacked_68( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7681,7 +7681,7 @@ static void encrypt_unpacked_8d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_81(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_3e(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7691,7 +7691,7 @@ static void encrypt_unpacked_8d( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_2a(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7702,28 +7702,28 @@ static void encrypt_unpacked_8d( PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_400( + sample_from_binomial_distribution_fd0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_34(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_c8(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_6c(copy_of_message); + deserialize_then_decompress_message_f9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_3a(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f4(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_5c( + compress_then_serialize_u_4c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_ff( + compress_then_serialize_ring_element_v_c7( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7747,7 +7747,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7774,7 +7774,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_8d(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_68(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7784,7 +7784,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_d1( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7805,7 +7805,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_2e(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -7829,10 +7829,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_77(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_45( + deserialize_ring_elements_reduced_c6( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7840,7 +7840,7 @@ static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_c6(ret0, false, A); + sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7874,7 +7874,7 @@ static void encrypt_5a(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_8d(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_68(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7889,7 +7889,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_19(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b9(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7915,11 +7915,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_25( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_2e( + entropy_preprocess_af_23( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7929,7 +7929,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_25( size_t); uint8_t ret[32U]; H_a9_31(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7943,19 +7943,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_25( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_5a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_77(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_19(shared_secret, shared_secret_array); + kdf_af_b9(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7976,12 +7976,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_83( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_48();); + u_as_ntt[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7999,8 +7999,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_83( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f3(u_bytes); - ntt_vector_u_7c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_55(u_bytes); + ntt_vector_u_8b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8014,17 +8014,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_77( +compute_message_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_48(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_cc(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_a2(&result, &product);); - invert_ntt_montgomery_40(&result); - result = subtract_reduce_ef_67(v, result); + ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_33(&result, &product);); + invert_ntt_montgomery_49(&result); + result = subtract_reduce_ef_87(v, result); return result; } @@ -8038,19 +8038,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_cf( +static void decrypt_unpacked_0e( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_83(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a8(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ae( + deserialize_then_decompress_ring_element_v_80( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_77(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_d8(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_47(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8089,11 +8089,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_cf(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_0e(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -8122,7 +8122,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8133,11 +8133,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_cf( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_8d(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_68(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + libcrux_ml_kem_types_as_ref_ba_68(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8154,12 +8154,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_48( +static KRML_MUSTINLINE void deserialize_secret_key_b4( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_48();); + secret_as_ntt[i] = ZERO_ef_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8171,7 +8171,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_48( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_c1(secret_bytes); + deserialize_to_uncompressed_ring_element_97(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8193,10 +8193,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_48(secret_key, secret_as_ntt); + deserialize_secret_key_b4(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8208,7 +8208,7 @@ static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_cf(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_0e(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8234,7 +8234,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_81( +void libcrux_ml_kem_ind_cca_decapsulate_22( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8252,7 +8252,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_81( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8274,7 +8274,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_81( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8284,16 +8284,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_81( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_5a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_77(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_19(Eurydice_array_to_slice((size_t)32U, + kdf_af_b9(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_19(shared_secret0, shared_secret1); + kdf_af_b9(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + libcrux_ml_kem_types_as_ref_ba_68(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 58792e040..4abab0b28 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 31abaeae8..e4be4972a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 57a2ec23f..07813d7b3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 758cfa25d..2fb88d9e3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "internal/libcrux_mlkem_portable.h" @@ -873,8 +873,7 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = - core_num__i16_1__wrapping_add(lhs.elements[i0], rhs->elements[i0]); + lhs.elements[i0] = lhs.elements[i0] + rhs->elements[i0]; } return lhs; } @@ -897,9 +896,7 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = - core_num__i16_1__wrapping_sub(lhs.elements[i0], rhs->elements[i0]); - lhs.elements[i0] = uu____0; + lhs.elements[i0] = lhs.elements[i0] - rhs->elements[i0]; } return lhs; } @@ -921,8 +918,7 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = core_num__i16_1__wrapping_mul(v.elements[i0], c); - v.elements[i0] = uu____0; + v.elements[i0] = v.elements[i0] * c; } return v; } @@ -2289,7 +2285,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_b2(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_06(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2317,8 +2313,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ed(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_to_reduced_ring_element_e1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2339,12 +2335,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_941( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_b2();); + deserialized_pk[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2356,7 +2352,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_941( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ed(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2370,7 +2366,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2389,8 +2385,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f1(v); +shift_right_0d_52(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_be(v); } /** @@ -2400,10 +2396,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_91( +to_unsigned_representative_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_be(a); + shift_right_0d_52(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2416,14 +2412,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8e( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_91(re->coefficients[i0]); + to_unsigned_representative_83(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2441,7 +2437,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_2b1( +static KRML_MUSTINLINE void serialize_secret_key_cf1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2459,7 +2455,7 @@ static KRML_MUSTINLINE void serialize_secret_key_2b1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8e(&re, ret0); + serialize_uncompressed_ring_element_de(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2474,14 +2470,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_601( +static KRML_MUSTINLINE void serialize_public_key_161( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_2b1(t_as_ntt, ret0); + serialize_secret_key_cf1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2501,15 +2497,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_781(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_381(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_941( + deserialize_ring_elements_reduced_9d1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_601( + serialize_public_key_161( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2551,10 +2547,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_071( +static void closure_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_b2();); + ret[i] = ZERO_ef_06();); } /** @@ -2847,8 +2843,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_ef_cb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); +from_i16_array_ef_a4(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2868,9 +2864,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_b31( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( int16_t s[272U]) { - return from_i16_array_ef_cb( + return from_i16_array_ef_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2881,7 +2877,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_081( +static KRML_MUSTINLINE void sample_from_xof_831( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2916,7 +2912,7 @@ static KRML_MUSTINLINE void sample_from_xof_081( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_b31(copy_of_out[i]);); + ret0[i] = closure_2c1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2929,12 +2925,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_a11( +static KRML_MUSTINLINE void sample_matrix_A_511( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_071(A_transpose[i]);); + closure_fc1(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2949,7 +2945,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a11( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_081(copy_of_seeds, sampled); + sample_from_xof_831(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3026,7 +3022,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_b2(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3060,7 +3056,7 @@ sample_from_binomial_distribution_2_b2(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_cb( + return from_i16_array_ef_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3071,7 +3067,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_6f(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_87(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3104,7 +3100,7 @@ sample_from_binomial_distribution_3_6f(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_cb( + return from_i16_array_ef_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3115,8 +3111,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_36(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_b2(randomness); +sample_from_binomial_distribution_62(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_9b(randomness); } /** @@ -3125,7 +3121,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_f0( +static KRML_MUSTINLINE void ntt_at_layer_7_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3153,7 +3149,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_5e( +montgomery_multiply_fe_ff( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3167,12 +3163,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_1e( + ntt_layer_int_vec_step_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_5e(b, zeta_r); + montgomery_multiply_fe_ff(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3186,7 +3182,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_b2( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_be( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3199,7 +3195,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_b2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_1e( + ntt_layer_int_vec_step_f1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3216,7 +3212,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_ed( +static KRML_MUSTINLINE void ntt_at_layer_3_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3234,7 +3230,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_2b( +static KRML_MUSTINLINE void ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3254,7 +3250,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_85( +static KRML_MUSTINLINE void ntt_at_layer_1_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3283,7 +3279,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_de( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3301,17 +3297,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_f0( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_f0(re); + ntt_at_layer_7_8d(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ed(&zeta_i, re); - ntt_at_layer_2_2b(&zeta_i, re); - ntt_at_layer_1_85(&zeta_i, re); - poly_barrett_reduce_ef_de(re); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_84(&zeta_i, re); + ntt_at_layer_2_cd(&zeta_i, re); + ntt_at_layer_1_9c(&zeta_i, re); + poly_barrett_reduce_ef_1c(re); } /** @@ -3323,11 +3319,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ed1( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_951( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_b2();); + re_as_ntt[i] = ZERO_ef_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3342,9 +3338,9 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_ed1( PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_36( + re_as_ntt[i0] = sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3370,9 +3366,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_ef_7a(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_71(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3406,7 +3402,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_a24( +static KRML_MUSTINLINE void add_to_ring_element_ef_581( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3431,7 +3427,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_c8( +to_standard_domain_2a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3448,14 +3444,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_7f( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_c8(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_2a(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3470,14 +3466,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_0f1( +static KRML_MUSTINLINE void compute_As_plus_e_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_b2();); + result0[i] = ZERO_ef_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3498,10 +3494,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_a24(&result0[i1], &product); + ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_581(&result0[i1], &product); } - add_standard_error_reduce_ef_7f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_3a(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3521,7 +3517,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_d31( +static tuple_540 generate_keypair_unpacked_e21( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d01(key_generation_seed, hashed); @@ -3533,14 +3529,14 @@ static tuple_540 generate_keypair_unpacked_d31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_a11(ret, true, A_transpose); + sample_matrix_A_511(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_ed1(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_951(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3552,10 +3548,10 @@ static tuple_540 generate_keypair_unpacked_d31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ed1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_951(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_0f1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_e61(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -3608,10 +3604,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_121( +static void closure_811( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_b2();); + ret[i] = ZERO_ef_06();); } /** @@ -3625,7 +3621,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_8d_62( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_8d_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3666,7 +3662,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3675,18 +3671,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_d31(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_e21(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_121(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_811(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_8d_62(&ind_cpa_public_key.A[j][i1]); + clone_8d_c0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3696,7 +3692,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_301( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_601( + serialize_public_key_161( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -3745,17 +3741,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_481( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_571( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_d31(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_e21(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_601( + serialize_public_key_161( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_2b1(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cf1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3779,7 +3775,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_c5( +static KRML_MUSTINLINE void serialize_kem_secret_key_e0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3835,7 +3831,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_151(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f51(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3844,13 +3840,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_151(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_481(ind_cpa_keypair_randomness); + generate_keypair_571(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_c5( + serialize_kem_secret_key_e0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3859,13 +3855,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_151(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_921(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_521( - uu____2, libcrux_ml_kem_types_from_07_391(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d1( + uu____2, libcrux_ml_kem_types_from_07_fd1(copy_of_public_key)); } /** @@ -3878,10 +3874,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_901(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_b2();); + error_1[i] = ZERO_ef_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3897,7 +3893,7 @@ sample_ring_element_cbd_901(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_36( + sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3946,7 +3942,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3970,7 +3966,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_17( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_30( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3990,7 +3986,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_76( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_ff( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4010,7 +4006,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_b0( + inv_ntt_layer_int_vec_step_reduce_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4018,7 +4014,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_5e(a_minus_b, zeta_r); + b = montgomery_multiply_fe_ff(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4030,7 +4026,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_d8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4045,7 +4041,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_b0( + inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4062,18 +4058,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_981( +static KRML_MUSTINLINE void invert_ntt_montgomery_b31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_17(&zeta_i, re); - invert_ntt_at_layer_3_76(&zeta_i, re); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_de(re); + invert_ntt_at_layer_1_a1(&zeta_i, re); + invert_ntt_at_layer_2_30(&zeta_i, re); + invert_ntt_at_layer_3_ff(&zeta_i, re); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_1c(re); } /** @@ -4087,7 +4083,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_8a( +static KRML_MUSTINLINE void add_error_reduce_ef_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4111,14 +4107,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_b81( +static KRML_MUSTINLINE void compute_vector_u_411( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_b2();); + result0[i] = ZERO_ef_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4138,11 +4134,11 @@ static KRML_MUSTINLINE void compute_vector_u_b81( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_a24(&result0[i1], &product); + ntt_multiply_ef_71(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_581(&result0[i1], &product); } - invert_ntt_montgomery_981(&result0[i1]); - add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_b31(&result0[i1]); + add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4160,7 +4156,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_5a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_50(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4174,8 +4170,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_21(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_then_decompress_message_8c(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4185,7 +4181,7 @@ deserialize_then_decompress_message_21(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_5a(coefficient_compressed); + decompress_1_50(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4202,7 +4198,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_ef_f9( +add_message_error_reduce_ef_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4232,18 +4228,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_f31( +compute_ring_element_v_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_a24(&result, &product);); - invert_ntt_montgomery_981(&result); - result = add_message_error_reduce_ef_f9(error_2, message, result); + ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_581(&result, &product);); + invert_ntt_montgomery_b31(&result); + result = add_message_error_reduce_ef_a1(error_2, message, result); return result; } @@ -4253,7 +4249,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_3a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4274,9 +4270,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_17( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_ab( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e(v); + return compress_3a(v); } /** @@ -4285,7 +4281,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_3a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4307,8 +4303,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_170(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e0(v); +compress_0d_ab0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_3a0(v); } /** @@ -4317,14 +4313,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_cf0( +static KRML_MUSTINLINE void compress_then_serialize_11_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_170(to_unsigned_representative_91(re->coefficients[i0])); + compress_0d_ab0(to_unsigned_representative_83(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4342,10 +4338,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_860( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_220( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_cf0(re, uu____0); + compress_then_serialize_11_1c0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4358,7 +4354,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_0c1( +static void compress_then_serialize_u_491( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4374,7 +4370,7 @@ static void compress_then_serialize_u_0c1( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_860(&re, ret); + compress_then_serialize_ring_element_u_220(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4386,7 +4382,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_3a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4408,8 +4404,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_171(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e1(v); +compress_0d_ab1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_3a1(v); } /** @@ -4418,7 +4414,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_83( +static KRML_MUSTINLINE void compress_then_serialize_4_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4427,7 +4423,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_83( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_171(to_unsigned_representative_91(re.coefficients[i0])); + compress_0d_ab1(to_unsigned_representative_83(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4443,7 +4439,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0e2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_3a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4465,8 +4461,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_172(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0e2(v); +compress_0d_ab2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_3a2(v); } /** @@ -4475,7 +4471,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_af( +static KRML_MUSTINLINE void compress_then_serialize_5_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4484,7 +4480,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_af( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_172(to_unsigned_representative_91(re.coefficients[i0])); + compress_0d_ab2(to_unsigned_representative_83(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4501,9 +4497,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_350( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_780( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_af(re, out); + compress_then_serialize_5_0c(re, out); } /** @@ -4524,7 +4520,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_1b1( +static void encrypt_unpacked_021( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4532,7 +4528,7 @@ static void encrypt_unpacked_1b1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_ed1(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_951(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4542,7 +4538,7 @@ static void encrypt_unpacked_1b1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_901(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_231(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4553,28 +4549,28 @@ static void encrypt_unpacked_1b1( PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_36( + sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_411(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_21(copy_of_message); + deserialize_then_decompress_message_8c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_f31(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ac1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_0c1( + compress_then_serialize_u_491( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_350( + compress_then_serialize_ring_element_v_780( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4599,7 +4595,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4626,7 +4622,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_1b1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_021(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4636,7 +4632,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_301( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4657,7 +4653,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_66(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_14(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4682,10 +4678,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_1f1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_941( + deserialize_ring_elements_reduced_9d1( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4693,7 +4689,7 @@ static void encrypt_1f1(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_a11(ret0, false, A); + sample_matrix_A_511(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4727,7 +4723,7 @@ static void encrypt_1f1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_1b1(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_021(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4742,7 +4738,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_29(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_28(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -4768,11 +4764,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c81( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_461( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_66( + entropy_preprocess_af_14( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4782,7 +4778,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c81( size_t); uint8_t ret[32U]; H_f1_fd1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4796,19 +4792,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c81( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_bd1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_1f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_691(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_29(shared_secret, shared_secret_array); + kdf_af_28(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4828,7 +4824,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e3( +decompress_ciphertext_coefficient_4a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4853,9 +4849,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f( +decompress_ciphertext_coefficient_0d_85( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e3(v); + return decompress_ciphertext_coefficient_4a(v); } /** @@ -4865,8 +4861,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_ed(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_then_decompress_10_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4882,7 +4878,7 @@ deserialize_then_decompress_10_ed(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_9f(coefficient); + decompress_ciphertext_coefficient_0d_85(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4895,7 +4891,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e30( +decompress_ciphertext_coefficient_4a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4920,9 +4916,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f0( +decompress_ciphertext_coefficient_0d_850( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e30(v); + return decompress_ciphertext_coefficient_4a0(v); } /** @@ -4932,8 +4928,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_1e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_then_decompress_11_12(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4942,7 +4938,7 @@ deserialize_then_decompress_11_1e(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_9f0(coefficient); + decompress_ciphertext_coefficient_0d_850(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4955,8 +4951,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_600(Eurydice_slice serialized) { - return deserialize_then_decompress_11_1e(serialized); +deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { + return deserialize_then_decompress_11_12(serialized); } /** @@ -4965,17 +4961,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_960( +static KRML_MUSTINLINE void ntt_vector_u_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ed(&zeta_i, re); - ntt_at_layer_2_2b(&zeta_i, re); - ntt_at_layer_1_85(&zeta_i, re); - poly_barrett_reduce_ef_de(re); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_84(&zeta_i, re); + ntt_at_layer_2_cd(&zeta_i, re); + ntt_at_layer_1_9c(&zeta_i, re); + poly_barrett_reduce_ef_1c(re); } /** @@ -4986,12 +4982,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_5a1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_6b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_b2();); + u_as_ntt[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5009,8 +5005,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_5a1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_600(u_bytes); - ntt_vector_u_960(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); + ntt_vector_u_6c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5024,7 +5020,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e31( +decompress_ciphertext_coefficient_4a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5049,9 +5045,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f1( +decompress_ciphertext_coefficient_0d_851( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e31(v); + return decompress_ciphertext_coefficient_4a1(v); } /** @@ -5061,8 +5057,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_a4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_then_decompress_4_f0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5071,7 +5067,7 @@ deserialize_then_decompress_4_a4(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_9f1(coefficient); + decompress_ciphertext_coefficient_0d_851(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5084,7 +5080,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_e32( +decompress_ciphertext_coefficient_4a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5109,9 +5105,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_9f2( +decompress_ciphertext_coefficient_0d_852( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_e32(v); + return decompress_ciphertext_coefficient_4a2(v); } /** @@ -5121,8 +5117,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_cb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_then_decompress_5_4b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5131,7 +5127,7 @@ deserialize_then_decompress_5_cb(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_9f2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_852(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5145,7 +5141,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_ring_element_v_f60(Eurydice_slice serialized) { - return deserialize_then_decompress_5_cb(serialized); + return deserialize_then_decompress_5_4b(serialized); } /** @@ -5160,7 +5156,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_ef_e3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_44(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5185,17 +5181,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7f1( +compute_message_311( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_a24(&result, &product);); - invert_ntt_montgomery_981(&result); - result = subtract_reduce_ef_e3(v, result); + ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_581(&result, &product);); + invert_ntt_montgomery_b31(&result); + result = subtract_reduce_ef_44(v, result); return result; } @@ -5205,13 +5201,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_b1( +static KRML_MUSTINLINE void compress_then_serialize_message_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_91(re.coefficients[i0]); + to_unsigned_representative_83(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5235,19 +5231,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_ff1( +static void decrypt_unpacked_f91( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_5a1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_6b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_f60( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7f1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_311(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_0d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5299,12 +5295,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_ff1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f91(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5333,7 +5329,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5344,11 +5340,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_531( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_1b1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_021(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_681(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5366,8 +5362,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_bb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_b2(); +deserialize_to_uncompressed_ring_element_ef(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5386,12 +5382,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_4c1( +static KRML_MUSTINLINE void deserialize_secret_key_9e1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_b2();); + secret_as_ntt[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5403,7 +5399,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_4c1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_bb(secret_bytes); + deserialize_to_uncompressed_ring_element_ef(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5425,10 +5421,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_511(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c81(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_4c1(secret_key, secret_as_ntt); + deserialize_secret_key_9e1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5440,7 +5436,7 @@ static void decrypt_511(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_ff1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_f91(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5466,7 +5462,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_aa1( +void libcrux_ml_kem_ind_cca_decapsulate_2d1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5485,7 +5481,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_511(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c81(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5507,7 +5503,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5517,17 +5513,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_1f1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_691(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_29(Eurydice_array_to_slice((size_t)32U, + kdf_af_28(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_29(shared_secret0, shared_secret1); + kdf_af_28(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b41(ciphertext), + libcrux_ml_kem_types_as_ref_ba_681(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5544,12 +5540,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_940( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_b2();); + deserialized_pk[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5561,7 +5557,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_940( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ed(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5576,7 +5572,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_2b0( +static KRML_MUSTINLINE void serialize_secret_key_cf0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5594,7 +5590,7 @@ static KRML_MUSTINLINE void serialize_secret_key_2b0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8e(&re, ret0); + serialize_uncompressed_ring_element_de(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5609,14 +5605,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_600( +static KRML_MUSTINLINE void serialize_public_key_160( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_2b0(t_as_ntt, ret0); + serialize_secret_key_cf0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5636,15 +5632,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_780(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_380(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_940( + deserialize_ring_elements_reduced_9d0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_600( + serialize_public_key_160( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5686,10 +5682,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_070( +static void closure_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_b2();); + ret[i] = ZERO_ef_06();); } /** @@ -5977,9 +5973,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_b30( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( int16_t s[272U]) { - return from_i16_array_ef_cb( + return from_i16_array_ef_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5990,7 +5986,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_080( +static KRML_MUSTINLINE void sample_from_xof_830( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6025,7 +6021,7 @@ static KRML_MUSTINLINE void sample_from_xof_080( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_b30(copy_of_out[i]);); + ret0[i] = closure_2c0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6038,12 +6034,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_a10( +static KRML_MUSTINLINE void sample_matrix_A_510( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_070(A_transpose[i]);); + closure_fc0(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6058,7 +6054,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a10( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_080(copy_of_seeds, sampled); + sample_from_xof_830(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6135,8 +6131,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_360(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_6f(randomness); +sample_from_binomial_distribution_620(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_87(randomness); } /** @@ -6148,11 +6144,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ed0( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_950( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_b2();); + re_as_ntt[i] = ZERO_ef_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6167,9 +6163,9 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_ed0( PRFxN_f1_bf0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_360( + re_as_ntt[i0] = sample_from_binomial_distribution_620( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6194,7 +6190,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_a21( +static KRML_MUSTINLINE void add_to_ring_element_ef_580( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6218,14 +6214,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_0f0( +static KRML_MUSTINLINE void compute_As_plus_e_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_b2();); + result0[i] = ZERO_ef_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6246,10 +6242,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_a21(&result0[i1], &product); + ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_580(&result0[i1], &product); } - add_standard_error_reduce_ef_7f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_3a(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6269,7 +6265,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_d30( +static tuple_4c0 generate_keypair_unpacked_e20( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d00(key_generation_seed, hashed); @@ -6281,14 +6277,14 @@ static tuple_4c0 generate_keypair_unpacked_d30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_a10(ret, true, A_transpose); + sample_matrix_A_510(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_ed0(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_950(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6300,10 +6296,10 @@ static tuple_4c0 generate_keypair_unpacked_d30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ed0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_950(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_0f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_e60(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -6356,10 +6352,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_120( +static void closure_810( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_b2();); + ret[i] = ZERO_ef_06();); } /** @@ -6390,7 +6386,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6399,18 +6395,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_d30(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_e20(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_120(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_810(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_8d_62(&ind_cpa_public_key.A[j][i1]); + clone_8d_c0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6420,7 +6416,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_300( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_600( + serialize_public_key_160( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6469,17 +6465,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_480( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_570( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_d30(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_e20(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_600( + serialize_public_key_160( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_2b0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cf0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6503,7 +6499,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_e1( +static KRML_MUSTINLINE void serialize_kem_secret_key_dd( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6559,7 +6555,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_150(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f50(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6568,13 +6564,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_150(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_480(ind_cpa_keypair_randomness); + generate_keypair_570(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_e1( + serialize_kem_secret_key_dd( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6583,13 +6579,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_150(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_52( - uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d( + uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); } /** @@ -6634,10 +6630,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_900(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_b2();); + error_1[i] = ZERO_ef_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6653,7 +6649,7 @@ sample_ring_element_cbd_900(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_36( + sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6690,18 +6686,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_980( +static KRML_MUSTINLINE void invert_ntt_montgomery_b30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_17(&zeta_i, re); - invert_ntt_at_layer_3_76(&zeta_i, re); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_de(re); + invert_ntt_at_layer_1_a1(&zeta_i, re); + invert_ntt_at_layer_2_30(&zeta_i, re); + invert_ntt_at_layer_3_ff(&zeta_i, re); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_1c(re); } /** @@ -6710,14 +6706,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_b80( +static KRML_MUSTINLINE void compute_vector_u_410( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_b2();); + result0[i] = ZERO_ef_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6737,11 +6733,11 @@ static KRML_MUSTINLINE void compute_vector_u_b80( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_a21(&result0[i1], &product); + ntt_multiply_ef_71(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_580(&result0[i1], &product); } - invert_ntt_montgomery_980(&result0[i1]); - add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_b30(&result0[i1]); + add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6759,18 +6755,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_f30( +compute_ring_element_v_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_a21(&result, &product);); - invert_ntt_montgomery_980(&result); - result = add_message_error_reduce_ef_f9(error_2, message, result); + ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_580(&result, &product);); + invert_ntt_montgomery_b30(&result); + result = add_message_error_reduce_ef_a1(error_2, message, result); return result; } @@ -6780,14 +6776,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_ee( +static KRML_MUSTINLINE void compress_then_serialize_10_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_17(to_unsigned_representative_91(re->coefficients[i0])); + compress_0d_ab(to_unsigned_representative_83(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6805,10 +6801,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_86( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_ee(re, uu____0); + compress_then_serialize_10_a6(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6821,7 +6817,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_0c0( +static void compress_then_serialize_u_490( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6837,7 +6833,7 @@ static void compress_then_serialize_u_0c0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_86(&re, ret); + compress_then_serialize_ring_element_u_22(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6850,9 +6846,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_35( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_83(re, out); + compress_then_serialize_4_eb(re, out); } /** @@ -6873,7 +6869,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_1b0( +static void encrypt_unpacked_020( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6881,7 +6877,7 @@ static void encrypt_unpacked_1b0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_ed0(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_950(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6891,7 +6887,7 @@ static void encrypt_unpacked_1b0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_900(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_230(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6902,28 +6898,28 @@ static void encrypt_unpacked_1b0( PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_36( + sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_410(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_21(copy_of_message); + deserialize_then_decompress_message_8c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_f30(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ac0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_0c0( + compress_then_serialize_u_490( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_35( + compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6948,7 +6944,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6975,7 +6971,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_1b0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_020(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6985,7 +6981,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_300( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7006,7 +7002,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_dc(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_60(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -7031,10 +7027,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_1f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_940( + deserialize_ring_elements_reduced_9d0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7042,7 +7038,7 @@ static void encrypt_1f0(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_a10(ret0, false, A); + sample_matrix_A_510(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7076,7 +7072,7 @@ static void encrypt_1f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_1b0(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_020(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7091,7 +7087,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_9f(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_d7(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7117,11 +7113,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c80( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_460( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_dc( + entropy_preprocess_af_60( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7131,7 +7127,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c80( size_t); uint8_t ret[32U]; H_f1_fd0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7145,19 +7141,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c80( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_1f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_690(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9f(shared_secret, shared_secret_array); + kdf_af_d7(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7177,8 +7173,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_60(Eurydice_slice serialized) { - return deserialize_then_decompress_10_ed(serialized); +deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { + return deserialize_then_decompress_10_ad(serialized); } /** @@ -7187,17 +7183,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_96( +static KRML_MUSTINLINE void ntt_vector_u_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ed(&zeta_i, re); - ntt_at_layer_2_2b(&zeta_i, re); - ntt_at_layer_1_85(&zeta_i, re); - poly_barrett_reduce_ef_de(re); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_84(&zeta_i, re); + ntt_at_layer_2_cd(&zeta_i, re); + ntt_at_layer_1_9c(&zeta_i, re); + poly_barrett_reduce_ef_1c(re); } /** @@ -7208,12 +7204,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_5a0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_6b0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_b2();); + u_as_ntt[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7231,8 +7227,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_5a0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_60(u_bytes); - ntt_vector_u_96(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_6c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7247,7 +7243,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_ring_element_v_f6(Eurydice_slice serialized) { - return deserialize_then_decompress_4_a4(serialized); + return deserialize_then_decompress_4_f0(serialized); } /** @@ -7257,17 +7253,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7f0( +compute_message_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_a21(&result, &product);); - invert_ntt_montgomery_980(&result); - result = subtract_reduce_ef_e3(v, result); + ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_580(&result, &product);); + invert_ntt_montgomery_b30(&result); + result = subtract_reduce_ef_44(v, result); return result; } @@ -7281,19 +7277,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_ff0( +static void decrypt_unpacked_f90( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_5a0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_6b0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_f6( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7f0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_310(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_0d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7333,11 +7329,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_ff0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f90(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7366,7 +7362,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7377,11 +7373,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_530( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_1b0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_020(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + libcrux_ml_kem_types_as_ref_ba_68(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7398,12 +7394,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_4c0( +static KRML_MUSTINLINE void deserialize_secret_key_9e0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_b2();); + secret_as_ntt[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7415,7 +7411,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_4c0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_bb(secret_bytes); + deserialize_to_uncompressed_ring_element_ef(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7437,10 +7433,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_510(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_4c0(secret_key, secret_as_ntt); + deserialize_secret_key_9e0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7452,7 +7448,7 @@ static void decrypt_510(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_ff0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_f90(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7478,7 +7474,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_aa0( +void libcrux_ml_kem_ind_cca_decapsulate_2d0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7496,7 +7492,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_510(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7518,7 +7514,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7528,17 +7524,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_1f0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_690(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9f(Eurydice_array_to_slice((size_t)32U, + kdf_af_d7(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_9f(shared_secret0, shared_secret1); + kdf_af_d7(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b4(ciphertext), + libcrux_ml_kem_types_as_ref_ba_68(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7555,12 +7551,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_94( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_b2();); + deserialized_pk[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7572,7 +7568,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_94( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ed(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7587,7 +7583,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_2b( +static KRML_MUSTINLINE void serialize_secret_key_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7605,7 +7601,7 @@ static KRML_MUSTINLINE void serialize_secret_key_2b( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8e(&re, ret0); + serialize_uncompressed_ring_element_de(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7620,14 +7616,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_60( +static KRML_MUSTINLINE void serialize_public_key_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_2b(t_as_ntt, ret0); + serialize_secret_key_cf(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7647,15 +7643,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_78(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_38(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_94( + deserialize_ring_elements_reduced_9d( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_60( + serialize_public_key_16( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7697,10 +7693,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_07( +static void closure_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_b2();); + ret[i] = ZERO_ef_06();); } /** @@ -7988,9 +7984,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_b3( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( int16_t s[272U]) { - return from_i16_array_ef_cb( + return from_i16_array_ef_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8001,7 +7997,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_08( +static KRML_MUSTINLINE void sample_from_xof_83( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8036,7 +8032,7 @@ static KRML_MUSTINLINE void sample_from_xof_08( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_b3(copy_of_out[i]);); + ret0[i] = closure_2c(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8049,12 +8045,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_a1( +static KRML_MUSTINLINE void sample_matrix_A_51( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_07(A_transpose[i]);); + closure_fc(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8069,7 +8065,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_08(copy_of_seeds, sampled); + sample_from_xof_83(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8148,11 +8144,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ed( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_95( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_b2();); + re_as_ntt[i] = ZERO_ef_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8167,9 +8163,9 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_ed( PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_36( + re_as_ntt[i0] = sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8194,7 +8190,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_a20( +static KRML_MUSTINLINE void add_to_ring_element_ef_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8218,14 +8214,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_0f( +static KRML_MUSTINLINE void compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_b2();); + result0[i] = ZERO_ef_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8246,10 +8242,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_a20(&result0[i1], &product); + ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_58(&result0[i1], &product); } - add_standard_error_reduce_ef_7f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_ef_3a(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8269,7 +8265,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_d3( +static tuple_9b generate_keypair_unpacked_e2( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d0(key_generation_seed, hashed); @@ -8281,14 +8277,14 @@ static tuple_9b generate_keypair_unpacked_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_a1(ret, true, A_transpose); + sample_matrix_A_51(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_ed(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_95(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8300,10 +8296,10 @@ static tuple_9b generate_keypair_unpacked_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_ed(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_95(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_0f(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_e6(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -8356,10 +8352,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_12( +static void closure_81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_b2();); + ret[i] = ZERO_ef_06();); } /** @@ -8390,7 +8386,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8399,18 +8395,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_d3(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_e2(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_12(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_81(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_8d_62(&ind_cpa_public_key.A[j][i1]); + clone_8d_c0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8420,7 +8416,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_30( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_60( + serialize_public_key_16( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -8469,17 +8465,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_48( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_57( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_d3(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_e2(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_60( + serialize_public_key_16( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_2b(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cf(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8503,7 +8499,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_42( +static KRML_MUSTINLINE void serialize_kem_secret_key_24( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8559,7 +8555,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8568,13 +8564,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_48(ind_cpa_keypair_randomness); + generate_keypair_57(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_42( + serialize_kem_secret_key_24( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8583,13 +8579,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_920(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_520( - uu____2, libcrux_ml_kem_types_from_07_390(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d0( + uu____2, libcrux_ml_kem_types_from_07_fd0(copy_of_public_key)); } /** @@ -8602,10 +8598,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_90(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_b2();); + error_1[i] = ZERO_ef_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8621,7 +8617,7 @@ sample_ring_element_cbd_90(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_36( + sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8658,18 +8654,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_98( +static KRML_MUSTINLINE void invert_ntt_montgomery_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_17(&zeta_i, re); - invert_ntt_at_layer_3_76(&zeta_i, re); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_de(re); + invert_ntt_at_layer_1_a1(&zeta_i, re); + invert_ntt_at_layer_2_30(&zeta_i, re); + invert_ntt_at_layer_3_ff(&zeta_i, re); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_1c(re); } /** @@ -8678,14 +8674,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_b8( +static KRML_MUSTINLINE void compute_vector_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_b2();); + result0[i] = ZERO_ef_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8705,11 +8701,11 @@ static KRML_MUSTINLINE void compute_vector_u_b8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_a20(&result0[i1], &product); + ntt_multiply_ef_71(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_58(&result0[i1], &product); } - invert_ntt_montgomery_98(&result0[i1]); - add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_b3(&result0[i1]); + add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8727,18 +8723,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_f3( +compute_ring_element_v_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_a20(&result, &product);); - invert_ntt_montgomery_98(&result); - result = add_message_error_reduce_ef_f9(error_2, message, result); + ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_58(&result, &product);); + invert_ntt_montgomery_b3(&result); + result = add_message_error_reduce_ef_a1(error_2, message, result); return result; } @@ -8751,7 +8747,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_0c( +static void compress_then_serialize_u_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8767,7 +8763,7 @@ static void compress_then_serialize_u_0c( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_86(&re, ret); + compress_then_serialize_ring_element_u_22(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8791,7 +8787,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_1b( +static void encrypt_unpacked_02( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -8799,7 +8795,7 @@ static void encrypt_unpacked_1b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_ed(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_95(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8809,7 +8805,7 @@ static void encrypt_unpacked_1b( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_90(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_23(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8820,28 +8816,28 @@ static void encrypt_unpacked_1b( PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_36( + sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_41(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_21(copy_of_message); + deserialize_then_decompress_message_8c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_f3(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ac(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_0c( + compress_then_serialize_u_49( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_35( + compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8866,7 +8862,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8893,7 +8889,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_1b(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_02(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8903,7 +8899,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_30( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8924,7 +8920,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_dd(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -8949,10 +8945,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_1f(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_94( + deserialize_ring_elements_reduced_9d( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8960,7 +8956,7 @@ static void encrypt_1f(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_a1(ret0, false, A); + sample_matrix_A_51(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -8994,7 +8990,7 @@ static void encrypt_1f(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_1b(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_02(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -9009,7 +9005,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_20(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c4(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -9035,11 +9031,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_dd( + entropy_preprocess_af_4f( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -9049,7 +9045,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( size_t); uint8_t ret[32U]; H_f1_fd(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9063,19 +9059,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_1f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_69(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_20(shared_secret, shared_secret_array); + kdf_af_c4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9096,12 +9092,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_5a( +static KRML_MUSTINLINE void deserialize_then_decompress_u_6b( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_b2();); + u_as_ntt[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9119,8 +9115,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_5a( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_60(u_bytes); - ntt_vector_u_96(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_6c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9134,17 +9130,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7f( +compute_message_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_b2(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_7a(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_a20(&result, &product);); - invert_ntt_montgomery_98(&result); - result = subtract_reduce_ef_e3(v, result); + ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_58(&result, &product);); + invert_ntt_montgomery_b3(&result); + result = subtract_reduce_ef_44(v, result); return result; } @@ -9158,19 +9154,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_ff( +static void decrypt_unpacked_f9( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_5a(ciphertext, u_as_ntt); + deserialize_then_decompress_u_6b(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = deserialize_then_decompress_ring_element_v_f6( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7f(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_31(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_0d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9210,11 +9206,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_ff(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f9(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -9243,7 +9239,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9254,11 +9250,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_53( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_1b(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_02(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + libcrux_ml_kem_types_as_ref_ba_680(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9275,12 +9271,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_4c( +static KRML_MUSTINLINE void deserialize_secret_key_9e( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_b2();); + secret_as_ntt[i] = ZERO_ef_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9292,7 +9288,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_4c( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_bb(secret_bytes); + deserialize_to_uncompressed_ring_element_ef(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9314,10 +9310,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_51(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_4c(secret_key, secret_as_ntt); + deserialize_secret_key_9e(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9329,7 +9325,7 @@ static void decrypt_51(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_f9(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9355,7 +9351,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_aa( +void libcrux_ml_kem_ind_cca_decapsulate_2d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9373,7 +9369,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_51(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9395,7 +9391,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9405,16 +9401,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_aa( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_1f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_69(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_20(Eurydice_array_to_slice((size_t)32U, + kdf_af_c4(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_20(shared_secret0, shared_secret1); + kdf_af_c4(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_b40(ciphertext), + libcrux_ml_kem_types_as_ref_ba_680(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b5297e32c..80e821494 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index bc7827005..3a8fbdd1b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 0d2f42cc7..f2c3c8065 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9c45a9de3..dbbd0d9d3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index a339306f0..aa2a775f1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index d999debf0..b34198b5a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 42295c921..81f827502 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 7b27401b5..07d54243f 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 +Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index f0ad6796d..8c8e27df1 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_core_H @@ -45,12 +45,6 @@ typedef struct Option_b3_s { size_t f0; } Option_b3; -static inline int16_t core_num__i16_1__wrapping_add(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_mul(int16_t x0, int16_t x1); - -static inline int16_t core_num__i16_1__wrapping_sub(int16_t x0, int16_t x1); - static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); #define CORE_NUM__U32_8__BITS (32U) @@ -227,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_28( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_3d( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -242,7 +236,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_39(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_fd(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -276,7 +270,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_52(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_7d(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -292,7 +286,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_92(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_9a(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -322,7 +316,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_9a(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_5f(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -339,7 +333,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_bd( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_89( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -425,7 +419,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_32( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_04( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 96ff3f14f..02a711994 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 5d54c891c..44d0526b7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1212,7 +1212,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_ef_48(void) { +libcrux_ml_kem_polynomial_ZERO_ef_db(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1241,8 +1241,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_5f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_55(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -1253,10 +1253,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_be( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1274,12 +1274,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_54( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a2( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1292,7 +1292,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_54( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_be( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2a( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1325,8 +1325,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_aa(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_40(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -1337,7 +1337,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1389,9 +1389,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d2( vector); } @@ -1403,10 +1403,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_03( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1419,7 +1419,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f( coefficient); } return re; @@ -1433,7 +1433,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d20( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1485,9 +1485,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d20( vector); } @@ -1499,10 +1499,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_4e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1510,7 +1510,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_4e( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f0( coefficient); } return re; @@ -1524,9 +1524,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_09( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d7( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_03(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1541,7 +1541,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_bd( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_40( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1554,9 +1554,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_af(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_bd(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_40(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1570,7 +1570,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1583,7 +1583,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_af( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d2( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1601,7 +1601,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1620,7 +1620,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_0a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1642,7 +1642,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_93( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1673,7 +1673,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1690,21 +1690,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f9( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_1d(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_93(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_d2(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_7f(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52(re); } /** @@ -1717,12 +1717,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_31( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_b2( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1742,9 +1742,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_31( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_09( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d7( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_f9(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_9c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1759,7 +1759,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d21( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1811,9 +1811,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d21( vector); } @@ -1825,10 +1825,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_89( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_7b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1836,7 +1836,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_89( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f1( coefficient); } return re; @@ -1850,7 +1850,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d22( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1902,9 +1902,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_8a2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d22( vector); } @@ -1916,10 +1916,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_e3( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1927,7 +1927,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_e3( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_4b2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f2( re.coefficients[i0]); } return re; @@ -1941,9 +1941,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_5a( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_57( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_89(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_7b(serialized); } /** @@ -1959,11 +1959,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_ef_cc( +libcrux_ml_kem_polynomial_ntt_multiply_ef_48( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1996,8 +1996,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2018,7 +2017,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2045,7 +2044,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ef( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2068,7 +2067,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_55( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2089,13 +2088,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e7(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_bd(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_40(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2108,7 +2107,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2123,7 +2122,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e7( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2141,22 +2140,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_55(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ef(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_51(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_11(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52(re); } /** @@ -2172,7 +2171,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_ef_73( +libcrux_ml_kem_polynomial_subtract_reduce_ef_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2196,21 +2195,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_62( +libcrux_ml_kem_matrix_compute_message_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_73(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result); return result; } @@ -2221,7 +2220,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_bc(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b4(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2235,9 +2234,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_f0( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_56( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_bc(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b4(vector); } /** @@ -2248,8 +2247,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_7a(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_f0(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_38(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_56(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2263,13 +2262,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_0d( +libcrux_ml_kem_serialize_compress_then_serialize_message_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2294,20 +2293,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ab( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_82( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_31(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_b2(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_5a( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_57( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_62(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_9b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_0d(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2322,11 +2321,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_94(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_86(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_54(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_a2(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2338,7 +2337,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_94(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ab(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_82(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2396,9 +2395,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_e0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_4f( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -2409,10 +2408,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ae( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_17( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2433,12 +2432,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2451,7 +2450,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ae( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_17( ring_element); deserialized_pk[i0] = uu____0; } @@ -2468,8 +2467,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_6f(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_9e(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -2479,10 +2478,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_13( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_0f( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } } @@ -2630,7 +2629,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_52( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_51( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2764,7 +2763,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_520( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_510( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2812,9 +2811,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_ef_3a(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_ce(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2833,8 +2832,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_3d(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_3a( +libcrux_ml_kem_sampling_sample_from_xof_closure_d6(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_ef_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2845,7 +2844,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_23( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2862,7 +2861,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_52( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_51( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2875,7 +2874,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1d( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_520( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_510( copy_of_randomness, sampled_coefficients, out); } } @@ -2885,7 +2884,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_3d(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_d6(copy_of_out[i]); } memcpy( ret, ret0, @@ -2899,12 +2898,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_13(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_0f(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2924,7 +2923,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_c6( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_1d(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_23(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2984,8 +2983,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_69(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_e7(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -3047,7 +3046,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bb( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_65( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3082,7 +3081,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bb( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_3a( + return libcrux_ml_kem_polynomial_from_i16_array_ef_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3094,7 +3093,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ec( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c5( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3128,7 +3127,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ec( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_3a( + return libcrux_ml_kem_polynomial_from_i16_array_ef_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3140,9 +3139,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_bb( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_65( randomness); } @@ -3153,7 +3152,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3175,20 +3174,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f9( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_2f(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_75(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_c3(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_1d(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_6b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_93(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a0(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_d2(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_7f(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52(re); } /** @@ -3201,11 +3200,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3224,9 +3223,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f9(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3251,8 +3250,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3b(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_27(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -3265,11 +3264,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2a(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3288,7 +3287,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2a(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3343,8 +3342,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_c0(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_matrix_compute_vector_u_closure_3f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -3359,7 +3358,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_38( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3381,14 +3380,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_34( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3409,12 +3408,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_34( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result0[i1], - &product); + libcrux_ml_kem_polynomial_ntt_multiply_ef_48(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result0[i1], + &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_38(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3433,7 +3432,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_23(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_ed(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), &v), @@ -3448,10 +3447,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3459,7 +3458,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_23(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_ed(coefficient_compressed); } return re; } @@ -3477,7 +3476,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_ca( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3505,22 +3504,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_3a( +libcrux_ml_kem_matrix_compute_ring_element_v_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_48(); + libcrux_ml_kem_polynomial_ZERO_ef_db(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_40(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_ca( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_76( error_2, message, result); return result; } @@ -3533,7 +3532,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_54( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3588,9 +3587,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_54( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b5( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_54( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba( vector); } @@ -3602,14 +3601,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_58( +libcrux_ml_kem_serialize_compress_then_serialize_10_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_54( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b5( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3629,7 +3628,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_540( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3684,9 +3683,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_540( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b50( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_540( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba0( vector); } @@ -3698,14 +3697,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_6e( +libcrux_ml_kem_serialize_compress_then_serialize_11_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_540( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b50( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3726,10 +3725,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_58(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_4e(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3743,7 +3742,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_5c( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3759,7 +3758,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_5c( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_fb(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_1e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3774,7 +3773,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_541( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3829,9 +3828,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_541( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b51( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_541( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba1( vector); } @@ -3843,7 +3842,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b5( +libcrux_ml_kem_serialize_compress_then_serialize_4_60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3851,8 +3850,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b5( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_541( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b51( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3871,7 +3870,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_542( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3926,9 +3925,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_542( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b52( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_542( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba2( vector); } @@ -3940,7 +3939,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_43( +libcrux_ml_kem_serialize_compress_then_serialize_5_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3948,8 +3947,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_43( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_542( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_b52( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -3969,9 +3968,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_60(re, out); } /** @@ -3992,7 +3991,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4000,7 +3999,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4010,7 +4009,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2a( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_f1( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4022,30 +4021,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_40( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_34(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_c8(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_3a( + libcrux_ml_kem_matrix_compute_ring_element_v_f4( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_5c( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_4c( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ff( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_c7( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4069,12 +4068,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_5a(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_77(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4082,7 +4081,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_5a(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_c6(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4116,7 +4115,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_5a(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_68(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4133,7 +4132,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_93( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; @@ -4164,7 +4163,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_26( +static inline void libcrux_ml_kem_ind_cca_decapsulate_91( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4182,7 +4181,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_26( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_94(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_86(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4206,7 +4205,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_26( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -4217,18 +4216,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_26( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_5a(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_77(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_80( + libcrux_ml_kem_ind_cca_kdf_43_93( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_80(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_93(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + libcrux_ml_kem_types_as_ref_ba_04(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4260,10 +4259,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_94( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_43( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_26(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_91(private_key, ciphertext, ret); } /** @@ -4277,7 +4276,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_94(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_43(private_key, ciphertext, ret); } @@ -4337,11 +4336,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2b( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_45( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ab( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_82( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4371,7 +4370,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2b( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -4383,11 +4382,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2b( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + libcrux_ml_kem_types_as_ref_ba_04(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4424,10 +4423,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_51( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_d3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2b(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_45(key_pair, ciphertext, ret); } @@ -4442,7 +4441,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_51( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_d3( private_key, ciphertext, ret); } @@ -4457,7 +4456,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b5( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c7( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4499,11 +4498,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_25( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_b5( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_c7( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4514,7 +4513,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_25( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_bd(public_key), + libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4529,20 +4528,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_25( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_5a(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_77(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_80(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_93(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4575,14 +4574,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0e( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_6c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_25(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_37(uu____0, copy_of_randomness); } /** @@ -4600,7 +4599,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_0e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_6c( uu____0, copy_of_randomness); } @@ -4623,7 +4622,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_4d( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4651,7 +4650,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_4d( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_8d(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_68(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4661,7 +4660,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_4d( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4695,7 +4694,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_16( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_06( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4703,7 +4702,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_16( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_4d( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( uu____0, copy_of_randomness); } @@ -4724,7 +4723,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_16( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_06( uu____0, copy_of_randomness); } @@ -4749,8 +4748,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_a3(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_1b(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -4760,7 +4759,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_55( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_03( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4779,14 +4778,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_27( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_55( + libcrux_ml_kem_vector_traits_to_standard_domain_03( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4801,14 +4800,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_04( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4830,12 +4829,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_cc(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a20(&result0[i1], - &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result0[i1], + &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_27( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4856,7 +4855,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); @@ -4868,14 +4867,14 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_c6(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4888,12 +4887,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_81(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_04(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_dc(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; @@ -4941,14 +4940,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_36( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_7a( + libcrux_ml_kem_vector_traits_to_unsigned_representative_38( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -4968,7 +4967,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4986,7 +4985,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_ea(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_36(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5002,14 +5001,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_01(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5034,17 +5033,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_a0(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_a2(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + libcrux_ml_kem_ind_cpa_serialize_public_key_85( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_01(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5070,7 +5069,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_18( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_e6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5126,7 +5125,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_5a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ed(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5135,13 +5134,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5a(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_a0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_a2(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_18( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_e6( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5150,13 +5149,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_5a(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_52( - uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d( + uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); } /** @@ -5172,12 +5171,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_33( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dc( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_5a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_ed(copy_of_randomness); } /** @@ -5189,7 +5188,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_33( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dc( copy_of_randomness); } @@ -5208,9 +5207,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_54( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_1b( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_48(); + return libcrux_ml_kem_polynomial_ZERO_ef_db(); } /** @@ -5228,10 +5227,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_97( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_48(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); } } @@ -5248,7 +5247,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_8d_b3( +libcrux_ml_kem_polynomial_clone_8d_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5273,7 +5272,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5282,7 +5281,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_1f( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5290,7 +5289,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_38(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_97(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5298,7 +5297,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_8d_b3(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_8d_77(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5310,7 +5309,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + libcrux_ml_kem_ind_cpa_serialize_public_key_85( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5365,12 +5364,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_68( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_b5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_25( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( copy_of_randomness); } @@ -5384,7 +5383,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_68( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_b5( copy_of_randomness); } @@ -5400,7 +5399,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_27( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_b4( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5411,7 +5410,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_27( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_28(ciphertext), + libcrux_ml_kem_types_as_slice_a8_3d(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5445,7 +5444,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_260( +static inline void libcrux_ml_kem_ind_cca_decapsulate_910( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5463,7 +5462,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_260( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_94(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_86(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5487,7 +5486,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_260( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -5498,18 +5497,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_260( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_5a(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_77(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_27( + libcrux_ml_kem_ind_cca_kdf_6c_b4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_27(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_b4(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + libcrux_ml_kem_types_as_ref_ba_04(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5545,10 +5544,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_11( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_3f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_260(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_910(private_key, ciphertext, ret); } /** @@ -5562,7 +5561,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_11( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_3f( private_key, ciphertext, ret); } @@ -5577,7 +5576,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_90( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2c( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); } @@ -5602,11 +5601,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_250( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_90( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5617,7 +5616,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_250( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_bd(public_key), + libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5632,20 +5631,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_250( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_5a(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_77(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_27(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_b4(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5681,14 +5680,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_92( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_250(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_370(uu____0, copy_of_randomness); } /** @@ -5706,7 +5705,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_92( uu____0, copy_of_randomness); } @@ -5719,16 +5718,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_5b( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_45( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + libcrux_ml_kem_ind_cpa_serialize_public_key_85( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5747,9 +5746,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_cf( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_f5( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5b(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); } /** @@ -5761,7 +5760,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_cf( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_f5( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 2e98736f3..d68759323 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_mlkem768_portable_H @@ -965,8 +965,7 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = - core_num__i16_1__wrapping_add(lhs.elements[i0], rhs->elements[i0]); + lhs.elements[i0] = lhs.elements[i0] + rhs->elements[i0]; } return lhs; } @@ -989,9 +988,7 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = - core_num__i16_1__wrapping_sub(lhs.elements[i0], rhs->elements[i0]); - lhs.elements[i0] = uu____0; + lhs.elements[i0] = lhs.elements[i0] - rhs->elements[i0]; } return lhs; } @@ -1013,8 +1010,7 @@ libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - int16_t uu____0 = core_num__i16_1__wrapping_mul(v.elements[i0], c); - v.elements[i0] = uu____0; + v.elements[i0] = v.elements[i0] * c; } return v; } @@ -2495,7 +2491,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_ef_b2(void) { +libcrux_ml_kem_polynomial_ZERO_ef_06(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2523,8 +2519,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_d1(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -2534,10 +2530,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_1b( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_41( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2556,12 +2552,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_0c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2574,7 +2570,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_0c( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_1b( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_41( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2606,8 +2602,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -2617,7 +2613,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2642,9 +2638,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_85( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e3( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( v); } @@ -2655,10 +2651,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_8f( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2674,7 +2670,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_8f( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_85( coefficient); re.coefficients[i0] = uu____0; } @@ -2688,7 +2684,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2713,9 +2709,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_850( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e30( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( v); } @@ -2726,10 +2722,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_63( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_fe( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2738,7 +2734,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_63( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_850( coefficient); re.coefficients[i0] = uu____0; } @@ -2752,9 +2748,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_53( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_4f( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_8f(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_21(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2769,7 +2765,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ff( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2783,12 +2779,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_1e( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ff(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2802,7 +2798,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2815,7 +2811,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_1e( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2832,7 +2828,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ed( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2852,7 +2848,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2874,7 +2870,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_85( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2905,7 +2901,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2923,21 +2919,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_08( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ed(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_2b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_85(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_84(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_9c(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c(re); } /** @@ -2949,12 +2945,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_79( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2974,9 +2970,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_79( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_53( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_4f( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_08(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_0b(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2990,7 +2986,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3015,9 +3011,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_851( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e31( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( v); } @@ -3028,10 +3024,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_27( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_34( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3040,7 +3036,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_27( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_851( coefficient); re.coefficients[i0] = uu____0; } @@ -3054,7 +3050,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3079,9 +3075,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_852( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_e32( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( v); } @@ -3092,10 +3088,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_ce( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3104,7 +3100,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_ce( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_9f2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_852( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3118,9 +3114,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b0( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_27(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_34(serialized); } /** @@ -3135,11 +3131,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_ef_7a( +libcrux_ml_kem_polynomial_ntt_multiply_ef_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3173,7 +3169,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3197,7 +3193,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3223,7 +3219,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_17( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3245,7 +3241,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ff( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3267,7 +3263,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_b0( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3275,7 +3271,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ff(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3288,7 +3284,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3303,7 +3299,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_b0( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3320,22 +3316,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_17(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_76(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a1(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ff(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_c0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c(re); } /** @@ -3350,7 +3346,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_ef_5b( +libcrux_ml_kem_polynomial_subtract_reduce_ef_fa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3376,21 +3372,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_81( +libcrux_ml_kem_matrix_compute_message_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_5b(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_fa(v, result); return result; } @@ -3400,7 +3396,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3420,9 +3416,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_be( +libcrux_ml_kem_vector_portable_shift_right_0d_52( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f1(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_be(v); } /** @@ -3432,10 +3428,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_91( +libcrux_ml_kem_vector_traits_to_unsigned_representative_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_be(a); + libcrux_ml_kem_vector_portable_shift_right_0d_52(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3449,13 +3445,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_06( +libcrux_ml_kem_serialize_compress_then_serialize_message_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_91( + libcrux_ml_kem_vector_traits_to_unsigned_representative_83( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3481,20 +3477,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_76( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_79(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_d9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_81(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_8d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_06(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3508,11 +3504,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_b2(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_0c(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_55(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3524,7 +3520,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_b2(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_76(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_89(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3578,9 +3574,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_32( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_6f( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -3590,10 +3586,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3615,12 +3611,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3633,7 +3629,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( ring_element); deserialized_pk[i0] = uu____0; } @@ -3650,8 +3646,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_de(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_d1(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -3661,10 +3657,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_07( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fc( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } } @@ -3982,9 +3978,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_ef_cb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_a4(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4005,8 +4001,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_b3(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_cb( +libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_ef_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4017,7 +4013,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_08( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_83( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4057,7 +4053,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_b3(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_2c(copy_of_out[i]); } memcpy( ret, ret0, @@ -4071,12 +4067,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_51( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_07(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_fc(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4096,7 +4092,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_08(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_83(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4156,8 +4152,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_b8(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_75(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -4200,7 +4196,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b2( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4235,7 +4231,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b2( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_cb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4246,7 +4242,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_6f( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_87( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4280,7 +4276,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_6f( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_cb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4291,9 +4287,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_b2( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( randomness); } @@ -4303,7 +4299,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4326,20 +4322,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f0( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_f0(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_8d(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b2(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ed(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_2b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_85(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_de(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_84(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_9c(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c(re); } /** @@ -4352,11 +4348,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4375,9 +4371,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_f0(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4402,8 +4398,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_de(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_ab(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -4416,11 +4412,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_90(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4439,7 +4435,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_90(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4491,8 +4487,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_bc(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); +libcrux_ml_kem_matrix_compute_vector_u_closure_92(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -4506,7 +4502,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4530,14 +4526,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4558,12 +4554,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_b8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_71(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_8a(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4582,7 +4578,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_5a( +libcrux_ml_kem_vector_traits_decompress_1_50( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4597,10 +4593,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_21( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4610,7 +4606,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_21( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_5a(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_50(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4628,7 +4624,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f9( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4658,22 +4654,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_f3( +libcrux_ml_kem_matrix_compute_ring_element_v_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_b2(); + libcrux_ml_kem_polynomial_ZERO_ef_06(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_98(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f9( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_a1( error_2, message, result); return result; } @@ -4684,7 +4680,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e( +libcrux_ml_kem_vector_portable_compress_compress_3a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4707,9 +4703,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_17( +libcrux_ml_kem_vector_portable_compress_0d_ab( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e(v); + return libcrux_ml_kem_vector_portable_compress_compress_3a(v); } /** @@ -4719,15 +4715,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_ee( +libcrux_ml_kem_serialize_compress_then_serialize_10_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_17( - libcrux_ml_kem_vector_traits_to_unsigned_representative_91( + libcrux_ml_kem_vector_portable_compress_0d_ab( + libcrux_ml_kem_vector_traits_to_unsigned_representative_83( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4745,7 +4741,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e0( +libcrux_ml_kem_vector_portable_compress_compress_3a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4768,9 +4764,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_170( +libcrux_ml_kem_vector_portable_compress_0d_ab0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e0(v); + return libcrux_ml_kem_vector_portable_compress_compress_3a0(v); } /** @@ -4780,15 +4776,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_cf( +libcrux_ml_kem_serialize_compress_then_serialize_11_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_170( - libcrux_ml_kem_vector_traits_to_unsigned_representative_91( + libcrux_ml_kem_vector_portable_compress_0d_ab0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_83( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4808,10 +4804,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_86( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ee(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_a6(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4824,7 +4820,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0c( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4840,7 +4836,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0c( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_86(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_22(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4853,7 +4849,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e1( +libcrux_ml_kem_vector_portable_compress_compress_3a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4876,9 +4872,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_171( +libcrux_ml_kem_vector_portable_compress_0d_ab1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e1(v); + return libcrux_ml_kem_vector_portable_compress_compress_3a1(v); } /** @@ -4888,7 +4884,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_83( +libcrux_ml_kem_serialize_compress_then_serialize_4_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4897,8 +4893,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_83( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_171( - libcrux_ml_kem_vector_traits_to_unsigned_representative_91( + libcrux_ml_kem_vector_portable_compress_0d_ab1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_83( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4915,7 +4911,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_0e2( +libcrux_ml_kem_vector_portable_compress_compress_3a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4938,9 +4934,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_172( +libcrux_ml_kem_vector_portable_compress_0d_ab2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0e2(v); + return libcrux_ml_kem_vector_portable_compress_compress_3a2(v); } /** @@ -4950,7 +4946,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_af( +libcrux_ml_kem_serialize_compress_then_serialize_5_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4959,8 +4955,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_af( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_172( - libcrux_ml_kem_vector_traits_to_unsigned_representative_91( + libcrux_ml_kem_vector_portable_compress_0d_ab2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_83( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4979,9 +4975,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_35( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_83(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_eb(re, out); } /** @@ -5002,7 +4998,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5010,7 +5006,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5020,7 +5016,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_90( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_23( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5032,30 +5028,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_36( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_b8(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_41(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_21( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_f3( + libcrux_ml_kem_matrix_compute_ring_element_v_ac( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_0c( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_49( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_35( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5079,12 +5075,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_1f(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_69(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5092,7 +5088,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_1f(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a1(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_51(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5126,7 +5122,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_1f(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5142,7 +5138,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_bc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; @@ -5172,7 +5168,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_bb( +static inline void libcrux_ml_kem_ind_cca_decapsulate_32( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5190,7 +5186,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_bb( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b2(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5214,7 +5210,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_bb( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -5225,18 +5221,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_bb( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_1f(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_69(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0f( + libcrux_ml_kem_ind_cca_kdf_43_bc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0f(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_bc(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + libcrux_ml_kem_types_as_ref_ba_04(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5268,10 +5264,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_df( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_32(private_key, ciphertext, ret); } /** @@ -5284,7 +5280,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_df( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_df( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b4( private_key, ciphertext, ret); } @@ -5344,11 +5340,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ef( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_76( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5378,7 +5374,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -5390,11 +5386,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + libcrux_ml_kem_types_as_ref_ba_04(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5430,10 +5426,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_41( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_83(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ef(key_pair, ciphertext, ret); } @@ -5447,7 +5443,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_41( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_41( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a0( private_key, ciphertext, ret); } @@ -5461,7 +5457,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b3( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b2( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5501,11 +5497,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_b3( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_b2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5516,7 +5512,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_bd(public_key), + libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5531,20 +5527,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c8( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_1f(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_69(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0f(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_bc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5576,14 +5572,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_92( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_05( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c8(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_46(uu____0, copy_of_randomness); } /** @@ -5600,7 +5596,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_92( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_05( uu____0, copy_of_randomness); } @@ -5623,7 +5619,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_1b( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_29( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5651,7 +5647,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_1b( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_1b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5661,7 +5657,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_1b( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5694,7 +5690,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d2( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5702,7 +5698,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d2( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_1b( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_29( uu____0, copy_of_randomness); } @@ -5722,7 +5718,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d2( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( uu____0, copy_of_randomness); } @@ -5747,7 +5743,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_compute_As_plus_e_closure_54(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -5757,7 +5753,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_c8( +libcrux_ml_kem_vector_traits_to_standard_domain_2a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5775,7 +5771,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_7f( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5783,7 +5779,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_7f( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_c8( + libcrux_ml_kem_vector_traits_to_standard_domain_2a( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5799,14 +5795,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5828,12 +5824,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_7a(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_a2(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_7f( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_3a( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5854,7 +5850,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); @@ -5866,14 +5862,14 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a1(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_51(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5886,12 +5882,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ed(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_0f(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_e6(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; @@ -5938,14 +5934,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8e( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_91( + libcrux_ml_kem_vector_traits_to_unsigned_representative_83( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5964,7 +5960,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5982,7 +5978,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_2b( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8e(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_de(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5997,14 +5993,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_60( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_16( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_2b(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_cf(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6029,17 +6025,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_48(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_57(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_60( + libcrux_ml_kem_ind_cpa_serialize_public_key_16( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_2b(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_cf(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6064,7 +6060,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_42( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_24( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6120,7 +6116,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6129,13 +6125,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_48(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_57(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_42( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_24( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6144,13 +6140,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_15(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_92(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_52( - uu____2, libcrux_ml_kem_types_from_07_39(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_7d( + uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); } /** @@ -6166,12 +6162,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_a1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_3d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_15(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f5(copy_of_randomness); } /** @@ -6182,7 +6178,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_a1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_3d( copy_of_randomness); } @@ -6201,9 +6197,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_1f( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_a8( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_b2(); + return libcrux_ml_kem_polynomial_ZERO_ef_06(); } /** @@ -6221,10 +6217,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ec( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_62( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_b2(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); } } @@ -6240,7 +6236,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_8d_67( +libcrux_ml_kem_polynomial_clone_8d_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6268,7 +6264,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6277,7 +6273,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_d3( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6285,7 +6281,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_ec(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_62(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6293,7 +6289,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_8d_67(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_8d_49(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6305,7 +6301,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_60( + libcrux_ml_kem_ind_cpa_serialize_public_key_16( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6359,12 +6355,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_ed( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_01( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( copy_of_randomness); } @@ -6377,7 +6373,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_ed( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b1( copy_of_randomness); } @@ -6392,7 +6388,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_9a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6403,7 +6399,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_7b( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_28(ciphertext), + libcrux_ml_kem_types_as_slice_a8_3d(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6436,7 +6432,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_bb0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_320( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6454,7 +6450,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_bb0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b2(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6478,7 +6474,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_bb0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -6489,18 +6485,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_bb0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_1f(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_69(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_7b( + libcrux_ml_kem_ind_cca_kdf_6c_9a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_7b(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_9a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_32(ciphertext), + libcrux_ml_kem_types_as_ref_ba_04(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6536,10 +6532,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_bb0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_320(private_key, ciphertext, ret); } /** @@ -6552,7 +6548,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1e( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1e( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( private_key, ciphertext, ret); } @@ -6566,7 +6562,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_e3( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); } @@ -6590,11 +6586,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c80( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_460( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2d( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_e3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6605,7 +6601,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c80( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_bd(public_key), + libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6620,20 +6616,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c80( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_bd(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_1f(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_69(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_9a(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_7b(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_9a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6669,14 +6665,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_da( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c80(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_460(uu____0, copy_of_randomness); } /** @@ -6693,7 +6689,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_7e( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_da( uu____0, copy_of_randomness); } @@ -6705,16 +6701,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_78( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_38( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_94( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_60( + libcrux_ml_kem_ind_cpa_serialize_public_key_16( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6732,9 +6728,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_bf( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8a( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_78(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_38(public_key); } /** @@ -6745,7 +6741,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_bf( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_bf( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8a( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index f964dc08d..7b4070e42 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 03077e146..cee458a09 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e2a1da025c2d908adbab323bcea0078ba3bc1fb6 + * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index bcafbb1c6..a4e8f753d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -170,6 +170,8 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = #pop-options +#push-options "--admit_smt_queries true" + let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -189,11 +191,8 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Core.Num.impl__i16__wrapping_add (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i16) <: @@ -202,9 +201,9 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:Prims.unit = admit () (* Panic freedom *) in - result + lhs + +#pop-options let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in @@ -355,6 +354,8 @@ let montgomery_multiply_by_constant #pop-options +#push-options "--admit_smt_queries true" + let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -374,22 +375,16 @@ let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portab Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Core.Num.impl__i16__wrapping_mul (v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - c - <: - i16) + ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) *! c <: i16) <: t_Array i16 (sz 16) } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + v + +#pop-options let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -423,6 +418,8 @@ let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--admit_smt_queries true" + let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -442,11 +439,8 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Core.Num.impl__i16__wrapping_sub (lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i16) <: @@ -455,6 +449,6 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:Prims.unit = admit () (* Panic freedom *) in - result + lhs + +#pop-options diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 00e5bf81f..faffd995e 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -40,33 +40,33 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (+.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] = lhs.elements[i].wrapping_add(rhs.elements[i]); + lhs.elements[i] = lhs.elements[i] + rhs.elements[i]; } lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map2 (-.) (${lhs}.f_elements) (${rhs}.f_elements)"))] pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { - lhs.elements[i] = lhs.elements[i].wrapping_sub(rhs.elements[i]); + lhs.elements[i] = lhs.elements[i] - rhs.elements[i]; } lhs } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> x *. c) (${v}.f_elements)"))] pub fn multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = v.elements[i].wrapping_mul(c); + v.elements[i] = v.elements[i] * c; } v From 9799c05aa1580f8571551802a5d80ce604c2f4fb Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 15:33:31 +0000 Subject: [PATCH 235/348] workflow fix --- .github/workflows/c-bench.yml.disabled | 55 +++++++++ .github/workflows/c.yml | 55 +-------- .github/workflows/checks.yml | 1 + .github/workflows/ecdh.yml | 1 + .github/workflows/hax.yml | 7 +- .github/workflows/kem.yml | 1 + .github/workflows/mldsa.yml | 7 ++ .github/workflows/mlkem-bench.yml.disabled | 105 ++++++++++++++++++ .github/workflows/mlkem.yml | 101 +---------------- .github/workflows/nix.yml | 1 + .github/workflows/platform.yml | 1 + .github/workflows/rust-bench.yml.disabled | 98 ++++++++++++++++ .github/workflows/rust.yml | 89 +-------------- .../skip-benches-in-prs.yml.disabled | 33 ++++++ .github/workflows/specs.yml | 1 + .github/workflows/stale.yml | 22 ++++ libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 52 files changed, 378 insertions(+), 274 deletions(-) create mode 100644 .github/workflows/c-bench.yml.disabled create mode 100644 .github/workflows/mlkem-bench.yml.disabled create mode 100644 .github/workflows/rust-bench.yml.disabled create mode 100644 .github/workflows/skip-benches-in-prs.yml.disabled create mode 100644 .github/workflows/stale.yml diff --git a/.github/workflows/c-bench.yml.disabled b/.github/workflows/c-bench.yml.disabled new file mode 100644 index 000000000..04d03d819 --- /dev/null +++ b/.github/workflows/c-bench.yml.disabled @@ -0,0 +1,55 @@ +name: Benchmark C + +on: + workflow_dispatch: + merge_group: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: false + matrix: + os: + - macos-latest + - ubuntu-latest + # - windows-latest # currently runs forever, needs to be investigated before adding again! + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - name: 🔨 Build libcrux-ml-kem/c + working-directory: libcrux-ml-kem/c + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release + + # FIXME: Benchmarks on Windows CI are not working right now. + # - name: 🏃🏻‍♀️ Benchmark + # working-directory: libcrux-ml-kem/c + # run: ./build/Release/ml_kem_bench + # if: ${{ matrix.os == 'windows-latest' }} + + - name: 🏃🏻‍♀️ Benchmark (libcrux-ml-kem/c) + working-directory: libcrux-ml-kem/c + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} + + - name: 🔨 Build libcrux-ml-kem/cg + working-directory: libcrux-ml-kem/cg + run: | + cmake -B build -DCMAKE_BUILD_TYPE=Release + cmake --build build --config Release + + - name: 🏃🏻‍♀️ Benchmark libcrux-ml-kem/cg + working-directory: libcrux-ml-kem/cg + run: ./build/ml_kem_bench + if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} diff --git a/.github/workflows/c.yml b/.github/workflows/c.yml index c734bf0de..c3535185b 100644 --- a/.github/workflows/c.yml +++ b/.github/workflows/c.yml @@ -14,7 +14,6 @@ concurrency: jobs: extract: - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest container: franziskus/libcrux-c:latest defaults: @@ -33,10 +32,10 @@ jobs: with: name: c-extraction path: libcrux-ml-kem/c + include-hidden-files: true if-no-files-found: error extract-header-only: - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest container: franziskus/libcrux-c:latest defaults: @@ -55,11 +54,11 @@ jobs: with: name: header-only-c-extraction path: libcrux-ml-kem/cg/ + include-hidden-files: true if-no-files-found: error diff: needs: [extract] - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest defaults: run: @@ -80,7 +79,6 @@ jobs: diff-header-only: needs: [extract-header-only] - if: ${{ github.event_name != 'merge_group' }} runs-on: ubuntu-latest defaults: run: @@ -101,7 +99,6 @@ jobs: build: needs: [extract] - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -141,7 +138,6 @@ jobs: build-header-only: needs: [extract-header-only] - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -174,50 +170,3 @@ jobs: - name: 🏃🏻‍♀️ Test run: ./build/ml_kem_test if: ${{ matrix.os != 'windows-latest' }} - - benchmark: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: false - matrix: - os: - - macos-latest - - ubuntu-latest - - windows-latest - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem/c - - steps: - - uses: actions/checkout@v4 - - - name: 🔨 Build Release - run: | - cmake -B build -DCMAKE_BUILD_TYPE=Release - cmake --build build --config Release - - # FIXME: Benchmarks on Windows CI are not working right now. - # - name: 🏃🏻‍♀️ Benchmark - # run: ./build/Release/ml_kem_bench - # if: ${{ matrix.os == 'windows-latest' }} - - - name: 🏃🏻‍♀️ Benchmark (c) - run: ./build/ml_kem_bench - if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - - name: 🏃🏻‍♀️ Benchmark (cg) - working-directory: libcrux-ml-kem/cg - run: ./build/ml_kem_bench - if: ${{ matrix.os != 'windows-latest' && (github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch') }} - - mq_status: - if: | - always() && - (github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') - needs: [benchmark] - uses: cryspen/actions/.github/workflows/merge-queue-status.yml@jonas/merge-queue-status - with: - needs_json: "${{toJSON(needs)}}" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 5fab6fabd..0438fb798 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/ecdh.yml b/.github/workflows/ecdh.yml index feee99cfa..438386e60 100644 --- a/.github/workflows/ecdh.yml +++ b/.github/workflows/ecdh.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index bac3854d5..39c5c4267 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -11,6 +11,7 @@ on: - cron: "0 0 * * *" workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always @@ -29,7 +30,7 @@ jobs: - uses: DeterminateSystems/magic-nix-cache-action@main - name: ⤵ Install FStar - run: nix profile install github:FStarLang/FStar/v2024.01.13 + run: nix profile install github:FStarLang/FStar/v2024.09.05 - name: ⤵ Clone HACL-star repository uses: actions/checkout@v4 @@ -64,3 +65,7 @@ jobs: HAX_HOME=${{ github.workspace }}/hax \ PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ ./hax.py prove --admit + + - name: 🏃 Extract ML-DSA crate + working-directory: libcrux-ml-dsa + run: cargo hax into fstar diff --git a/.github/workflows/kem.yml b/.github/workflows/kem.yml index ca3c7f23f..d4ada3cdf 100644 --- a/.github/workflows/kem.yml +++ b/.github/workflows/kem.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/mldsa.yml b/.github/workflows/mldsa.yml index 8c46feafd..40be6f8c0 100644 --- a/.github/workflows/mldsa.yml +++ b/.github/workflows/mldsa.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always @@ -97,3 +98,9 @@ jobs: run: | cargo clean cargo test --verbose --release $RUST_TARGET_FLAG + + # Benchmarks + - name: 🔨 Build Benchmarks + run: | + cargo clean + cargo bench --no-run diff --git a/.github/workflows/mlkem-bench.yml.disabled b/.github/workflows/mlkem-bench.yml.disabled new file mode 100644 index 000000000..5f049aaca --- /dev/null +++ b/.github/workflows/mlkem-bench.yml.disabled @@ -0,0 +1,105 @@ +name: Benchmark ML-KEM + +on: + workflow_dispatch: + merge_group: + +env: + CARGO_TERM_COLOR: always + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-kem + + steps: + - uses: actions/checkout@v4 + + - name: Update dependencies + run: cargo update + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: 🛠️ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: 🛠️ Setup Ubuntu x64 + if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add aarch64-unknown-linux-gnu + + - name: 🛠️ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: 🛠️ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: 🛠️ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # - name: 🔨 Build + # run: cargo build --benches + + # - name: ⬆ Upload build + # uses: ./.github/actions/upload_artifacts + # with: + # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} + + # Benchmarks ... + + - name: 🏃🏻‍♀️ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt + + - name: 🏃🏻‍♀️ Benchmarks Portable + run: | + cargo clean + LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | sed 's/^test \(.*\) \.\.\. bench/test portable \1 ... bench/' | tee -a bench.txt + - name: Clear Cargo.lock so it doesn't interfere with git + run: git checkout Cargo.lock + - name: Store benchmarks + uses: benchmark-action/github-action-benchmark@v1 + with: + name: ML-KEM Benchmark + tool: 'cargo' + output-file-path: libcrux-ml-kem/bench.txt + benchmark-data-dir-path: dev/bench/mlkem + github-token: ${{ secrets.GITHUB_TOKEN }} + auto-push: true + + + diff --git a/.github/workflows/mlkem.yml b/.github/workflows/mlkem.yml index 67376a6c2..575339c5d 100644 --- a/.github/workflows/mlkem.yml +++ b/.github/workflows/mlkem.yml @@ -17,7 +17,6 @@ concurrency: jobs: build: - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -88,6 +87,11 @@ jobs: rustc --print=cfg cargo build --verbose $RUST_TARGET_FLAG --features pre-verification + - name: 🔨 Build unpacked + run: | + rustc --print=cfg + cargo build --verbose $RUST_TARGET_FLAG --features pre-verification,unpacked + - name: 🔨 Build Release run: cargo build --verbose --release $RUST_TARGET_FLAG --features pre-verification @@ -156,7 +160,7 @@ jobs: - name: 🏃🏻‍♀️ Test Kyber run: | cargo clean - cargo test --features kyber --verbose $RUST_TARGET_FLAG + cargo test --features pre-verification,kyber --verbose $RUST_TARGET_FLAG - name: 🏃🏻‍♀️ Cargo Check Features if: ${{ matrix.bits == 64 }} @@ -169,96 +173,3 @@ jobs: run: | cargo clean cargo hack test --each-feature $EXCLUDE_FEATURES --verbose $RUST_TARGET_FLAG - - benchmarks: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-13 - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - - bits: 32 - os: "macos-13" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem - - steps: - - uses: actions/checkout@v4 - - - name: Update dependencies - run: cargo update - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: 🛠️ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: 🛠️ Setup Ubuntu x64 - if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add aarch64-unknown-linux-gnu - - - name: 🛠️ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: 🛠️ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: 🛠️ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # - name: 🔨 Build - # run: cargo build --benches - - # - name: ⬆ Upload build - # uses: ./.github/actions/upload_artifacts - # with: - # name: benchmarks_${{ matrix.os }}_${{ matrix.bits }} - - # Benchmarks ... - - - name: 🏃🏻‍♀️ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG - - - name: 🏃🏻‍♀️ Benchmarks Portable - run: | - cargo clean - LIBCRUX_DISABLE_SIMD128=1 LIBCRUX_DISABLE_SIMD256=1 cargo bench --verbose $RUST_TARGET_FLAG - - mq_status: - if: | - always() && - github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' - needs: [benchmarks] - runs-on: ubuntu-latest - steps: - - name: Successful - if: ${{ !(contains(needs.*.result, 'failure')) }} - run: exit 0 - - name: Failing - if: ${{ contains(needs.*.result, 'failure') }} - run: exit 1 diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index aa893300c..f852b95a3 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -4,6 +4,7 @@ on: push: branches: [main, dev] pull_request: + merge_group: jobs: nix: diff --git a/.github/workflows/platform.yml b/.github/workflows/platform.yml index 3415ee2f3..074dea37d 100644 --- a/.github/workflows/platform.yml +++ b/.github/workflows/platform.yml @@ -6,6 +6,7 @@ on: pull_request: branches: ["main", "dev", "*"] workflow_dispatch: + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/rust-bench.yml.disabled b/.github/workflows/rust-bench.yml.disabled new file mode 100644 index 000000000..3258ab0c3 --- /dev/null +++ b/.github/workflows/rust-bench.yml.disabled @@ -0,0 +1,98 @@ +name: Benchmark + +on: + workflow_dispatch: + merge_group: + +env: + CARGO_TERM_COLOR: always + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + benchmark: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + # FIXME: Linking isn't working here yet for hacl #42 + - bits: 32 + os: "windows-latest" + + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + + steps: + - uses: actions/checkout@v4 + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: ⚙️ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: ⚙️ Setup Ubuntu x64 + if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add aarch64-unknown-linux-gnu + + - name: ⚙️ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: 🛠️ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: 🛠️ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # Set up windows + + - name: ⚙️ Setup Windows x86 + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x86-windows-static-md + + - name: ⚙️ Setup Windows x64 + if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} + shell: pwsh + run: | + echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append + vcpkg install openssl:x64-windows-static-md + + # Benchmarks ... + + - name: 🏃🏻‍♀️ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks -- --output-format bencher | tee bench.txt + - name: Store Benchmarks + uses: benchmark-action/github-action-benchmark@v1 + with: + name: Rust Benchmark + tool: 'cargo' + output-file-path: bench.txt + github-token: ${{ secrets.GITHUB_TOKEN }} + auto-push: true diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index 7b4324a5c..c09f98d06 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -17,7 +17,6 @@ concurrency: jobs: build: - if: ${{ github.event_name != 'merge_group' }} strategy: fail-fast: false matrix: @@ -123,7 +122,7 @@ jobs: run: cargo build --verbose $RUST_TARGET_FLAG wasm: - if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} + if: false #${{ github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' }} runs-on: ubuntu-latest steps: @@ -141,90 +140,4 @@ jobs: - name: 🏃🏻‍♀️ Test run: CC=emcc AR=emar wasm-pack test --node --features wasm - benchmarks: - if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - # FIXME: Linking isn't working here yet for hacl #42 - - bits: 32 - os: "windows-latest" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - - steps: - - uses: actions/checkout@v4 - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: ⚙️ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: ⚙️ Setup Ubuntu x64 - if: ${{ matrix.bits == 64 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add aarch64-unknown-linux-gnu - - - name: ⚙️ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: 🛠️ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: 🛠️ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # Set up windows - - - name: ⚙️ Setup Windows x86 - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - shell: pwsh - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x86-windows-static-md - - - name: ⚙️ Setup Windows x64 - if: ${{ matrix.bits == 64 && matrix.os == 'windows-latest' }} - shell: pwsh - run: | - echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - vcpkg install openssl:x64-windows-static-md - - # Benchmarks ... - - - name: 🏃🏻‍♀️ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG -p benchmarks - - mq_status: - if: | - always() && - (github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group') - needs: [benchmarks] - uses: cryspen/actions/.github/workflows/merge-queue-status.yml@jonas/merge-queue-status - with: - needs_json: "${{toJSON(needs)}}" diff --git a/.github/workflows/skip-benches-in-prs.yml.disabled b/.github/workflows/skip-benches-in-prs.yml.disabled new file mode 100644 index 000000000..27d9cb4bc --- /dev/null +++ b/.github/workflows/skip-benches-in-prs.yml.disabled @@ -0,0 +1,33 @@ +name: Skip Benchmarks in PRs + +on: [ pull_request ] + +jobs: + benchmark: + strategy: + fail-fast: false + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + runs-on: ${{ matrix.os }} + steps: + - run: true + + benchmark_without_bits: + strategy: + fail-fast: false + matrix: + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + runs-on: ${{ matrix.os }} + name: "benchmark (${{ matrix.os }})" + steps: + - run: true + diff --git a/.github/workflows/specs.yml b/.github/workflows/specs.yml index 83a79e802..383d45cdf 100644 --- a/.github/workflows/specs.yml +++ b/.github/workflows/specs.yml @@ -5,6 +5,7 @@ on: branches: [ "main", "dev" ] pull_request: branches: [ "main", "dev" ] + merge_group: env: CARGO_TERM_COLOR: always diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 000000000..c7347c48f --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,22 @@ +name: 'Triage stale issues and PRs' +on: + schedule: + - cron: '00 1 * * *' + workflow_dispatch: + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9 + with: + stale-issue-message: "This issue has been marked as stale due to a lack of activity for 60 days. If you believe this issue is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days." + stale-pr-message: "This PR has been marked as stale due to a lack of activity for 60 days. If you believe this pull request is still relevant, please provide an update or comment to keep it open. Otherwise, it will be closed in 7 days." + stale-issue-label: 'stale' + exempt-issue-labels: 'keep-open' + stale-pr-label: 'stale' + exempt-pr-labels: 'keep-open' + days-before-stale: 60 + days-before-close: 7 + close-issue-message: "This issue has been closed due to a lack of activity since being marked as stale. If you believe this issue is still relevant, please reopen it with an update or comment." + close-pr-message: "This PR has been closed due to a lack of activity since being marked as stale. If you believe this pull request is still relevant, please reopen it with an update or comment." diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 2af7c36be..d4398bbc2 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_d9 ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] + - [libcrux_sha3, generic_keccak, absorb_final_7f ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ] api: - [libcrux_sha3, avx2, "*"] private: diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 07d54243f..ecc7d6667 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 +Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 3cf980a85..31128e60b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index e2616ccfa..defb09030 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 70b8a1a9d..bfb284c42 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e86ffdc72..44146a67b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2192214d9..cf15c2f12 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 92e8efc3d..4f7ed0312 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ca862cd50..a2f570d07 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 266f27048..cf67cfd10 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index d3071148f..14bd73348 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 99d485fb6..551d5c38c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index bcab81171..6a95eed50 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8e22c3d5d..a1a833cdd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e8b148130..c08b0a073 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 24b8cbb78..07beba7a0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index ebb77c78d..3d5c19ac4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index a9d8bdd5b..257e54970 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 68b9a9289..8e19a7096 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 04bd7b678..5d88ecad3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 9fea406f2..f41844bf0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index c5f26da90..d75e0ea67 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 025f8ce29..a30a07999 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0f85d67e7..566c75fd5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index cf7880b9e..2a1e009b5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 4abab0b28..e4b297fd1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index e4be4972a..e1c4a11d2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 07813d7b3..42975ea48 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2fb88d9e3..0c340e9bb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 80e821494..bade38e3f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3a8fbdd1b..89b7a0e05 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index f2c3c8065..13811fe88 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index dbbd0d9d3..f842deaa6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index aa2a775f1..f362a628c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index b34198b5a..e0e4bc5dd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 81f827502..17b14ba18 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 */ #ifndef __libcrux_sha3_neon_H From 26dc5e55976e7d105d2ac21c138276d6ed771121 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 15:43:08 +0000 Subject: [PATCH 236/348] hax lib --- Cargo.lock | 132 ++++++++++++++++++++++++-------------- Cargo.toml | 10 +-- libcrux-ml-kem/Cargo.toml | 27 +++++--- 3 files changed, 108 insertions(+), 61 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index daf0b8c91..aa70740ef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.77", + "syn 2.0.76", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.18" +version = "1.1.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" +checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.17" +version = "4.5.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" +checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.17" +version = "4.5.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" +checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" dependencies = [ "anstream", "anstyle", @@ -319,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] @@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.14" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" +checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" dependencies = [ "libc", ] @@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] @@ -702,9 +702,19 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" +source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ - "hax-lib-macros", + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" +dependencies = [ + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "num-bigint", "num-traits", ] @@ -712,20 +722,45 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" +source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ - "hax-lib-macros-types", + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", +] + +[[package]] +name = "hax-lib-macros" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" +dependencies = [ + "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "paste", + "proc-macro-error", + "proc-macro2", + "quote", + "syn 2.0.76", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.1.0-pre.1" +source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" +source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ "proc-macro2", "quote", @@ -899,6 +934,8 @@ version = "0.0.2-alpha.3" dependencies = [ "clap", "getrandom", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", + "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", "libcrux", "libcrux-ecdh", @@ -971,9 +1008,6 @@ dependencies = [ [[package]] name = "libcrux-intrinsics" version = "0.0.2-alpha.3" -dependencies = [ - "hax-lib", -] [[package]] name = "libcrux-kem" @@ -994,6 +1028,7 @@ dependencies = [ "criterion", "hex", "libcrux-intrinsics", + "libcrux-platform", "libcrux-sha3", "pqcrypto-dilithium", "rand", @@ -1006,13 +1041,12 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "hex", "libcrux-intrinsics", "libcrux-platform", "libcrux-sha3", "rand", - "rand_core", "serde", "serde_json", ] @@ -1053,7 +1087,7 @@ version = "0.0.2-alpha.3" dependencies = [ "cavp", "criterion", - "hax-lib", + "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1205,7 +1239,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] @@ -1265,9 +1299,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.7" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" +checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" dependencies = [ "num-traits", "plotters-backend", @@ -1278,15 +1312,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.7" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" +checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" [[package]] name = "plotters-svg" -version = "0.3.7" +version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" +checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" dependencies = [ "plotters-backend", ] @@ -1372,7 +1406,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] @@ -1569,9 +1603,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.37" +version = "0.38.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" +checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" dependencies = [ "bitflags", "errno", @@ -1623,29 +1657,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.210" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" +checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.210" +version = "1.0.209" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" +checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] name = "serde_json" -version = "1.0.128" +version = "1.0.127" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" +checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" dependencies = [ "itoa", "memchr", @@ -1737,9 +1771,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.77" +version = "2.0.76" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" +checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" dependencies = [ "proc-macro2", "quote", @@ -1773,9 +1807,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.13" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "universal-hash" @@ -1858,7 +1892,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", "wasm-bindgen-shared", ] @@ -1892,7 +1926,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1926,7 +1960,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] @@ -2084,7 +2118,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] [[package]] @@ -2104,5 +2138,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.77", + "syn 2.0.76", ] diff --git a/Cargo.toml b/Cargo.toml index 5ecbea800..3bd1be7a9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -56,6 +56,7 @@ exclude = [ [lib] crate-type = ["staticlib", "cdylib", "lib"] +bench = false # so libtest doesn't eat the arguments for criterion [build-dependencies] libcrux-platform = { version = "=0.0.2-alpha.3", path = "sys/platform" } @@ -72,12 +73,13 @@ rand = { version = "0.8" } log = { version = "0.4", optional = true } # WASM API wasm-bindgen = { version = "0.2.87", optional = true } +getrandom = { version = "0.2", features = ["js"], optional = true } # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. -# [target.'cfg(hax)'.workspace.dependencies] -[workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +[target.'cfg(hax)'.dependencies] +hax-lib-macros = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } @@ -98,7 +100,7 @@ getrandom = { version = "0.2", features = ["js"] } [features] hacspec = [] # TODO: #7 Use specs instead of efficient implementations rand = [] -wasm = ["wasm-bindgen"] +wasm = ["wasm-bindgen", "getrandom"] log = ["dep:log"] tests = [] # Expose functions for testing. experimental = [] # Expose experimental APIs. diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 1e5bf3333..2ee10dd28 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -18,37 +18,48 @@ exclude = [ "/hax.py", ] +[lib] +bench = false # so libtest doesn't eat the arguments to criterion + [dependencies] -rand_core = { version = "0.6" } +rand = { version = "0.8", optional = true } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } -# This is only required for verification, but we are setting it as default until some hax attributes are fixed -# [target.'cfg(hax)'.dependencies] -hax-lib.workspace = true +# This is only required for verification. +# The hax config is set by the hax toolchain. +#[target.'cfg(hax)'.dependencies] +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [features] # By default all variants and std are enabled. -default = ["std", "mlkem512", "mlkem768", "mlkem1024"] +default = ["std", "mlkem512", "mlkem768", "mlkem1024", "rand"] # Hardware features can be force enabled. # It is not recommended to use these. This crate performs CPU feature detection # and enables the features when they are available. -simd128 = ["libcrux-sha3/simd128","libcrux-intrinsics/simd128"] -simd256 = ["libcrux-sha3/simd256","libcrux-intrinsics/simd256"] +simd128 = ["libcrux-sha3/simd128", "libcrux-intrinsics/simd128"] +simd256 = ["libcrux-sha3/simd256", "libcrux-intrinsics/simd256"] # Features for the different key sizes of ML-KEM mlkem512 = [] mlkem768 = [] mlkem1024 = [] +# Enable the unpacked API +unpacked = [] + # Enable Round 3 Kyber in addition to ML-KEM kyber = [] # Code that is not yet verified pre-verification = [] +# APIs that sample their own randomness +rand = ["dep:rand"] + +# std support std = [] [dev-dependencies] @@ -75,7 +86,7 @@ name = "keygen" required-features = ["mlkem768"] [package.metadata."docs.rs"] -features = ["pre-verification", "kyber"] +features = ["pre-verification", "kyber", "unpacked"] rustdoc-args = ["--cfg", "doc_cfg"] [lints.rust] From b6d5636d2e0360c677245bdb0f7022e91d463bbc Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 15:53:37 +0000 Subject: [PATCH 237/348] cargo fix --- Cargo.lock | 49 ++++++--------------------------------- Cargo.toml | 7 +++--- libcrux-ml-kem/Cargo.toml | 5 +--- 3 files changed, 12 insertions(+), 49 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index aa70740ef..66e4245cb 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -704,17 +704,7 @@ name = "hax-lib" version = "0.1.0-pre.1" source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" -dependencies = [ - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros", "num-bigint", "num-traits", ] @@ -724,20 +714,7 @@ name = "hax-lib-macros" version = "0.1.0-pre.1" source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "paste", - "proc-macro-error", - "proc-macro2", - "quote", - "syn 2.0.76", -] - -[[package]] -name = "hax-lib-macros" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" -dependencies = [ - "hax-lib-macros-types 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", @@ -757,18 +734,6 @@ dependencies = [ "uuid", ] -[[package]] -name = "hax-lib-macros-types" -version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/#503591c020c485c283f7a40d0c139029ac7ceca5" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - [[package]] name = "heck" version = "0.5.0" @@ -934,8 +899,6 @@ version = "0.0.2-alpha.3" dependencies = [ "clap", "getrandom", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", - "hax-lib-macros 0.1.0-pre.1 (git+https://github.com/hacspec/hax/?branch=main)", "hex", "libcrux", "libcrux-ecdh", @@ -1008,6 +971,9 @@ dependencies = [ [[package]] name = "libcrux-intrinsics" version = "0.0.2-alpha.3" +dependencies = [ + "hax-lib", +] [[package]] name = "libcrux-kem" @@ -1028,7 +994,6 @@ dependencies = [ "criterion", "hex", "libcrux-intrinsics", - "libcrux-platform", "libcrux-sha3", "pqcrypto-dilithium", "rand", @@ -1041,7 +1006,7 @@ name = "libcrux-ml-kem" version = "0.0.2-alpha.3" dependencies = [ "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib", "hex", "libcrux-intrinsics", "libcrux-platform", @@ -1087,7 +1052,7 @@ version = "0.0.2-alpha.3" dependencies = [ "cavp", "criterion", - "hax-lib 0.1.0-pre.1 (git+https://github.com/hacspec/hax/)", + "hax-lib", "hex", "libcrux-intrinsics", "libcrux-platform", diff --git a/Cargo.toml b/Cargo.toml index 3bd1be7a9..1b8317ec1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,9 +77,10 @@ getrandom = { version = "0.2", features = ["js"], optional = true } # When using the hax toolchain, we have more dependencies. # This is only required when doing proofs. -[target.'cfg(hax)'.dependencies] -hax-lib-macros = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax", branch = "main" } -hax-lib = { version = "0.1.0-alpha.1", git = "https://github.com/hacspec/hax/", branch = "main" } +#[target.'cfg(hax)'.dependencies] +[workspace.dependencies] +hax-lib-macros = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index 2ee10dd28..a9b016464 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -27,10 +27,7 @@ libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } -# This is only required for verification. -# The hax config is set by the hax toolchain. -#[target.'cfg(hax)'.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib.workspace = true [features] # By default all variants and std are enabled. From 89225f577ecb51f695fb96b22bcdb0261a171948 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 16:03:25 +0000 Subject: [PATCH 238/348] lock --- Cargo.lock | 82 +++++++++++++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 41 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 66e4245cb..106b3fb56 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -143,7 +143,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.76", + "syn 2.0.77", "which", ] @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.15" +version = "1.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.16" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" +checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" dependencies = [ "anstream", "anstyle", @@ -319,7 +319,7 @@ dependencies = [ "heck", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -483,7 +483,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,20 +712,20 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros-types", "paste", "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#503591c020c485c283f7a40d0c139029ac7ceca5" +source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "proc-macro2", "quote", @@ -1204,7 +1204,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1264,9 +1264,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" dependencies = [ "num-traits", "plotters-backend", @@ -1277,15 +1277,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" [[package]] name = "plotters-svg" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" dependencies = [ "plotters-backend", ] @@ -1371,7 +1371,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "479cf940fbbb3426c32c5d5176f62ad57549a0bb84773423ba8be9d089f5faba" dependencies = [ "proc-macro2", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -1568,9 +1568,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.35" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags", "errno", @@ -1622,29 +1622,29 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] name = "serde_json" -version = "1.0.127" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", @@ -1736,9 +1736,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.76" +version = "2.0.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "578e081a14e0cefc3279b0472138c513f37b41a08d5a3cca9b6e4e8ceb6cd525" +checksum = "9f35bcdf61fd8e7be6caf75f429fdca8beb3ed76584befb503b1569faee373ed" dependencies = [ "proc-macro2", "quote", @@ -1772,9 +1772,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" @@ -1857,7 +1857,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", "wasm-bindgen-shared", ] @@ -1891,7 +1891,7 @@ checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -1925,7 +1925,7 @@ checksum = "4b8220be1fa9e4c889b30fd207d4906657e7e90b12e0e6b0c8b8d8709f5de021" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -2083,7 +2083,7 @@ checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] [[package]] @@ -2103,5 +2103,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.76", + "syn 2.0.77", ] From 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 16:09:31 +0000 Subject: [PATCH 239/348] c code refresh --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 42 insertions(+), 42 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index ecc7d6667..93a0923cf 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 +Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 31128e60b..c180558eb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index defb09030..3d7af5a54 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index bfb284c42..c1c647f4e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 44146a67b..765c80b27 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index cf15c2f12..1b530794e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 4f7ed0312..8ee623788 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a2f570d07..a58e76b3f 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index cf67cfd10..53ebfae59 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 14bd73348..9f4d79caa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 551d5c38c..a16855080 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 6a95eed50..992f18ff4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index a1a833cdd..0e4f85162 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index c08b0a073..ea1709b99 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 07beba7a0..d8afe8d8d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 3d5c19ac4..29a7453fd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 257e54970..074e4b21c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 8e19a7096..5de6111ce 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 5d88ecad3..a719de284 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index f41844bf0..764e95774 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index d75e0ea67..cf91bbcb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index a30a07999..92d8548a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 566c75fd5..476b09f42 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 2a1e009b5..89fe69655 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index e4b297fd1..5332e088e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index e1c4a11d2..2bff2b395 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 42975ea48..97b0a413e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 0c340e9bb..d59427a36 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index bade38e3f..3b9fc2fea 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 89b7a0e05..93b4c48a6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 13811fe88..d706fa961 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index f842deaa6..7ade13f25 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index f362a628c..b8f2f2e9f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e0e4bc5dd..222c04e97 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 17b14ba18..c7af03401 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 3782ca77d1d5160b47dcb7062797cafef85be327 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 07d54243f..93a0923cf 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 +Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 8c8e27df1..bf594adf8 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 02a711994..6397fdd49 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 44d0526b7..119460f12 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index d68759323..d22567a17 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 7b4070e42..4a4e9f18f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index cee458a09..7f52dbe63 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 5cb76a308d9917075a99825e1881852009a4a910 + * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 */ #ifndef __libcrux_sha3_portable_H From ae845b0d7390b4eb49ec894581eb502359f87833 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 16:24:37 +0000 Subject: [PATCH 240/348] retry with pinned eurydice --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 18 - libcrux-ml-kem/c/internal/libcrux_core.h | 43 ++- .../c/internal/libcrux_mlkem_avx2.h | 8 +- .../c/internal/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 12 +- libcrux-ml-kem/c/libcrux_core.c | 50 ++- libcrux-ml-kem/c/libcrux_core.h | 15 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 314 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 308 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 48 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 50 ++- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 192 +++++------ libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 186 +++++------ libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 20 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 52 +-- 43 files changed, 740 insertions(+), 820 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 93a0923cf..89db3d0d4 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 +Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index ad026b9e1..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,13 +18,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) -#define EURYDICE_ASSERT(test, msg) \ - do { \ - if (!(test)) { \ - fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ - __FILE__, __LINE__); \ - } \ - } while (0) // SLICES, ARRAYS, ETC. @@ -137,10 +130,6 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } -static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { - store32_le(dst, src); -} - static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -148,7 +137,6 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -200,9 +188,6 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } -static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { - return x < y ? x : y; -} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -225,9 +210,6 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next - // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index c180558eb..94d68cfbd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __internal_libcrux_core_H @@ -320,15 +320,14 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -389,15 +388,14 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -413,15 +411,14 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -437,15 +434,14 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -461,15 +457,14 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 3d7af5a54..687cfdfa3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index c1c647f4e..3e9e4d774 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 765c80b27..884a44866 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 1b530794e..46e71b8fe 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_89_ba(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_89_ba(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8ee623788..8b20fc6cc 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "internal/libcrux_core.h" @@ -433,15 +433,14 @@ void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -525,15 +524,14 @@ void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -546,15 +544,14 @@ void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -567,15 +564,14 @@ void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -588,15 +584,14 @@ void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -609,15 +604,14 @@ void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a58e76b3f..e1d0a1170 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_core_H @@ -222,15 +222,14 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 53ebfae59..bfa8ff43b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 9f4d79caa..49ae673ad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index a16855080..ca544ec33 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 992f18ff4..696e695b6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 0e4f85162..c8aff7218 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index ea1709b99..2a7edbb01 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d8afe8d8d..3a9bac1b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 29a7453fd..43e502da7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 074e4b21c..0dc59e798 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 5de6111ce..45ddbd3e1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index a719de284..4e75c69d1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 764e95774..8b7067f11 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index cf91bbcb9..10cae90d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 92d8548a3..15358d0f7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 476b09f42..ba6839b7f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 89fe69655..ba0261813 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "internal/libcrux_mlkem_avx2.h" @@ -599,7 +599,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, ret0); + core_result_unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -690,7 +690,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_26_07(dst, ret0); + core_result_unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -793,7 +793,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_26_ea(dst, ret0); + core_result_unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -920,7 +920,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_26_76(dst, ret0); + core_result_unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1027,16 +1027,15 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_db(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_db(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1065,7 +1064,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_17(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1089,7 +1088,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_db();); + deserialized_pk[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1286,7 +1285,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_db();); + ret[i] = ZERO_20_db();); } /** @@ -1577,18 +1576,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_514( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_ef_ce(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); +from_i16_array_20_ce(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1607,7 +1605,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d61( int16_t s[272U]) { - return from_i16_array_ef_ce( + return from_i16_array_20_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1813,7 +1811,7 @@ sample_from_binomial_distribution_2_65(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_ce( + return from_i16_array_20_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1857,7 +1855,7 @@ sample_from_binomial_distribution_3_c5(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_ce( + return from_i16_array_20_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2012,16 +2010,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_7f( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_52( +static KRML_MUSTINLINE void poly_barrett_reduce_20_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2047,7 +2044,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cc( ntt_at_layer_3_d2(&zeta_i, re); ntt_at_layer_2_0a(&zeta_i, re); ntt_at_layer_1_7f(&zeta_i, re); - poly_barrett_reduce_ef_52(re); + poly_barrett_reduce_20_52(re); } /** @@ -2062,7 +2059,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3e1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_db();); + re_as_ntt[i] = ZERO_20_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2095,19 +2092,18 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3e1( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_ef_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2130,16 +2126,15 @@ ntt_multiply_ef_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_331( +static KRML_MUSTINLINE void add_to_ring_element_20_331( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2166,16 +2161,15 @@ static __m256i to_standard_domain_03(__m256i v) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f( +static KRML_MUSTINLINE void add_standard_error_reduce_20_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2202,7 +2196,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_db();); + result0[i] = ZERO_20_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2223,10 +2217,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_331(&result0[i1], &product); + ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_331(&result0[i1], &product); } - add_standard_error_reduce_ef_0f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_0f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2283,7 +2277,7 @@ static tuple_9b0 generate_keypair_unpacked_dc1( uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -2334,21 +2328,20 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_4a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_db();); + ret[i] = ZERO_20_db();); } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_8d_eb( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2405,7 +2398,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_8d_eb(&ind_cpa_public_key.A[j][i1]); + clone_3a_eb(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2427,7 +2420,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -2597,7 +2590,7 @@ static KRML_MUSTINLINE tuple_b00 sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_db();); + error_1[i] = ZERO_20_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2782,21 +2775,20 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_491( invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_52(re); + poly_barrett_reduce_20_52(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_8a( +static KRML_MUSTINLINE void add_error_reduce_20_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2824,7 +2816,7 @@ static KRML_MUSTINLINE void compute_vector_u_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_db();); + result0[i] = ZERO_20_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2844,11 +2836,11 @@ static KRML_MUSTINLINE void compute_vector_u_c81( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_331(&result0[i1], &product); + ntt_multiply_20_48(a_element, &r_as_ntt[j]); + add_to_ring_element_20_331(&result0[i1], &product); } invert_ntt_montgomery_491(&result0[i1]); - add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); + add_error_reduce_20_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2880,7 +2872,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_message_f9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2894,17 +2886,16 @@ deserialize_then_decompress_message_f9(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_ef_76( +add_message_error_reduce_20_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2936,13 +2927,13 @@ compute_ring_element_v_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_331(&result, &product);); + ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_331(&result, &product);); invert_ntt_montgomery_491(&result); - result = add_message_error_reduce_ef_76(error_2, message, result); + result = add_message_error_reduce_20_76(error_2, message, result); return result; } @@ -3462,7 +3453,7 @@ static KRML_MUSTINLINE void entropy_preprocess_af_231(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -3497,7 +3488,7 @@ static void encrypt_771(Eurydice_slice public_key, uint8_t message[32U], uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -3546,7 +3537,7 @@ static KRML_MUSTINLINE void kdf_af_b91(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -3684,7 +3675,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_71(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3764,7 +3755,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_3f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -3803,7 +3794,7 @@ static KRML_MUSTINLINE void ntt_vector_u_8b( ntt_at_layer_3_d2(&zeta_i, re); ntt_at_layer_2_0a(&zeta_i, re); ntt_at_layer_1_7f(&zeta_i, re); - poly_barrett_reduce_ef_52(re); + poly_barrett_reduce_20_52(re); } /** @@ -3819,7 +3810,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_db();); + u_as_ntt[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3908,7 +3899,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_43(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3983,7 +3974,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_94(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -4009,17 +4000,16 @@ deserialize_then_decompress_ring_element_v_80(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_ef_87(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_87(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4045,13 +4035,13 @@ compute_message_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_331(&result, &product);); + ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_331(&result, &product);); invert_ntt_montgomery_491(&result); - result = subtract_reduce_ef_87(v, result); + result = subtract_reduce_20_87(v, result); return result; } @@ -4219,7 +4209,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_97(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4241,7 +4231,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_db();); + secret_as_ntt[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4398,7 +4388,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_db();); + deserialized_pk[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4537,7 +4527,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_db();); + ret[i] = ZERO_20_db();); } /** @@ -4840,7 +4830,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d60( int16_t s[272U]) { - return from_i16_array_ef_ce( + return from_i16_array_20_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5020,7 +5010,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3e0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_db();); + re_as_ntt[i] = ZERO_20_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5053,16 +5043,15 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3e0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_330( +static KRML_MUSTINLINE void add_to_ring_element_20_330( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5089,7 +5078,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_db();); + result0[i] = ZERO_20_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5110,10 +5099,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_330(&result0[i1], &product); + ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_330(&result0[i1], &product); } - add_standard_error_reduce_ef_0f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_0f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5170,7 +5159,7 @@ static tuple_54 generate_keypair_unpacked_dc0( uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5221,7 +5210,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_4a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_db();); + ret[i] = ZERO_20_db();); } /** @@ -5271,7 +5260,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_8d_eb(&ind_cpa_public_key.A[j][i1]); + clone_3a_eb(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5293,7 +5282,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -5463,7 +5452,7 @@ static KRML_MUSTINLINE tuple_71 sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_db();); + error_1[i] = ZERO_20_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5527,7 +5516,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_490( invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_52(re); + poly_barrett_reduce_20_52(re); } /** @@ -5543,7 +5532,7 @@ static KRML_MUSTINLINE void compute_vector_u_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_db();); + result0[i] = ZERO_20_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5563,11 +5552,11 @@ static KRML_MUSTINLINE void compute_vector_u_c80( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_330(&result0[i1], &product); + ntt_multiply_20_48(a_element, &r_as_ntt[j]); + add_to_ring_element_20_330(&result0[i1], &product); } invert_ntt_montgomery_490(&result0[i1]); - add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); + add_error_reduce_20_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5590,13 +5579,13 @@ compute_ring_element_v_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_330(&result, &product);); + ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_330(&result, &product);); invert_ntt_montgomery_490(&result); - result = add_message_error_reduce_ef_76(error_2, message, result); + result = add_message_error_reduce_20_76(error_2, message, result); return result; } @@ -5834,7 +5823,7 @@ static KRML_MUSTINLINE void entropy_preprocess_af_230(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -5869,7 +5858,7 @@ static void encrypt_770(Eurydice_slice public_key, uint8_t message[32U], uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( @@ -5918,7 +5907,7 @@ static KRML_MUSTINLINE void kdf_af_b90(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -6020,7 +6009,7 @@ static KRML_MUSTINLINE void ntt_vector_u_8b0( ntt_at_layer_3_d2(&zeta_i, re); ntt_at_layer_2_0a(&zeta_i, re); ntt_at_layer_1_7f(&zeta_i, re); - poly_barrett_reduce_ef_52(re); + poly_barrett_reduce_20_52(re); } /** @@ -6036,7 +6025,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_db();); + u_as_ntt[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6084,13 +6073,13 @@ compute_message_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_330(&result, &product);); + ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_330(&result, &product);); invert_ntt_montgomery_490(&result); - result = subtract_reduce_ef_87(v, result); + result = subtract_reduce_20_87(v, result); return result; } @@ -6226,7 +6215,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_db();); + secret_as_ntt[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6384,7 +6373,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_db();); + deserialized_pk[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6523,7 +6512,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_db();); + ret[i] = ZERO_20_db();); } /** @@ -6814,7 +6803,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d6( int16_t s[272U]) { - return from_i16_array_ef_ce( + return from_i16_array_20_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6999,7 +6988,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3e( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_db();); + re_as_ntt[i] = ZERO_20_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7032,16 +7021,15 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3e( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_33( +static KRML_MUSTINLINE void add_to_ring_element_20_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7068,7 +7056,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_db();); + result0[i] = ZERO_20_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7089,10 +7077,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_33(&result0[i1], &product); + ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_33(&result0[i1], &product); } - add_standard_error_reduce_ef_0f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_0f(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7149,7 +7137,7 @@ static tuple_4c generate_keypair_unpacked_dc( uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7200,7 +7188,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics static void closure_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_db();); + ret[i] = ZERO_20_db();); } /** @@ -7250,7 +7238,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_8d_eb(&ind_cpa_public_key.A[j][i1]); + clone_3a_eb(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7272,7 +7260,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -7488,7 +7476,7 @@ static KRML_MUSTINLINE tuple_74 sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_db();); + error_1[i] = ZERO_20_db();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7552,7 +7540,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_49( invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_52(re); + poly_barrett_reduce_20_52(re); } /** @@ -7568,7 +7556,7 @@ static KRML_MUSTINLINE void compute_vector_u_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_db();); + result0[i] = ZERO_20_db();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7588,11 +7576,11 @@ static KRML_MUSTINLINE void compute_vector_u_c8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_33(&result0[i1], &product); + ntt_multiply_20_48(a_element, &r_as_ntt[j]); + add_to_ring_element_20_33(&result0[i1], &product); } invert_ntt_montgomery_49(&result0[i1]); - add_error_reduce_ef_8a(&result0[i1], &error_1[i1]); + add_error_reduce_20_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7615,13 +7603,13 @@ compute_ring_element_v_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_33(&result, &product);); + ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_33(&result, &product);); invert_ntt_montgomery_49(&result); - result = add_message_error_reduce_ef_76(error_2, message, result); + result = add_message_error_reduce_20_76(error_2, message, result); return result; } @@ -7809,7 +7797,7 @@ static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7844,7 +7832,7 @@ static void encrypt_77(Eurydice_slice public_key, uint8_t message[32U], uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( @@ -7893,7 +7881,7 @@ static KRML_MUSTINLINE void kdf_af_b9(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7981,7 +7969,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_db();); + u_as_ntt[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -8018,13 +8006,13 @@ compute_message_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_33(&result, &product);); + ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_33(&result, &product);); invert_ntt_montgomery_49(&result); - result = subtract_reduce_ef_87(v, result); + result = subtract_reduce_20_87(v, result); return result; } @@ -8159,7 +8147,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_db();); + secret_as_ntt[i] = ZERO_20_db();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 5332e088e..c72692a10 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 2bff2b395..906cec44a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 97b0a413e..7102b6274 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d59427a36..2ed70a9d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "internal/libcrux_mlkem_portable.h" @@ -75,7 +75,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_26_30(dst, ret); + core_result_unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2276,16 +2276,15 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_06(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_06(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2314,7 +2313,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_e1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2340,7 +2339,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_06();); + deserialized_pk[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2550,7 +2549,7 @@ generics static void closure_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_06();); + ret[i] = ZERO_20_06();); } /** @@ -2833,18 +2832,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_854( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_ef_a4(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); +from_i16_array_20_a4(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2866,7 +2864,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( int16_t s[272U]) { - return from_i16_array_ef_a4( + return from_i16_array_20_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3056,7 +3054,7 @@ sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_a4( + return from_i16_array_20_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3100,7 +3098,7 @@ sample_from_binomial_distribution_3_87(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_a4( + return from_i16_array_20_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3270,16 +3268,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_9c( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_1c( +static KRML_MUSTINLINE void poly_barrett_reduce_20_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3307,7 +3304,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_99( ntt_at_layer_3_84(&zeta_i, re); ntt_at_layer_2_cd(&zeta_i, re); ntt_at_layer_1_9c(&zeta_i, re); - poly_barrett_reduce_ef_1c(re); + poly_barrett_reduce_20_1c(re); } /** @@ -3323,7 +3320,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_951( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_06();); + re_as_ntt[i] = ZERO_20_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3356,19 +3353,18 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_951( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_ef_71(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_71(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3393,16 +3389,15 @@ ntt_multiply_ef_71(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_581( +static KRML_MUSTINLINE void add_to_ring_element_20_581( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3435,16 +3430,15 @@ to_standard_domain_2a( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_3a( +static KRML_MUSTINLINE void add_standard_error_reduce_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3473,7 +3467,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_06();); + result0[i] = ZERO_20_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3494,10 +3488,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_581(&result0[i1], &product); + ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_581(&result0[i1], &product); } - add_standard_error_reduce_ef_3a(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_3a(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3555,7 +3549,7 @@ static tuple_540 generate_keypair_unpacked_e21( uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -3607,21 +3601,20 @@ generics static void closure_811( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_ef_06();); + ret[i] = ZERO_20_06();); } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_8d_c0( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3682,7 +3675,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_8d_c0(&ind_cpa_public_key.A[j][i1]); + clone_3a_c0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3704,7 +3697,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -3877,7 +3870,7 @@ static KRML_MUSTINLINE tuple_710 sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_06();); + error_1[i] = ZERO_20_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4069,21 +4062,20 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_b31( invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_1c(re); + poly_barrett_reduce_20_1c(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_bd( +static KRML_MUSTINLINE void add_error_reduce_20_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4114,7 +4106,7 @@ static KRML_MUSTINLINE void compute_vector_u_411( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_06();); + result0[i] = ZERO_20_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4134,11 +4126,11 @@ static KRML_MUSTINLINE void compute_vector_u_411( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_581(&result0[i1], &product); + ntt_multiply_20_71(a_element, &r_as_ntt[j]); + add_to_ring_element_20_581(&result0[i1], &product); } invert_ntt_montgomery_b31(&result0[i1]); - add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); + add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4171,7 +4163,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_message_8c(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4188,17 +4180,16 @@ deserialize_then_decompress_message_8c(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_ef_a1( +add_message_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4233,13 +4224,13 @@ compute_ring_element_v_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_581(&result, &product);); + ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_581(&result, &product);); invert_ntt_montgomery_b31(&result); - result = add_message_error_reduce_ef_a1(error_2, message, result); + result = add_message_error_reduce_20_a1(error_2, message, result); return result; } @@ -4657,7 +4648,7 @@ static KRML_MUSTINLINE void entropy_preprocess_af_14(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4693,7 +4684,7 @@ static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( @@ -4742,7 +4733,7 @@ static KRML_MUSTINLINE void kdf_af_28(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -4862,7 +4853,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4929,7 +4920,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_12(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4971,7 +4962,7 @@ static KRML_MUSTINLINE void ntt_vector_u_6c0( ntt_at_layer_3_84(&zeta_i, re); ntt_at_layer_2_cd(&zeta_i, re); ntt_at_layer_1_9c(&zeta_i, re); - poly_barrett_reduce_ef_1c(re); + poly_barrett_reduce_20_1c(re); } /** @@ -4987,7 +4978,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_06();); + u_as_ntt[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5058,7 +5049,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5118,7 +5109,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_4b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5146,17 +5137,16 @@ deserialize_then_decompress_ring_element_v_f60(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_ef_44(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_44(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5185,13 +5175,13 @@ compute_message_311( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_581(&result, &product);); + ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_581(&result, &product);); invert_ntt_montgomery_b31(&result); - result = subtract_reduce_ef_44(v, result); + result = subtract_reduce_20_44(v, result); return result; } @@ -5363,7 +5353,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_ef(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5387,7 +5377,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_06();); + secret_as_ntt[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5545,7 +5535,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_06();); + deserialized_pk[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5685,7 +5675,7 @@ generics static void closure_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_06();); + ret[i] = ZERO_20_06();); } /** @@ -5975,7 +5965,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( int16_t s[272U]) { - return from_i16_array_ef_a4( + return from_i16_array_20_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6148,7 +6138,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_950( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_06();); + re_as_ntt[i] = ZERO_20_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6181,16 +6171,15 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_950( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_580( +static KRML_MUSTINLINE void add_to_ring_element_20_580( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6221,7 +6210,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_06();); + result0[i] = ZERO_20_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6242,10 +6231,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_580(&result0[i1], &product); + ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_580(&result0[i1], &product); } - add_standard_error_reduce_ef_3a(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_3a(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6303,7 +6292,7 @@ static tuple_4c0 generate_keypair_unpacked_e20( uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -6355,7 +6344,7 @@ generics static void closure_810( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_ef_06();); + ret[i] = ZERO_20_06();); } /** @@ -6406,7 +6395,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_8d_c0(&ind_cpa_public_key.A[j][i1]); + clone_3a_c0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6428,7 +6417,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -6633,7 +6622,7 @@ static KRML_MUSTINLINE tuple_740 sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_06();); + error_1[i] = ZERO_20_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6697,7 +6686,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_b30( invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_1c(re); + poly_barrett_reduce_20_1c(re); } /** @@ -6713,7 +6702,7 @@ static KRML_MUSTINLINE void compute_vector_u_410( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_06();); + result0[i] = ZERO_20_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6733,11 +6722,11 @@ static KRML_MUSTINLINE void compute_vector_u_410( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_580(&result0[i1], &product); + ntt_multiply_20_71(a_element, &r_as_ntt[j]); + add_to_ring_element_20_580(&result0[i1], &product); } invert_ntt_montgomery_b30(&result0[i1]); - add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); + add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6760,13 +6749,13 @@ compute_ring_element_v_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_580(&result, &product);); + ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_580(&result, &product);); invert_ntt_montgomery_b30(&result); - result = add_message_error_reduce_ef_a1(error_2, message, result); + result = add_message_error_reduce_20_a1(error_2, message, result); return result; } @@ -7006,7 +6995,7 @@ static KRML_MUSTINLINE void entropy_preprocess_af_60(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7042,7 +7031,7 @@ static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( @@ -7091,7 +7080,7 @@ static KRML_MUSTINLINE void kdf_af_d7(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -7193,7 +7182,7 @@ static KRML_MUSTINLINE void ntt_vector_u_6c( ntt_at_layer_3_84(&zeta_i, re); ntt_at_layer_2_cd(&zeta_i, re); ntt_at_layer_1_9c(&zeta_i, re); - poly_barrett_reduce_ef_1c(re); + poly_barrett_reduce_20_1c(re); } /** @@ -7209,7 +7198,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_06();); + u_as_ntt[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7257,13 +7246,13 @@ compute_message_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_580(&result, &product);); + ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_580(&result, &product);); invert_ntt_montgomery_b30(&result); - result = subtract_reduce_ef_44(v, result); + result = subtract_reduce_20_44(v, result); return result; } @@ -7399,7 +7388,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_06();); + secret_as_ntt[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7556,7 +7545,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_06();); + deserialized_pk[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7696,7 +7685,7 @@ generics static void closure_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_06();); + ret[i] = ZERO_20_06();); } /** @@ -7986,7 +7975,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( int16_t s[272U]) { - return from_i16_array_ef_a4( + return from_i16_array_20_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8148,7 +8137,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_95( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_06();); + re_as_ntt[i] = ZERO_20_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8181,16 +8170,15 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_95( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_58( +static KRML_MUSTINLINE void add_to_ring_element_20_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8221,7 +8209,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_06();); + result0[i] = ZERO_20_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8242,10 +8230,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_58(&result0[i1], &product); + ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_58(&result0[i1], &product); } - add_standard_error_reduce_ef_3a(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_3a(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8303,7 +8291,7 @@ static tuple_9b generate_keypair_unpacked_e2( uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -8355,7 +8343,7 @@ generics static void closure_81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_ef_06();); + ret[i] = ZERO_20_06();); } /** @@ -8406,7 +8394,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_8d_c0(&ind_cpa_public_key.A[j][i1]); + clone_3a_c0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8428,7 +8416,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, implicit_rejection_value); + core_result_unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ @@ -8601,7 +8589,7 @@ static KRML_MUSTINLINE tuple_b0 sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_06();); + error_1[i] = ZERO_20_06();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8665,7 +8653,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_b3( invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_1c(re); + poly_barrett_reduce_20_1c(re); } /** @@ -8681,7 +8669,7 @@ static KRML_MUSTINLINE void compute_vector_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_06();); + result0[i] = ZERO_20_06();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8701,11 +8689,11 @@ static KRML_MUSTINLINE void compute_vector_u_41( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_58(&result0[i1], &product); + ntt_multiply_20_71(a_element, &r_as_ntt[j]); + add_to_ring_element_20_58(&result0[i1], &product); } invert_ntt_montgomery_b3(&result0[i1]); - add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); + add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8728,13 +8716,13 @@ compute_ring_element_v_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_58(&result, &product);); + ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_58(&result, &product);); invert_ntt_montgomery_b3(&result); - result = add_message_error_reduce_ef_a1(error_2, message, result); + result = add_message_error_reduce_20_a1(error_2, message, result); return result; } @@ -8924,7 +8912,7 @@ static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -8960,7 +8948,7 @@ static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, seed_for_A); + core_result_unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -9009,7 +8997,7 @@ static KRML_MUSTINLINE void kdf_af_c4(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, ret); + core_result_unwrap_41_33(dst, ret); } /** @@ -9097,7 +9085,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_06();); + u_as_ntt[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9134,13 +9122,13 @@ compute_message_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_58(&result, &product);); + ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_58(&result, &product);); invert_ntt_montgomery_b3(&result); - result = subtract_reduce_ef_44(v, result); + result = subtract_reduce_20_44(v, result); return result; } @@ -9276,7 +9264,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_06();); + secret_as_ntt[i] = ZERO_20_06();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 3b9fc2fea..dc65ba631 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 93b4c48a6..89d429c8a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index d706fa961..15d140573 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_89_fa(void) { +new_1e_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_fa(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_89_fa(); + return new_1e_fa(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7ade13f25..cd7faf095 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b8f2f2e9f..14bc1640d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_89_ba(void) { +libcrux_sha3_generic_keccak_new_1e_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1722,7 +1722,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1763,7 +1763,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1814,7 +1814,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2071,7 +2071,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2112,7 +2112,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2163,7 +2163,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2420,7 +2420,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2461,7 +2461,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 222c04e97..190b97097 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c7af03401..d88ac7830 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 93a0923cf..89db3d0d4 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 +Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index bf594adf8..3714471a6 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_core_H @@ -97,15 +97,14 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -131,15 +130,14 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -165,15 +163,14 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -371,15 +368,14 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -476,15 +472,14 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -510,15 +505,14 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 6397fdd49..71650c533 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 119460f12..7eb80531a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem768_avx2_H @@ -719,7 +719,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, ret0); + unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -819,7 +819,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_26_07(dst, ret0); + unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -932,7 +932,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_26_ea(dst, ret0); + unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1077,7 +1077,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_26_76(dst, ret0); + unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1201,18 +1201,17 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_ef_db(void) { +libcrux_ml_kem_polynomial_ZERO_20_db(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1242,7 +1241,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_55(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -1256,7 +1255,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1279,7 +1278,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1326,7 +1325,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_40(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -1406,7 +1405,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_10_03( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1502,7 +1501,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1663,17 +1662,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7f( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1704,7 +1702,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9c( libcrux_ml_kem_ntt_ntt_at_layer_3_d2(&zeta_i, re, (size_t)3U, (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U, (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_7f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52(re); } /** @@ -1722,7 +1720,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1828,7 +1826,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_4_7b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1919,7 +1917,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1948,22 +1946,21 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_57( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_ef_48( +libcrux_ml_kem_polynomial_ntt_multiply_20_48( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1986,17 +1983,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_ef_48( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_33( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2155,23 +2151,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_ef_3d( +libcrux_ml_kem_polynomial_subtract_reduce_20_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2200,16 +2195,16 @@ libcrux_ml_kem_matrix_compute_message_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_48(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_3d(v, result); return result; } @@ -2397,7 +2392,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_4f( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -2411,7 +2406,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_17( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2437,7 +2432,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2468,7 +2463,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_9e(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -2481,7 +2476,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_0f( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } } @@ -2800,20 +2795,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_510( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_ef_ce(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_ce(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2833,7 +2827,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_d6(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_ce( + return libcrux_ml_kem_polynomial_from_i16_array_20_ce( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2984,7 +2978,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_e7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -3081,7 +3075,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_65( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_ce( + return libcrux_ml_kem_polynomial_from_i16_array_20_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3127,7 +3121,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c5( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_ce( + return libcrux_ml_kem_polynomial_from_i16_array_20_ce( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3187,7 +3181,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cc( libcrux_ml_kem_ntt_ntt_at_layer_3_d2(&zeta_i, re, (size_t)3U, (size_t)3U); libcrux_ml_kem_ntt_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U, (size_t)3U); libcrux_ml_kem_ntt_ntt_at_layer_1_7f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_52(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52(re); } /** @@ -3204,7 +3198,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3251,7 +3245,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_27(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -3268,7 +3262,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3343,22 +3337,21 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_compute_vector_u_closure_3f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_8a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3387,7 +3380,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3408,12 +3401,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_c8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_48(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_8a(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_20_8a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3450,7 +3443,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3465,18 +3458,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_76( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3510,16 +3502,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_db(); + libcrux_ml_kem_polynomial_ZERO_20_db(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_48(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_76( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_76( error_2, message, result); return result; } @@ -4085,7 +4077,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_77(Eurydice_slice public_key, uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -4137,7 +4129,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_93( uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -4460,7 +4452,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c7( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -4749,7 +4741,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_compute_As_plus_e_closure_1b(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -4767,18 +4759,17 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_03( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -4807,7 +4798,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4829,12 +4820,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_48(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_33(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_0f( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4897,7 +4888,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( @@ -5209,7 +5200,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_1b( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_db(); + return libcrux_ml_kem_polynomial_ZERO_20_db(); } /** @@ -5230,24 +5221,23 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_97( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_db(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_8d_77( +libcrux_ml_kem_polynomial_clone_3a_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5297,7 +5287,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_8d_77(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_77(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5322,7 +5312,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, implicit_rejection_value); + unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index d22567a17..b8f22160d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_mlkem768_portable_H @@ -140,7 +140,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_26_30(dst, ret); + unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2481,17 +2481,16 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_ef_06(void) { +libcrux_ml_kem_polynomial_ZERO_20_06(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2520,7 +2519,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3b(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -2533,7 +2532,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_41( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2557,7 +2556,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2603,7 +2602,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -2654,7 +2653,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2725,7 +2724,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_11_fe( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2892,16 +2891,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_9c( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2933,7 +2931,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0b( libcrux_ml_kem_ntt_ntt_at_layer_3_84(&zeta_i, re, (size_t)3U, (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U, (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_9c(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c(re); } /** @@ -2950,7 +2948,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -3027,7 +3025,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_4_34( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3091,7 +3089,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3121,21 +3119,20 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_ef_71( +libcrux_ml_kem_polynomial_ntt_multiply_20_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3160,16 +3157,15 @@ libcrux_ml_kem_polynomial_ntt_multiply_ef_71( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_58( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3331,22 +3327,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_ef_fa( +libcrux_ml_kem_polynomial_subtract_reduce_20_fa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3377,16 +3372,16 @@ libcrux_ml_kem_matrix_compute_message_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_71(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_fa(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_fa(v, result); return result; } @@ -3576,7 +3571,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_6f( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -3589,7 +3584,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3616,7 +3611,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3647,7 +3642,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_d1(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -3660,7 +3655,7 @@ generics static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fc( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } } @@ -3968,19 +3963,18 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_850( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_ef_a4(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_a4(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4002,7 +3996,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_a4( + return libcrux_ml_kem_polynomial_from_i16_array_20_a4( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4153,7 +4147,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_75(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -4231,7 +4225,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_a4( + return libcrux_ml_kem_polynomial_from_i16_array_20_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4276,7 +4270,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_87( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_a4( + return libcrux_ml_kem_polynomial_from_i16_array_20_a4( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4335,7 +4329,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_99( libcrux_ml_kem_ntt_ntt_at_layer_3_84(&zeta_i, re, (size_t)3U, (size_t)3U); libcrux_ml_kem_ntt_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U, (size_t)3U); libcrux_ml_kem_ntt_ntt_at_layer_1_9c(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_1c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c(re); } /** @@ -4352,7 +4346,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4399,7 +4393,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -4416,7 +4410,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4488,21 +4482,20 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_compute_vector_u_closure_92(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_bd( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4533,7 +4526,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4554,12 +4547,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_41( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_71(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_71(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_bd(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4596,7 +4589,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4614,17 +4607,16 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_a1( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4660,16 +4652,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_06(); + libcrux_ml_kem_polynomial_ZERO_20_06(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_71(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_a1( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_a1( error_2, message, result); return result; } @@ -5092,7 +5084,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_69(Eurydice_slice public_key, uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -5143,7 +5135,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_bc( uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -5461,7 +5453,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b2( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, ret); + unwrap_41_33(dst, ret); } /** @@ -5743,7 +5735,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_compute_As_plus_e_closure_54(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -5761,17 +5753,16 @@ libcrux_ml_kem_vector_traits_to_standard_domain_2a( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_3a( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5802,7 +5793,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5824,12 +5815,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_71(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_58(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_3a( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_3a( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5892,7 +5883,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, seed_for_A); + unwrap_41_33(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( @@ -6199,7 +6190,7 @@ generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_a8( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_06(); + return libcrux_ml_kem_polynomial_ZERO_20_06(); } /** @@ -6220,23 +6211,22 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_62( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_06(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_8d_49( +libcrux_ml_kem_polynomial_clone_3a_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6289,7 +6279,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_8d_49(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_49(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6314,7 +6304,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, implicit_rejection_value); + unwrap_41_33(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; /* Passing arrays by value in Rust generates a copy in C */ diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 4a4e9f18f..2134fef2e 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_89_fa(void) { +libcrux_sha3_generic_keccak_new_1e_fa(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_89_fa(); + libcrux_sha3_generic_keccak_new_1e_fa(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_89_fa(); + return libcrux_sha3_generic_keccak_new_1e_fa(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 7f52dbe63..0f8b2f9d1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: b2946d0484e60b53f4c3d553c8101d92661a28da - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 89225f577ecb51f695fb96b22bcdb0261a171948 + * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_89_ba(void) { +libcrux_sha3_generic_keccak_new_1e_ba(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2249,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_89_ba(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** @@ -2268,7 +2268,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2505,7 +2505,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2762,7 +2762,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2803,7 +2803,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2864,7 +2864,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3121,7 +3121,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3162,7 +3162,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3417,7 +3417,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_ba(); + libcrux_sha3_generic_keccak_new_1e_ba(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3458,7 +3458,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3623,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_89_ba(); + return libcrux_sha3_generic_keccak_new_1e_ba(); } /** From 2db9db974f3f48ec7cef429cb35a26cc14999257 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 16:31:39 +0000 Subject: [PATCH 241/348] updated intrin --- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +++++++----------- 1 file changed, 100 insertions(+), 145 deletions(-) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,60 +21,52 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +78,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -94,266 +86,229 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } From c4afd33d97ee507bcfb95bf3dd23574181e3ef6e Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 16:33:06 +0000 Subject: [PATCH 242/348] updated intrin --- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +++++++----------- 1 file changed, 100 insertions(+), 145 deletions(-) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,60 +21,52 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +78,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -94,266 +86,229 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } From 0437f70f9852da6f075ceaffcad7df5621a91b1e Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:15:02 +0000 Subject: [PATCH 243/348] fix build and hax --- .github/workflows/hax.yml | 4 ---- Cargo.lock | 1 + libcrux-ml-kem/Cargo.toml | 7 ++----- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/workflows/hax.yml b/.github/workflows/hax.yml index 39c5c4267..94932d553 100644 --- a/.github/workflows/hax.yml +++ b/.github/workflows/hax.yml @@ -65,7 +65,3 @@ jobs: HAX_HOME=${{ github.workspace }}/hax \ PATH="${PATH}:${{ github.workspace }}/fstar/bin" \ ./hax.py prove --admit - - - name: 🏃 Extract ML-DSA crate - working-directory: libcrux-ml-dsa - run: cargo hax into fstar diff --git a/Cargo.lock b/Cargo.lock index 106b3fb56..f5c2c65ea 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1012,6 +1012,7 @@ dependencies = [ "libcrux-platform", "libcrux-sha3", "rand", + "rand_core", "serde", "serde_json", ] diff --git a/libcrux-ml-kem/Cargo.toml b/libcrux-ml-kem/Cargo.toml index a9b016464..bae04a508 100644 --- a/libcrux-ml-kem/Cargo.toml +++ b/libcrux-ml-kem/Cargo.toml @@ -22,7 +22,7 @@ exclude = [ bench = false # so libtest doesn't eat the arguments to criterion [dependencies] -rand = { version = "0.8", optional = true } +rand_core = { version = "0.6" } libcrux-platform = { version = "0.0.2-alpha.3", path = "../sys/platform" } libcrux-sha3 = { version = "0.0.2-alpha.3", path = "../libcrux-sha3" } libcrux-intrinsics = { version = "0.0.2-alpha.3", path = "../libcrux-intrinsics" } @@ -31,7 +31,7 @@ hax-lib.workspace = true [features] # By default all variants and std are enabled. -default = ["std", "mlkem512", "mlkem768", "mlkem1024", "rand"] +default = ["std", "mlkem512", "mlkem768", "mlkem1024"] # Hardware features can be force enabled. # It is not recommended to use these. This crate performs CPU feature detection @@ -53,9 +53,6 @@ kyber = [] # Code that is not yet verified pre-verification = [] -# APIs that sample their own randomness -rand = ["dep:rand"] - # std support std = [] From 831bd69d9ec62c0ce381ced07236f9e4dd076907 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:21:31 +0000 Subject: [PATCH 244/348] fixed glue for Some/None --- libcrux-ml-kem/c/benches/sha3.cc | 8 ++++---- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/eurydice_glue.h | 4 ++-- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 9 files changed, 13 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index d5b35e949..1d749819e 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_f3(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_80(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_f3(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_80(&st, out); } } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 89db3d0d4..f3626f04f 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a +Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 886176809..ba86ccf40 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -172,8 +172,8 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ + ? (CLITERAL(ret_t){.tag = None}) \ + : (CLITERAL(ret_t){.tag = Some, \ .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 3714471a6..3c65ee1cb 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 71650c533..f5bec8622 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 7eb80531a..2144937f2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index b8f22160d..fb0b84514 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2134fef2e..813b03472 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 0f8b2f9d1..bfb4a7a70 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e */ #ifndef __libcrux_sha3_portable_H From 2c21fefc0a776cfd4ea9412f7e667bc4a0cdd01f Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 9 Sep 2024 16:15:01 +0000 Subject: [PATCH 245/348] Mark functions at samplings.rs and serialize.rs as lax --- .../extraction/Libcrux_ml_kem.Sampling.fst | 20 ++++++++++++++++ .../extraction/Libcrux_ml_kem.Serialize.fst | 24 +++++++++++++++++++ .../proofs/fstar/extraction/Makefile | 2 -- libcrux-ml-kem/src/sampling.rs | 5 ++++ libcrux-ml-kem/src/serialize.rs | 6 +++++ 5 files changed, 55 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 1a7aefd49..467fe0554 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -10,6 +10,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let sample_from_uniform_distribution_next (#v_Vector: Type0) (v_K v_N: usize) @@ -144,6 +146,10 @@ let sample_from_uniform_distribution_next <: (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_binomial_distribution_2_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -205,6 +211,10 @@ let sample_from_binomial_distribution_2_ in Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_binomial_distribution_3_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -264,6 +274,10 @@ let sample_from_binomial_distribution_3_ in Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_binomial_distribution (v_ETA: usize) (#v_Vector: Type0) @@ -281,6 +295,10 @@ let sample_from_binomial_distribution <: Rust_primitives.Hax.t_Never) +#pop-options + +#push-options "--admit_smt_queries true" + let sample_from_xof (v_K: usize) (#v_Vector #v_Hasher: Type0) @@ -374,3 +392,5 @@ let sample_from_xof t_Slice i16) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 374fa4cc7..0be3acd59 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -9,6 +9,8 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +#push-options "--admit_smt_queries true" + let compress_then_serialize_10_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -68,6 +70,10 @@ let compress_then_serialize_10_ in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -127,6 +133,10 @@ let compress_then_serialize_11_ in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_4_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -187,6 +197,10 @@ let compress_then_serialize_4_ let hax_temp_output:Prims.unit = () <: Prims.unit in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_5_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -247,6 +261,10 @@ let compress_then_serialize_5_ let hax_temp_output:Prims.unit = () <: Prims.unit in serialized +#pop-options + +#push-options "--admit_smt_queries true" + let compress_then_serialize_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -305,6 +323,8 @@ let compress_then_serialize_message in serialized +#pop-options + let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) (#v_Vector: Type0) @@ -805,6 +825,8 @@ let deserialize_to_uncompressed_ring_element in re +#push-options "--admit_smt_queries true" + let serialize_uncompressed_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -857,3 +879,5 @@ let serialize_uncompressed_ring_element serialized) in serialized + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 393946021..2fcd7eaa7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,8 +3,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Serialize.fst \ - Libcrux_ml_kem.Sampling.fst \ Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 81d126afa..0404ad177 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -42,6 +42,7 @@ use crate::{ /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] fn sample_from_uniform_distribution_next( randomness: [[u8; N]; K], sampled_coefficients: &mut [usize; K], @@ -71,6 +72,7 @@ fn sample_from_uniform_distribution_next>( seeds: [[u8; 34]; K], ) -> [PolynomialRingElement; K] { @@ -158,6 +160,7 @@ pub(super) fn sample_from_xof( randomness: &[u8], ) -> PolynomialRingElement { @@ -195,6 +198,7 @@ fn sample_from_binomial_distribution_2( // hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 3 // ))))] #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] fn sample_from_binomial_distribution_3( randomness: &[u8], ) -> PolynomialRingElement { @@ -226,6 +230,7 @@ fn sample_from_binomial_distribution_3( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn sample_from_binomial_distribution( randomness: &[u8], ) -> PolynomialRingElement { diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 167387c4b..3071c0160 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -6,6 +6,7 @@ use crate::{ }; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn compress_then_serialize_message( re: PolynomialRingElement, ) -> [u8; SHARED_SECRET_SIZE] { @@ -33,6 +34,7 @@ pub(super) fn deserialize_then_decompress_message( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn serialize_uncompressed_ring_element( re: &PolynomialRingElement, ) -> [u8; BYTES_PER_RING_ELEMENT] { @@ -116,6 +118,7 @@ pub(super) fn deserialize_ring_elements_reduced< } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( OUT_LEN == 320 )] @@ -134,6 +137,7 @@ fn compress_then_serialize_10( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( OUT_LEN == 352 )] @@ -174,6 +178,7 @@ pub(super) fn compress_then_serialize_ring_element_u< } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == 128 )] @@ -196,6 +201,7 @@ fn compress_then_serialize_4( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires( serialized.len() == 160 )] From 57b83e2b1afa37b6856985725d8da1134c058f88 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:24:57 +0000 Subject: [PATCH 246/348] Make two functions in sampling.rs panic-free --- Cargo.lock | 50 +++++++++---------- Cargo.toml | 2 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 23 +++++++-- .../Libcrux_ml_kem.Vector.Traits.fsti | 7 ++- libcrux-ml-kem/src/sampling.rs | 14 +++++- libcrux-ml-kem/src/vector/traits.rs | 4 ++ 6 files changed, 66 insertions(+), 34 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1f9f0f6d1..e866ee994 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.15" +version = "1.1.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57b6a275aa2903740dc87da01c62040406b8812552e97129a63ea8850a17c6e6" +checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.16" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019" +checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.15" +version = "4.5.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "216aec2b177652e3846684cbfe25c9964d18ec45234f0f5da5157b207ed1aab6" +checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" dependencies = [ "anstream", "anstyle", @@ -363,9 +363,9 @@ checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" [[package]] name = "cpufeatures" -version = "0.2.13" +version = "0.2.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51e852e6dc9a5bed1fae92dd2375037bf2b768725bf3be87811edee3249d09ad" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" dependencies = [ "libc", ] @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=main#6d493af879767475a269327513208d4a491c6179" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" dependencies = [ "proc-macro2", "quote", @@ -1265,9 +1265,9 @@ checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" [[package]] name = "plotters" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a15b6eccb8484002195a3e44fe65a4ce8e93a625797a063735536fd59cb01cf3" +checksum = "5aeb6f403d7a4911efb1e33402027fc44f29b5bf6def3effcc22d7bb75f2b747" dependencies = [ "num-traits", "plotters-backend", @@ -1278,15 +1278,15 @@ dependencies = [ [[package]] name = "plotters-backend" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "414cec62c6634ae900ea1c56128dfe87cf63e7caece0852ec76aba307cebadb7" +checksum = "df42e13c12958a16b3f7f4386b9ab1f3e7933914ecea48da7139435263a4172a" [[package]] name = "plotters-svg" -version = "0.3.6" +version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81b30686a7d9c3e010b84284bdd26a29f2138574f52f5eb6f794fc0ad924e705" +checksum = "51bae2ac328883f7acdfea3d66a7c35751187f870bc81f94563733a154d7a670" dependencies = [ "plotters-backend", ] @@ -1569,9 +1569,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.35" +version = "0.38.36" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a85d50532239da68e9addb745ba38ff4612a242c1c7ceea689c4bc7c2f43c36f" +checksum = "3f55e80d50763938498dd5ebb18647174e0c76dc38c5505294bb224624f30f36" dependencies = [ "bitflags", "errno", @@ -1623,18 +1623,18 @@ checksum = "61697e0a1c7e512e84a621326239844a24d8207b4669b41bc18b32ea5cbf988b" [[package]] name = "serde" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "99fce0ffe7310761ca6bf9faf5115afbc19688edd00171d81b1bb1b116c63e09" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.209" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5831b979fd7b5439637af1752d535ff49f4860c0f341d1baeb6faf0f4242170" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", @@ -1643,9 +1643,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.127" +version = "1.0.128" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8043c06d9f82bd7271361ed64f415fe5e12a77fdb52e573e7f06a516dea329ad" +checksum = "6ff5456707a1de34e7e37f2a6fd3d3f808c318259cbd01ab6377795054b483d8" dependencies = [ "itoa", "memchr", diff --git a/Cargo.toml b/Cargo.toml index 6eec956ec..8eb9dac07 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,7 +77,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax", branch = "fold-step-boundary" } #hax-lib = { path = "../hax/hax-lib" } [dev-dependencies] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 467fe0554..d234b44b1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -10,8 +10,6 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--admit_smt_queries true" - let sample_from_uniform_distribution_next (#v_Vector: Type0) (v_K v_N: usize) @@ -146,9 +144,7 @@ let sample_from_uniform_distribution_next <: (t_Array usize v_K & t_Array (t_Array i16 (sz 272)) v_K & bool) -#pop-options - -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 800" let sample_from_binomial_distribution_2_ (#v_Vector: Type0) @@ -157,6 +153,10 @@ let sample_from_binomial_distribution_2_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = + assert (v (sz 2 *! sz 64) == 128); + assert (Seq.length randomness == 128) + in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 4) @@ -181,6 +181,10 @@ let sample_from_binomial_distribution_2_ in let even_bits:u32 = random_bits_as_u32 &. 1431655765ul in let odd_bits:u32 = (random_bits_as_u32 >>! 1l <: u32) &. 1431655765ul in + let _:Prims.unit = + logand_lemma random_bits_as_u32 1431655765ul; + logand_lemma (random_bits_as_u32 >>! 1l) 1431655765ul + in let coin_toss_outcomes:u32 = even_bits +! odd_bits in Rust_primitives.Hax.Folds.fold_range_step_by 0ul Core.Num.impl__u32__BITS @@ -201,6 +205,15 @@ let sample_from_binomial_distribution_2_ <: i16 in + let _:Prims.unit = + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 3ul; + logand_lemma (coin_toss_outcomes >>! (outcome_set +! 2ul <: u32) <: u32) 3ul; + assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 3); + assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 3); + assert (v chunk_number <= 31); + assert (v (sz 8 *! chunk_number <: usize) <= 248); + assert (v (cast (outcome_set >>! 2l <: u32) <: usize) <= 7) + in let offset:usize = cast (outcome_set >>! 2l <: u32) <: usize in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index a1c8ca919..62ae55dbe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -324,7 +324,12 @@ class t_Operations (v_Self: Type0) = { f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; - f_rej_sample_post:t_Slice u8 -> t_Slice i16 -> (t_Slice i16 & usize) -> Type0; + f_rej_sample_post:a: t_Slice u8 -> out: t_Slice i16 -> x: (t_Slice i16 & usize) + -> pred: + Type0 + { pred ==> + (let out_future, result:(t_Slice i16 & usize) = x in + Seq.length out_future == Seq.length out /\ range (v result + 255) usize_inttype) }; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) (f_rej_sample_pre x0 x1) diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index 0404ad177..ab4e73ae1 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -42,7 +42,6 @@ use crate::{ /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] fn sample_from_uniform_distribution_next( randomness: [[u8; N]; K], sampled_coefficients: &mut [usize; K], @@ -160,10 +159,12 @@ pub(super) fn sample_from_xof( randomness: &[u8], ) -> PolynomialRingElement { + hax_lib::fstar!("assert (v (sz 2 *! sz 64) == 128); + assert (Seq.length $randomness == 128)"); let mut sampled_i16s = [0i16; 256]; cloop! { @@ -175,12 +176,21 @@ fn sample_from_binomial_distribution_2( let even_bits = random_bits_as_u32 & 0x55555555; let odd_bits = (random_bits_as_u32 >> 1) & 0x55555555; + hax_lib::fstar!("logand_lemma $random_bits_as_u32 1431655765ul; + logand_lemma ($random_bits_as_u32 >>! 1l) 1431655765ul"); let coin_toss_outcomes = even_bits + odd_bits; cloop! { for outcome_set in (0..u32::BITS).step_by(4) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x3) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 2)) & 0x3) as i16; + hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 3ul; + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 2ul <: u32) <: u32) 3ul; + assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 3); + assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 3); + assert (v $chunk_number <= 31); + assert (v (sz 8 *! $chunk_number <: usize) <= 248); + assert (v (cast ($outcome_set >>! 2l <: u32) <: usize) <= 7)"); let offset = (outcome_set >> 2) as usize; sampled_i16s[8 * chunk_number + offset] = outcome_1 - outcome_2; diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index c59ee1582..4deaa67e8 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -138,6 +138,10 @@ pub trait Operations: Copy + Clone + Repr { fn deserialize_12(a: &[u8]) -> Self; #[requires(true)] + #[ensures(|result| + fstar!("Seq.length $out_future == Seq.length $out /\\ + range (v $result + 255) usize_inttype") + )] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } From aa958dee6443eb5756c68eefc8374e05d1d11b57 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 10 Sep 2024 15:47:29 +0000 Subject: [PATCH 247/348] Make remaining functions in sampling.rs panic-free --- .../extraction/Libcrux_ml_kem.Sampling.fst | 25 +++++++++++++++---- .../extraction/Libcrux_ml_kem.Sampling.fsti | 4 ++- libcrux-ml-kem/src/sampling.rs | 25 ++++++++++++++----- 3 files changed, 42 insertions(+), 12 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index d234b44b1..9cd6b1bcb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -226,7 +226,7 @@ let sample_from_binomial_distribution_2_ #pop-options -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 800" let sample_from_binomial_distribution_3_ (#v_Vector: Type0) @@ -235,6 +235,10 @@ let sample_from_binomial_distribution_3_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = + assert (v (sz 3 *! sz 64) == 192); + assert (Seq.length randomness == 192) + in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.repeat 0s (sz 256) in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 3) @@ -257,6 +261,11 @@ let sample_from_binomial_distribution_3_ let first_bits:u32 = random_bits_as_u24 &. 2396745ul in let second_bits:u32 = (random_bits_as_u24 >>! 1l <: u32) &. 2396745ul in let third_bits:u32 = (random_bits_as_u24 >>! 2l <: u32) &. 2396745ul in + let _:Prims.unit = + logand_lemma random_bits_as_u24 2396745ul; + logand_lemma (random_bits_as_u24 >>! 1l <: u32) 2396745ul; + logand_lemma (random_bits_as_u24 >>! 2l <: u32) 2396745ul + in let coin_toss_outcomes:u32 = (first_bits +! second_bits <: u32) +! third_bits in Rust_primitives.Hax.Folds.fold_range_step_by 0l 24l @@ -277,6 +286,15 @@ let sample_from_binomial_distribution_3_ <: i16 in + let _:Prims.unit = + logand_lemma (coin_toss_outcomes >>! outcome_set <: u32) 7ul; + logand_lemma (coin_toss_outcomes >>! (outcome_set +! 3l <: i32) <: u32) 7ul; + assert (v outcome_1_ >= 0 /\ v outcome_1_ <= 7); + assert (v outcome_2_ >= 0 /\ v outcome_2_ <= 7); + assert (v chunk_number <= 63); + assert (v (sz 4 *! chunk_number <: usize) <= 252); + assert (v (cast (outcome_set /! 6l <: i32) <: usize) <= 3) + in let offset:usize = cast (outcome_set /! 6l <: i32) <: usize in let sampled_i16s:t_Array i16 (sz 256) = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize sampled_i16s @@ -289,8 +307,6 @@ let sample_from_binomial_distribution_3_ #pop-options -#push-options "--admit_smt_queries true" - let sample_from_binomial_distribution (v_ETA: usize) (#v_Vector: Type0) @@ -299,6 +315,7 @@ let sample_from_binomial_distribution Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (randomness: t_Slice u8) = + let _:Prims.unit = assert ((v (cast v_ETA <: u32) == 2) \/ (v (cast v_ETA <: u32) == 3)) in match cast (v_ETA <: usize) <: u32 with | 2ul -> sample_from_binomial_distribution_2_ #v_Vector randomness | 3ul -> sample_from_binomial_distribution_3_ #v_Vector randomness @@ -308,8 +325,6 @@ let sample_from_binomial_distribution <: Rust_primitives.Hax.t_Never) -#pop-options - #push-options "--admit_smt_queries true" let sample_from_xof diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index 5f5ac19d3..ed52e1e25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -114,7 +114,9 @@ val sample_from_binomial_distribution {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (randomness: t_Slice u8) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + (v_ETA =. sz 2 || v_ETA =. sz 3) && + (Core.Slice.impl__len #u8 randomness <: usize) =. (v_ETA *! sz 64 <: usize)) (fun _ -> Prims.l_True) val sample_from_xof diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index ab4e73ae1..a4999ffa2 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -152,7 +152,7 @@ pub(super) fn sample_from_xof. -#[cfg_attr(hax, hax_lib::requires(randomness.len() == 2 * 64))] +#[hax_lib::requires(randomness.len() == 2 * 64)] // TODO: Remove or replace with something that works and is useful for the proof. // #[cfg_attr(hax, hax_lib::ensures(|result| // hax_lib::forall(|i:usize| @@ -201,17 +201,19 @@ fn sample_from_binomial_distribution_2( PolynomialRingElement::from_i16_array(&sampled_i16s) } -#[cfg_attr(hax, hax_lib::requires(randomness.len() == 3 * 64))] +#[hax_lib::requires(randomness.len() == 3 * 64)] // TODO: Remove or replace with something that works and is useful for the proof. // #[cfg_attr(hax, hax_lib::ensures(|result| // hax_lib::forall(|i:usize| // hax_lib::implies(i < result.coefficients.len(), || result.coefficients[i].abs() <= 3 // ))))] #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::options("--z3rlimit 800")] fn sample_from_binomial_distribution_3( randomness: &[u8], ) -> PolynomialRingElement { + hax_lib::fstar!("assert (v (sz 3 *! sz 64) == 192); + assert (Seq.length $randomness == 192)"); let mut sampled_i16s = [0i16; 256]; cloop! { @@ -222,6 +224,9 @@ fn sample_from_binomial_distribution_3( let first_bits = random_bits_as_u24 & 0x00249249; let second_bits = (random_bits_as_u24 >> 1) & 0x00249249; let third_bits = (random_bits_as_u24 >> 2) & 0x00249249; + hax_lib::fstar!("logand_lemma $random_bits_as_u24 2396745ul; + logand_lemma ($random_bits_as_u24 >>! 1l <: u32) 2396745ul; + logand_lemma ($random_bits_as_u24 >>! 2l <: u32) 2396745ul"); let coin_toss_outcomes = first_bits + second_bits + third_bits; @@ -229,6 +234,13 @@ fn sample_from_binomial_distribution_3( for outcome_set in (0..24).step_by(6) { let outcome_1 = ((coin_toss_outcomes >> outcome_set) & 0x7) as i16; let outcome_2 = ((coin_toss_outcomes >> (outcome_set + 3)) & 0x7) as i16; + hax_lib::fstar!("logand_lemma ($coin_toss_outcomes >>! $outcome_set <: u32) 7ul; + logand_lemma ($coin_toss_outcomes >>! ($outcome_set +! 3l <: i32) <: u32) 7ul; + assert (v $outcome_1 >= 0 /\\ v $outcome_1 <= 7); + assert (v $outcome_2 >= 0 /\\ v $outcome_2 <= 7); + assert (v $chunk_number <= 63); + assert (v (sz 4 *! $chunk_number <: usize) <= 252); + assert (v (cast ($outcome_set /! 6l <: i32) <: usize) <= 3)"); let offset = (outcome_set / 6) as usize; sampled_i16s[4 * chunk_number + offset] = outcome_1 - outcome_2; @@ -240,12 +252,13 @@ fn sample_from_binomial_distribution_3( } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires((ETA == 2 || ETA == 3) && randomness.len() == ETA * 64)] pub(super) fn sample_from_binomial_distribution( randomness: &[u8], ) -> PolynomialRingElement { - hax_debug_assert!(randomness.len() == ETA * 64); - + hax_lib::fstar!("assert ( + (v (cast $ETA <: u32) == 2) \\/ + (v (cast $ETA <: u32) == 3))"); match ETA as u32 { 2 => sample_from_binomial_distribution_2(randomness), 3 => sample_from_binomial_distribution_3(randomness), From 14564df2225b9d2d9c0b90cfab98c0d94ebaf694 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:27:28 +0000 Subject: [PATCH 248/348] Fix verifying ZETAS_TIMES_MONTGOMERY_R --- .../extraction/Libcrux_ml_kem.Polynomial.fst | 70 ++++++++++--------- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 1 + .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/polynomial.rs | 25 ++++--- libcrux-ml-kem/src/sampling.rs | 2 +- 5 files changed, 55 insertions(+), 44 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 626cc27cb..fd9edcef5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -9,11 +9,6 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -let get_zeta (i: usize) = - let result:i16 = v_ZETAS_TIMES_MONTGOMERY_R.[ i ] in - let _:Prims.unit = admit () (* Panic freedom *) in - result - let impl_1__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -41,6 +36,7 @@ let impl_1__add_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -91,6 +87,7 @@ let impl_1__add_message_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self message result: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let result:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -147,6 +144,7 @@ let impl_1__add_standard_error_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self error: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -280,6 +278,7 @@ let impl_1__ntt_multiply Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let out:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -292,34 +291,39 @@ let impl_1__ntt_multiply (fun out i -> let out:t_PolynomialRingElement v_Vector = out in let i:usize = i in - let _:Prims.unit = - assert (64 + 4 * v i < 128); - assert (64 + 4 * v i + 1 < 128); - assert (64 + 4 * v i + 2 < 128); - assert (64 + 4 * v i + 3 < 128) - in - let out:t_PolynomialRingElement v_Vector = - { - out with - f_coefficients - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients - i - (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector - #FStar.Tactics.Typeclasses.solve - (self.f_coefficients.[ i ] <: v_Vector) - (rhs.f_coefficients.[ i ] <: v_Vector) - (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) - (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) - (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) - (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) - <: - v_Vector) - } + { + out with + f_coefficients + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out.f_coefficients + i + (Libcrux_ml_kem.Vector.Traits.f_ntt_multiply #v_Vector + #FStar.Tactics.Typeclasses.solve + (self.f_coefficients.[ i ] <: v_Vector) + (rhs.f_coefficients.[ i ] <: v_Vector) + (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 + <: + usize ] + <: + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 + <: + usize ] + <: + i16) + (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 + <: + usize ] + <: + i16) + <: + v_Vector) <: - t_PolynomialRingElement v_Vector - in - out) + t_Array v_Vector (sz 16) + } + <: + t_PolynomialRingElement v_Vector) in out @@ -330,6 +334,7 @@ let impl_1__poly_barrett_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -368,6 +373,7 @@ let impl_1__subtract_reduce Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self b: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let b:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 3c1224b05..2d0143655 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -10,6 +10,7 @@ let _ = () let v_ZETAS_TIMES_MONTGOMERY_R: t_Array i16 (sz 128) = + let _:Prims.unit = assert_norm (pow2 16 == 65536) in let list = [ (-1044s); (-758s); (-359s); (-1517s); 1493s; 1422s; 287s; 202s; (-171s); 622s; 1577s; 182s; diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 2fcd7eaa7..f69ac376b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,7 +3,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ - Libcrux_ml_kem.Polynomial.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index f77848f1f..820337303 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -1,6 +1,7 @@ use crate::vector::{to_standard_domain, Operations, FIELD_ELEMENTS_IN_VECTOR}; -const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ +const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = { + hax_lib::fstar!("assert_norm (pow2 16 == 65536)"); [ -1044, -758, -359, -1517, 1493, 1422, 287, 202, -171, 622, 1577, 182, 962, -1202, -1474, 1468, 573, -1325, 264, 383, -829, 1458, -1602, -130, -681, 1017, 732, 608, -1542, 411, -205, -1571, 1223, 652, -552, 1015, -1293, 1491, -282, -1544, 516, -8, -320, -666, -1618, -1162, 126, 1469, @@ -9,7 +10,7 @@ const ZETAS_TIMES_MONTGOMERY_R: [i16; 128] = [ 778, 1159, -147, -777, 1483, -602, 1119, -1590, 644, -872, 349, 418, 329, -156, -75, 817, 1097, 603, 610, 1322, -1285, -1465, 384, -1215, -136, 1218, -1335, -874, 220, -1187, -1659, -1185, -1530, -1278, 794, -1510, -854, -870, 478, -108, -308, 996, 991, 958, -1460, 1522, 1628, -]; +]}; #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] @@ -74,6 +75,8 @@ impl PolynomialRingElement { #[inline(always)] pub fn poly_barrett_reduce(&mut self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { @@ -84,6 +87,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn subtract_reduce(&self, mut b: Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient_normal_form = Vector::montgomery_multiply_by_constant(b.coefficients[i], 1441); @@ -95,6 +100,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_message_error_reduce(&self, message: &Self, mut result: Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); for i in 0..VECTORS_IN_RING_ELEMENT { let coefficient_normal_form = Vector::montgomery_multiply_by_constant(result.coefficients[i], 1441); @@ -124,6 +131,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_error_reduce(&mut self, error: &Self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..VECTORS_IN_RING_ELEMENT { @@ -140,6 +149,8 @@ impl PolynomialRingElement { #[inline(always)] pub(crate) fn add_standard_error_reduce(&mut self, error: &Self) { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..VECTORS_IN_RING_ELEMENT { @@ -195,6 +206,8 @@ impl PolynomialRingElement { // ))))] #[inline(always)] pub(crate) fn ntt_multiply(&self, rhs: &Self) -> Self { + // Using `hax_lib::fstar::verification_status(lax)` works but produces an error while extracting + hax_lib::fstar!("admit ()"); // hax_debug_debug_assert!(lhs // .coefficients // .into_iter() @@ -203,14 +216,6 @@ impl PolynomialRingElement { let mut out = PolynomialRingElement::ZERO(); for i in 0..VECTORS_IN_RING_ELEMENT { - // hax_lib::assert!(64 + 4 * i < 128); - // hax_lib::assert!(64 + 4 * i + 1 < 128); - // hax_lib::assert!(64 + 4 * i + 2 < 128); - // hax_lib::assert!(64 + 4 * i + 3 < 128); - hax_lib::fstar!("assert(64 + 4 * v $i < 128); - assert(64 + 4 * v $i + 1 < 128); - assert(64 + 4 * v $i + 2 < 128); - assert(64 + 4 * v $i + 3 < 128)"); out.coefficients[i] = Vector::ntt_multiply( &self.coefficients[i], &rhs.coefficients[i], diff --git a/libcrux-ml-kem/src/sampling.rs b/libcrux-ml-kem/src/sampling.rs index a4999ffa2..094334c58 100644 --- a/libcrux-ml-kem/src/sampling.rs +++ b/libcrux-ml-kem/src/sampling.rs @@ -1,5 +1,5 @@ use crate::{ - constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, hax_utils::hax_debug_assert, + constants::COEFFICIENTS_IN_RING_ELEMENT, hash_functions::*, helper::cloop, polynomial::PolynomialRingElement, vector::Operations, }; From 367d23c1b796309fb63499dd91ee821e0228e508 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:27:20 +0000 Subject: [PATCH 249/348] updated hax and fstar extraction --- Cargo.lock | 14 +++++++------- .../fstar/extraction/Libcrux_platform.X86.fsti | 8 +------- 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e866ee994..cb8b4b0b9 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#0e95327c0fa4e1d482de404c961fc2b825eb842b" +source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" dependencies = [ "proc-macro2", "quote", @@ -1569,9 +1569,9 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.36" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f55e80d50763938498dd5ebb18647174e0c76dc38c5505294bb224624f30f36" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags", "errno", @@ -1773,9 +1773,9 @@ checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" [[package]] name = "unicode-ident" -version = "1.0.12" +version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" [[package]] name = "universal-hash" diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti index 35516c01f..968a5585c 100644 --- a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fsti @@ -1,5 +1,5 @@ module Libcrux_platform.X86 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul @@ -41,11 +41,5 @@ val t_Feature_cast_to_repr (x: t_Feature) : Prims.Pure isize Prims.l_True (fun _ /// Initialize CPU detection. val init: Prims.unit -> Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val init__cpuid (leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - -val init__cpuid_count (leaf sub_leaf: u32) - : Prims.Pure Core.Core_arch.X86.Cpuid.t_CpuidResult Prims.l_True (fun _ -> Prims.l_True) - /// Check hardware [`Feature`] support. val supported (feature: t_Feature) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) From 8d2620cf8d69204f25d751b86e2252ce98dd2247 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:41:45 +0000 Subject: [PATCH 250/348] cargo --- Cargo.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 8eb9dac07..5ecbea800 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,8 +77,7 @@ wasm-bindgen = { version = "0.2.87", optional = true } # This is only required when doing proofs. # [target.'cfg(hax)'.workspace.dependencies] [workspace.dependencies] -hax-lib = { git = "https://github.com/hacspec/hax", branch = "fold-step-boundary" } -#hax-lib = { path = "../hax/hax-lib" } +hax-lib = { git = "https://github.com/hacspec/hax", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } From 7519c4592e1605fcea561d066636dd17cbf8cab4 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:42:00 +0000 Subject: [PATCH 251/348] cargo --- Cargo.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cb8b4b0b9..daf0b8c91 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" +source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" +source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax?branch=fold-step-boundary#172bd8a4238abf7fb77efe5e9b69f169d5b760e5" +source = "git+https://github.com/hacspec/hax?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" dependencies = [ "proc-macro2", "quote", From 505beadfaef5b281dec3bdc00e8251ff9e1b7769 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 08:58:13 +0000 Subject: [PATCH 252/348] removed new F* feature use --- fstar-helpers/fstar-bitvec/Tactics.GetBit.fst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst index ae0567aef..abec9b4fe 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.GetBit.fst @@ -12,8 +12,8 @@ open FStar.Option open Tactics.Utils open Tactics.Pow2 -open BitVecEq {} -open Tactics.Seq {norm_index, tactic_list_index} +open BitVecEq +open Tactics.Seq let norm_machine_int () = Tactics.MachineInts.(transform norm_machine_int_term) From 7e2222380982bfb67dcdca813baeddfab57b8ffb Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 10:25:09 +0000 Subject: [PATCH 253/348] seq --- fstar-helpers/fstar-bitvec/Tactics.Seq.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst index 1e8ba7372..0a7015968 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Seq.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Seq.fst @@ -2,7 +2,7 @@ module Tactics.Seq open Core module L = FStar.List.Tot -module S = FStar.Seq.Base +module S = FStar.Seq open FStar.Tactics.V2 open FStar.Tactics.V2.SyntaxHelpers open FStar.Class.Printable From 415ed4caf6d7796d4c3edbc4317e987957550dce Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Thu, 12 Sep 2024 16:31:39 +0000 Subject: [PATCH 254/348] updated intrin --- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +++++++----------- 1 file changed, 100 insertions(+), 145 deletions(-) diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,60 +21,52 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +78,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -94,266 +86,229 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } From b4a143fa732e06262dd14765d5e9853521e8f68f Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:29:08 +0000 Subject: [PATCH 255/348] refresh --- .../extraction/Libcrux_ml_kem.Polynomial.fst | 25 +++++++------------ 1 file changed, 9 insertions(+), 16 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index fd9edcef5..e8aa9060c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -9,6 +9,11 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let get_zeta (i: usize) = + let result:i16 = v_ZETAS_TIMES_MONTGOMERY_R.[ i ] in + let _:Prims.unit = admit () (* Panic freedom *) in + result + let impl_1__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -301,22 +306,10 @@ let impl_1__ntt_multiply #FStar.Tactics.Typeclasses.solve (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 - <: - usize ] - <: - i16) + (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) <: v_Vector) <: From 07c5cbced15c06da55cec601cf3d3f165d074b19 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:29:59 +0000 Subject: [PATCH 256/348] glue diff --- libcrux-ml-kem/cg/eurydice_glue.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index ba86ccf40..c4ca3b8ad 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -173,8 +173,7 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ ? (CLITERAL(ret_t){.tag = None}) \ - : (CLITERAL(ret_t){.tag = Some, \ - .f0 = (iter_ptr)->start++})) + : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next From 162bfefbc877db71f668f0d67f9cdbf535d6dfbc Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 05:40:51 +0000 Subject: [PATCH 257/348] glue diff --- libcrux-ml-kem/cg/eurydice_glue.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index c4ca3b8ad..5a12208a3 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -172,7 +172,7 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = None}) \ + ? (CLITERAL(ret_t){.tag = None}) \ : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ From 60f44572ec6c77214ec71d395447257763122529 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 06:00:57 +0000 Subject: [PATCH 258/348] glue diff --- libcrux-ml-kem/cg/eurydice_glue.h | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 5a12208a3..e7625b185 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -93,7 +93,7 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t +#define TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 3c65ee1cb..6402c4c06 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -33,6 +33,8 @@ typedef struct core_ops_range_Range_b3_s { #define None 0 #define Some 1 +#define core_array_TryFromSliceError uint8_t + typedef uint8_t Option_ef_tags; /** From 60edf67ca38ee3faad59734925aebe783d09bb75 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 06:11:42 +0000 Subject: [PATCH 259/348] fixed sha3 calls --- libcrux-ml-kem/cg/benches/sha3.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index 0d1334472..5e10c3b99 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -69,14 +69,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); } } From e22fa84f63313933e959470afcad633146b9b207 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 06:19:24 +0000 Subject: [PATCH 260/348] diff --- libcrux-ml-kem/cg/libcrux_core.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 6402c4c06..3c65ee1cb 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -33,8 +33,6 @@ typedef struct core_ops_range_Range_b3_s { #define None 0 #define Some 1 -#define core_array_TryFromSliceError uint8_t - typedef uint8_t Option_ef_tags; /** From 69e8501da15349b11c00b81355f26c6bb8b581c1 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 07:18:14 +0000 Subject: [PATCH 261/348] fix for sha3 bench --- libcrux-ml-kem/c.yaml | 4 ++-- libcrux-ml-kem/c/benches/sha3.cc | 8 +++---- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 23 ++++++++++++++++++- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 12 +++++----- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 37 files changed, 67 insertions(+), 46 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index d4398bbc2..f407256d6 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_7f ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_ed ] + - [libcrux_sha3, generic_keccak, absorb_final_80 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_6d ] api: - [libcrux_sha3, avx2, "*"] private: diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 1d749819e..a11eef2e5 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_f3(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_80(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_f3(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_80(&st, out); + libcrux_sha3_generic_keccak_absorb_final_80(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 89db3d0d4..d281f79c0 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a +Libcrux: e22fa84f63313933e959470afcad633146b9b207 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 94d68cfbd..ef33e908b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 687cfdfa3..d4c42f6c4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 3e9e4d774..c9c875529 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 884a44866..d4618fd84 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -23,9 +23,30 @@ extern "C" { #include "internal/libcrux_core.h" #include "intrinsics/libcrux_intrinsics_avx2.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +void libcrux_sha3_generic_keccak_absorb_final_80( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); + typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 46e71b8fe..0d77fa0b4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8b20fc6cc..a6efa963b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index e1d0a1170..db9cbcd51 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index bfa8ff43b..99e2c495d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 49ae673ad..208caa3e7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index ca544ec33..dfce647f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 696e695b6..7fe221fbf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c8aff7218..9d0931253 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 2a7edbb01..bb87c8868 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 3a9bac1b7..914f4c89f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 43e502da7..5f1372e57 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 0dc59e798..e5f7091ce 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 45ddbd3e1..a013f09eb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 4e75c69d1..1146a1f49 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 8b7067f11..4da5a13f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 10cae90d7..b14a8f627 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 15358d0f7..d27b49ccd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ba6839b7f..7e51035b3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ba0261813..2ff120732 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index c72692a10..ea690c046 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 906cec44a..ed62abbb2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 7102b6274..cf42ad4d1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2ed70a9d5..77dd4dd0a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index dc65ba631..6c345bc2b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 89d429c8a..ad456ed98 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 15d140573..8edd52f40 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "internal/libcrux_sha3_avx2.h" @@ -1395,7 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_80( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1699,7 +1699,7 @@ static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - absorb_final_80(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; @@ -2115,7 +2115,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_three_blocks_6d( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2141,7 +2141,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_three_blocks_6d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); } /** @@ -2212,7 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_80(s, buf); + libcrux_sha3_generic_keccak_absorb_final_80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index cd7faf095..3b1cdd01f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 14bc1640d..b29a5ce1a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 190b97097..e9aece132 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index d88ac7830..660c25d2e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1f4aea1d4660a27cb6b539c82ebbc476e6a0708a + * Libcrux: e22fa84f63313933e959470afcad633146b9b207 */ #ifndef __libcrux_sha3_neon_H From e757771c7f411c56c131be5b4732ce19ee8fd93d Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 08:17:25 +0000 Subject: [PATCH 262/348] refreshed c and fstar --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 38 +- .../c/internal/libcrux_mlkem_avx2.h | 44 +- .../c/internal/libcrux_mlkem_portable.h | 46 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 62 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1207 +++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1431 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 62 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 16 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 743 +++++---- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 963 ++++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 25 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 349 ++-- 44 files changed, 2635 insertions(+), 2705 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index d281f79c0..4d2c0d71b 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: e22fa84f63313933e959470afcad633146b9b207 +Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ef33e908b..94d0d4958 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __internal_libcrux_core_H @@ -75,7 +75,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_fd1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_181( uint8_t value[1568U]); /** @@ -88,7 +88,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_7d1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_a61( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -101,7 +101,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_9a1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a61( uint8_t value[3168U]); /** @@ -113,7 +113,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_5f1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_641( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_891( +uint8_t *libcrux_ml_kem_types_as_slice_f6_eb1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_681( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_011( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -159,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_fd0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_180( uint8_t value[1184U]); /** @@ -172,7 +172,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_7d0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_a60( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -185,7 +185,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_9a0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a60( uint8_t value[2400U]); /** @@ -197,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_5f0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_640( uint8_t value[1088U]); /** @@ -208,7 +208,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_890( +uint8_t *libcrux_ml_kem_types_as_slice_f6_eb0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -220,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_680( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_010( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_fd( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_18( uint8_t value[800U]); /** @@ -256,7 +256,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_7d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_a6( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -269,7 +269,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_9a( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a6( uint8_t value[1632U]); /** @@ -281,7 +281,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_5f( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_64( uint8_t value[768U]); /** @@ -292,7 +292,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_89( +uint8_t *libcrux_ml_kem_types_as_slice_f6_eb( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -349,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_68( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_01( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index d4c42f6c4..1cd3faf93 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_681(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_5f1(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ed1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_971(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_371( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_221( +void libcrux_ml_kem_ind_cca_decapsulate_dd1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_680(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_5f0(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ed0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_970(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_370( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_7a0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_220( +void libcrux_ml_kem_ind_cca_decapsulate_dd0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_68(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_5f(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_ed( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_97( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_37( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_7a( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_22( +void libcrux_ml_kem_ind_cca_decapsulate_dd( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index c9c875529..9f6de4c75 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __internal_libcrux_mlkem_portable_H @@ -23,7 +23,7 @@ extern "C" { #include "internal/libcrux_core.h" #include "internal/libcrux_sha3_internal.h" -extern const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U]; +int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i); #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / \ @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_381(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c11(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f51(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_291(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_461( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_771( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_2d1( +void libcrux_ml_kem_ind_cca_decapsulate_2c1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_380(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c10(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_f50(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_290(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_460( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_770( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_2d0( +void libcrux_ml_kem_ind_cca_decapsulate_2c0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_38(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c1(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_2d( +void libcrux_ml_kem_ind_cca_decapsulate_2c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index d4618fd84..915607633 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 0d77fa0b4..f7be648a5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index a6efa963b..333ef14b6 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_fd1( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_181( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_7d1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_a61( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_9a1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a61( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_5f1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_641( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_891( +uint8_t *libcrux_ml_kem_types_as_slice_f6_eb1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_681( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_011( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_fd0( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_180( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_7d0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_a60( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_9a0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a60( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_5f0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_640( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_890( +uint8_t *libcrux_ml_kem_types_as_slice_f6_eb0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_680( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_010( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_fd( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_18( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_7d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_a6( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_9a( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a6( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_5f( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_64( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_89( +uint8_t *libcrux_ml_kem_types_as_slice_f6_eb( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_68( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_01( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index db9cbcd51..3acddc4dd 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 99e2c495d..67d826015 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 208caa3e7..1a20f0d72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_e00( +static void decapsulate_0b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_220(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_dd0(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e00(private_key, ciphertext, ret); + decapsulate_0b0(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_3d0( +static void decapsulate_unpacked_090( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_3d0(private_key, ciphertext, ret); + decapsulate_unpacked_090(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_360( +static tuple_21 encapsulate_4a0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_370(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_7a0(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_360(uu____0, copy_of_randomness); + return encapsulate_4a0(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_c90( +static tuple_21 encapsulate_unpacked_640( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_c90( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c90(uu____0, copy_of_randomness); + return encapsulate_unpacked_640(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7e0( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7c0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ed0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_970(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7e0(copy_of_randomness); + return generate_keypair_7c0(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_5c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_cc0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5c0(copy_of_randomness); + return generate_keypair_unpacked_cc0(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_c20(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_680(public_key); +static bool validate_public_key_f10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_5f0(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_c20(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_c20(public_key.value)) { + if (validate_public_key_f10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index dfce647f1..e480630b2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 7fe221fbf..738510bf0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_531( +static void decapsulate_c91( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2d1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2c1(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_531(private_key, ciphertext, ret); + decapsulate_c91(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_451( +static void decapsulate_unpacked_fc1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_451(private_key, ciphertext, ret); + decapsulate_unpacked_fc1(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_e81( +static tuple_21 encapsulate_a41( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_461(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_771(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_e81(uu____0, copy_of_randomness); + return encapsulate_a41(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_fe1( +static tuple_21 encapsulate_unpacked_d71( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_fe1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_fe1(uu____0, copy_of_randomness); + return encapsulate_unpacked_d71(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_3d1( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_eb1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f51(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_291(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_3d1(copy_of_randomness); + return generate_keypair_eb1(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b81(uint8_t randomness[64U]) { +generate_keypair_unpacked_b41(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b81(copy_of_randomness); + return generate_keypair_unpacked_b41(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_8a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_381(public_key); +static bool validate_public_key_8c1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c11(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_8a1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_8a1(public_key.value)) { + if (validate_public_key_8c1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 9d0931253..bbc233838 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index bb87c8868..2c3cab337 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem512_H @@ -21,52 +21,28 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 / (size_t)8U) - -#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) - -#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 * LIBCRUX_ML_KEM_MLKEM512_RANK_512) - -#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) +#define LIBCRUX_ML_KEM_MLKEM512_C1_BLOCK_SIZE_512 ((size_t)320U) -#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 \ - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 ((size_t)640U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_C1_SIZE_512 + LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512) +#define LIBCRUX_ML_KEM_MLKEM512_C2_SIZE_512 ((size_t)128U) -#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512 ((size_t)768U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 + (size_t)32U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 ((size_t)800U) -#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_COEFFICIENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 ((size_t)768U) #define LIBCRUX_ML_KEM_MLKEM512_ETA1 ((size_t)3U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM512_ETA1 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA1_RANDOMNESS_SIZE ((size_t)192U) #define LIBCRUX_ML_KEM_MLKEM512_ETA2 ((size_t)2U) -#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE \ - (LIBCRUX_ML_KEM_MLKEM512_ETA2 * (size_t)64U) +#define LIBCRUX_ML_KEM_MLKEM512_ETA2_RANDOMNESS_SIZE ((size_t)128U) #define LIBCRUX_ML_KEM_MLKEM512_IMPLICIT_REJECTION_HASH_INPUT_SIZE \ - (LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE + \ - LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_CIPHERTEXT_SIZE_512) + ((size_t)800U) typedef libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_mlkem512_MlKem512Ciphertext; @@ -80,15 +56,17 @@ typedef libcrux_ml_kem_types_MlKemPrivateKey_5e typedef libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_mlkem512_MlKem512PublicKey; -#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 \ - (LIBCRUX_ML_KEM_MLKEM512_RANK_512 * \ - LIBCRUX_ML_KEM_CONSTANTS_BITS_PER_RING_ELEMENT / (size_t)8U) +#define LIBCRUX_ML_KEM_MLKEM512_RANKED_BYTES_PER_RING_ELEMENT_512 ((size_t)768U) -#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 \ - (LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_SECRET_KEY_SIZE_512 + \ - LIBCRUX_ML_KEM_MLKEM512_CPA_PKE_PUBLIC_KEY_SIZE_512 + \ - LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE + \ - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) +#define LIBCRUX_ML_KEM_MLKEM512_RANK_512 ((size_t)2U) + +#define LIBCRUX_ML_KEM_MLKEM512_SECRET_KEY_SIZE_512 ((size_t)1632U) + +#define LIBCRUX_ML_KEM_MLKEM512_T_AS_NTT_ENCODED_SIZE_512 ((size_t)768U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_U_COMPRESSION_FACTOR_512 ((size_t)10U) + +#define LIBCRUX_ML_KEM_MLKEM512_VECTOR_V_COMPRESSION_FACTOR_512 ((size_t)4U) #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 914f4c89f..34bacef60 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_0b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_22(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_dd(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_e0(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_e0(private_key, ciphertext, ret); + decapsulate_0b(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_3d( +static void decapsulate_unpacked_09( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_3d( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_3d(private_key, ciphertext, ret); + decapsulate_unpacked_09(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_36( +static tuple_ec encapsulate_4a( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_37(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_7a(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_36(uu____0, copy_of_randomness); + return encapsulate_4a(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_c9( +static tuple_ec encapsulate_unpacked_64( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_c9( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c9(uu____0, copy_of_randomness); + return encapsulate_unpacked_64(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7e( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7c( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ed(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_97(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7e(copy_of_randomness); + return generate_keypair_7c(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_5c(uint8_t randomness[64U]) { +generate_keypair_unpacked_cc(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5c(copy_of_randomness); + return generate_keypair_unpacked_cc(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_c2(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); +static bool validate_public_key_f1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_5f(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_c2(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_c2(public_key.value)) { + if (validate_public_key_f1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 5f1372e57..df78482c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e5f7091ce..051419a0b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_530( +static void decapsulate_c90( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2d0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2c0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_530( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_530(private_key, ciphertext, ret); + decapsulate_c90(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_450( +static void decapsulate_unpacked_fc0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_450( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_450(private_key, ciphertext, ret); + decapsulate_unpacked_fc0(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_e80( +static tuple_ec encapsulate_a40( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_460(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_770(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_e80(uu____0, copy_of_randomness); + return encapsulate_a40(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_fe0( +static tuple_ec encapsulate_unpacked_d70( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_fe0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_fe0(uu____0, copy_of_randomness); + return encapsulate_unpacked_d70(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_3d0( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_eb0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f50(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_290(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_3d0(copy_of_randomness); + return generate_keypair_eb0(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_b80(uint8_t randomness[64U]) { +generate_keypair_unpacked_b40(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b80(copy_of_randomness); + return generate_keypair_unpacked_b40(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_8a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_380(public_key); +static bool validate_public_key_8c0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c10(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_8a0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_8a0(public_key.value)) { + if (validate_public_key_8c0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index a013f09eb..d1650f96a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 1146a1f49..3248134f9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4da5a13f2..3a3a8b8a9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_e01( +static void decapsulate_0b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_221(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_dd1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_e01( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e01(private_key, ciphertext, ret); + decapsulate_0b1(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_3d1( +static void decapsulate_unpacked_091( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_3d1( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_3d1(private_key, ciphertext, ret); + decapsulate_unpacked_091(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_361( +static tuple_3c encapsulate_4a1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_371(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_7a1(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_361(uu____0, copy_of_randomness); + return encapsulate_4a1(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_c91( +static tuple_3c encapsulate_unpacked_641( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_c91( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c91(uu____0, copy_of_randomness); + return encapsulate_unpacked_641(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7e1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7c1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ed1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_971(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7e1(copy_of_randomness); + return generate_keypair_7c1(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_5c1(uint8_t randomness[64U]) { +generate_keypair_unpacked_cc1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5c1(copy_of_randomness); + return generate_keypair_unpacked_cc1(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_c21(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_681(public_key); +static bool validate_public_key_f11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_5f1(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_c21(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_c21(public_key.value)) { + if (validate_public_key_f11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index b14a8f627..6fdcc0131 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index d27b49ccd..fe01f4249 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_53( +static void decapsulate_c9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2d(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_2c(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_53( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_53(private_key, ciphertext, ret); + decapsulate_c9(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_45( +static void decapsulate_unpacked_fc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_45( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_45(private_key, ciphertext, ret); + decapsulate_unpacked_fc(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_e8( +static tuple_3c encapsulate_a4( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_46(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_77(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_e8(uu____0, copy_of_randomness); + return encapsulate_a4(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_fe( +static tuple_3c encapsulate_unpacked_d7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_fe( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_fe(uu____0, copy_of_randomness); + return encapsulate_unpacked_d7(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_3d( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_eb( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f5(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_29(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_3d(copy_of_randomness); + return generate_keypair_eb(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_b8(uint8_t randomness[64U]) { +generate_keypair_unpacked_b4(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b8(copy_of_randomness); + return generate_keypair_unpacked_b4(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_8a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_38(public_key); +static bool validate_public_key_8c(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c1(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_8a(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_8a(public_key.value)) { + if (validate_public_key_8c(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 7e51035b3..0c3f24150 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 2ff120732..853fdc9a5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "internal/libcrux_mlkem_avx2.h" @@ -105,22 +105,24 @@ __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { - return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); + __m256i cv = mm256_set1_epi16(constant); + return mm256_mullo_epi16(vector, cv); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i v, +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { - return mm256_and_si256(vector, mm256_set1_epi16(constant)); + __m256i cv = mm256_set1_epi16(constant); + return mm256_and_si256(vector, cv); } /** @@ -1035,7 +1037,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_db(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_5b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1063,8 +1065,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_17(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_to_reduced_ring_element_3b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1083,12 +1085,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c61( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a51( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_db();); + deserialized_pk[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1100,7 +1102,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c61( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_17(ring_element); + deserialize_to_reduced_ring_element_3b(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1113,7 +1115,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_71(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_8a(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1126,8 +1128,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_7c(__m256i vector) { - return shift_right_71(vector); +static __m256i shift_right_09_83(__m256i vector) { + return shift_right_8a(vector); } /** @@ -1136,8 +1138,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_38(__m256i a) { - __m256i t = shift_right_09_7c(a); +static __m256i to_unsigned_representative_f8(__m256i a) { + __m256i t = shift_right_09_83(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1149,13 +1151,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_36( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_38(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_f8(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1173,7 +1175,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_011( +static KRML_MUSTINLINE void serialize_secret_key_561( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1191,7 +1193,7 @@ static KRML_MUSTINLINE void serialize_secret_key_011( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_36(&re, ret0); + serialize_uncompressed_ring_element_2e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1206,14 +1208,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_851( +static KRML_MUSTINLINE void serialize_public_key_0f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_011(t_as_ntt, ret0); + serialize_secret_key_561(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1233,15 +1235,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_681(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_5f1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_c61( + deserialize_ring_elements_reduced_a51( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_851( + serialize_public_key_0f1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1282,10 +1284,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_0f1( +static void closure_411( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_db();); + ret[i] = ZERO_20_5b();); } /** @@ -1417,7 +1419,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_513( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d83( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1542,7 +1544,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_514( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d84( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1585,8 +1587,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_ce(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); +from_i16_array_20_a8(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1603,9 +1605,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d61( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_f51( int16_t s[272U]) { - return from_i16_array_20_ce( + return from_i16_array_20_a8( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1615,7 +1617,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_231( +static KRML_MUSTINLINE void sample_from_xof_ce1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1630,7 +1632,7 @@ static KRML_MUSTINLINE void sample_from_xof_231( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_513( + bool done = sample_from_uniform_distribution_next_d83( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1642,7 +1644,7 @@ static KRML_MUSTINLINE void sample_from_xof_231( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_514( + done = sample_from_uniform_distribution_next_d84( copy_of_randomness, sampled_coefficients, out); } } @@ -1651,7 +1653,7 @@ static KRML_MUSTINLINE void sample_from_xof_231( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d61(copy_of_out[i]);); + ret0[i] = closure_f51(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1663,12 +1665,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_051( +static KRML_MUSTINLINE void sample_matrix_A_d61( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_0f1(A_transpose[i]);); + closure_411(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1683,7 +1685,7 @@ static KRML_MUSTINLINE void sample_matrix_A_051( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_231(copy_of_seeds, sampled); + sample_from_xof_ce1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1777,7 +1779,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_65(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_92(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1811,7 +1813,7 @@ sample_from_binomial_distribution_2_65(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_ce( + return from_i16_array_20_a8( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1822,7 +1824,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_c5(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_2c(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1855,7 +1857,7 @@ sample_from_binomial_distribution_3_c5(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_ce( + return from_i16_array_20_a8( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1866,8 +1868,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_fd0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_65(randomness); +sample_from_binomial_distribution_200(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_92(randomness); } /** @@ -1901,7 +1903,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_40(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_de(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1912,8 +1914,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_d2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_40(b, zeta_r); +ntt_layer_int_vec_step_25(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_de(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1926,7 +1928,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_ae( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1939,9 +1941,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_ae( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_d2( + ntt_layer_int_vec_step_25( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -1956,14 +1958,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_d2( +static KRML_MUSTINLINE void ntt_at_layer_3_7a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));); } /** @@ -1972,16 +1974,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_0a( +static KRML_MUSTINLINE void ntt_at_layer_2_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } @@ -1991,20 +1992,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_7f( +static KRML_MUSTINLINE void ntt_at_layer_1_1e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } @@ -2018,7 +2016,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_52( +static KRML_MUSTINLINE void poly_barrett_reduce_20_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2034,17 +2032,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cc( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { ntt_at_layer_7_75(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d2(&zeta_i, re); - ntt_at_layer_2_0a(&zeta_i, re); - ntt_at_layer_1_7f(&zeta_i, re); - poly_barrett_reduce_20_52(re); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_7a(&zeta_i, re); + ntt_at_layer_2_0d(&zeta_i, re); + ntt_at_layer_1_1e(&zeta_i, re); + poly_barrett_reduce_20_5e(re); } /** @@ -2055,11 +2053,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3e1( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3f1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_db();); + re_as_ntt[i] = ZERO_20_5b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2074,9 +2072,9 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3e1( PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_fd0( + re_as_ntt[i0] = sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2101,25 +2099,21 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_d9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_5b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); } return out; } @@ -2134,7 +2128,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_331( +static KRML_MUSTINLINE void add_to_ring_element_20_3e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2154,7 +2148,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_03(__m256i v) { +static __m256i to_standard_domain_9a(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2169,14 +2163,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_0f( +static KRML_MUSTINLINE void add_standard_error_reduce_20_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_03(self->coefficients[j]); + to_standard_domain_9a(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2189,14 +2183,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_dc1( +static KRML_MUSTINLINE void compute_As_plus_e_b51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_db();); + result0[i] = ZERO_20_5b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2217,10 +2211,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_331(&result0[i1], &product); + ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3e1(&result0[i1], &product); } - add_standard_error_reduce_20_0f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_33(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2239,7 +2233,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_dc1( +static tuple_9b0 generate_keypair_unpacked_f11( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab1(key_generation_seed, hashed); @@ -2251,14 +2245,14 @@ static tuple_9b0 generate_keypair_unpacked_dc1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_051(ret, true, A_transpose); + sample_matrix_A_d61(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_3e1(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_3f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2270,10 +2264,10 @@ static tuple_9b0 generate_keypair_unpacked_dc1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_3e1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_3f1(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_dc1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_b51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -2325,10 +2319,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_4a1( +static void closure_511( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_db();); + ret[i] = ZERO_20_5b();); } /** @@ -2341,7 +2335,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_eb( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2378,7 +2372,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2387,18 +2381,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_dc1(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_f11(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_4a1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_511(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_eb(&ind_cpa_public_key.A[j][i1]); + clone_3a_b7(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2408,7 +2402,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a71( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_851( + serialize_public_key_0f1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -2456,17 +2450,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_a21( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_7e1( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_dc1(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_f11(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_851( + serialize_public_key_0f1( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_011(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_561(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2490,7 +2484,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_e61( +static KRML_MUSTINLINE void serialize_kem_secret_key_f61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2545,7 +2539,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ed1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_971(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2554,13 +2548,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_ed1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_a21(ind_cpa_keypair_randomness); + generate_keypair_7e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_e61( + serialize_kem_secret_key_f61( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2569,13 +2563,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_ed1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_9a0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a60(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d0( - uu____2, libcrux_ml_kem_types_from_07_fd0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a60( + uu____2, libcrux_ml_kem_types_from_07_180(copy_of_public_key)); } /** @@ -2587,10 +2581,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_db();); + error_1[i] = ZERO_20_5b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2606,7 +2600,7 @@ sample_ring_element_cbd_f11(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_fd0( + sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2655,7 +2649,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_42( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2663,13 +2657,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_42( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } @@ -2679,7 +2670,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ef( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_05( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2687,9 +2678,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_ef( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } @@ -2699,15 +2689,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_51( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_4d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); + KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( + re->coefficients[round], + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]));); } /** @@ -2717,11 +2706,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_61(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_8a(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_40(a_minus_b, zeta_r); + b = montgomery_multiply_fe_de(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2732,7 +2721,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2747,9 +2736,9 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_61( + inv_ntt_layer_int_vec_step_reduce_8a( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2764,18 +2753,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_491( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_42(&zeta_i, re); - invert_ntt_at_layer_2_ef(&zeta_i, re); - invert_ntt_at_layer_3_51(&zeta_i, re); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_52(re); + invert_ntt_at_layer_1_ad(&zeta_i, re); + invert_ntt_at_layer_2_05(&zeta_i, re); + invert_ntt_at_layer_3_4d(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_5e(re); } /** @@ -2788,7 +2777,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_8a( +static KRML_MUSTINLINE void add_error_reduce_20_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2809,14 +2798,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_c81( +static KRML_MUSTINLINE void compute_vector_u_681( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_db();); + result0[i] = ZERO_20_5b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2836,11 +2825,11 @@ static KRML_MUSTINLINE void compute_vector_u_c81( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(a_element, &r_as_ntt[j]); - add_to_ring_element_20_331(&result0[i1], &product); + ntt_multiply_20_d9(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3e1(&result0[i1], &product); } - invert_ntt_montgomery_491(&result0[i1]); - add_error_reduce_20_8a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c1(&result0[i1]); + add_error_reduce_20_bb(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2857,11 +2846,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_ed(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), - &v), - (int16_t)1665); +static __m256i decompress_1_96(__m256i vec) { + __m256i s = libcrux_ml_kem_vector_avx2_sub_09( + libcrux_ml_kem_vector_avx2_ZERO_09(), &vec); + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, + (int16_t)1665); } /** @@ -2871,8 +2860,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_f9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_then_decompress_message_f0(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2880,7 +2869,7 @@ deserialize_then_decompress_message_f9(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_ed(coefficient_compressed);); + re.coefficients[i0] = decompress_1_96(coefficient_compressed);); return re; } @@ -2895,7 +2884,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_76( +add_message_error_reduce_20_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2922,18 +2911,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_f41( +compute_ring_element_v_e51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_331(&result, &product);); - invert_ntt_montgomery_491(&result); - result = add_message_error_reduce_20_76(error_2, message, result); + ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3e1(&result, &product);); + invert_ntt_montgomery_8c1(&result); + result = add_message_error_reduce_20_58(error_2, message, result); return result; } @@ -2944,7 +2933,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d6(__m256i vector) { +compress_ciphertext_coefficient_57(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2991,8 +2980,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_a7(__m256i vector) { - return compress_ciphertext_coefficient_d6(vector); +static __m256i compress_09_63(__m256i vector) { + return compress_ciphertext_coefficient_57(vector); } /** @@ -3001,14 +2990,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_4e( +static KRML_MUSTINLINE void compress_then_serialize_10_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_a7(to_unsigned_representative_38(re->coefficients[i0])); + compress_09_63(to_unsigned_representative_f8(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3026,7 +3015,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d60(__m256i vector) { +compress_ciphertext_coefficient_570(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3073,8 +3062,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_a70(__m256i vector) { - return compress_ciphertext_coefficient_d60(vector); +static __m256i compress_09_630(__m256i vector) { + return compress_ciphertext_coefficient_570(vector); } /** @@ -3084,10 +3073,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_4e(re, uu____0); + compress_then_serialize_10_a1(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3100,7 +3089,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_4c1( +static void compress_then_serialize_u_fe1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3116,7 +3105,7 @@ static void compress_then_serialize_u_4c1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_1e(&re, ret); + compress_then_serialize_ring_element_u_51(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3129,7 +3118,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d61(__m256i vector) { +compress_ciphertext_coefficient_571(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3176,8 +3165,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_a71(__m256i vector) { - return compress_ciphertext_coefficient_d61(vector); +static __m256i compress_09_631(__m256i vector) { + return compress_ciphertext_coefficient_571(vector); } /** @@ -3186,7 +3175,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_60( +static KRML_MUSTINLINE void compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3195,7 +3184,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_60( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_a71(to_unsigned_representative_38(re.coefficients[i0])); + compress_09_631(to_unsigned_representative_f8(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3212,7 +3201,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d62(__m256i vector) { +compress_ciphertext_coefficient_572(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3259,8 +3248,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_a72(__m256i vector) { - return compress_ciphertext_coefficient_d62(vector); +static __m256i compress_09_632(__m256i vector) { + return compress_ciphertext_coefficient_572(vector); } /** @@ -3269,7 +3258,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_86( +static KRML_MUSTINLINE void compress_then_serialize_5_14( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3278,7 +3267,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_86( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_a72(to_unsigned_representative_38(re.coefficients[i0])); + compress_09_632(to_unsigned_representative_f8(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3295,9 +3284,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c7( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_60(re, out); + compress_then_serialize_4_59(re, out); } /** @@ -3317,7 +3306,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_681( +static void encrypt_unpacked_991( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3325,7 +3314,7 @@ static void encrypt_unpacked_681( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_3e1(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_3f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3335,7 +3324,7 @@ static void encrypt_unpacked_681( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_f11(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3346,28 +3335,28 @@ static void encrypt_unpacked_681( PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_fd0( + sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_c81(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_681(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f9(copy_of_message); + deserialize_then_decompress_message_f0(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f41(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e51(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4c1( + compress_then_serialize_u_fe1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_c7( + compress_then_serialize_ring_element_v_4e( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3391,7 +3380,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3418,7 +3407,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_681(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_991(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3428,7 +3417,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e1( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3449,7 +3438,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_231(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_411(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -3473,10 +3462,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_771(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_c61( + deserialize_ring_elements_reduced_a51( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -3484,7 +3473,7 @@ static void encrypt_771(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_051(ret0, false, A); + sample_matrix_A_d61(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -3518,7 +3507,7 @@ static void encrypt_771(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_681(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_991(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3533,7 +3522,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b91(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_0a1(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -3559,11 +3548,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_371( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_231( + entropy_preprocess_af_411( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -3573,7 +3562,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_371( size_t); uint8_t ret[32U]; H_a9_311(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3587,19 +3576,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_371( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_771(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_831(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_b91(shared_secret, shared_secret_array); + kdf_af_0a1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3619,7 +3608,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_73(__m256i vector) { +decompress_ciphertext_coefficient_f8(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3663,8 +3652,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_fc(__m256i vector) { - return decompress_ciphertext_coefficient_73(vector); +static __m256i decompress_ciphertext_coefficient_09_0c(__m256i vector) { + return decompress_ciphertext_coefficient_f8(vector); } /** @@ -3674,8 +3663,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_71(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_then_decompress_10_bf(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3687,7 +3676,7 @@ deserialize_then_decompress_10_71(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_fc(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0c(coefficient); } return re; } @@ -3699,7 +3688,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_730(__m256i vector) { +decompress_ciphertext_coefficient_f80(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3743,8 +3732,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_fc0(__m256i vector) { - return decompress_ciphertext_coefficient_730(vector); +static __m256i decompress_ciphertext_coefficient_09_0c0(__m256i vector) { + return decompress_ciphertext_coefficient_f80(vector); } /** @@ -3754,15 +3743,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_3f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_then_decompress_11_b5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_fc0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0c0(coefficient); } return re; } @@ -3774,8 +3763,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_55(Eurydice_slice serialized) { - return deserialize_then_decompress_10_71(serialized); +deserialize_then_decompress_ring_element_u_a4(Eurydice_slice serialized) { + return deserialize_then_decompress_10_bf(serialized); } /** @@ -3784,17 +3773,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_8b( +static KRML_MUSTINLINE void ntt_vector_u_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d2(&zeta_i, re); - ntt_at_layer_2_0a(&zeta_i, re); - ntt_at_layer_1_7f(&zeta_i, re); - poly_barrett_reduce_20_52(re); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_7a(&zeta_i, re); + ntt_at_layer_2_0d(&zeta_i, re); + ntt_at_layer_1_1e(&zeta_i, re); + poly_barrett_reduce_20_5e(re); } /** @@ -3805,12 +3794,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( +static KRML_MUSTINLINE void deserialize_then_decompress_u_fd1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_db();); + u_as_ntt[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3828,8 +3817,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_55(u_bytes); - ntt_vector_u_8b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a4(u_bytes); + ntt_vector_u_c7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3843,7 +3832,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_731(__m256i vector) { +decompress_ciphertext_coefficient_f81(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3887,8 +3876,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_fc1(__m256i vector) { - return decompress_ciphertext_coefficient_731(vector); +static __m256i decompress_ciphertext_coefficient_09_0c1(__m256i vector) { + return decompress_ciphertext_coefficient_f81(vector); } /** @@ -3898,15 +3887,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_43(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_then_decompress_4_fb(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_fc1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0c1(coefficient); } return re; } @@ -3918,7 +3907,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_732(__m256i vector) { +decompress_ciphertext_coefficient_f82(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3962,8 +3951,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_fc2(__m256i vector) { - return decompress_ciphertext_coefficient_732(vector); +static __m256i decompress_ciphertext_coefficient_09_0c2(__m256i vector) { + return decompress_ciphertext_coefficient_f82(vector); } /** @@ -3973,8 +3962,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_94(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_then_decompress_5_57(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3982,7 +3971,7 @@ deserialize_then_decompress_5_94(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_fc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_0c2(re.coefficients[i0]); } return re; } @@ -3994,8 +3983,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_80(Eurydice_slice serialized) { - return deserialize_then_decompress_4_43(serialized); +deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { + return deserialize_then_decompress_4_fb(serialized); } /** @@ -4009,7 +3998,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_87(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_55(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4031,17 +4020,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_d81( +compute_message_3d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_331(&result, &product);); - invert_ntt_montgomery_491(&result); - result = subtract_reduce_20_87(v, result); + ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3e1(&result, &product);); + invert_ntt_montgomery_8c1(&result); + result = subtract_reduce_20_55(v, result); return result; } @@ -4051,12 +4040,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_e4( +static KRML_MUSTINLINE void compress_then_serialize_message_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_38(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_f8(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4079,19 +4068,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_0e1( +static void decrypt_unpacked_691( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_a81(ciphertext, u_as_ntt); + deserialize_then_decompress_u_fd1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_80( + deserialize_then_decompress_ring_element_v_03( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_d81(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3d1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_e4(message, ret0); + compress_then_serialize_message_51(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4142,11 +4131,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_0e1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_691(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4175,7 +4164,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4186,11 +4175,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_841( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_681(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_991(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + libcrux_ml_kem_types_as_ref_ba_010(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4208,8 +4197,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_97(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_db(); +deserialize_to_uncompressed_ring_element_1d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4226,12 +4215,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_b41( +static KRML_MUSTINLINE void deserialize_secret_key_961( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_db();); + secret_as_ntt[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4243,7 +4232,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b41( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_97(secret_bytes); + deserialize_to_uncompressed_ring_element_1d(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4268,7 +4257,7 @@ with const generics static void decrypt_b21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_b41(secret_key, secret_as_ntt); + deserialize_secret_key_961(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4280,7 +4269,7 @@ static void decrypt_b21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_0e1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_691(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4306,7 +4295,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_221( +void libcrux_ml_kem_ind_cca_decapsulate_dd1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4346,7 +4335,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_221( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4356,25 +4345,23 @@ void libcrux_ml_kem_ind_cca_decapsulate_221( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_771(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_831(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b91(Eurydice_array_to_slice( + kdf_af_0a1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_b91(shared_secret0, shared_secret1); + kdf_af_0a1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + libcrux_ml_kem_types_as_ref_ba_010(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -4383,12 +4370,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c60( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a50( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_db();); + deserialized_pk[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4400,7 +4387,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_17(ring_element); + deserialize_to_reduced_ring_element_3b(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4415,7 +4402,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_010( +static KRML_MUSTINLINE void serialize_secret_key_560( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4433,7 +4420,7 @@ static KRML_MUSTINLINE void serialize_secret_key_010( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_36(&re, ret0); + serialize_uncompressed_ring_element_2e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4448,14 +4435,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_850( +static KRML_MUSTINLINE void serialize_public_key_0f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_010(t_as_ntt, ret0); + serialize_secret_key_560(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4475,15 +4462,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_680(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_5f0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_c60( + deserialize_ring_elements_reduced_a50( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_850( + serialize_public_key_0f0( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4524,10 +4511,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_0f0( +static void closure_410( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_db();); + ret[i] = ZERO_20_5b();); } /** @@ -4662,7 +4649,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_511( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d81( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4790,7 +4777,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_512( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d82( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4828,9 +4815,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d60( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_f50( int16_t s[272U]) { - return from_i16_array_20_ce( + return from_i16_array_20_a8( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4840,7 +4827,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_230( +static KRML_MUSTINLINE void sample_from_xof_ce0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4855,7 +4842,7 @@ static KRML_MUSTINLINE void sample_from_xof_230( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_511( + bool done = sample_from_uniform_distribution_next_d81( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4867,7 +4854,7 @@ static KRML_MUSTINLINE void sample_from_xof_230( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_512( + done = sample_from_uniform_distribution_next_d82( copy_of_randomness, sampled_coefficients, out); } } @@ -4876,7 +4863,7 @@ static KRML_MUSTINLINE void sample_from_xof_230( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d60(copy_of_out[i]);); + ret0[i] = closure_f50(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4888,12 +4875,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_050( +static KRML_MUSTINLINE void sample_matrix_A_d60( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_0f0(A_transpose[i]);); + closure_410(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4908,7 +4895,7 @@ static KRML_MUSTINLINE void sample_matrix_A_050( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_230(copy_of_seeds, sampled); + sample_from_xof_ce0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5006,11 +4993,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3e0( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3f0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_db();); + re_as_ntt[i] = ZERO_20_5b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5025,9 +5012,9 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3e0( PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_fd0( + re_as_ntt[i0] = sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5051,7 +5038,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_330( +static KRML_MUSTINLINE void add_to_ring_element_20_3e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5071,14 +5058,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_dc0( +static KRML_MUSTINLINE void compute_As_plus_e_b50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_db();); + result0[i] = ZERO_20_5b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5099,10 +5086,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_330(&result0[i1], &product); + ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3e0(&result0[i1], &product); } - add_standard_error_reduce_20_0f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_33(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5121,7 +5108,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_dc0( +static tuple_54 generate_keypair_unpacked_f10( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab0(key_generation_seed, hashed); @@ -5133,14 +5120,14 @@ static tuple_54 generate_keypair_unpacked_dc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_050(ret, true, A_transpose); + sample_matrix_A_d60(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_3e0(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_3f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5152,10 +5139,10 @@ static tuple_54 generate_keypair_unpacked_dc0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_3e0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_3f0(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_dc0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_b50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -5207,10 +5194,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_4a0( +static void closure_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_db();); + ret[i] = ZERO_20_5b();); } /** @@ -5240,7 +5227,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5249,18 +5236,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_dc0(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_f10(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_4a0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_510(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_eb(&ind_cpa_public_key.A[j][i1]); + clone_3a_b7(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5270,7 +5257,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a70( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_850( + serialize_public_key_0f0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5318,17 +5305,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_a20( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_7e0( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_dc0(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_f10(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_850( + serialize_public_key_0f0( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_010(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_560(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5352,7 +5339,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_e60( +static KRML_MUSTINLINE void serialize_kem_secret_key_f60( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5407,7 +5394,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ed0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_970(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5416,13 +5403,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_ed0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_a20(ind_cpa_keypair_randomness); + generate_keypair_7e0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_e60( + serialize_kem_secret_key_f60( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5431,13 +5418,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_ed0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_9a1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a61(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d1( - uu____2, libcrux_ml_kem_types_from_07_fd1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a61( + uu____2, libcrux_ml_kem_types_from_07_181(copy_of_public_key)); } /** @@ -5449,10 +5436,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_db();); + error_1[i] = ZERO_20_5b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5468,7 +5455,7 @@ sample_ring_element_cbd_f10(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_fd0( + sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5505,18 +5492,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_490( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_42(&zeta_i, re); - invert_ntt_at_layer_2_ef(&zeta_i, re); - invert_ntt_at_layer_3_51(&zeta_i, re); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_52(re); + invert_ntt_at_layer_1_ad(&zeta_i, re); + invert_ntt_at_layer_2_05(&zeta_i, re); + invert_ntt_at_layer_3_4d(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_5e(re); } /** @@ -5525,14 +5512,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_c80( +static KRML_MUSTINLINE void compute_vector_u_680( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_db();); + result0[i] = ZERO_20_5b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5552,11 +5539,11 @@ static KRML_MUSTINLINE void compute_vector_u_c80( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(a_element, &r_as_ntt[j]); - add_to_ring_element_20_330(&result0[i1], &product); + ntt_multiply_20_d9(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3e0(&result0[i1], &product); } - invert_ntt_montgomery_490(&result0[i1]); - add_error_reduce_20_8a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c0(&result0[i1]); + add_error_reduce_20_bb(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5574,18 +5561,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_f40( +compute_ring_element_v_e50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_330(&result, &product);); - invert_ntt_montgomery_490(&result); - result = add_message_error_reduce_20_76(error_2, message, result); + ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3e0(&result, &product);); + invert_ntt_montgomery_8c0(&result); + result = add_message_error_reduce_20_58(error_2, message, result); return result; } @@ -5595,14 +5582,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_dd0( +static KRML_MUSTINLINE void compress_then_serialize_11_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_a70(to_unsigned_representative_38(re->coefficients[i0])); + compress_09_630(to_unsigned_representative_f8(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5620,10 +5607,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_1e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_dd0(re, uu____0); + compress_then_serialize_11_ce0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5636,7 +5623,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_4c0( +static void compress_then_serialize_u_fe0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5652,7 +5639,7 @@ static void compress_then_serialize_u_4c0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_1e0(&re, ret); + compress_then_serialize_ring_element_u_510(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5665,9 +5652,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_c70( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_4e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_86(re, out); + compress_then_serialize_5_14(re, out); } /** @@ -5687,7 +5674,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_680( +static void encrypt_unpacked_990( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5695,7 +5682,7 @@ static void encrypt_unpacked_680( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_3e0(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_3f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5705,7 +5692,7 @@ static void encrypt_unpacked_680( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_f10(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5716,28 +5703,28 @@ static void encrypt_unpacked_680( PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_fd0( + sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_c80(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_680(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f9(copy_of_message); + deserialize_then_decompress_message_f0(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f40(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e50(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4c0( + compress_then_serialize_u_fe0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_c70( + compress_then_serialize_ring_element_v_4e0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5761,7 +5748,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5788,7 +5775,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_680(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_990(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5798,7 +5785,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e0( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5819,7 +5806,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_230(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_410(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5843,10 +5830,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_770(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_c60( + deserialize_ring_elements_reduced_a50( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5854,7 +5841,7 @@ static void encrypt_770(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_050(ret0, false, A); + sample_matrix_A_d60(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5888,7 +5875,7 @@ static void encrypt_770(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_680(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_990(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5903,7 +5890,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_b90(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_0a0(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -5929,11 +5916,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_370( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_7a0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_230( + entropy_preprocess_af_410( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5943,7 +5930,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_370( size_t); uint8_t ret[32U]; H_a9_310(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5957,19 +5944,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_370( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_770(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_830(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_b90(shared_secret, shared_secret_array); + kdf_af_0a0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5989,8 +5976,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_550(Eurydice_slice serialized) { - return deserialize_then_decompress_11_3f(serialized); +deserialize_then_decompress_ring_element_u_a40(Eurydice_slice serialized) { + return deserialize_then_decompress_11_b5(serialized); } /** @@ -5999,17 +5986,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_8b0( +static KRML_MUSTINLINE void ntt_vector_u_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d2(&zeta_i, re); - ntt_at_layer_2_0a(&zeta_i, re); - ntt_at_layer_1_7f(&zeta_i, re); - poly_barrett_reduce_20_52(re); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_7a(&zeta_i, re); + ntt_at_layer_2_0d(&zeta_i, re); + ntt_at_layer_1_1e(&zeta_i, re); + poly_barrett_reduce_20_5e(re); } /** @@ -6020,12 +6007,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( +static KRML_MUSTINLINE void deserialize_then_decompress_u_fd0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_db();); + u_as_ntt[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6043,8 +6030,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_550(u_bytes); - ntt_vector_u_8b0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a40(u_bytes); + ntt_vector_u_c70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6058,8 +6045,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { - return deserialize_then_decompress_5_94(serialized); +deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { + return deserialize_then_decompress_5_57(serialized); } /** @@ -6069,17 +6056,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_d80( +compute_message_3d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_330(&result, &product);); - invert_ntt_montgomery_490(&result); - result = subtract_reduce_20_87(v, result); + ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3e0(&result, &product);); + invert_ntt_montgomery_8c0(&result); + result = subtract_reduce_20_55(v, result); return result; } @@ -6093,19 +6080,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_0e0( +static void decrypt_unpacked_690( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_a80(ciphertext, u_as_ntt); + deserialize_then_decompress_u_fd0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_800( + deserialize_then_decompress_ring_element_v_030( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_d80(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3d0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_e4(message, ret0); + compress_then_serialize_message_51(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6144,12 +6131,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_0e0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_690(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6178,7 +6165,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6189,11 +6176,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_840( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_680(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_990(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + libcrux_ml_kem_types_as_ref_ba_011(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6210,12 +6197,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_b40( +static KRML_MUSTINLINE void deserialize_secret_key_960( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_db();); + secret_as_ntt[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6227,7 +6214,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_97(secret_bytes); + deserialize_to_uncompressed_ring_element_1d(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6252,7 +6239,7 @@ with const generics static void decrypt_b20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_b40(secret_key, secret_as_ntt); + deserialize_secret_key_960(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6264,7 +6251,7 @@ static void decrypt_b20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_0e0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_690(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6290,7 +6277,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_220( +void libcrux_ml_kem_ind_cca_decapsulate_dd0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6331,7 +6318,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_220( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6341,25 +6328,23 @@ void libcrux_ml_kem_ind_cca_decapsulate_220( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_770(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_830(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b90(Eurydice_array_to_slice( + kdf_af_0a0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_b90(shared_secret0, shared_secret1); + kdf_af_0a0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + libcrux_ml_kem_types_as_ref_ba_011(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6368,12 +6353,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c6( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_db();); + deserialized_pk[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6385,7 +6370,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_c6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_17(ring_element); + deserialize_to_reduced_ring_element_3b(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6400,7 +6385,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_01( +static KRML_MUSTINLINE void serialize_secret_key_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6418,7 +6403,7 @@ static KRML_MUSTINLINE void serialize_secret_key_01( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_36(&re, ret0); + serialize_uncompressed_ring_element_2e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6433,14 +6418,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_85( +static KRML_MUSTINLINE void serialize_public_key_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_01(t_as_ntt, ret0); + serialize_secret_key_56(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6460,15 +6445,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_68(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_5f(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_c6( + deserialize_ring_elements_reduced_a5( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_85( + serialize_public_key_0f( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6509,10 +6494,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_0f( +static void closure_41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_db();); + ret[i] = ZERO_20_5b();); } /** @@ -6641,7 +6626,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_51( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d8( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6763,7 +6748,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_510( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d80( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6801,9 +6786,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_d6( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_f5( int16_t s[272U]) { - return from_i16_array_20_ce( + return from_i16_array_20_a8( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6813,7 +6798,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_23( +static KRML_MUSTINLINE void sample_from_xof_ce( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6828,7 +6813,7 @@ static KRML_MUSTINLINE void sample_from_xof_23( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_51( + bool done = sample_from_uniform_distribution_next_d8( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6840,7 +6825,7 @@ static KRML_MUSTINLINE void sample_from_xof_23( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_510( + done = sample_from_uniform_distribution_next_d80( copy_of_randomness, sampled_coefficients, out); } } @@ -6849,7 +6834,7 @@ static KRML_MUSTINLINE void sample_from_xof_23( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d6(copy_of_out[i]);); + ret0[i] = closure_f5(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6861,12 +6846,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_05( +static KRML_MUSTINLINE void sample_matrix_A_d6( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_0f(A_transpose[i]);); + closure_41(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6881,7 +6866,7 @@ static KRML_MUSTINLINE void sample_matrix_A_05( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_23(copy_of_seeds, sampled); + sample_from_xof_ce(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6972,8 +6957,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_fd(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_c5(randomness); +sample_from_binomial_distribution_20(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_2c(randomness); } /** @@ -6984,11 +6969,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3e( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3f( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_db();); + re_as_ntt[i] = ZERO_20_5b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7003,9 +6988,9 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3e( PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_fd( + re_as_ntt[i0] = sample_from_binomial_distribution_20( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7029,7 +7014,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_33( +static KRML_MUSTINLINE void add_to_ring_element_20_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7049,14 +7034,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_dc( +static KRML_MUSTINLINE void compute_As_plus_e_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_db();); + result0[i] = ZERO_20_5b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7077,10 +7062,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_33(&result0[i1], &product); + ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3e(&result0[i1], &product); } - add_standard_error_reduce_20_0f(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_33(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7099,7 +7084,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_dc( +static tuple_4c generate_keypair_unpacked_f1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab(key_generation_seed, hashed); @@ -7111,14 +7096,14 @@ static tuple_4c generate_keypair_unpacked_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_05(ret, true, A_transpose); + sample_matrix_A_d6(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_3e(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_3f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7130,10 +7115,10 @@ static tuple_4c generate_keypair_unpacked_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_3e(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_3f(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_dc(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_b5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -7185,10 +7170,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_4a( +static void closure_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_db();); + ret[i] = ZERO_20_5b();); } /** @@ -7218,7 +7203,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7227,18 +7212,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_dc(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_f1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_4a(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_51(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_eb(&ind_cpa_public_key.A[j][i1]); + clone_3a_b7(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7248,7 +7233,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a7( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_85( + serialize_public_key_0f( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -7296,17 +7281,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_a2( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_7e( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_dc(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_f1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_85( + serialize_public_key_0f( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_01(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_56(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7330,7 +7315,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_e6( +static KRML_MUSTINLINE void serialize_kem_secret_key_f6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7384,7 +7369,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_ed( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_97( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7394,13 +7379,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_ed( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_a2(ind_cpa_keypair_randomness); + generate_keypair_7e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_e6( + serialize_kem_secret_key_f6( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7409,13 +7394,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_ed( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d( - uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a6( + uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); } /** @@ -7473,10 +7458,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_db();); + error_1[i] = ZERO_20_5b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7492,7 +7477,7 @@ sample_ring_element_cbd_f1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_fd0( + sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7529,18 +7514,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_49( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_42(&zeta_i, re); - invert_ntt_at_layer_2_ef(&zeta_i, re); - invert_ntt_at_layer_3_51(&zeta_i, re); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_52(re); + invert_ntt_at_layer_1_ad(&zeta_i, re); + invert_ntt_at_layer_2_05(&zeta_i, re); + invert_ntt_at_layer_3_4d(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_5e(re); } /** @@ -7549,14 +7534,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_c8( +static KRML_MUSTINLINE void compute_vector_u_68( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_db();); + result0[i] = ZERO_20_5b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7576,11 +7561,11 @@ static KRML_MUSTINLINE void compute_vector_u_c8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(a_element, &r_as_ntt[j]); - add_to_ring_element_20_33(&result0[i1], &product); + ntt_multiply_20_d9(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3e(&result0[i1], &product); } - invert_ntt_montgomery_49(&result0[i1]); - add_error_reduce_20_8a(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c(&result0[i1]); + add_error_reduce_20_bb(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7598,18 +7583,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_f4( +compute_ring_element_v_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_33(&result, &product);); - invert_ntt_montgomery_49(&result); - result = add_message_error_reduce_20_76(error_2, message, result); + ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3e(&result, &product);); + invert_ntt_montgomery_8c(&result); + result = add_message_error_reduce_20_58(error_2, message, result); return result; } @@ -7622,7 +7607,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_4c( +static void compress_then_serialize_u_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7638,7 +7623,7 @@ static void compress_then_serialize_u_4c( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_1e(&re, ret); + compress_then_serialize_ring_element_u_51(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7661,7 +7646,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_68( +static void encrypt_unpacked_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7669,7 +7654,7 @@ static void encrypt_unpacked_68( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_3e(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_3f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7679,7 +7664,7 @@ static void encrypt_unpacked_68( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_f1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7690,28 +7675,28 @@ static void encrypt_unpacked_68( PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_fd0( + sample_from_binomial_distribution_200( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_c8(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_68(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f9(copy_of_message); + deserialize_then_decompress_message_f0(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_f4(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e5(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_4c( + compress_then_serialize_u_fe( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_c7( + compress_then_serialize_ring_element_v_4e( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7735,7 +7720,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7762,7 +7747,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_68(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_99(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7772,7 +7757,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_3e( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7793,7 +7778,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_41(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -7817,10 +7802,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_77(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_c6( + deserialize_ring_elements_reduced_a5( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7828,7 +7813,7 @@ static void encrypt_77(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_05(ret0, false, A); + sample_matrix_A_d6(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7862,7 +7847,7 @@ static void encrypt_77(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_68(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_99(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7877,7 +7862,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_b9(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_0a(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7903,11 +7888,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_37( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_7a( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_23( + entropy_preprocess_af_41( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7917,7 +7902,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_37( size_t); uint8_t ret[32U]; H_a9_31(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7931,19 +7916,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_37( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_77(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_b9(shared_secret, shared_secret_array); + kdf_af_0a(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7964,12 +7949,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( +static KRML_MUSTINLINE void deserialize_then_decompress_u_fd( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_db();); + u_as_ntt[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7987,8 +7972,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_55(u_bytes); - ntt_vector_u_8b(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a4(u_bytes); + ntt_vector_u_c7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8002,17 +7987,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_d8( +compute_message_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_db(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_33(&result, &product);); - invert_ntt_montgomery_49(&result); - result = subtract_reduce_20_87(v, result); + ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3e(&result, &product);); + invert_ntt_montgomery_8c(&result); + result = subtract_reduce_20_55(v, result); return result; } @@ -8026,19 +8011,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_0e( +static void decrypt_unpacked_69( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_a8(ciphertext, u_as_ntt); + deserialize_then_decompress_u_fd(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_80( + deserialize_then_decompress_ring_element_v_03( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_d8(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_e4(message, ret0); + compress_then_serialize_message_51(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8077,11 +8062,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_0e(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_69(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -8110,7 +8095,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8121,11 +8106,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_84( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_68(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_99(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + libcrux_ml_kem_types_as_ref_ba_01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8142,12 +8127,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_b4( +static KRML_MUSTINLINE void deserialize_secret_key_96( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_db();); + secret_as_ntt[i] = ZERO_20_5b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8159,7 +8144,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_b4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_97(secret_bytes); + deserialize_to_uncompressed_ring_element_1d(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8184,7 +8169,7 @@ with const generics static void decrypt_b2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_b4(secret_key, secret_as_ntt); + deserialize_secret_key_96(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8196,7 +8181,7 @@ static void decrypt_b2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_0e(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_69(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8222,7 +8207,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_22( +void libcrux_ml_kem_ind_cca_decapsulate_dd( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8262,7 +8247,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_22( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8272,22 +8257,20 @@ void libcrux_ml_kem_ind_cca_decapsulate_22( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_77(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b9(Eurydice_array_to_slice((size_t)32U, + kdf_af_0a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_b9(shared_secret0, shared_secret1); + kdf_af_0a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + libcrux_ml_kem_types_as_ref_ba_01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index ea690c046..4b48ccfc8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem_avx2_H @@ -77,7 +77,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i v, +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c); __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index ed62abbb2..0294757ad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index cf42ad4d1..6c4024457 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 77dd4dd0a..9d561600e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "internal/libcrux_mlkem_portable.h" @@ -32,7 +32,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { +static const int16_t ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-1044, (int16_t)-758, (int16_t)-359, (int16_t)-1517, (int16_t)1493, (int16_t)1422, (int16_t)287, (int16_t)202, (int16_t)-171, (int16_t)622, (int16_t)1577, (int16_t)182, @@ -66,6 +66,10 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) { + return ZETAS_TIMES_MONTGOMERY_R[i]; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -873,7 +877,8 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = lhs.elements[i0] + rhs->elements[i0]; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } return lhs; } @@ -896,7 +901,8 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = lhs.elements[i0] - rhs->elements[i0]; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; } return lhs; } @@ -914,13 +920,14 @@ libcrux_ml_kem_vector_portable_sub_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = v.elements[i0] * c; + size_t uu____0 = i0; + vec.elements[uu____0] = vec.elements[uu____0] * c; } - return v; + return vec; } /** @@ -929,20 +936,20 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + vec.elements[uu____0] = vec.elements[uu____0] & c; } - return v; + return vec; } /** @@ -958,16 +965,16 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) { + if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; } } - return v; + return vec; } /** @@ -1011,9 +1018,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - vec.elements[i0] = + int16_t vi = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( vec.elements[i0]); + vec.elements[i0] = vi; } return vec; } @@ -1177,36 +1185,36 @@ int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( } KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; + vec->elements[j], zeta); + vec->elements[j] = vec->elements[i] - t; + vec->elements[i] = vec->elements[i] + t; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1223,25 +1231,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1257,22 +1265,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1286,38 +1297,38 @@ libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( } KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { + int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + vec->elements[i] = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = + vec->elements[i] + vec->elements[j]); + vec->elements[j] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1334,25 +1345,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1369,24 +1380,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1399,39 +1411,18 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, size_t j, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); + int32_t ai_bi = (int32_t)a->elements[i] * (int32_t)b->elements[i]; + int16_t aj_bj = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]); + int16_t o0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + ai_bi + (int32_t)aj_bj * (int32_t)zeta); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( (int32_t)a->elements[i] * (int32_t)b->elements[j] + @@ -2284,7 +2275,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_06(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_de(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2312,8 +2303,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_e1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_to_reduced_ring_element_32(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2334,12 +2325,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_651( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); + deserialized_pk[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2351,7 +2342,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_32(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2365,13 +2356,13 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_58(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; } - return v; + return vec; } /** @@ -2384,8 +2375,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_52(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_be(v); +shift_right_0d_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_58(v); } /** @@ -2395,10 +2386,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_83( +to_unsigned_representative_bc( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_52(a); + shift_right_0d_f1(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2411,14 +2402,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_de( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_83(re->coefficients[i0]); + to_unsigned_representative_bc(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2436,7 +2427,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_cf1( +static KRML_MUSTINLINE void serialize_secret_key_f71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2454,7 +2445,7 @@ static KRML_MUSTINLINE void serialize_secret_key_cf1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_de(&re, ret0); + serialize_uncompressed_ring_element_e7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2469,14 +2460,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_161( +static KRML_MUSTINLINE void serialize_public_key_7a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_cf1(t_as_ntt, ret0); + serialize_secret_key_f71(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2496,15 +2487,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_381(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c11(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_9d1( + deserialize_ring_elements_reduced_651( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_161( + serialize_public_key_7a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2546,10 +2537,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_fc1( +static void closure_a61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_06();); + ret[i] = ZERO_20_de();); } /** @@ -2686,7 +2677,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_853( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b23( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2798,7 +2789,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_854( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b24( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2841,8 +2832,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_a4(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); +from_i16_array_20_84(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2862,9 +2853,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_fc1( int16_t s[272U]) { - return from_i16_array_20_a4( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2875,7 +2866,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_831( +static KRML_MUSTINLINE void sample_from_xof_591( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2889,7 +2880,7 @@ static KRML_MUSTINLINE void sample_from_xof_831( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_853( + bool done = sample_from_uniform_distribution_next_b23( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2901,7 +2892,7 @@ static KRML_MUSTINLINE void sample_from_xof_831( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_854( + done = sample_from_uniform_distribution_next_b24( copy_of_randomness, sampled_coefficients, out); } } @@ -2910,7 +2901,7 @@ static KRML_MUSTINLINE void sample_from_xof_831( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_2c1(copy_of_out[i]);); + ret0[i] = closure_fc1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2923,12 +2914,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_511( +static KRML_MUSTINLINE void sample_matrix_A_931( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_fc1(A_transpose[i]);); + closure_a61(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2943,7 +2934,7 @@ static KRML_MUSTINLINE void sample_matrix_A_511( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_831(copy_of_seeds, sampled); + sample_from_xof_591(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3020,7 +3011,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_28(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3054,7 +3045,7 @@ sample_from_binomial_distribution_2_9b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_a4( + return from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3065,7 +3056,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_87(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_1e(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3098,7 +3089,7 @@ sample_from_binomial_distribution_3_87(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_a4( + return from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3109,8 +3100,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_62(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_9b(randomness); +sample_from_binomial_distribution_61(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_28(randomness); } /** @@ -3119,7 +3110,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_8d( +static KRML_MUSTINLINE void ntt_at_layer_7_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3147,7 +3138,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_ff( +montgomery_multiply_fe_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3161,12 +3152,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_f1( + ntt_layer_int_vec_step_65( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_ff(b, zeta_r); + montgomery_multiply_fe_7e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3180,7 +3171,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_be( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_07( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3193,9 +3184,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_be( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_f1( + ntt_layer_int_vec_step_65( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -3210,7 +3201,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_84( +static KRML_MUSTINLINE void ntt_at_layer_3_90( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3218,7 +3209,7 @@ static KRML_MUSTINLINE void ntt_at_layer_3_84( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0;); } @@ -3228,7 +3219,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_cd( +static KRML_MUSTINLINE void ntt_at_layer_2_95( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3236,9 +3227,8 @@ static KRML_MUSTINLINE void ntt_at_layer_2_cd( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } @@ -3248,7 +3238,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_9c( +static KRML_MUSTINLINE void ntt_at_layer_1_32( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3256,13 +3246,10 @@ static KRML_MUSTINLINE void ntt_at_layer_1_9c( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } @@ -3276,7 +3263,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_1c( +static KRML_MUSTINLINE void poly_barrett_reduce_20_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3294,17 +3281,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_99( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_8d(re); + ntt_at_layer_7_43(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_84(&zeta_i, re); - ntt_at_layer_2_cd(&zeta_i, re); - ntt_at_layer_1_9c(&zeta_i, re); - poly_barrett_reduce_20_1c(re); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_90(&zeta_i, re); + ntt_at_layer_2_95(&zeta_i, re); + ntt_at_layer_1_32(&zeta_i, re); + poly_barrett_reduce_20_f0(re); } /** @@ -3316,11 +3303,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_951( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_181( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_06();); + re_as_ntt[i] = ZERO_20_de();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3335,9 +3322,9 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_951( PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_62( + re_as_ntt[i0] = sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3362,26 +3349,22 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_71(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_73(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_de(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_multiply_0d( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); out.coefficients[i0] = uu____0; } return out; @@ -3397,7 +3380,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_581( +static KRML_MUSTINLINE void add_to_ring_element_20_171( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3422,7 +3405,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_2a( +to_standard_domain_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3438,14 +3421,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_3a( +static KRML_MUSTINLINE void add_standard_error_reduce_20_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_2a(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3460,14 +3443,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_e61( +static KRML_MUSTINLINE void compute_As_plus_e_371( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_06();); + result0[i] = ZERO_20_de();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3488,10 +3471,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_581(&result0[i1], &product); + ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_171(&result0[i1], &product); } - add_standard_error_reduce_20_3a(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_c2(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3511,7 +3494,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_e21( +static tuple_540 generate_keypair_unpacked_c01( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d01(key_generation_seed, hashed); @@ -3523,14 +3506,14 @@ static tuple_540 generate_keypair_unpacked_e21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_511(ret, true, A_transpose); + sample_matrix_A_931(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_951(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_181(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3542,10 +3525,10 @@ static tuple_540 generate_keypair_unpacked_e21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_951(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_181(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_e61(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_371(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -3598,10 +3581,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_811( +static void closure_181( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_06();); + ret[i] = ZERO_20_de();); } /** @@ -3614,7 +3597,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_c0( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3655,7 +3638,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3664,18 +3647,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_e21(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_c01(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_811(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_181(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_c0(&ind_cpa_public_key.A[j][i1]); + clone_3a_ea(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3685,7 +3668,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_161( + serialize_public_key_7a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -3734,17 +3717,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_571( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e11( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_e21(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_c01(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_161( + serialize_public_key_7a1( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_cf1(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f71(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3768,7 +3751,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_e0( +static KRML_MUSTINLINE void serialize_kem_secret_key_84( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3824,7 +3807,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f51(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_291(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3833,13 +3816,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f51(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_571(ind_cpa_keypair_randomness); + generate_keypair_e11(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_e0( + serialize_kem_secret_key_84( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3848,13 +3831,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f51(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_9a1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a61(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d1( - uu____2, libcrux_ml_kem_types_from_07_fd1(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a61( + uu____2, libcrux_ml_kem_types_from_07_181(copy_of_public_key)); } /** @@ -3867,10 +3850,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_de1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_06();); + error_1[i] = ZERO_20_de();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3886,7 +3869,7 @@ sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_62( + sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3935,7 +3918,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_a1( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_c8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3943,13 +3926,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_a1( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } @@ -3959,7 +3939,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_30( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_d9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3967,9 +3947,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_30( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } @@ -3979,7 +3958,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_ff( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_45( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3987,7 +3966,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_3_ff( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0;); } @@ -3999,7 +3978,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_e9( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4007,7 +3986,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_ff(a_minus_b, zeta_r); + b = montgomery_multiply_fe_7e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4019,7 +3998,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_d8( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4034,9 +4013,9 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_d8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_e9( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -4051,18 +4030,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_b31( +static KRML_MUSTINLINE void invert_ntt_montgomery_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a1(&zeta_i, re); - invert_ntt_at_layer_2_30(&zeta_i, re); - invert_ntt_at_layer_3_ff(&zeta_i, re); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_1c(re); + invert_ntt_at_layer_1_c8(&zeta_i, re); + invert_ntt_at_layer_2_d9(&zeta_i, re); + invert_ntt_at_layer_3_45(&zeta_i, re); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_f0(re); } /** @@ -4075,7 +4054,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_bd( +static KRML_MUSTINLINE void add_error_reduce_20_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4099,14 +4078,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_411( +static KRML_MUSTINLINE void compute_vector_u_501( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_06();); + result0[i] = ZERO_20_de();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4126,11 +4105,11 @@ static KRML_MUSTINLINE void compute_vector_u_411( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(a_element, &r_as_ntt[j]); - add_to_ring_element_20_581(&result0[i1], &product); + ntt_multiply_20_73(a_element, &r_as_ntt[j]); + add_to_ring_element_20_171(&result0[i1], &product); } - invert_ntt_montgomery_b31(&result0[i1]); - add_error_reduce_20_bd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_7e1(&result0[i1]); + add_error_reduce_20_d6(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4148,11 +4127,13 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_50(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_d0(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); + libcrux_ml_kem_vector_portable_vector_type_PortableVector s = + libcrux_ml_kem_vector_portable_sub_0d(uu____0, &vec); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665); + s, (int16_t)1665); } /** @@ -4162,8 +4143,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_8c(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_then_decompress_message_b0(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4173,7 +4154,7 @@ deserialize_then_decompress_message_8c(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_50(coefficient_compressed); + decompress_1_d0(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4189,7 +4170,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_a1( +add_message_error_reduce_20_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4219,18 +4200,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ac1( +compute_ring_element_v_cc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_581(&result, &product);); - invert_ntt_montgomery_b31(&result); - result = add_message_error_reduce_20_a1(error_2, message, result); + ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_171(&result, &product);); + invert_ntt_montgomery_7e1(&result); + result = add_message_error_reduce_20_0c(error_2, message, result); return result; } @@ -4240,7 +4221,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_3a(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4261,9 +4242,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_ab( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_3a(v); + return compress_0c(v); } /** @@ -4272,7 +4253,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_3a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4294,8 +4275,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_ab0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_3a0(v); +compress_0d_9a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0c0(v); } /** @@ -4304,14 +4285,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_1c0( +static KRML_MUSTINLINE void compress_then_serialize_11_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_ab0(to_unsigned_representative_83(re->coefficients[i0])); + compress_0d_9a0(to_unsigned_representative_bc(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4329,10 +4310,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_220( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_810( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_1c0(re, uu____0); + compress_then_serialize_11_8e0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4345,7 +4326,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_491( +static void compress_then_serialize_u_431( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4361,7 +4342,7 @@ static void compress_then_serialize_u_491( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_220(&re, ret); + compress_then_serialize_ring_element_u_810(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4373,7 +4354,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_3a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4395,8 +4376,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_ab1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_3a1(v); +compress_0d_9a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0c1(v); } /** @@ -4405,7 +4386,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_eb( +static KRML_MUSTINLINE void compress_then_serialize_4_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4414,7 +4395,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_eb( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_ab1(to_unsigned_representative_83(re.coefficients[i0])); + compress_0d_9a1(to_unsigned_representative_bc(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4430,7 +4411,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_3a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4452,8 +4433,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_ab2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_3a2(v); +compress_0d_9a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_0c2(v); } /** @@ -4462,7 +4443,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_0c( +static KRML_MUSTINLINE void compress_then_serialize_5_90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4471,7 +4452,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_0c( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_ab2(to_unsigned_representative_83(re.coefficients[i0])); + compress_0d_9a2(to_unsigned_representative_bc(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4488,9 +4469,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_780( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_0c(re, out); + compress_then_serialize_5_90(re, out); } /** @@ -4511,7 +4492,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_021( +static void encrypt_unpacked_a71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4519,7 +4500,7 @@ static void encrypt_unpacked_021( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_951(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_181(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4529,7 +4510,7 @@ static void encrypt_unpacked_021( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_231(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_de1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4540,28 +4521,28 @@ static void encrypt_unpacked_021( PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_62( + sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_411(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_501(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_8c(copy_of_message); + deserialize_then_decompress_message_b0(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ac1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_cc1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_491( + compress_then_serialize_u_431( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_780( + compress_then_serialize_ring_element_v_7a0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4586,7 +4567,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4613,7 +4594,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_021(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_a71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4623,7 +4604,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a81( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4644,7 +4625,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_14(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_fe(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4669,10 +4650,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8a1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_9d1( + deserialize_ring_elements_reduced_651( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4680,7 +4661,7 @@ static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_511(ret0, false, A); + sample_matrix_A_931(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4714,7 +4695,7 @@ static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_021(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_a71(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4729,7 +4710,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_28(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_65(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -4755,11 +4736,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_461( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_771( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_14( + entropy_preprocess_af_fe( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4769,7 +4750,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_461( size_t); uint8_t ret[32U]; H_f1_fd1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4783,19 +4764,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_461( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_891(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_691(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f1(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_28(shared_secret, shared_secret_array); + kdf_af_65(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4815,7 +4796,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a( +decompress_ciphertext_coefficient_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4840,9 +4821,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_85( +decompress_ciphertext_coefficient_0d_8f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a(v); + return decompress_ciphertext_coefficient_df(v); } /** @@ -4852,8 +4833,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_then_decompress_10_40(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4869,7 +4850,7 @@ deserialize_then_decompress_10_ad(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_85(coefficient); + decompress_ciphertext_coefficient_0d_8f(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4882,7 +4863,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a0( +decompress_ciphertext_coefficient_df0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4907,9 +4888,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_850( +decompress_ciphertext_coefficient_0d_8f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a0(v); + return decompress_ciphertext_coefficient_df0(v); } /** @@ -4919,8 +4900,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_12(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_then_decompress_11_19(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4929,7 +4910,7 @@ deserialize_then_decompress_11_12(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_850(coefficient); + decompress_ciphertext_coefficient_0d_8f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4942,8 +4923,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { - return deserialize_then_decompress_11_12(serialized); +deserialize_then_decompress_ring_element_u_120(Eurydice_slice serialized) { + return deserialize_then_decompress_11_19(serialized); } /** @@ -4952,17 +4933,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_6c0( +static KRML_MUSTINLINE void ntt_vector_u_ec0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_84(&zeta_i, re); - ntt_at_layer_2_cd(&zeta_i, re); - ntt_at_layer_1_9c(&zeta_i, re); - poly_barrett_reduce_20_1c(re); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_90(&zeta_i, re); + ntt_at_layer_2_95(&zeta_i, re); + ntt_at_layer_1_32(&zeta_i, re); + poly_barrett_reduce_20_f0(re); } /** @@ -4973,12 +4954,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_6b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_06();); + u_as_ntt[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4996,8 +4977,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); - ntt_vector_u_6c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_120(u_bytes); + ntt_vector_u_ec0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5011,7 +4992,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a1( +decompress_ciphertext_coefficient_df1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5036,9 +5017,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_851( +decompress_ciphertext_coefficient_0d_8f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a1(v); + return decompress_ciphertext_coefficient_df1(v); } /** @@ -5048,8 +5029,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_then_decompress_4_72(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5058,7 +5039,7 @@ deserialize_then_decompress_4_f0(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_851(coefficient); + decompress_ciphertext_coefficient_0d_8f1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5071,7 +5052,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a2( +decompress_ciphertext_coefficient_df2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5096,9 +5077,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_852( +decompress_ciphertext_coefficient_0d_8f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a2(v); + return decompress_ciphertext_coefficient_df2(v); } /** @@ -5108,8 +5089,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_4b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_then_decompress_5_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5118,7 +5099,7 @@ deserialize_then_decompress_5_4b(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_852(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_8f2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5131,8 +5112,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_f60(Eurydice_slice serialized) { - return deserialize_then_decompress_5_4b(serialized); +deserialize_then_decompress_ring_element_v_050(Eurydice_slice serialized) { + return deserialize_then_decompress_5_fe(serialized); } /** @@ -5146,7 +5127,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_44(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_43(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5171,17 +5152,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_311( +compute_message_521( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_581(&result, &product);); - invert_ntt_montgomery_b31(&result); - result = subtract_reduce_20_44(v, result); + ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_171(&result, &product);); + invert_ntt_montgomery_7e1(&result); + result = subtract_reduce_20_43(v, result); return result; } @@ -5191,13 +5172,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_0d( +static KRML_MUSTINLINE void compress_then_serialize_message_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_83(re.coefficients[i0]); + to_unsigned_representative_bc(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5221,19 +5202,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_f91( +static void decrypt_unpacked_791( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_6b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a31(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_f60( + deserialize_then_decompress_ring_element_v_050( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_311(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_521(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0d(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5285,12 +5266,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f91(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_791(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5319,7 +5300,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5330,11 +5311,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_021(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_a71(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + libcrux_ml_kem_types_as_ref_ba_011(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5352,8 +5333,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_ef(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_06(); +deserialize_to_uncompressed_ring_element_d9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5372,12 +5353,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_9e1( +static KRML_MUSTINLINE void deserialize_secret_key_c51( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_06();); + secret_as_ntt[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5389,7 +5370,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9e1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ef(secret_bytes); + deserialize_to_uncompressed_ring_element_d9(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5411,10 +5392,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c81(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fb1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_9e1(secret_key, secret_as_ntt); + deserialize_secret_key_c51(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5426,7 +5407,7 @@ static void decrypt_c81(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_f91(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_791(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5452,7 +5433,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_2d1( +void libcrux_ml_kem_ind_cca_decapsulate_2c1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5471,7 +5452,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c81(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fb1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5493,7 +5474,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5503,25 +5484,23 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_691(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8a1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_28(Eurydice_array_to_slice((size_t)32U, + kdf_af_65(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_28(shared_secret0, shared_secret1); + kdf_af_65(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_681(ciphertext), + libcrux_ml_kem_types_as_ref_ba_011(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5530,12 +5509,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_650( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); + deserialized_pk[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5547,7 +5526,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_32(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5562,7 +5541,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_cf0( +static KRML_MUSTINLINE void serialize_secret_key_f70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5580,7 +5559,7 @@ static KRML_MUSTINLINE void serialize_secret_key_cf0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_de(&re, ret0); + serialize_uncompressed_ring_element_e7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5595,14 +5574,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_160( +static KRML_MUSTINLINE void serialize_public_key_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_cf0(t_as_ntt, ret0); + serialize_secret_key_f70(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5622,15 +5601,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_380(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c10(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_9d0( + deserialize_ring_elements_reduced_650( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_160( + serialize_public_key_7a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5672,10 +5651,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_fc0( +static void closure_a60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_06();); + ret[i] = ZERO_20_de();); } /** @@ -5812,7 +5791,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_851( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b21( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5924,7 +5903,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_852( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b22( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5963,9 +5942,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_fc0( int16_t s[272U]) { - return from_i16_array_20_a4( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5976,7 +5955,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_830( +static KRML_MUSTINLINE void sample_from_xof_590( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5990,7 +5969,7 @@ static KRML_MUSTINLINE void sample_from_xof_830( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_851( + bool done = sample_from_uniform_distribution_next_b21( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6002,7 +5981,7 @@ static KRML_MUSTINLINE void sample_from_xof_830( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_852( + done = sample_from_uniform_distribution_next_b22( copy_of_randomness, sampled_coefficients, out); } } @@ -6011,7 +5990,7 @@ static KRML_MUSTINLINE void sample_from_xof_830( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_2c0(copy_of_out[i]);); + ret0[i] = closure_fc0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6024,12 +6003,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_510( +static KRML_MUSTINLINE void sample_matrix_A_930( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_fc0(A_transpose[i]);); + closure_a60(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6044,7 +6023,7 @@ static KRML_MUSTINLINE void sample_matrix_A_510( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_830(copy_of_seeds, sampled); + sample_from_xof_590(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6121,8 +6100,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_620(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_87(randomness); +sample_from_binomial_distribution_610(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_1e(randomness); } /** @@ -6134,11 +6113,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_950( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_180( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_06();); + re_as_ntt[i] = ZERO_20_de();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6153,9 +6132,9 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_950( PRFxN_f1_bf0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_620( + re_as_ntt[i0] = sample_from_binomial_distribution_610( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6179,7 +6158,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_580( +static KRML_MUSTINLINE void add_to_ring_element_20_170( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6203,14 +6182,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_e60( +static KRML_MUSTINLINE void compute_As_plus_e_370( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_06();); + result0[i] = ZERO_20_de();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6231,10 +6210,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_580(&result0[i1], &product); + ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_170(&result0[i1], &product); } - add_standard_error_reduce_20_3a(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_c2(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6254,7 +6233,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_e20( +static tuple_4c0 generate_keypair_unpacked_c00( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d00(key_generation_seed, hashed); @@ -6266,14 +6245,14 @@ static tuple_4c0 generate_keypair_unpacked_e20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_510(ret, true, A_transpose); + sample_matrix_A_930(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_950(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_180(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6285,10 +6264,10 @@ static tuple_4c0 generate_keypair_unpacked_e20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_950(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_180(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_e60(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_370(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -6341,10 +6320,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_810( +static void closure_180( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_06();); + ret[i] = ZERO_20_de();); } /** @@ -6375,7 +6354,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6384,18 +6363,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_e20(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_c00(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_810(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_180(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_c0(&ind_cpa_public_key.A[j][i1]); + clone_3a_ea(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6405,7 +6384,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_160( + serialize_public_key_7a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6454,17 +6433,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_570( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e10( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_e20(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_c00(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_160( + serialize_public_key_7a0( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_cf0(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f70(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6488,7 +6467,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_dd( +static KRML_MUSTINLINE void serialize_kem_secret_key_27( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6544,7 +6523,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_f50(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_290(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6553,13 +6532,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f50(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_570(ind_cpa_keypair_randomness); + generate_keypair_e10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_dd( + serialize_kem_secret_key_27( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6568,13 +6547,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f50(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d( - uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a6( + uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); } /** @@ -6619,10 +6598,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_de0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_06();); + error_1[i] = ZERO_20_de();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6638,7 +6617,7 @@ sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_62( + sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6675,18 +6654,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_b30( +static KRML_MUSTINLINE void invert_ntt_montgomery_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a1(&zeta_i, re); - invert_ntt_at_layer_2_30(&zeta_i, re); - invert_ntt_at_layer_3_ff(&zeta_i, re); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_1c(re); + invert_ntt_at_layer_1_c8(&zeta_i, re); + invert_ntt_at_layer_2_d9(&zeta_i, re); + invert_ntt_at_layer_3_45(&zeta_i, re); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_f0(re); } /** @@ -6695,14 +6674,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_410( +static KRML_MUSTINLINE void compute_vector_u_500( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_06();); + result0[i] = ZERO_20_de();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6722,11 +6701,11 @@ static KRML_MUSTINLINE void compute_vector_u_410( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(a_element, &r_as_ntt[j]); - add_to_ring_element_20_580(&result0[i1], &product); + ntt_multiply_20_73(a_element, &r_as_ntt[j]); + add_to_ring_element_20_170(&result0[i1], &product); } - invert_ntt_montgomery_b30(&result0[i1]); - add_error_reduce_20_bd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_7e0(&result0[i1]); + add_error_reduce_20_d6(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6744,18 +6723,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ac0( +compute_ring_element_v_cc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_580(&result, &product);); - invert_ntt_montgomery_b30(&result); - result = add_message_error_reduce_20_a1(error_2, message, result); + ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_170(&result, &product);); + invert_ntt_montgomery_7e0(&result); + result = add_message_error_reduce_20_0c(error_2, message, result); return result; } @@ -6765,14 +6744,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_a6( +static KRML_MUSTINLINE void compress_then_serialize_10_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_ab(to_unsigned_representative_83(re->coefficients[i0])); + compress_0d_9a(to_unsigned_representative_bc(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6790,10 +6769,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_22( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_a6(re, uu____0); + compress_then_serialize_10_8a(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6806,7 +6785,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_490( +static void compress_then_serialize_u_430( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6822,7 +6801,7 @@ static void compress_then_serialize_u_490( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_22(&re, ret); + compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6835,9 +6814,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_78( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_eb(re, out); + compress_then_serialize_4_9f(re, out); } /** @@ -6858,7 +6837,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_020( +static void encrypt_unpacked_a70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6866,7 +6845,7 @@ static void encrypt_unpacked_020( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_950(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_180(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6876,7 +6855,7 @@ static void encrypt_unpacked_020( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_230(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_de0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6887,28 +6866,28 @@ static void encrypt_unpacked_020( PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_62( + sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_410(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_500(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_8c(copy_of_message); + deserialize_then_decompress_message_b0(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ac0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_cc0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_490( + compress_then_serialize_u_430( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_78( + compress_then_serialize_ring_element_v_7a( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6933,7 +6912,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6960,7 +6939,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_020(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_a70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6970,7 +6949,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a80( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6991,7 +6970,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_60(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6d(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -7016,10 +6995,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8a0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_9d0( + deserialize_ring_elements_reduced_650( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7027,7 +7006,7 @@ static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_510(ret0, false, A); + sample_matrix_A_930(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7061,7 +7040,7 @@ static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_020(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_a70(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7076,7 +7055,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_d7(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e6(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7102,11 +7081,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_460( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_770( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_60( + entropy_preprocess_af_6d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7116,7 +7095,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_460( size_t); uint8_t ret[32U]; H_f1_fd0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7130,19 +7109,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_460( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_690(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_d7(shared_secret, shared_secret_array); + kdf_af_e6(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7162,8 +7141,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { - return deserialize_then_decompress_10_ad(serialized); +deserialize_then_decompress_ring_element_u_12(Eurydice_slice serialized) { + return deserialize_then_decompress_10_40(serialized); } /** @@ -7172,17 +7151,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_6c( +static KRML_MUSTINLINE void ntt_vector_u_ec( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_84(&zeta_i, re); - ntt_at_layer_2_cd(&zeta_i, re); - ntt_at_layer_1_9c(&zeta_i, re); - poly_barrett_reduce_20_1c(re); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_90(&zeta_i, re); + ntt_at_layer_2_95(&zeta_i, re); + ntt_at_layer_1_32(&zeta_i, re); + poly_barrett_reduce_20_f0(re); } /** @@ -7193,12 +7172,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_6b0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_06();); + u_as_ntt[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7216,8 +7195,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6b0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); - ntt_vector_u_6c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); + ntt_vector_u_ec(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7231,8 +7210,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_f6(Eurydice_slice serialized) { - return deserialize_then_decompress_4_f0(serialized); +deserialize_then_decompress_ring_element_v_05(Eurydice_slice serialized) { + return deserialize_then_decompress_4_72(serialized); } /** @@ -7242,17 +7221,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_310( +compute_message_520( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_580(&result, &product);); - invert_ntt_montgomery_b30(&result); - result = subtract_reduce_20_44(v, result); + ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_170(&result, &product);); + invert_ntt_montgomery_7e0(&result); + result = subtract_reduce_20_43(v, result); return result; } @@ -7266,19 +7245,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f90( +static void decrypt_unpacked_790( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_6b0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a30(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_f6( + deserialize_then_decompress_ring_element_v_05( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_310(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_520(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0d(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7318,11 +7297,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f90(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_790(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7351,7 +7330,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7362,11 +7341,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_020(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_a70(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + libcrux_ml_kem_types_as_ref_ba_01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7383,12 +7362,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_9e0( +static KRML_MUSTINLINE void deserialize_secret_key_c50( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_06();); + secret_as_ntt[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7400,7 +7379,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9e0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ef(secret_bytes); + deserialize_to_uncompressed_ring_element_d9(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7422,10 +7401,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c80(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fb0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_9e0(secret_key, secret_as_ntt); + deserialize_secret_key_c50(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7437,7 +7416,7 @@ static void decrypt_c80(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_f90(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_790(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7463,7 +7442,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_2d0( +void libcrux_ml_kem_ind_cca_decapsulate_2c0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7481,7 +7460,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c80(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fb0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7503,7 +7482,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7513,25 +7492,23 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_690(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8a0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_d7(Eurydice_array_to_slice((size_t)32U, + kdf_af_e6(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_d7(shared_secret0, shared_secret1); + kdf_af_e6(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_68(ciphertext), + libcrux_ml_kem_types_as_ref_ba_01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -7540,12 +7517,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_65( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_06();); + deserialized_pk[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7557,7 +7534,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_e1(ring_element); + deserialize_to_reduced_ring_element_32(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7572,7 +7549,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_cf( +static KRML_MUSTINLINE void serialize_secret_key_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7590,7 +7567,7 @@ static KRML_MUSTINLINE void serialize_secret_key_cf( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_de(&re, ret0); + serialize_uncompressed_ring_element_e7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7605,14 +7582,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_16( +static KRML_MUSTINLINE void serialize_public_key_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_cf(t_as_ntt, ret0); + serialize_secret_key_f7(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7632,15 +7609,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_38(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_9d( + deserialize_ring_elements_reduced_65( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_16( + serialize_public_key_7a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7682,10 +7659,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_fc( +static void closure_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_06();); + ret[i] = ZERO_20_de();); } /** @@ -7822,7 +7799,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_85( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b2( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7934,7 +7911,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_850( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b20( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7973,9 +7950,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_fc( int16_t s[272U]) { - return from_i16_array_20_a4( + return from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7986,7 +7963,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_83( +static KRML_MUSTINLINE void sample_from_xof_59( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8000,7 +7977,7 @@ static KRML_MUSTINLINE void sample_from_xof_83( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_85( + bool done = sample_from_uniform_distribution_next_b2( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -8012,7 +7989,7 @@ static KRML_MUSTINLINE void sample_from_xof_83( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_850( + done = sample_from_uniform_distribution_next_b20( copy_of_randomness, sampled_coefficients, out); } } @@ -8021,7 +7998,7 @@ static KRML_MUSTINLINE void sample_from_xof_83( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_2c(copy_of_out[i]);); + ret0[i] = closure_fc(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8034,12 +8011,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_51( +static KRML_MUSTINLINE void sample_matrix_A_93( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_fc(A_transpose[i]);); + closure_a6(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8054,7 +8031,7 @@ static KRML_MUSTINLINE void sample_matrix_A_51( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_83(copy_of_seeds, sampled); + sample_from_xof_59(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8133,11 +8110,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_95( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_18( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_06();); + re_as_ntt[i] = ZERO_20_de();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8152,9 +8129,9 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_95( PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_62( + re_as_ntt[i0] = sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8178,7 +8155,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_58( +static KRML_MUSTINLINE void add_to_ring_element_20_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8202,14 +8179,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_e6( +static KRML_MUSTINLINE void compute_As_plus_e_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_06();); + result0[i] = ZERO_20_de();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8230,10 +8207,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_58(&result0[i1], &product); + ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_17(&result0[i1], &product); } - add_standard_error_reduce_20_3a(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_c2(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8253,7 +8230,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_e2( +static tuple_9b generate_keypair_unpacked_c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d0(key_generation_seed, hashed); @@ -8265,14 +8242,14 @@ static tuple_9b generate_keypair_unpacked_e2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_51(ret, true, A_transpose); + sample_matrix_A_93(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_95(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_18(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8284,10 +8261,10 @@ static tuple_9b generate_keypair_unpacked_e2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_95(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_18(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_e6(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_37(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -8340,10 +8317,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_81( +static void closure_18( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_06();); + ret[i] = ZERO_20_de();); } /** @@ -8374,7 +8351,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8383,18 +8360,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_e2(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_81(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_18(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_c0(&ind_cpa_public_key.A[j][i1]); + clone_3a_ea(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8404,7 +8381,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_ec( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_16( + serialize_public_key_7a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -8453,17 +8430,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_57( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e1( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_e2(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_c0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_16( + serialize_public_key_7a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_cf(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f7(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8487,7 +8464,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_24( +static KRML_MUSTINLINE void serialize_kem_secret_key_94( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8543,7 +8520,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8552,13 +8529,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_57(ind_cpa_keypair_randomness); + generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_24( + serialize_kem_secret_key_94( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8567,13 +8544,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_9a0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a60(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d0( - uu____2, libcrux_ml_kem_types_from_07_fd0(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a60( + uu____2, libcrux_ml_kem_types_from_07_180(copy_of_public_key)); } /** @@ -8586,10 +8563,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_de(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_06();); + error_1[i] = ZERO_20_de();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8605,7 +8582,7 @@ sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_62( + sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8642,18 +8619,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_b3( +static KRML_MUSTINLINE void invert_ntt_montgomery_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_a1(&zeta_i, re); - invert_ntt_at_layer_2_30(&zeta_i, re); - invert_ntt_at_layer_3_ff(&zeta_i, re); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_d8(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_1c(re); + invert_ntt_at_layer_1_c8(&zeta_i, re); + invert_ntt_at_layer_2_d9(&zeta_i, re); + invert_ntt_at_layer_3_45(&zeta_i, re); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_f0(re); } /** @@ -8662,14 +8639,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_41( +static KRML_MUSTINLINE void compute_vector_u_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_06();); + result0[i] = ZERO_20_de();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8689,11 +8666,11 @@ static KRML_MUSTINLINE void compute_vector_u_41( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(a_element, &r_as_ntt[j]); - add_to_ring_element_20_58(&result0[i1], &product); + ntt_multiply_20_73(a_element, &r_as_ntt[j]); + add_to_ring_element_20_17(&result0[i1], &product); } - invert_ntt_montgomery_b3(&result0[i1]); - add_error_reduce_20_bd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_7e(&result0[i1]); + add_error_reduce_20_d6(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8711,18 +8688,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_ac( +compute_ring_element_v_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_58(&result, &product);); - invert_ntt_montgomery_b3(&result); - result = add_message_error_reduce_20_a1(error_2, message, result); + ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_17(&result, &product);); + invert_ntt_montgomery_7e(&result); + result = add_message_error_reduce_20_0c(error_2, message, result); return result; } @@ -8735,7 +8712,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_49( +static void compress_then_serialize_u_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8751,7 +8728,7 @@ static void compress_then_serialize_u_49( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_22(&re, ret); + compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8775,7 +8752,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_02( +static void encrypt_unpacked_a7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -8783,7 +8760,7 @@ static void encrypt_unpacked_02( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_95(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_18(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8793,7 +8770,7 @@ static void encrypt_unpacked_02( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_23(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_de(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8804,28 +8781,28 @@ static void encrypt_unpacked_02( PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_62( + sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_41(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_50(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_8c(copy_of_message); + deserialize_then_decompress_message_b0(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_ac(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_cc(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_49( + compress_then_serialize_u_43( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_78( + compress_then_serialize_ring_element_v_7a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8850,7 +8827,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8877,7 +8854,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_02(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_a7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8887,7 +8864,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a8( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8908,7 +8885,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4f(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_70(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -8933,10 +8910,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_9d( + deserialize_ring_elements_reduced_65( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8944,7 +8921,7 @@ static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_51(ret0, false, A); + sample_matrix_A_93(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -8978,7 +8955,7 @@ static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_02(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_a7(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8993,7 +8970,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_c4(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_f1(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -9019,11 +8996,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4f( + entropy_preprocess_af_70( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -9033,7 +9010,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( size_t); uint8_t ret[32U]; H_f1_fd(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9047,19 +9024,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_890(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_69(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f0(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_c4(shared_secret, shared_secret_array); + kdf_af_f1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9080,12 +9057,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_6b( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_06();); + u_as_ntt[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9103,8 +9080,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_6b( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); - ntt_vector_u_6c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); + ntt_vector_u_ec(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9118,17 +9095,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_31( +compute_message_52( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_06(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_71(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_58(&result, &product);); - invert_ntt_montgomery_b3(&result); - result = subtract_reduce_20_44(v, result); + ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_17(&result, &product);); + invert_ntt_montgomery_7e(&result); + result = subtract_reduce_20_43(v, result); return result; } @@ -9142,19 +9119,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f9( +static void decrypt_unpacked_79( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_6b(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_f6( + deserialize_then_decompress_ring_element_v_05( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_31(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_52(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_0d(message, ret0); + compress_then_serialize_message_f9(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9194,11 +9171,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f9(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_79(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -9227,7 +9204,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9238,11 +9215,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_8a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_02(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_a7(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + libcrux_ml_kem_types_as_ref_ba_010(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9259,12 +9236,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_9e( +static KRML_MUSTINLINE void deserialize_secret_key_c5( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_06();); + secret_as_ntt[i] = ZERO_20_de();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9276,7 +9253,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_9e( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_ef(secret_bytes); + deserialize_to_uncompressed_ring_element_d9(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9298,10 +9275,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c8(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_fb(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_9e(secret_key, secret_as_ntt); + deserialize_secret_key_c5(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9313,7 +9290,7 @@ static void decrypt_c8(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_f9(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_79(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9339,7 +9316,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_2d( +void libcrux_ml_kem_ind_cca_decapsulate_2c( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9357,7 +9334,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c8(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_fb(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9379,7 +9356,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9389,22 +9366,20 @@ void libcrux_ml_kem_ind_cca_decapsulate_2d( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_69(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_8a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c4(Eurydice_array_to_slice((size_t)32U, + kdf_af_f1(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_c4(shared_secret0, shared_secret1); + kdf_af_f1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_680(ciphertext), + libcrux_ml_kem_types_as_ref_ba_010(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6c345bc2b..f3c85de51 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem_portable_H @@ -162,7 +162,7 @@ libcrux_ml_kem_vector_portable_sub_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -170,11 +170,11 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -186,7 +186,7 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -329,13 +329,13 @@ int16_t libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( uint8_t coefficient_bits, uint16_t fe); void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j); + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -348,8 +348,8 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -362,7 +362,8 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -373,13 +374,13 @@ libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j); + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -392,8 +393,8 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -406,7 +407,8 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -416,28 +418,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ad456ed98..3a42178da 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 8edd52f40..07e36f873 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 3b1cdd01f..e449ed71b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b29a5ce1a..61765adc0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e9aece132..0d55aa7db 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 660c25d2e..143574be0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e22fa84f63313933e959470afcad633146b9b207 + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index f3626f04f..4d2c0d71b 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e +Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 3c65ee1cb..f66fb9aee 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_core_H @@ -218,7 +218,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_3d( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_a2( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -233,7 +233,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_fd(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_18(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -267,7 +267,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_7d(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_a6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -283,7 +283,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_9a(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_a6(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -313,7 +313,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_5f(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_64(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -330,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_89( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_eb( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -415,7 +415,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_04( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_bf( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index f5bec8622..8e6993e53 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 2144937f2..625169aa1 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem768_avx2_H @@ -132,8 +132,8 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + return libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, cv); } /** @@ -142,16 +142,16 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( - __m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); + __m256i vec, int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + return libcrux_intrinsics_avx2_mm256_and_si256(vector, cv); } /** @@ -1211,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_db(void) { +libcrux_ml_kem_polynomial_ZERO_20_5b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1240,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_55(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_02(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -1252,10 +1252,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2a( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_96( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,12 +1273,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1291,7 +1291,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_a2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_2a( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_96( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1324,8 +1324,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_40(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_9b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -1336,7 +1336,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1388,9 +1388,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_48( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b( vector); } @@ -1402,10 +1402,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_03( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_62( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1418,7 +1418,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_03( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_48( coefficient); } return re; @@ -1432,7 +1432,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d20( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1484,9 +1484,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_480( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d20( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b0( vector); } @@ -1498,10 +1498,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_74( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1509,7 +1509,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_480( coefficient); } return re; @@ -1523,9 +1523,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_30( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_03(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_62(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1540,7 +1540,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_40( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_de( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1553,9 +1553,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d2(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_25(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_40(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_de(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1569,7 +1569,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1582,9 +1582,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d2( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_25( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -1600,7 +1600,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_7a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1608,7 +1608,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d2( zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); } } @@ -1619,17 +1619,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + re->coefficients[round], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -1641,21 +1639,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_7f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_1e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + re->coefficients[round], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -1671,7 +1665,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1688,21 +1682,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_d2(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_7a(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_0d(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e(re); } /** @@ -1715,12 +1709,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_b2( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1740,9 +1734,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_b2( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_30( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_9c(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_f8(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1757,7 +1751,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d21( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1809,9 +1803,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_481( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d21( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b1( vector); } @@ -1823,10 +1817,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_7b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_7c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1834,7 +1828,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_7b( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_481( coefficient); } return re; @@ -1848,7 +1842,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d22( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1900,9 +1894,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_482( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_d22( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b2( vector); } @@ -1914,10 +1908,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1925,7 +1919,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_8c( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_2f2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_482( re.coefficients[i0]); } return re; @@ -1939,9 +1933,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bc( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_7b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_7c(serialized); } /** @@ -1956,27 +1950,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_48( +libcrux_ml_kem_polynomial_ntt_multiply_20_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_09( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); } return out; } @@ -1992,7 +1982,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_33( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2013,7 +2003,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_42( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ad( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2022,13 +2012,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_42( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -2040,7 +2027,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ef( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_05( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2049,9 +2036,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ef( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -2063,7 +2049,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_51( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_4d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2072,7 +2058,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_51( re->coefficients[round] = libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); } } @@ -2084,13 +2070,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8a(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_40(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_de(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2103,7 +2089,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2118,9 +2104,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_61( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8a( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2136,22 +2122,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ef(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_51(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ad(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_05(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_4d(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_af(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e(re); } /** @@ -2166,7 +2152,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_3d( +libcrux_ml_kem_polynomial_subtract_reduce_20_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2190,21 +2176,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_9b( +libcrux_ml_kem_matrix_compute_message_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_48(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_3d(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_6d(v, result); return result; } @@ -2215,7 +2201,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b4(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_2c(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2229,9 +2215,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_56( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_59( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_b4(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_2c(vector); } /** @@ -2242,8 +2228,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_38(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_56(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_f8(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_59(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2257,13 +2243,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_99( +libcrux_ml_kem_serialize_compress_then_serialize_message_8f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2288,20 +2274,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_82( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_b2(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_57( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bc( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_9b(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_3e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_99(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_8f(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2316,11 +2302,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_86(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_ca(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_a2(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_1d(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2332,7 +2318,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_86(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_82(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2390,9 +2376,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_4f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_7a( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -2403,10 +2389,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_17( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2427,12 +2413,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2445,7 +2431,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_17( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( ring_element); deserialized_pk[i0] = uu____0; } @@ -2462,8 +2448,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_9e(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_6c(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -2473,10 +2459,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_0f( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_41( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } } @@ -2624,7 +2610,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_51( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d8( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2758,7 +2744,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_510( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d80( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2805,9 +2791,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_ce(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_a8(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2826,8 +2812,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_d6(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_ce( +libcrux_ml_kem_sampling_sample_from_xof_closure_f5(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_a8( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2838,7 +2824,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_23( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_ce( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2855,7 +2841,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_23( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_51( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d8( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2868,7 +2854,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_23( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_510( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d80( copy_of_randomness, sampled_coefficients, out); } } @@ -2878,7 +2864,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_23( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_d6(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_f5(copy_of_out[i]); } memcpy( ret, ret0, @@ -2892,12 +2878,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_d6( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_0f(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_41(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2917,7 +2903,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_23(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_ce(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2977,8 +2963,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_e7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f9(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -3040,7 +3026,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_65( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_92( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3075,7 +3061,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_65( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_ce( + return libcrux_ml_kem_polynomial_from_i16_array_20_a8( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3087,7 +3073,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c5( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_2c( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3121,7 +3107,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c5( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_ce( + return libcrux_ml_kem_polynomial_from_i16_array_20_a8( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3133,9 +3119,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_65( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_92( randomness); } @@ -3168,20 +3154,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cc( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { libcrux_ml_kem_ntt_ntt_at_layer_7_75(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ae(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_d2(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_0a(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_7f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_52(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_7a(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_0d(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e(re); } /** @@ -3194,11 +3180,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3217,9 +3203,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_cc(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3244,8 +3230,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_27(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_0f(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -3258,11 +3244,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_f1(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3281,7 +3267,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_f1(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3336,8 +3322,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_3f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_matrix_compute_vector_u_closure_e5(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -3351,7 +3337,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_8a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_bb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3373,14 +3359,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_68( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3401,12 +3387,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_c8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_d9(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_8a(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_bb(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3425,11 +3411,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_ed(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( - libcrux_ml_kem_vector_avx2_sub_09(libcrux_ml_kem_vector_avx2_ZERO_09(), - &v), - (int16_t)1665); +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_96( + __m256i vec) { + __m256i s = libcrux_ml_kem_vector_avx2_sub_09( + libcrux_ml_kem_vector_avx2_ZERO_09(), &vec); + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, + (int16_t)1665); } /** @@ -3440,10 +3427,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3451,7 +3438,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_ed(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_96(coefficient_compressed); } return re; } @@ -3468,7 +3455,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_76( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3496,22 +3483,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_f4( +libcrux_ml_kem_matrix_compute_ring_element_v_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_db(); + libcrux_ml_kem_polynomial_ZERO_20_5b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_48(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_49(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_76( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_58( error_2, message, result); return result; } @@ -3524,7 +3511,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3579,9 +3566,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b5( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e0( vector); } @@ -3593,14 +3580,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_4e( +libcrux_ml_kem_serialize_compress_then_serialize_10_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b5( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3c( + libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3620,7 +3607,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e00( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3675,9 +3662,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b50( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e00( vector); } @@ -3689,14 +3676,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_dd( +libcrux_ml_kem_serialize_compress_then_serialize_11_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b50( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3c0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3717,10 +3704,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_1e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_4e(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_a1(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3734,7 +3721,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_4c( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3750,7 +3737,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_4c( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_1e(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_51(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3765,7 +3752,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e01( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3820,9 +3807,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b51( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e01( vector); } @@ -3834,7 +3821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_60( +libcrux_ml_kem_serialize_compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3842,8 +3829,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_60( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b51( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3c1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3862,7 +3849,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e02( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3917,9 +3904,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b52( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_ba2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e02( vector); } @@ -3931,7 +3918,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_86( +libcrux_ml_kem_serialize_compress_then_serialize_5_14( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3939,8 +3926,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_86( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_b52( - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_3c2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -3960,9 +3947,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_c7( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_60(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); } /** @@ -3983,7 +3970,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3991,7 +3978,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4001,7 +3988,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_f1( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4013,30 +4000,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_fd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_c8(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_68(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f9( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_f4( + libcrux_ml_kem_matrix_compute_ring_element_v_e5( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_4c( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fe( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_c7( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4060,12 +4047,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_77(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_83(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4073,7 +4060,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_77(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_d6(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4107,7 +4094,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_77(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_68(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_99(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4124,7 +4111,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_93( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_2c( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; @@ -4155,7 +4142,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_91( +static inline void libcrux_ml_kem_ind_cca_decapsulate_9b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4173,7 +4160,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_91( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_86(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_ca(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4197,7 +4184,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_91( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -4208,26 +4195,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_91( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_77(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_93( + libcrux_ml_kem_ind_cca_kdf_43_2c( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_93(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_2c(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -4251,10 +4236,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_43( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_39( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_91(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_9b(private_key, ciphertext, ret); } /** @@ -4268,7 +4253,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_43(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_39(private_key, ciphertext, ret); } @@ -4328,11 +4313,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_45( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_82( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4362,7 +4347,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_45( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -4374,11 +4359,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_45( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_68( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4415,10 +4400,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_d3( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_45(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2f(key_pair, ciphertext, ret); } @@ -4433,7 +4418,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_d3( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5a( private_key, ciphertext, ret); } @@ -4448,7 +4433,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_3e( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4490,11 +4475,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_37( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_c7( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_3e( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4505,7 +4490,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_37( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_89(public_key), + libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4520,20 +4505,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_37( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_77(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_93(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_2c(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4566,14 +4551,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_6c( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_82( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_37(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_7a(uu____0, copy_of_randomness); } /** @@ -4591,7 +4576,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_6c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_82( uu____0, copy_of_randomness); } @@ -4614,7 +4599,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_56( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4642,7 +4627,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_68(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_99(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4652,7 +4637,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4686,7 +4671,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_06( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_69( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4694,7 +4679,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_06( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_98( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_56( uu____0, copy_of_randomness); } @@ -4715,7 +4700,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_06( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_69( uu____0, copy_of_randomness); } @@ -4740,8 +4725,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_1b(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ef(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -4751,7 +4736,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_03( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_9a( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4769,14 +4754,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_0f( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_03( + libcrux_ml_kem_vector_traits_to_standard_domain_9a( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4791,14 +4776,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_dc( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4820,12 +4805,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_48(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_33(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_0f( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_33( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4846,7 +4831,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); @@ -4858,14 +4843,14 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_d6(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4878,12 +4863,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3e(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_dc(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_b5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; @@ -4931,14 +4916,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_36( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_38( + libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -4958,7 +4943,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_01( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4976,7 +4961,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_01( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_36(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2e(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4992,14 +4977,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_85( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_01(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_56(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5024,17 +5009,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_a2(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_7e(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_85( + libcrux_ml_kem_ind_cpa_serialize_public_key_0f( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_01(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_56(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5060,7 +5045,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_e6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5116,7 +5101,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ed(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_97(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5125,13 +5110,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_ed(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_a2(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_7e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_e6( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f6( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5140,13 +5125,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_ed(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d( - uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a6( + uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); } /** @@ -5162,12 +5147,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dc( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_90( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ed(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_97(copy_of_randomness); } /** @@ -5179,7 +5164,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dc( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_90( copy_of_randomness); } @@ -5198,9 +5183,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_1b( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_db( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_db(); + return libcrux_ml_kem_polynomial_ZERO_20_5b(); } /** @@ -5218,10 +5203,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_97( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_a8( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_db(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); } } @@ -5237,7 +5222,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_77( +libcrux_ml_kem_polynomial_clone_3a_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5262,7 +5247,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5271,7 +5256,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_dc( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5279,7 +5264,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_97(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_a8(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5287,7 +5272,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_77(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_dd(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5299,7 +5284,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_85( + libcrux_ml_kem_ind_cpa_serialize_public_key_0f( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5354,12 +5339,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_b5( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f7( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_05( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( copy_of_randomness); } @@ -5373,7 +5358,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_b5( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f7( copy_of_randomness); } @@ -5389,7 +5374,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_b4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a2( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5400,7 +5385,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_b4( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_3d(ciphertext), + libcrux_ml_kem_types_as_slice_a8_a2(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5434,7 +5419,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_910( +static inline void libcrux_ml_kem_ind_cca_decapsulate_9b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5452,7 +5437,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_910( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_86(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_ca(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5476,7 +5461,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_910( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -5487,26 +5472,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_910( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_77(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_b4( + libcrux_ml_kem_ind_cca_kdf_6c_a2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_b4(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_a2(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5534,10 +5517,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_3f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_910(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_9b0(private_key, ciphertext, ret); } /** @@ -5551,7 +5534,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_3f( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7f( private_key, ciphertext, ret); } @@ -5566,7 +5549,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_1e( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); } @@ -5591,11 +5574,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_370( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_2c( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_1e( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5606,7 +5589,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_370( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_89(public_key), + libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5621,20 +5604,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_370( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_77(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_b4(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_a2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5670,14 +5653,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_92( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_3d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_370(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_7a0(uu____0, copy_of_randomness); } /** @@ -5695,7 +5678,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_92( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_3d( uu____0, copy_of_randomness); } @@ -5708,16 +5691,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_5f( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_c6( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_85( + libcrux_ml_kem_ind_cpa_serialize_public_key_0f( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5736,9 +5719,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_f5( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_eb( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_5f(public_key); } /** @@ -5750,7 +5733,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_f5( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_eb( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index fb0b84514..bb59cfd8c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_mlkem768_portable_H @@ -113,6 +113,10 @@ static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +static KRML_MUSTINLINE int16_t libcrux_ml_kem_polynomial_get_zeta(size_t i) { + return libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[i]; +} + #define LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR ((size_t)16U) #define LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT \ @@ -965,7 +969,8 @@ libcrux_ml_kem_vector_portable_arithmetic_add( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = lhs.elements[i0] + rhs->elements[i0]; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] + rhs->elements[i0]; } return lhs; } @@ -988,7 +993,8 @@ libcrux_ml_kem_vector_portable_arithmetic_sub( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - lhs.elements[i0] = lhs.elements[i0] - rhs->elements[i0]; + size_t uu____0 = i0; + lhs.elements[uu____0] = lhs.elements[uu____0] - rhs->elements[i0]; } return lhs; } @@ -1006,13 +1012,14 @@ libcrux_ml_kem_vector_portable_sub_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = v.elements[i0] * c; + size_t uu____0 = i0; + vec.elements[uu____0] = vec.elements[uu____0] * c; } - return v; + return vec; } /** @@ -1021,20 +1028,20 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_multiply_by_constant_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { - return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(v, c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { + return libcrux_ml_kem_vector_portable_arithmetic_multiply_by_constant(vec, c); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] & c; + vec.elements[uu____0] = vec.elements[uu____0] & c; } - return v; + return vec; } /** @@ -1050,16 +1057,16 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - if (v.elements[i0] >= (int16_t)3329) { + if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; - v.elements[uu____0] = v.elements[uu____0] - (int16_t)3329; + vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; } } - return v; + return vec; } /** @@ -1112,9 +1119,10 @@ libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - vec.elements[i0] = + int16_t vi = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( vec.elements[i0]); + vec.elements[i0] = vi; } return vec; } @@ -1287,36 +1295,36 @@ libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v->elements[j], zeta); - v->elements[j] = v->elements[i] - t; - v->elements[i] = v->elements[i] + t; + vec->elements[j], zeta); + vec->elements[j] = vec->elements[i] - t; + vec->elements[i] = vec->elements[i] + t; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1333,25 +1341,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1367,22 +1375,25 @@ libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)0U, + (size_t)8U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)1U, + (size_t)9U); + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1396,38 +1407,38 @@ libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( } static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector *v, int16_t zeta, - size_t i, size_t j) { - int16_t a_minus_b = v->elements[j] - v->elements[i]; - v->elements[i] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, + int16_t zeta, size_t i, size_t j) { + int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + vec->elements[i] = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - v->elements[i] + v->elements[j]); - v->elements[j] = + vec->elements[i] + vec->elements[j]); + vec->elements[j] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1, int16_t zeta2, int16_t zeta3) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)2U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)3U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)4U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)5U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)8U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta2, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta2, (size_t)9U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)12U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)12U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta3, (size_t)13U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta3, (size_t)13U, (size_t)15U); - return v; + return vec; } /** @@ -1444,25 +1455,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta0, - int16_t zeta1) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta0, int16_t zeta1) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)0U, (size_t)4U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)1U, (size_t)5U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)2U, (size_t)6U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta0, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta0, (size_t)3U, (size_t)7U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)8U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)8U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)9U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)9U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)10U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)10U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta1, (size_t)11U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta1, (size_t)11U, (size_t)15U); - return v; + return vec; } /** @@ -1479,24 +1490,25 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t zeta) { - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)0U, + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, + int16_t zeta) { + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)0U, (size_t)8U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)1U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)1U, (size_t)9U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)2U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)2U, (size_t)10U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)3U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)3U, (size_t)11U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)4U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)4U, (size_t)12U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)5U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)5U, (size_t)13U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)6U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)6U, (size_t)14U); - libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&v, zeta, (size_t)7U, + libcrux_ml_kem_vector_portable_ntt_inv_ntt_step(&vec, zeta, (size_t)7U, (size_t)15U); - return v; + return vec; } /** @@ -1509,40 +1521,19 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, size_t j, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[i] + - (int32_t) - libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]) * - (int32_t)zeta); + int32_t ai_bi = (int32_t)a->elements[i] * (int32_t)b->elements[i]; + int16_t aj_bj = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + (int32_t)a->elements[j] * (int32_t)b->elements[j]); + int16_t o0 = + libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( + ai_bi + (int32_t)aj_bj * (int32_t)zeta); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( (int32_t)a->elements[i] * (int32_t)b->elements[j] + @@ -2490,7 +2481,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_06(void) { +libcrux_ml_kem_polynomial_ZERO_20_de(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2518,8 +2509,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3b(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_45(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -2529,10 +2520,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_41( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2551,12 +2542,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ea( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2569,7 +2560,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_41( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2601,8 +2592,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_3a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b2(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -2612,7 +2603,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2637,9 +2628,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_85( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( v); } @@ -2650,10 +2641,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_66( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2669,7 +2660,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_21( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_85( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( coefficient); re.coefficients[i0] = uu____0; } @@ -2683,7 +2674,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2708,9 +2699,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_850( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( v); } @@ -2721,10 +2712,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_fe( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_76( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2733,7 +2724,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_850( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( coefficient); re.coefficients[i0] = uu____0; } @@ -2747,9 +2738,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_4f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_79( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_21(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_66(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2764,7 +2755,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ff( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2778,12 +2769,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f1( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_65( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ff(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2797,7 +2788,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2810,9 +2801,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f1( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_65( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -2827,7 +2818,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_84( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_90( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2836,7 +2827,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_84( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } @@ -2847,7 +2838,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_95( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2856,9 +2847,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_cd( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2869,7 +2859,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_32( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2878,13 +2868,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_9c( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2899,7 +2886,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2917,21 +2904,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_0b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_fe( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_84(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_9c(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_90(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_95(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_32(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0(re); } /** @@ -2943,12 +2930,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5f( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2968,9 +2955,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5f( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_4f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_79( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_0b(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_fe(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2984,7 +2971,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3009,9 +2996,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_851( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( v); } @@ -3022,10 +3009,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_34( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_83( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3034,7 +3021,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_34( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_851( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( coefficient); re.coefficients[i0] = uu____0; } @@ -3048,7 +3035,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3073,9 +3060,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_852( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( v); } @@ -3086,10 +3073,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_65( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3098,7 +3085,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_78( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_852( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3112,9 +3099,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b0( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_34(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_83(serialized); } /** @@ -3128,28 +3115,24 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_71( +libcrux_ml_kem_polynomial_ntt_multiply_20_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_multiply_0d( &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta((size_t)64U + (size_t)4U * i0 + + (size_t)3U)); out.coefficients[i0] = uu____0; } return out; @@ -3165,7 +3148,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_58( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3189,7 +3172,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_c8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3198,13 +3181,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a1( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3215,7 +3195,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3224,9 +3204,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3237,7 +3216,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ff( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_45( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3246,7 +3225,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ff( libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); re->coefficients[round] = uu____0; } } @@ -3259,7 +3238,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3267,7 +3246,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ff(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3280,7 +3259,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3295,9 +3274,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; libcrux_ml_kem_vector_portable_vector_type_PortableVector y = uu____0.snd; re->coefficients[j] = x; @@ -3312,22 +3291,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_a1(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_30(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_ff(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_c8(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d9(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_45(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_d8(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0(re); } /** @@ -3341,7 +3320,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_fa( +libcrux_ml_kem_polynomial_subtract_reduce_20_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3367,21 +3346,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_8d( +libcrux_ml_kem_matrix_compute_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_71(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_fa(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_71(v, result); return result; } @@ -3391,14 +3370,14 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_be( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_arithmetic_shift_right_58( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = v.elements[i0] >> (uint32_t)(int32_t)15; + vec.elements[i0] = vec.elements[i0] >> (uint32_t)(int32_t)15; } - return v; + return vec; } /** @@ -3411,9 +3390,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_52( +libcrux_ml_kem_vector_portable_shift_right_0d_f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_be(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_58(v); } /** @@ -3423,10 +3402,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_83( +libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_52(a); + libcrux_ml_kem_vector_portable_shift_right_0d_f1(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3440,13 +3419,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d2( +libcrux_ml_kem_serialize_compress_then_serialize_message_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_83( + libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3472,20 +3451,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5f(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_b0( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_8d(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d2(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_5e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3499,11 +3478,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_03(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_4b(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_55(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ea(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3515,7 +3494,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_03(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_89(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3569,9 +3548,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_6f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_64( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -3581,10 +3560,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_32( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3606,12 +3585,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3624,7 +3603,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_32( ring_element); deserialized_pk[i0] = uu____0; } @@ -3641,8 +3620,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_d1(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_24(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -3652,10 +3631,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_fc( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_a6( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } } @@ -3804,7 +3783,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_85( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b2( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3926,7 +3905,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_850( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b20( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3972,9 +3951,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_a4(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3995,8 +3974,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_a4( +libcrux_ml_kem_sampling_sample_from_xof_closure_fc(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4007,7 +3986,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_83( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4024,7 +4003,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_83( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_85( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b2( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4037,7 +4016,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_83( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_850( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b20( copy_of_randomness, sampled_coefficients, out); } } @@ -4047,7 +4026,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_2c(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_fc(copy_of_out[i]); } memcpy( ret, ret0, @@ -4061,12 +4040,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_51( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_93( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_fc(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_a6(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4086,7 +4065,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_51( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_83(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_59(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4146,8 +4125,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_75(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_8d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -4190,7 +4169,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_28( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4225,7 +4204,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_a4( + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4236,7 +4215,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_87( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_1e( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4270,7 +4249,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_87( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_a4( + return libcrux_ml_kem_polynomial_from_i16_array_20_84( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4281,9 +4260,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_9b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_28( randomness); } @@ -4293,7 +4272,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_8d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4316,20 +4295,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_99( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_8d(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_43(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_be(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_84(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_cd(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_9c(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_1c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_90(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_95(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_32(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0(re); } /** @@ -4342,11 +4321,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4365,9 +4344,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_99(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4392,8 +4371,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_fc(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -4406,11 +4385,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_23(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4429,7 +4408,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_23(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4481,8 +4460,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_92(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_matrix_compute_vector_u_closure_9e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -4495,7 +4474,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_bd( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4519,14 +4498,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_41( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4547,12 +4526,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_41( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_71(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_73(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_bd(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_d6(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4571,12 +4550,14 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_50( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_traits_decompress_1_d0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); + libcrux_ml_kem_vector_portable_vector_type_PortableVector s = + libcrux_ml_kem_vector_portable_sub_0d(uu____0, &vec); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &v), (int16_t)1665); + s, (int16_t)1665); } /** @@ -4586,10 +4567,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4599,7 +4580,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_50(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_d0(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4616,7 +4597,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_a1( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4646,22 +4627,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_ac( +libcrux_ml_kem_matrix_compute_ring_element_v_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_06(); + libcrux_ml_kem_polynomial_ZERO_20_de(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_71(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b3(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_a1( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0c( error_2, message, result); return result; } @@ -4672,7 +4653,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_3a( +libcrux_ml_kem_vector_portable_compress_compress_0c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4695,9 +4676,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_ab( +libcrux_ml_kem_vector_portable_compress_0d_9a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_3a(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c(v); } /** @@ -4707,15 +4688,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_a6( +libcrux_ml_kem_serialize_compress_then_serialize_10_8a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_ab( - libcrux_ml_kem_vector_traits_to_unsigned_representative_83( + libcrux_ml_kem_vector_portable_compress_0d_9a( + libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4733,7 +4714,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_3a0( +libcrux_ml_kem_vector_portable_compress_compress_0c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4756,9 +4737,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_ab0( +libcrux_ml_kem_vector_portable_compress_0d_9a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_3a0(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c0(v); } /** @@ -4768,15 +4749,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_1c( +libcrux_ml_kem_serialize_compress_then_serialize_11_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_ab0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_83( + libcrux_ml_kem_vector_portable_compress_0d_9a0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4796,10 +4777,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_22( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a6(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_8a(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4812,7 +4793,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_49( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4828,7 +4809,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_49( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_22(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4841,7 +4822,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_3a1( +libcrux_ml_kem_vector_portable_compress_compress_0c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4864,9 +4845,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_ab1( +libcrux_ml_kem_vector_portable_compress_0d_9a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_3a1(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c1(v); } /** @@ -4876,7 +4857,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_eb( +libcrux_ml_kem_serialize_compress_then_serialize_4_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4885,8 +4866,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_eb( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_ab1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_83( + libcrux_ml_kem_vector_portable_compress_0d_9a1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4903,7 +4884,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_3a2( +libcrux_ml_kem_vector_portable_compress_compress_0c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4926,9 +4907,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_ab2( +libcrux_ml_kem_vector_portable_compress_0d_9a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_3a2(v); + return libcrux_ml_kem_vector_portable_compress_compress_0c2(v); } /** @@ -4938,7 +4919,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_0c( +libcrux_ml_kem_serialize_compress_then_serialize_5_90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4947,8 +4928,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_0c( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_ab2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_83( + libcrux_ml_kem_vector_portable_compress_0d_9a2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4967,9 +4948,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_eb(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_9f(re, out); } /** @@ -4990,7 +4971,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4998,7 +4979,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5008,7 +4989,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_23( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5020,30 +5001,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_62( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_41(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_50(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_8c( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_ac( + libcrux_ml_kem_matrix_compute_ring_element_v_cc( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_49( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_78( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5067,12 +5048,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_69(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_8a(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5080,7 +5061,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_69(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_51(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_93(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5114,7 +5095,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_69(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5130,7 +5111,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_77( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; @@ -5160,7 +5141,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_32( +static inline void libcrux_ml_kem_ind_cca_decapsulate_55( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5178,7 +5159,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_32( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_03(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_4b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5202,7 +5183,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_32( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -5213,26 +5194,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_32( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_69(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_8a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_bc( + libcrux_ml_kem_ind_cca_kdf_43_77( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_bc(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_77(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -5256,10 +5235,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b4( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_32(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_55(private_key, ciphertext, ret); } /** @@ -5272,7 +5251,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b4( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b4( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a2( private_key, ciphertext, ret); } @@ -5332,11 +5311,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ef( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_89( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5366,7 +5345,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ef( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -5378,11 +5357,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ef( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5418,10 +5397,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a0( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_54( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_ef(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_61(key_pair, ciphertext, ret); } @@ -5435,7 +5414,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a0( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_a0( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_54( private_key, ciphertext, ret); } @@ -5449,7 +5428,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5489,11 +5468,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_b2( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5504,7 +5483,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_89(public_key), + libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5519,20 +5498,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_46( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_69(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_8a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_bc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_77(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5564,14 +5543,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_05( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_7c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_46(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_77(uu____0, copy_of_randomness); } /** @@ -5588,7 +5567,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_05( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_7c( uu____0, copy_of_randomness); } @@ -5611,7 +5590,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_29( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5639,7 +5618,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_29( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5649,7 +5628,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_29( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5682,7 +5661,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_8c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5690,7 +5669,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_29( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_80( uu____0, copy_of_randomness); } @@ -5710,7 +5689,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_8c( uu____0, copy_of_randomness); } @@ -5734,8 +5713,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_54(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_30(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -5745,7 +5724,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_2a( +libcrux_ml_kem_vector_traits_to_standard_domain_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5762,7 +5741,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_3a( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5770,7 +5749,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_3a( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_2a( + libcrux_ml_kem_vector_traits_to_standard_domain_bf( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5786,14 +5765,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_e6( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5815,12 +5794,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_71(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_58(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_3a( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_c2( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5841,7 +5820,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); @@ -5853,14 +5832,14 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_51(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_93(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5873,12 +5852,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_95(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_e6(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_37(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; @@ -5925,14 +5904,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_de( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_83( + libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5951,7 +5930,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5969,7 +5948,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cf( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_de(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_e7(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5984,14 +5963,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_16( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_cf(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_f7(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6016,17 +5995,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_57(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_16( + libcrux_ml_kem_ind_cpa_serialize_public_key_7a( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_cf(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_f7(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6051,7 +6030,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_24( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_94( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6107,7 +6086,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6116,13 +6095,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_57(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_24( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_94( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6131,13 +6110,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_f5(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_9a(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_7d( - uu____2, libcrux_ml_kem_types_from_07_fd(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_a6( + uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); } /** @@ -6153,12 +6132,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_3d( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_eb( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_f5(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_29(copy_of_randomness); } /** @@ -6169,7 +6148,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_3d( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_eb( copy_of_randomness); } @@ -6188,9 +6167,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_a8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_5d( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_06(); + return libcrux_ml_kem_polynomial_ZERO_20_de(); } /** @@ -6208,10 +6187,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_62( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_43( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_06(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); } } @@ -6226,7 +6205,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_49( +libcrux_ml_kem_polynomial_clone_3a_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6254,7 +6233,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6263,7 +6242,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e2( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6271,7 +6250,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_62(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_43(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6279,7 +6258,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_49(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6291,7 +6270,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_16( + libcrux_ml_kem_ind_cpa_serialize_public_key_7a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6345,12 +6324,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_49( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_29( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( copy_of_randomness); } @@ -6363,7 +6342,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_b1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_49( copy_of_randomness); } @@ -6378,7 +6357,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_9a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6389,7 +6368,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_9a( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_3d(ciphertext), + libcrux_ml_kem_types_as_slice_a8_a2(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6422,7 +6401,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_320( +static inline void libcrux_ml_kem_ind_cca_decapsulate_550( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6440,7 +6419,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_320( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_03(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_4b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6464,7 +6443,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_320( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -6475,26 +6454,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_320( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_69(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_8a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_9a( + libcrux_ml_kem_ind_cca_kdf_6c_57( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_9a(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_04(ciphertext), + libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); - uint8_t result[32U]; - memcpy(result, shared_secret, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** @@ -6522,10 +6499,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bf( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_320(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_550(private_key, ciphertext, ret); } /** @@ -6538,7 +6515,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_f1( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bf( private_key, ciphertext, ret); } @@ -6552,7 +6529,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_e3( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_d6( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); } @@ -6576,11 +6553,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_460( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_770( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_e3( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_d6( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6591,7 +6568,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_460( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_89(public_key), + libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6606,20 +6583,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_460( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_89(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_69(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_8a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_5f(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_9a(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6655,14 +6632,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_da( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_0d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_460(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_770(uu____0, copy_of_randomness); } /** @@ -6679,7 +6656,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_da( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_0d( uu____0, copy_of_randomness); } @@ -6691,16 +6668,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_38( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c1( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_16( + libcrux_ml_kem_ind_cpa_serialize_public_key_7a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6718,9 +6695,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8a( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8c( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_38(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_c1(public_key); } /** @@ -6731,7 +6708,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8a( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8a( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8c( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 813b03472..99d581eaf 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index bfb4a7a70..4b2865ef7 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 0437f70f9852da6f075ceaffcad7df5621a91b1e + * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index fd9edcef5..e8aa9060c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -9,6 +9,11 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +let get_zeta (i: usize) = + let result:i16 = v_ZETAS_TIMES_MONTGOMERY_R.[ i ] in + let _:Prims.unit = admit () (* Panic freedom *) in + result + let impl_1__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -301,22 +306,10 @@ let impl_1__ntt_multiply #FStar.Tactics.Typeclasses.solve (self.f_coefficients.[ i ] <: v_Vector) (rhs.f_coefficients.[ i ] <: v_Vector) - (v_ZETAS_TIMES_MONTGOMERY_R.[ sz 64 +! (sz 4 *! i <: usize) <: usize ] <: i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 - <: - usize ] - <: - i16) - (v_ZETAS_TIMES_MONTGOMERY_R.[ (sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 - <: - usize ] - <: - i16) + (get_zeta (sz 64 +! (sz 4 *! i <: usize) <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 1 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 2 <: usize) <: i16) + (get_zeta ((sz 64 +! (sz 4 *! i <: usize) <: usize) +! sz 3 <: usize) <: i16) <: v_Vector) <: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index a4e8f753d..94e119b51 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -105,7 +105,7 @@ let montgomery_reduce_element (value: i32) = assert (v value < pow2 31); assert (v value / pow2 16 < pow2 15); assert (v value_high == (v value / pow2 16) @% pow2 16); - assert ((v value / pow2 16) < pow2 15 ==> (v value / pow2 16) @% pow2 16 == (v value / pow2 16)); + Spec.Utils.lemma_div_at_percent (v value) (pow2 16); assert (v value_high == (v value / pow2 16)); assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 169 value_high); assert (Spec.Utils.is_i16b 3328 value_high) @@ -170,41 +170,52 @@ let montgomery_multiply_fe_by_fer (fe fer: i16) = #pop-options -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 150" let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun lhs temp_1_ -> + (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:usize = temp_1_ in - true) + let i:usize = i in + (forall j. + j < v i ==> + (Seq.index lhs.f_elements j) == + (Seq.index v__lhs0.f_elements j) +! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let i:usize = i in - { - lhs with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - i16) + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + lhs with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + lhs) + in + let _:Prims.unit = + Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( +! ) v__lhs0.f_elements rhs.f_elements) in lhs #pop-options +#push-options "--z3rlimit 150" + let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -213,12 +224,24 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - Seq.length vec.f_elements == Seq.length v__vec0.f_elements /\ - (forall j. j >= v i ==> Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j))) + (forall j. + j < v i ==> + (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j) /\ + v (Seq.index vec.f_elements j) % 3329 == (v (Seq.index v__vec0.f_elements j) % 3329) + )) /\ + (forall j. + j >= v i ==> + (Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j /\ + Spec.Utils.is_i16b 28296 (Seq.index vec.f_elements j)))) vec (fun vec i -> let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in + let vi:i16 = + barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -227,79 +250,95 @@ let barrett_reduce (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVe Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (barrett_reduce_element (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ - i ] - <: - i16) - <: - i16) + vi } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (v (mk_int #usize_inttype (v i + 1)) == v i + 1); + assert (forall j. j < v i ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)); + assert (Spec.Utils.is_i16b 3328 vi); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements (v i))); + assert (forall j. j < v i + 1 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements j)) + in vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in - let _:Prims.unit = admit () (* Panic freedom *) in - result + vec + +#pop-options let bitwise_and_with_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) &. c <: i16) + (forall j. j < v i ==> Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j &. c) + ) /\ (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j) + ) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) &. c + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x &. c) v__vec0.f_elements) + in + vec -let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - Seq.length v.f_elements == Seq.length v__vec0.f_elements) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (forall j. + j < v i ==> + Seq.index vec.f_elements j == + (let x = Seq.index v__vec0.f_elements j in + if x >=. 3329s then x -! 3329s else x)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in if - (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s <: bool + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >=. 3329s + <: + bool then { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! 3329s <: i16) <: @@ -307,9 +346,13 @@ let cond_subtract_3329_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portabl } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - else v) + else vec) + in + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements + (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) v__vec0.f_elements) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -354,101 +397,119 @@ let montgomery_multiply_by_constant #pop-options -#push-options "--admit_smt_queries true" - -let multiply_by_constant (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) *! c <: i16) + (forall j. + j < v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j) *! c) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) *! c + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - v - -#pop-options + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x *! c) v__vec0.f_elements) + in + vec -let shift_right (v_SHIFT_BY: i32) (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +let shift_right (v_SHIFT_BY: i32) (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >>! v_SHIFT_BY - <: - i16) + (forall j. + j < v i ==> + Seq.index vec.f_elements j == (Seq.index v__vec0.f_elements j >>! v_SHIFT_BY)) /\ + (forall j. j >= v i ==> Seq.index vec.f_elements j == Seq.index v__vec0.f_elements j)) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + vec with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) >>! + v_SHIFT_BY + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + vec) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:Prims.unit = admit () (* Panic freedom *) in - result - -#push-options "--admit_smt_queries true" + let _:Prims.unit = + Seq.lemma_eq_intro vec.f_elements + (Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) v__vec0.f_elements) + in + vec let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let v__lhs0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun lhs temp_1_ -> + (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in - let _:usize = temp_1_ in - true) + let i:usize = i in + (forall j. + j < v i ==> + (Seq.index lhs.f_elements j) == + (Seq.index v__lhs0.f_elements j) -! (Seq.index rhs.f_elements j)) /\ + (forall j. j >= v i ==> (Seq.index lhs.f_elements j) == (Seq.index v__lhs0.f_elements j))) lhs (fun lhs i -> let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = lhs in let i:usize = i in - { - lhs with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! - (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - i16) + let lhs:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + lhs with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize lhs + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + ((lhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! + (rhs.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + lhs) + in + let _:Prims.unit = + Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( -! ) v__lhs0.f_elements rhs.f_elements) in lhs - -#pop-options From 35b79f33c6e037cb63dc5bd4e2d40e63b75be3e5 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 13 Sep 2024 10:45:56 +0200 Subject: [PATCH 263/348] fixed spec utils --- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index b44ac897e..2a3c73427 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -169,7 +169,10 @@ let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= - assert ((v/p) < 0); assert (m - p == v/p) ) - else () + else ( + assert ((v / p) @% p == (v / p) % p); + assert ((v / p) < p) + ) #push-options "--z3rlimit 1200 --split_queries always" val lemma_mont_red_i32 (x:i32): Lemma From c67b8d8e936dced3a007f802d30c70ea2374910c Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 13 Sep 2024 11:38:40 +0200 Subject: [PATCH 264/348] polished proofs --- .../proofs/fstar/spec/Spec.Utils.fst | 46 +++++++++---------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 2a3c73427..d5ac486e0 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -139,10 +139,15 @@ val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : is_i16b (b1 + b2) (n1 +! n2))) let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () + +let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): + Lemma (v @% p == v) = () + val lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) (ensures (range (v n1 - v n2) i16_inttype /\ - is_i16b (b1 + b2) (n1 -. n2))) + is_i16b (b1 + b2) (n1 -. n2) /\ + v (n1 -. n2) == v n1 - v n2)) let lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) = () let mont_mul_red_i16 (x:i16) (y:i16) : i16= @@ -164,17 +169,8 @@ let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): Lemma ((v / p) @% p == v / p) = - let m = (v / p) % p in - if m >= p/2 then( - assert ((v/p) < 0); - assert (m - p == v/p) - ) - else ( - assert ((v / p) @% p == (v / p) % p); - assert ((v / p) < p) - ) - -#push-options "--z3rlimit 1200 --split_queries always" + lemma_range_at_percent (v/p) p + val lemma_mont_red_i32 (x:i32): Lemma (requires (is_i32b (3328 * pow2 16) x)) (ensures ( @@ -182,7 +178,7 @@ val lemma_mont_red_i32 (x:i32): Lemma is_i16b (3328 + 1665) result /\ (is_i32b (3328 * 3328) x ==> is_i16b 3328 result) /\ v result % 3329 == (v x * 169) % 3329)) - + let lemma_mont_red_i32 (x:i32) = let vlow = cast x <: i16 in assert (v vlow == v x @% pow2 16); @@ -192,14 +188,17 @@ let lemma_mont_red_i32 (x:i32) = assert (v k_times_modulus == (v k * 3329)); let c = cast (k_times_modulus >>! 16l) <: i16 in assert (v c == (((v k * 3329) / pow2 16) @% pow2 16)); + lemma_div_at_percent (v k * 3329) (pow2 16); assert (v c == (((v k * 3329) / pow2 16))); assert (is_i16b 1665 c); let vhigh = cast (x >>! 16l) <: i16 in + lemma_div_at_percent (v x) (pow2 16); assert (v vhigh == v x / pow2 16); assert (is_i16b 3328 vhigh); assert (is_i32b (3328 * 3328) x ==> is_i16b 169 vhigh); let result = vhigh -. c in - assert (v result = (v vhigh - v c) @% pow2 16); + lemma_sub_i16b 3328 1665 vhigh c; + assert (is_i16b (3328 + 1665) result); assert (v result = v vhigh - v c); assert (is_i16b (3328 + 1665) result); assert (is_i32b (3328 * 3328) x ==> is_i16b 3328 result); @@ -238,14 +237,12 @@ let lemma_mont_red_i32 (x:i32) = (((v x - v k_times_modulus) / pow2 16) * pow2 16 * 169) % 3329; ( == ) { Math.Lemmas.lemma_div_exact (v x - v k_times_modulus) (pow2 16) } ((v x - v k_times_modulus) * 169) % 3329; - ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } - ((v x * 169) - ((v k @% pow2 16) * 3329 * 169)) % 3329; - ( == ) { Math.Lemmas.lemma_mod_sub (v x * 169) 3329 ((v k @% pow2 16) * 169) } + ( == ) { assert (v k_times_modulus == v k * 3329) } + ((v x * 169) - (v k * 3329 * 169)) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub (v x * 169) 3329 (v k * 169) } (v x * 169) % 3329; } -#pop-options -#push-options "--z3rlimit 800 --split_queries always" val lemma_mont_mul_red_i16 (x y:i16): Lemma (requires (is_i16b 3328 y)) (ensures ( @@ -266,11 +263,13 @@ let lemma_mont_mul_red_i16 (x y:i16) = assert (v c == (((v k * 3329) / pow2 16))); assert (is_i16b 1665 c); let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in - assert (v vhigh == (((prod) @% pow2 32) / pow2 16) @% pow2 16); lemma_mul_intb (pow2 15) 3328 (v x) (v y); + assert (v x @% pow2 32 == v x); + assert (v y @% pow2 32 == v y); + assert (v ((cast x <: i32) *. (cast y <: i32)) == (v x * v y) @% pow2 32); + assert (v vhigh == (((prod) @% pow2 32) / pow2 16) @% pow2 16); assert_norm (pow2 15 * 3328 < pow2 31); - assert (prod < pow2 31 /\ prod > - pow2 31); - assert (prod @% pow2 32 == prod); + lemma_range_at_percent prod (pow2 32); assert (v vhigh == (prod / pow2 16) @% pow2 16); lemma_div_at_percent prod (pow2 16); assert (v vhigh == prod / pow2 16); @@ -278,7 +277,6 @@ let lemma_mont_mul_red_i16 (x y:i16) = let result = vhigh -. c in lemma_sub_i16b 1664 1665 vhigh c; assert (is_i16b 3329 result); - assert (v result = (v vhigh - v c) @% pow2 16); assert (v result = v vhigh - v c); calc ( == ) { v k_times_modulus % pow2 16; @@ -318,4 +316,4 @@ let lemma_mont_mul_red_i16 (x y:i16) = ( == ) { Math.Lemmas.lemma_mod_sub ((prod) * 169) 3329 (v k * 169)} ((prod) * 169) % 3329; } -#pop-options + From 1ac1f2827a88379644d4c9164addd3c34f77bdec Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 10:54:50 +0000 Subject: [PATCH 265/348] arith --- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 28 +++++++++++-------- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 19 ++++++++----- 2 files changed, 28 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index a629007bb..60fe5e57d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -16,10 +16,11 @@ val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map2 ( +! ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) + forall i. + i < 16 ==> + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) i) == + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) + + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -42,9 +43,11 @@ val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (con (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map_array (fun x -> x *. constant) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + forall i. + i < 16 ==> + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) i) == + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) i) * v constant) + ) val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -63,15 +66,16 @@ val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15) - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) = + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map2 ( -! ) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs)) + forall i. + i < 16 ==> + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) i) == + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) - + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) /// See Section 3.2 of the implementation notes document for an explanation /// of this code. diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 1c36a8be8..2f77aa0b9 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -6,18 +6,22 @@ use super::*; #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map2 (+!) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result) i) == + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) + + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_add_epi16(lhs, rhs) } #[inline(always)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) = + Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map2 (-!) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result) i) == + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) - + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { mm256_sub_epi16(lhs, rhs) } @@ -26,8 +30,9 @@ pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) i) * v constant)"))] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result) i) == + (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) i) * v constant)"))] pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { let cv = mm256_set1_epi16(constant); let result = mm256_mullo_epi16(vector, cv); From 3a99b2e1b7502152e3baa9110db92d21d403b231 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 13 Sep 2024 14:33:10 +0200 Subject: [PATCH 266/348] avx2 arithmetic propagate --- .../Libcrux_intrinsics.Avx2_extract.fsti | 8 ++- libcrux-intrinsics/src/avx2_extract.rs | 8 ++- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 43 +++++++++++++-- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 36 +++---------- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 54 +++++++++++++------ 6 files changed, 98 insertions(+), 53 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index be7c21496..75b714960 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -4,10 +4,14 @@ open Core open FStar.Mul unfold type t_Vec128 = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) + let get_lane128 (v:t_Vec128) (i:nat{i < 8}) = + Seq.index (vec128_as_i16x8 v) i unfold type t_Vec256 = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) + let get_lane (v:t_Vec256) (i:nat{i < 16}) = + Seq.index (vec256_as_i16x16 v) i val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index f129fec45..39ebd4e99 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -8,7 +8,9 @@ #[hax_lib::fstar::replace( interface, "unfold type $:{Vec256} = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16)" + val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) + let get_lane (v:t_Vec256) (i:nat{i < 16}) = + Seq.index (vec256_as_i16x16 v) i" )] pub struct Vec256(u8); @@ -17,7 +19,9 @@ pub struct Vec256(u8); #[hax_lib::fstar::replace( interface, "unfold type $:{Vec128} = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)" + val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) + let get_lane128 (v:t_Vec128) (i:nat{i < 8}) = + Seq.index (vec128_as_i16x8 v) i" )] pub struct Vec128(u8); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 0a7990597..0a1241797 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -3,8 +3,21 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic open Core open FStar.Mul +let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i)))) + (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) + v (get_lane rhs i)))) + [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = () + let add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 lhs rhs + in + let _:Prims.unit = + assert (forall i. get_lane result i == get_lane lhs i +. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) + v (get_lane rhs i)) + in + result let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = let cv:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -20,6 +33,12 @@ let bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) in result +let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16): Lemma + (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c))) + (ensures (v (mul_mod (get_lane lhs i) c) == + (v (get_lane lhs i) * v c))) + [SMTPat (v (mul_mod (get_lane lhs i) c))] = () + let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = let cv:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant @@ -28,10 +47,15 @@ let multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (con Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector cv in let _:Prims.unit = - Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) + Seq.lemma_eq_intro (vec256_as_i16x16 result) (Spec.Utils.map_array (fun x -> x *. constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) in + let _:Prims.unit = + assert (forall i. get_lane result i == get_lane vector i *. constant); + assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant); + assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant) + in result let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = @@ -45,8 +69,21 @@ let shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec in result +let lemma_sub_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i)))) + (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) - v (get_lane rhs i)))) + [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = () + let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 lhs rhs + in + let _:Prims.unit = + assert (forall i. get_lane result i == get_lane lhs i -. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) - v (get_lane rhs i)) + in + result let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 60fe5e57d..3c1740a25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -5,22 +5,17 @@ open FStar.Mul let v_BARRETT_MULTIPLIER: i16 = 20159s +open Libcrux_intrinsics.Avx2_extract + val add (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 (requires forall i. - i < 16 ==> - Spec.Utils.is_intb (pow2 15) - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) + - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - forall i. - i < 16 ==> - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) i) == - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) + - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) + forall i. i < 16 ==> v (get_lane result i) == (v (get_lane lhs i) + v (get_lane rhs i))) val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -35,19 +30,11 @@ val bitwise_and_with_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) val multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 (requires - forall i. - i < 16 ==> - Spec.Utils.is_intb (pow2 31) - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) i) * v constant) - ) + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane vector i) * v constant)) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - forall i. - i < 16 ==> - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) i) == - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector) i) * v constant) - ) + forall i. i < 16 ==> v (get_lane result i) == (v (get_lane vector i) * v constant)) val shift_right (v_SHIFT_BY: i32) (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -64,18 +51,11 @@ val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 (requires forall i. - i < 16 ==> - Spec.Utils.is_intb (pow2 15) - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) - - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i))) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - forall i. - i < 16 ==> - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) i) == - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 lhs) i) - - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 rhs) i))) + forall i. i < 16 ==> v (get_lane result i) == (v (get_lane lhs i) - v (get_lane rhs i))) /// See Section 3.2 of the implementation notes document for an explanation /// of this code. diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index d5ac486e0..7e224b5d5 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -115,7 +115,7 @@ let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 val lemma_mul_intb (b1 b2: nat) (n1 n2: int) : Lemma (requires (is_intb b1 n1 /\ is_intb b2 n2)) (ensures (is_intb (b1 * b2) (n1 * n2))) -let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = () +let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = () val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 2f77aa0b9..a9f2e5474 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,42 +3,62 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] +#[hax_lib::fstar::before(interface,"open Libcrux_intrinsics.Avx2_extract")] +#[hax_lib::fstar::before(" +let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i)))) + (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) + v (get_lane rhs i)))) + [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) + - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) + v (get_lane $rhs i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result) i) == - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) + - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] + v (get_lane $result i) == (v (get_lane $lhs i) + v (get_lane $rhs i))"))] pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { - mm256_add_epi16(lhs, rhs) + let result = mm256_add_epi16(lhs, rhs); + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane lhs i +. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) + v (get_lane rhs i))"); + result } #[inline(always)] +#[hax_lib::fstar::before(" +let lemma_sub_i (lhs rhs: t_Vec256) (i:nat): Lemma + (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i)))) + (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) == + (v (get_lane lhs i) - v (get_lane rhs i)))) + [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) - - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) - v (get_lane $rhs i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result) i) == - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $lhs) i) - - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $rhs) i))"))] + v (get_lane $result i) == (v (get_lane $lhs i) - v (get_lane $rhs i))"))] pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { - mm256_sub_epi16(lhs, rhs) + let result = mm256_sub_epi16(lhs, rhs); + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane lhs i -. get_lane rhs i); + assert (forall i. v (get_lane result i) == v (get_lane lhs i) - v (get_lane rhs i))"); + result } #[inline(always)] +#[hax_lib::fstar::before(" +let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16): Lemma + (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c))) + (ensures (v (mul_mod (get_lane lhs i) c) == + (v (get_lane lhs i) * v c))) + [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()")] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 31) (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) i) * - v constant)"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $vector i) * v constant)"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> - v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result) i) == - (v (Seq.index (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector) i) * v constant)"))] + v (get_lane $result i) == (v (get_lane $vector i) * v constant)"))] pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { let cv = mm256_set1_epi16(constant); let result = mm256_mullo_epi16(vector, cv); - hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + hax_lib::fstar!("Seq.lemma_eq_intro (vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane vector i *. constant); + assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant); + assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant)"); result } From 0058af27a0dc368126bceba88d94fa117073f956 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 13:11:24 +0000 Subject: [PATCH 267/348] rlimit --- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 7e224b5d5..c431a03ad 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -140,8 +140,10 @@ val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () +#push-options "--z3rlimit 250" let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): Lemma (v @% p == v) = () +#pop-options val lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) @@ -164,8 +166,10 @@ let mont_red_i32 (x:i32) : i16 = let vhigh = cast (x >>! 16l) <: i16 in vhigh -. k_times_modulus +#push-options "--z3rlimit 250" let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): Lemma ((v @% p) % p == v % p) = () +#pop-options let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): Lemma ((v / p) @% p == v / p) = From fcd536f91e387d899304f1c961d8ec3523298438 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 13:23:47 +0000 Subject: [PATCH 268/348] poly --- .../proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst | 1 + libcrux-ml-kem/src/polynomial.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index e8aa9060c..72684a2fa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -199,6 +199,7 @@ let impl_1__add_to_ring_element Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (self rhs: t_PolynomialRingElement v_Vector) = + let _:Prims.unit = admit () in let self:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #v_Vector (self.f_coefficients <: t_Slice v_Vector) <: usize) diff --git a/libcrux-ml-kem/src/polynomial.rs b/libcrux-ml-kem/src/polynomial.rs index 820337303..17b168d1d 100644 --- a/libcrux-ml-kem/src/polynomial.rs +++ b/libcrux-ml-kem/src/polynomial.rs @@ -65,6 +65,7 @@ impl PolynomialRingElement { /// sum of their constituent coefficients. #[inline(always)] pub(crate) fn add_to_ring_element(&mut self, rhs: &Self) { + hax_lib::fstar!("admit ()"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..self.coefficients.len() { From 8e8d461aa79abc54b5bfba1311271ef7737d6a92 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 13 Sep 2024 15:30:58 +0200 Subject: [PATCH 269/348] refresh --- .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti | 9 +++++++-- .../fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti | 9 +++++++-- .../fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti | 9 +++++++-- libcrux-ml-kem/src/vector/avx2.rs | 4 ++++ libcrux-ml-kem/src/vector/portable.rs | 4 ++++ libcrux-ml-kem/src/vector/traits.rs | 5 ++--- 6 files changed, 31 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 28e3c4446..77c9631d5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -550,10 +550,15 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector); - f_rej_sample_pre = (fun (input: t_Slice u8) (output: t_Slice i16) -> true); + f_rej_sample_pre + = + (fun (input: t_Slice u8) (output: t_Slice i16) -> + (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 output <: usize) =. sz 16); f_rej_sample_post = - (fun (input: t_Slice u8) (output: t_Slice i16) (out1: (t_Slice i16 & usize)) -> true); + (fun (input: t_Slice u8) (output: t_Slice i16) (output_future, result: (t_Slice i16 & usize)) -> + Seq.length output_future == Seq.length output /\ v result <= 16); f_rej_sample = fun (input: t_Slice u8) (output: t_Slice i16) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index d05fb62fd..b9a1e903f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -610,10 +610,15 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); - f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> true); + f_rej_sample_pre + = + (fun (a: t_Slice u8) (out: t_Slice i16) -> + (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 out <: usize) =. sz 16); f_rej_sample_post = - (fun (a: t_Slice u8) (out: t_Slice i16) (out2: (t_Slice i16 & usize)) -> true); + (fun (a: t_Slice u8) (out: t_Slice i16) (out_future, result: (t_Slice i16 & usize)) -> + Seq.length out_future == Seq.length out /\ v result <= 16); f_rej_sample = fun (a: t_Slice u8) (out: t_Slice i16) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 62ae55dbe..d2927fe8a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -323,13 +323,18 @@ class t_Operations (v_Self: Type0) = { {pred ==> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (f_repr result)}; f_deserialize_12_:x0: t_Slice u8 -> Prims.Pure v_Self (f_deserialize_12_pre x0) (fun result -> f_deserialize_12_post x0 result); - f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 -> pred: Type0{true ==> pred}; + f_rej_sample_pre:a: t_Slice u8 -> out: t_Slice i16 + -> pred: + Type0 + { (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 out <: usize) =. sz 16 ==> + pred }; f_rej_sample_post:a: t_Slice u8 -> out: t_Slice i16 -> x: (t_Slice i16 & usize) -> pred: Type0 { pred ==> (let out_future, result:(t_Slice i16 & usize) = x in - Seq.length out_future == Seq.length out /\ range (v result + 255) usize_inttype) }; + Seq.length out_future == Seq.length out /\ v result <= 16) }; f_rej_sample:x0: t_Slice u8 -> x1: t_Slice i16 -> Prims.Pure (t_Slice i16 & usize) (f_rej_sample_pre x0 x1) diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 6b5dfdef4..44b2f3db5 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -315,6 +315,10 @@ impl Operations for SIMD256Vector { } } + #[requires(input.len() == 24 && output.len() == 16)] + #[ensures(|result| + fstar!("Seq.length $output_future == Seq.length $output /\\ v $result <= 16") + )] fn rej_sample(input: &[u8], output: &mut [i16]) -> usize { sampling::rejection_sample(input, output) } diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 13eda81be..48878ef70 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -226,6 +226,10 @@ impl Operations for PortableVector { deserialize_12(a) } + #[requires(a.len() == 24 && out.len() == 16)] + #[ensures(|result| + fstar!("Seq.length $out_future == Seq.length $out /\\ v $result <= 16") + )] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize { rej_sample(a, out) } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 4deaa67e8..6512d0792 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -137,10 +137,9 @@ pub trait Operations: Copy + Clone + Repr { #[ensures(|result| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (f_repr $result)"))] fn deserialize_12(a: &[u8]) -> Self; - #[requires(true)] + #[requires(a.len() == 24 && out.len() == 16)] #[ensures(|result| - fstar!("Seq.length $out_future == Seq.length $out /\\ - range (v $result + 255) usize_inttype") + fstar!("Seq.length $out_future == Seq.length $out /\\ v $result <= 16") )] fn rej_sample(a: &[u8], out: &mut [i16]) -> usize; } From 4f229b2f6a45c78e6d2d9a05c832b4df6472fdb8 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 13 Sep 2024 15:40:04 +0200 Subject: [PATCH 270/348] spec rlimit --- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index c431a03ad..bd62f52cd 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -47,7 +47,7 @@ let lemma_bitand_properties #t (x:int_t t) : Lemma ((x &. ones) == x /\ (x &. mk_int #t 0) == mk_int #t 0 /\ (ones #t &. x) == x /\ (mk_int #t 0 &. x) == mk_int #t 0) = logand_lemma #t x x -#push-options "--z3rlimit 200" +#push-options "--z3rlimit 250" let flatten #t #n (#m: usize {range (v n * v m) usize_inttype}) (x: t_Array (t_Array t m) n) @@ -112,10 +112,22 @@ let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i3 let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 +#push-options "--z3rlimit 200" val lemma_mul_intb (b1 b2: nat) (n1 n2: int) : Lemma (requires (is_intb b1 n1 /\ is_intb b2 n2)) (ensures (is_intb (b1 * b2) (n1 * n2))) -let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = () +let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = + if n1 = 0 || n2 = 0 + then () + else + let open FStar.Math.Lemmas in + lemma_abs_bound n1 b1; + lemma_abs_bound n2 b2; + lemma_abs_mul n1 n2; + lemma_mult_le_left (abs n1) (abs n2) b2; + lemma_mult_le_right b2 (abs n1) b1; + lemma_abs_bound (n1 * n2) (b1 * b2) +#pop-options val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) From 149d519a91d457094c13fe27483cf88f40f0814c Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 13 Sep 2024 15:25:17 +0000 Subject: [PATCH 271/348] wip --- .../fstar/extraction/Libcrux_ml_kem.Serialize.fst | 4 ++++ .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 4 ++++ .../Libcrux_ml_kem.Vector.Avx2.Sampling.fsti | 9 ++++++++- .../extraction/Libcrux_ml_kem.Vector.Avx2.fsti | 7 ++++--- .../Libcrux_ml_kem.Vector.Portable.Arithmetic.fst | 10 +++++++--- ...Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti | 7 ++++--- .../Libcrux_ml_kem.Vector.Portable.Sampling.fst | 4 ++++ .../Libcrux_ml_kem.Vector.Portable.Sampling.fsti | 9 ++++++++- .../Libcrux_ml_kem.Vector.Portable.fsti | 13 ++++++++++--- .../extraction/Libcrux_ml_kem.Vector.Traits.fsti | 7 ++++--- libcrux-ml-kem/src/serialize.rs | 1 + libcrux-ml-kem/src/vector/avx2.rs | 6 +++--- libcrux-ml-kem/src/vector/avx2/sampling.rs | 5 +++++ libcrux-ml-kem/src/vector/portable.rs | 8 +++++--- libcrux-ml-kem/src/vector/portable/arithmetic.rs | 15 +++++++++------ libcrux-ml-kem/src/vector/portable/sampling.rs | 5 +++++ libcrux-ml-kem/src/vector/traits.rs | 6 +++--- 17 files changed, 88 insertions(+), 32 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 0be3acd59..4ded6119b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -593,6 +593,8 @@ let deserialize_then_decompress_5_ in re +#push-options "--admit_smt_queries true" + let deserialize_then_decompress_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -645,6 +647,8 @@ let deserialize_then_decompress_message in re +#pop-options + let deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index a85e363da..03a0012e0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Avx2.Sampling open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS @@ -91,3 +93,5 @@ let rejection_sample (input: t_Slice u8) (output: t_Slice i16) = sampled_count +! (cast (Core.Num.impl__u8__count_ones (good.[ sz 1 ] <: u8) <: u32) <: usize) in output, hax_temp_output <: (t_Slice i16 & usize) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti index 361ba6196..3f9eff193 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -4,4 +4,11 @@ open Core open FStar.Mul val rejection_sample (input: t_Slice u8) (output: t_Slice i16) - : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16 & usize) + (requires + (Core.Slice.impl__len #u8 input <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 output <: usize) =. sz 16) + (ensures + fun temp_0_ -> + let output_future, res:(t_Slice i16 & usize) = temp_0_ in + Seq.length output_future == Seq.length output /\ v res <= 16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 77c9631d5..836d4d2ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -77,7 +77,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr lhs) i) + v (Seq.index (impl.f_repr rhs) i))); f_add_post = @@ -97,7 +97,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (lhs: t_SIMD256Vector) (rhs: t_SIMD256Vector) -> forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr lhs) i) - v (Seq.index (impl.f_repr rhs) i))); f_sub_post = @@ -115,7 +115,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_multiply_by_constant_pre = (fun (vec: t_SIMD256Vector) (c: i16) -> - forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index (impl.f_repr vec) i) * v c)); + forall i. + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr vec) i) * v c)); f_multiply_by_constant_post = (fun (vec: t_SIMD256Vector) (c: i16) (result: t_SIMD256Vector) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 94e119b51..1c997ea2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -208,7 +208,9 @@ let add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = lhs) in let _:Prims.unit = - Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( +! ) v__lhs0.f_elements rhs.f_elements) + assert (forall i. + v (Seq.index lhs.f_elements i) == + v (Seq.index v__lhs0.f_elements i) + v (Seq.index rhs.f_elements i)) in lhs @@ -430,7 +432,7 @@ let multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Port vec) in let _:Prims.unit = - Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> x *! c) v__vec0.f_elements) + assert (forall i. v (Seq.index vec.f_elements i) == v (Seq.index v__vec0.f_elements i) * v c) in vec @@ -510,6 +512,8 @@ let sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = lhs) in let _:Prims.unit = - Seq.lemma_eq_intro lhs.f_elements (Spec.Utils.map2 ( -! ) v__lhs0.f_elements rhs.f_elements) + assert (forall i. + v (Seq.index lhs.f_elements i) == + v (Seq.index v__lhs0.f_elements i) - v (Seq.index rhs.f_elements i)) in lhs diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 79bed8506..e58a62cb3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -73,7 +73,7 @@ val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (requires forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))) (ensures fun result -> @@ -125,7 +125,8 @@ val montgomery_multiply_by_constant val multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index vec.f_elements i) * v c)) + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index vec.f_elements i) * v c) + ) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -146,7 +147,7 @@ val sub (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (requires forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))) (ensures fun result -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index aec49a64f..a96ed3aee 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Portable.Sampling open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let rej_sample (a: t_Slice u8) (result: t_Slice i16) = let sampled:usize = sz 0 in let result, sampled:(t_Slice i16 & usize) = @@ -40,3 +42,5 @@ let rej_sample (a: t_Slice u8) (result: t_Slice i16) = in let hax_temp_output:usize = sampled in result, hax_temp_output <: (t_Slice i16 & usize) + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti index fc5f15276..bc900ff73 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti @@ -4,4 +4,11 @@ open Core open FStar.Mul val rej_sample (a: t_Slice u8) (result: t_Slice i16) - : Prims.Pure (t_Slice i16 & usize) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16 & usize) + (requires + (Core.Slice.impl__len #u8 a <: usize) =. sz 24 && + (Core.Slice.impl__len #i16 result <: usize) =. sz 16) + (ensures + fun temp_0_ -> + let result_future, res:(t_Slice i16 & usize) = temp_0_ in + Seq.length result_future == Seq.length result /\ v res <= 16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index b9a1e903f..b9a819909 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -75,7 +75,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -> forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index lhs.f_elements i) + v (Seq.index rhs.f_elements i))); f_add_post = @@ -103,7 +103,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -> forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index lhs.f_elements i) - v (Seq.index rhs.f_elements i))); f_sub_post = @@ -126,7 +126,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_multiply_by_constant_pre = (fun (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) -> - forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index vec.f_elements i) * v c)); + forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index vec.f_elements i) * v c) + ); f_multiply_by_constant_post = (fun @@ -475,6 +476,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_1_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = + assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) + in let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a); f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); @@ -502,6 +506,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_serialize_4_ = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + let _:Prims.unit = + assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) + in let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a); f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index d2927fe8a..d37142331 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -47,7 +47,7 @@ class t_Operations (v_Self: Type0) = { Type0 { (forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr lhs) i) + v (Seq.index (f_repr rhs) i))) ==> pred }; f_add_post:lhs: v_Self -> rhs: v_Self -> result: v_Self @@ -65,7 +65,7 @@ class t_Operations (v_Self: Type0) = { Type0 { (forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr lhs) i) - v (Seq.index (f_repr rhs) i))) ==> pred }; f_sub_post:lhs: v_Self -> rhs: v_Self -> result: v_Self @@ -81,7 +81,8 @@ class t_Operations (v_Self: Type0) = { f_multiply_by_constant_pre:vec: v_Self -> c: i16 -> pred: Type0 - { (forall i. i < 16 ==> Spec.Utils.is_intb (pow2 31) (v (Seq.index (f_repr vec) i) * v c)) ==> + { (forall i. + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr vec) i) * v c)) ==> pred }; f_multiply_by_constant_post:vec: v_Self -> c: i16 -> result: v_Self -> pred: diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 3071c0160..020103722 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -22,6 +22,7 @@ pub(super) fn compress_then_serialize_message( serialized } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(super) fn deserialize_then_decompress_message( serialized: [u8; SHARED_SECRET_SIZE], ) -> PolynomialRingElement { diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 44b2f3db5..5f21c0755 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -70,7 +70,7 @@ impl Operations for SIMD256Vector { } #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index (impl.f_repr ${result}) i) == v (Seq.index (impl.f_repr ${lhs}) i) + v (Seq.index (impl.f_repr ${rhs}) i))"))] @@ -81,7 +81,7 @@ impl Operations for SIMD256Vector { } #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index (impl.f_repr ${result}) i) == v (Seq.index (impl.f_repr ${lhs}) i) - v (Seq.index (impl.f_repr ${rhs}) i))"))] @@ -92,7 +92,7 @@ impl Operations for SIMD256Vector { } #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 31) (v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index (impl.f_repr ${result}) i) == v (Seq.index (impl.f_repr ${vec}) i) * v c)"))] diff --git a/libcrux-ml-kem/src/vector/avx2/sampling.rs b/libcrux-ml-kem/src/vector/avx2/sampling.rs index 2fd73a55b..1f3565b40 100644 --- a/libcrux-ml-kem/src/vector/avx2/sampling.rs +++ b/libcrux-ml-kem/src/vector/avx2/sampling.rs @@ -5,6 +5,11 @@ use super::{ }; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(input.len() == 24 && output.len() == 16)] +#[hax_lib::ensures(|res| + fstar!("Seq.length $output_future == Seq.length $output /\\ v $res <= 16") + )] pub(crate) fn rejection_sample(input: &[u8], output: &mut [i16]) -> usize { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 48878ef70..07d6ed087 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -42,7 +42,7 @@ impl Operations for PortableVector { } #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) == v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] @@ -51,7 +51,7 @@ impl Operations for PortableVector { } #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) == v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] @@ -60,7 +60,7 @@ impl Operations for PortableVector { } #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 31) (v (Seq.index ${vec}.f_elements i) * v c)"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) == v (Seq.index ${vec}.f_elements i) * v c)"))] @@ -155,6 +155,7 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"); hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); serialize_1(a) } @@ -169,6 +170,7 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"); hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); serialize_4(a) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 106a658f5..8df213036 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -42,7 +42,7 @@ pub(crate) fn get_n_least_significant_bits(n: u8, value: u32) -> u32 { #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 150")] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) == v (Seq.index ${lhs}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"))] @@ -55,13 +55,14 @@ pub fn add(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); lhs.elements[i] += rhs.elements[i]; } - hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (+!) ${_lhs0}.f_elements ${rhs}.f_elements)"); + hax_lib::fstar!("assert (forall i. v (Seq.index ${lhs}.f_elements i) == + v (Seq.index ${_lhs0}.f_elements i) + v (Seq.index ${rhs}.f_elements i))"); lhs } #[inline(always)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) == v (Seq.index ${lhs}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"))] @@ -74,13 +75,14 @@ pub fn sub(mut lhs: PortableVector, rhs: &PortableVector) -> PortableVector { (forall j. j >= v i ==> (Seq.index ${lhs}.f_elements j) == (Seq.index ${_lhs0}.f_elements j))") }); lhs.elements[i] -= rhs.elements[i]; } - hax_lib::fstar!("Seq.lemma_eq_intro ${lhs}.f_elements (Spec.Utils.map2 (-!) ${_lhs0}.f_elements ${rhs}.f_elements)"); + hax_lib::fstar!("assert (forall i. v (Seq.index ${lhs}.f_elements i) == + v (Seq.index ${_lhs0}.f_elements i) - v (Seq.index ${rhs}.f_elements i))"); lhs } #[inline(always)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 31) (v (Seq.index ${vec}.f_elements i) * v c)"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index ${vec}.f_elements i) * v c)"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) == v (Seq.index ${vec}.f_elements i) * v c)"))] @@ -93,7 +95,8 @@ pub fn multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); vec.elements[i] *= c; } - hax_lib::fstar!("Seq.lemma_eq_intro ${vec}.f_elements (Spec.Utils.map_array (fun x -> x *! c) ${_vec0}.f_elements)"); + hax_lib::fstar!("assert (forall i. v (Seq.index ${vec}.f_elements i) == + v (Seq.index ${_vec0}.f_elements i) * v c)"); vec } diff --git a/libcrux-ml-kem/src/vector/portable/sampling.rs b/libcrux-ml-kem/src/vector/portable/sampling.rs index 87dacce97..13f6f9f33 100644 --- a/libcrux-ml-kem/src/vector/portable/sampling.rs +++ b/libcrux-ml-kem/src/vector/portable/sampling.rs @@ -1,6 +1,11 @@ use crate::vector::FIELD_MODULUS; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(a.len() == 24 && result.len() == 16)] +#[hax_lib::ensures(|res| + fstar!("Seq.length $result_future == Seq.length $result /\\ v $res <= 16") + )] pub(crate) fn rej_sample(a: &[u8], result: &mut [i16]) -> usize { let mut sampled = 0; for i in 0..a.len() / 3 { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 6512d0792..f50f6f2e3 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -30,21 +30,21 @@ pub trait Operations: Copy + Clone + Repr { // Basic arithmetic #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index (f_repr ${result}) i) == v (Seq.index (f_repr ${lhs}) i) + v (Seq.index (f_repr ${rhs}) i))"))] fn add(lhs: Self, rhs: &Self) -> Self; #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 15) (v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index (f_repr ${result}) i) == v (Seq.index (f_repr ${lhs}) i) - v (Seq.index (f_repr ${rhs}) i))"))] fn sub(lhs: Self, rhs: &Self) -> Self; #[requires(fstar!("forall i. i < 16 ==> - Spec.Utils.is_intb (pow2 31) (v (Seq.index (f_repr ${vec}) i) * v c)"))] + Spec.Utils.is_intb (pow2 15 - 1) (v (Seq.index (f_repr ${vec}) i) * v c)"))] #[ensures(|result| fstar!("forall i. i < 16 ==> (v (Seq.index (f_repr ${result}) i) == v (Seq.index (f_repr ${vec}) i) * v c)"))] From a5f2e75c53522444e3e114e03c4c0322b2599716 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Fri, 13 Sep 2024 19:20:51 +0200 Subject: [PATCH 272/348] portable arithmetic --- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 36 ++++++++++--------- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 11 ++++-- .../src/vector/portable/arithmetic.rs | 19 +++++++--- 3 files changed, 44 insertions(+), 22 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 1c997ea2a..85705d725 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -354,35 +354,39 @@ let cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta Seq.lemma_eq_intro vec.f_elements (Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) v__vec0.f_elements) in - let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in - let _:Prims.unit = admit () (* Panic freedom *) in - result + vec #push-options "--z3rlimit 150" let montgomery_multiply_by_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let v__vec0:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in + let i:usize = i in + (forall j. + j < v i ==> + (let vecj = Seq.index vec.f_elements j in + (Spec.Utils.is_i16b (3328 + 1665) vecj /\ + v vecj % 3329 == (v (Seq.index v__vec0.f_elements j) * v c * 169) % 3329))) /\ + (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) + vec + (fun vec i -> + let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec in let i:usize = i in { - v with + vec with Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (montgomery_multiply_fe_by_fer (v + (montgomery_multiply_fe_by_fer (vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) @@ -395,7 +399,7 @@ let montgomery_multiply_by_constant <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) in - v + vec #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index e58a62cb3..7afefed8f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -116,11 +116,18 @@ val cond_subtract_3329_ (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Porta Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (vec.f_elements)) val montgomery_multiply_by_constant - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Spec.Utils.is_i16b 3328 c) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements /\ + (forall i. + i < 16 ==> + (v (Seq.index result.f_elements i) % 3329 == + (v (Seq.index vec.f_elements i) * v c * 169) % 3329))) val multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index 8df213036..beb351fd6 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -135,7 +135,6 @@ pub fn shift_right(mut vec: PortableVector) -> PortableVect /// Note: This function is not secret independent /// Only use with public values. #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) ${vec}.f_elements"))] #[hax_lib::ensures(|result| fstar!("${result}.f_elements == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (${vec}.f_elements)"))] @@ -334,9 +333,21 @@ pub(crate) fn montgomery_multiply_fe_by_fer( #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 150")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 c")))] -pub(crate) fn montgomery_multiply_by_constant(mut v: PortableVector, c: i16) -> PortableVector { +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!(" +Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements /\\ +(forall i. i < 16 ==> + (v (Seq.index ${result}.f_elements i) % 3329 == + (v (Seq.index ${vec}.f_elements i) * v c * 169) %3329))")))] +pub(crate) fn montgomery_multiply_by_constant(mut vec: PortableVector, c: i16) -> PortableVector { + let _vec0 = vec; for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = montgomery_multiply_fe_by_fer(v.elements[i], c) + hax_lib::loop_invariant!(|i: usize| { fstar!(" + (forall j. j < v i ==> + (let vecj = Seq.index ${vec}.f_elements j in + (Spec.Utils.is_i16b (3328 + 1665) vecj /\\ + v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\\ + (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); + vec.elements[i] = montgomery_multiply_fe_by_fer(vec.elements[i], c) } - v + vec } From da043be8c74b50f3d9e55a7c5c79e2e35822a55e Mon Sep 17 00:00:00 2001 From: mamonet Date: Fri, 13 Sep 2024 20:27:54 +0000 Subject: [PATCH 273/348] Make ntt panic free --- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 64 +++++++++++++------ .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 12 ++-- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/ntt.rs | 33 +++++++++- 4 files changed, 85 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 139ad22c3..ad3c98c01 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -26,6 +26,10 @@ let ntt_layer_int_vec_step in a, b <: (v_Vector & v_Vector) +let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + admit() + let ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -35,15 +39,16 @@ let ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round * 4) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -51,6 +56,12 @@ let ntt_at_layer_1_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1); + zetas_b_lemma (v zeta_i + 2); + zetas_b_lemma (v zeta_i + 3) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -96,15 +107,16 @@ let ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round * 2) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -112,6 +124,10 @@ let ntt_at_layer_2_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -149,15 +165,16 @@ let ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -165,6 +182,7 @@ let ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -188,6 +206,8 @@ let ntt_at_layer_3_ let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#push-options "--z3rlimit 200" + let ntt_at_layer_4_plus (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -197,30 +217,31 @@ let ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) = - let _:Prims.unit = - if true - then - let _:Prims.unit = Hax_lib.v_assert (layer >=. sz 4 <: bool) in - () - in let step:usize = sz 1 <>! layer <: usize) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init + v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in + let _:Prims.unit = + assert (v round < 8); + assert (v step >= 16 /\ v step <= 128); + assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) + in let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in + let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -234,6 +255,7 @@ let ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in let x, y:(v_Vector & v_Vector) = ntt_layer_int_vec_step #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -275,6 +297,8 @@ let ntt_at_layer_4_plus let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#pop-options + let ntt_at_layer_7_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -396,6 +420,8 @@ let ntt_binomially_sampled_ring_element in re +#push-options "--z3rlimit 200" + let ntt_vector_u (v_VECTOR_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -454,3 +480,5 @@ let ntt_vector_u (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 2e535adc9..de7c54c07 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -14,7 +14,9 @@ val ntt_layer_int_vec_step {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (v_Vector & v_Vector) + (requires Spec.Utils.is_i16b 3328 zeta_r) + (fun _ -> Prims.l_True) val ntt_at_layer_1_ (#v_Vector: Type0) @@ -23,7 +25,7 @@ val ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i < 64) (fun _ -> Prims.l_True) val ntt_at_layer_2_ @@ -33,7 +35,7 @@ val ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i < 96) (fun _ -> Prims.l_True) val ntt_at_layer_3_ @@ -43,7 +45,7 @@ val ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i < 112) (fun _ -> Prims.l_True) val ntt_at_layer_4_plus @@ -53,7 +55,7 @@ val ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v layer >= 4 /\ v layer <= 7 /\ v zeta_i + v (sz 128 >>! layer) < 128) (fun _ -> Prims.l_True) val ntt_at_layer_7_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 25b90a266..9cc09ff9e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -2,7 +2,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ - Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index d33d9c077..937715878 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -5,16 +5,26 @@ use crate::{ }; #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + admit()"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} < 64"))] pub(crate) fn ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4") }); *zeta_i += 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1); + zetas_b_lemma (v zeta_i + 2); + zetas_b_lemma (v zeta_i + 3)"); re.coefficients[round] = Vector::ntt_layer_1_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -28,16 +38,21 @@ pub(crate) fn ntt_at_layer_1( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} < 96"))] pub(crate) fn ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2") }); *zeta_i += 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i + 1)"); re.coefficients[round] = Vector::ntt_layer_2_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -49,16 +64,20 @@ pub(crate) fn ntt_at_layer_2( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} < 112"))] pub(crate) fn ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); *zeta_i += 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); } @@ -66,6 +85,7 @@ pub(crate) fn ntt_at_layer_3( } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r"))] fn ntt_layer_int_vec_step( mut a: Vector, mut b: Vector, @@ -76,26 +96,36 @@ fn ntt_layer_int_vec_step( a = Vector::add(a, &t); (a, b) } + #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ + v ${*zeta_i} + v (sz 128 >>! $layer) < 128"))] pub(crate) fn ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, layer: usize, _initial_coefficient_bound: usize, ) { - debug_assert!(layer >= 4); let step = 1 << layer; + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); + hax_lib::fstar!("assert (v $round < 8); + assert (v $step >= 16 /\\ v $step <= 128); + assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i += 1; let offset = round * step * 2; + hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / 16; //FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / 16; //FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); let (x, y) = ntt_layer_int_vec_step( re.coefficients[j], re.coefficients[j + step_vec], @@ -141,6 +171,7 @@ pub(crate) fn ntt_binomially_sampled_ring_element( } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] pub(crate) fn ntt_vector_u( re: &mut PolynomialRingElement, ) { From 275e832d75ea7dd767196514e0934384e4935b84 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 14 Sep 2024 13:59:57 +0000 Subject: [PATCH 274/348] Make Invert_ntt panic free --- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 64 +++++++++++++++---- .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 16 +++-- .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/invert_ntt.rs | 36 +++++++++++ 4 files changed, 99 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 9ebede517..9158d0676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -29,6 +29,10 @@ let inv_ntt_layer_int_vec_step_reduce let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in a, b <: (v_Vector & v_Vector) +let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + admit() + let invert_ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -38,15 +42,16 @@ let invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round * 4) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -54,6 +59,12 @@ let invert_ntt_at_layer_1_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1); + zetas_b_lemma (v zeta_i - 2); + zetas_b_lemma (v zeta_i - 3) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -99,15 +110,16 @@ let invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round * 2) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -115,6 +127,10 @@ let invert_ntt_at_layer_2_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -152,15 +168,16 @@ let invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -168,6 +185,7 @@ let invert_ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -191,6 +209,8 @@ let invert_ntt_at_layer_3_ let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#push-options "--z3rlimit 200" + let invert_ntt_at_layer_4_plus (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -201,23 +221,30 @@ let invert_ntt_at_layer_4_plus (layer: usize) = let step:usize = sz 1 <>! layer <: usize) - (fun temp_0_ temp_1_ -> + (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let _:usize = temp_1_ in - true) + let round:usize = round in + v zeta_i == v v__zeta_i_init - v round) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in + let _:Prims.unit = + assert (v round < 8); + assert (v step >= 16 /\ v step <= 128); + assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) + in let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in + let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in @@ -233,6 +260,13 @@ let invert_ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in + let _:Prims.unit = zetas_b_lemma (v zeta_i) in + let _:Prims.unit = + assume (Spec.Utils.is_i16b_array 28296 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add + re.f_coefficients.[ j ] + re.f_coefficients.[ j +! step_vec ]))) + in let x, y:(v_Vector & v_Vector) = inv_ntt_layer_int_vec_step_reduce #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -274,6 +308,10 @@ let invert_ntt_at_layer_4_plus let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) +#pop-options + +#push-options "--z3rlimit 200" + let invert_ntt_montgomery (v_K: usize) (#v_Vector: Type0) @@ -332,3 +370,5 @@ let invert_ntt_montgomery (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index ffe255831..020305bba 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -14,7 +14,12 @@ val inv_ntt_layer_int_vec_step_reduce {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a b: v_Vector) (zeta_r: i16) - : Prims.Pure (v_Vector & v_Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (v_Vector & v_Vector) + (requires + Spec.Utils.is_i16b 3328 zeta_r /\ + Spec.Utils.is_i16b_array 28296 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add a b))) + (fun _ -> Prims.l_True) val invert_ntt_at_layer_1_ (#v_Vector: Type0) @@ -23,7 +28,7 @@ val invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i >= 64 && v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_at_layer_2_ @@ -33,7 +38,7 @@ val invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i >= 32 && v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_at_layer_3_ @@ -43,7 +48,7 @@ val invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires v zeta_i >= 16 && v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_at_layer_4_plus @@ -53,7 +58,8 @@ val invert_ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + v layer >= 4 /\ v layer <= 7 /\ v zeta_i - v (sz 128 >>! layer) >= 0 /\ v zeta_i <= 128) (fun _ -> Prims.l_True) val invert_ntt_montgomery diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 9cc09ff9e..ffd0bb60c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,7 +1,6 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ - Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 12b60f3cf..196dd42d1 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -5,15 +5,25 @@ use crate::{ }; #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma + (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + admit()"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} >= 64 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4") }); *zeta_i -= 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1); + zetas_b_lemma (v zeta_i - 2); + zetas_b_lemma (v zeta_i - 3)"); re.coefficients[round] = Vector::inv_ntt_layer_1_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -27,15 +37,20 @@ pub(crate) fn invert_ntt_at_layer_1( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} >= 32 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2") }); *zeta_i -= 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i); + zetas_b_lemma (v zeta_i - 1)"); re.coefficients[round] = Vector::inv_ntt_layer_2_step( re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i], @@ -47,15 +62,19 @@ pub(crate) fn invert_ntt_at_layer_2( } #[inline(always)] +#[hax_lib::requires(fstar!("v ${*zeta_i} >= 16 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); *zeta_i -= 1; + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::inv_ntt_layer_3_step(re.coefficients[round], ZETAS_TIMES_MONTGOMERY_R[*zeta_i]); } @@ -63,6 +82,9 @@ pub(crate) fn invert_ntt_at_layer_3( } #[inline(always)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r /\\ + Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array + (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"))] pub(crate) fn inv_ntt_layer_int_vec_step_reduce( mut a: Vector, mut b: Vector, @@ -73,7 +95,11 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce( b = montgomery_multiply_fe::(a_minus_b, zeta_r); (a, b) } + #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ + v ${*zeta_i} - v (sz 128 >>! $layer) >= 0 /\\ v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, @@ -81,16 +107,25 @@ pub(crate) fn invert_ntt_at_layer_4_plus( ) { let step = 1 << layer; + let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); + hax_lib::fstar!("assert (v $round < 8); + assert (v $step >= 16 /\\ v $step <= 128); + assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i -= 1; let offset = round * step * 2; + hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { + hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); + hax_lib::fstar!("assume (Spec.Utils.is_i16b_array 28296 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add re.f_coefficients.[j] re.f_coefficients.[j +! step_vec])))"); let (x, y) = inv_ntt_layer_int_vec_step_reduce( re.coefficients[j], re.coefficients[j + step_vec], @@ -104,6 +139,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus( } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] pub(crate) fn invert_ntt_montgomery( re: &mut PolynomialRingElement, ) { From 5720ce54e0d816b35e6580d1bece44ced290393c Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 14 Sep 2024 22:37:10 +0200 Subject: [PATCH 275/348] avx2 arithmetic --- .../Libcrux_intrinsics.Avx2_extract.fsti | 48 +++- libcrux-intrinsics/src/avx2_extract.rs | 11 + .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 269 +++++++++++++++--- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 75 ++++- .../proofs/fstar/spec/Spec.Utils.fst | 29 ++ libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 194 ++++++++++--- 6 files changed, 540 insertions(+), 86 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 75b714960..adccc0fc0 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -63,7 +63,16 @@ val mm256_madd_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mulhi_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec256_as_i16x16 lhs) + (vec256_as_i16x16 rhs)) unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 let lemma_mm256_mullo_epi16 v1 v2 : @@ -186,13 +195,35 @@ val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 -val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_mulhi_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec128_as_i16x8 lhs) + (vec128_as_i16x8 rhs)) -val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_mullo_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 -val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_set1_epi16 (constant: i16) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant) val mm_set_epi8 (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: @@ -214,4 +245,11 @@ val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) (Core.Slice.impl__len #i16 output_future <: usize) =. (Core.Slice.impl__len #i16 output <: usize)) -val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_sub_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 ( -. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 39ebd4e99..a0f044031 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -159,6 +159,8 @@ pub fn mm256_set_epi16( unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.create (sz 8) $constant"))] pub fn mm_set1_epi16(constant: i16) -> Vec128 { unimplemented!() } @@ -206,6 +208,8 @@ pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 (-.) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -223,6 +227,8 @@ pub fn mm256_mullo_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 mul_mod (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_mullo_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -231,6 +237,9 @@ pub fn mm256_cmpgt_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_mulhi_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } @@ -239,6 +248,8 @@ pub fn mm256_mullo_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_mulhi_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 0a1241797..c32af52fb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -85,21 +85,34 @@ let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in result +#push-options "--z3rlimit 100" + let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 v_BARRETT_MULTIPLIER <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let t:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t + let _:Prims.unit = + assert (forall i. + get_lane t0 i == + (cast (((cast (get_lane vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) + <: + i16)) + in + let t1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in + let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. 512s) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 10l t1 + in + let _:Prims.unit = + assert (forall i. get_lane quotient i == (((get_lane t1 i) <: i16) >>! (10l <: i32))) in let quotient_times_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 quotient @@ -107,39 +120,83 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector quotient_times_field_modulus + let _:Prims.unit = + assert (forall i. + get_lane quotient_times_field_modulus i == + get_lane quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector quotient_times_field_modulus + in + let _:Prims.unit = + assert (forall i. + get_lane result i == get_lane vector i -. get_lane quotient_times_field_modulus i); + assert (forall i. get_lane result i == Spec.Utils.barrett_red (get_lane vector i)); + assert (forall i. v (get_lane result i) % 3329 == v (get_lane vector i) % 3329); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)) + in + result + +#pop-options + +#push-options "--z3rlimit 100" let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS in + let _:Prims.unit = assert (forall i. get_lane field_modulus i == 3329s) in let vv_minus_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 vector field_modulus in + let _:Prims.unit = + assert (forall i. get_lane vv_minus_field_modulus i == get_lane vector i -. 3329s) + in let sign_mask:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_srai_epi16 15l vv_minus_field_modulus in + let _:Prims.unit = + assert (forall i. get_lane sign_mask i == (get_lane vv_minus_field_modulus i >>! 15l)) + in let conditional_add_field_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_and_si256 sign_mask field_modulus in + let _:Prims.unit = + assert (forall i. get_lane conditional_add_field_modulus i == (get_lane sign_mask i &. 3329s)) + in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 vv_minus_field_modulus conditional_add_field_modulus in - let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - let _:Prims.unit = admit () (* Panic freedom *) in + let _:Prims.unit = + assert (forall i. + get_lane result i == + (get_lane vv_minus_field_modulus i +. get_lane conditional_add_field_modulus i)); + assert (forall i. get_lane result i == Spec.Utils.cond_sub (get_lane vector i)); + assert (forall i. + get_lane result i == + (if (get_lane vector i) >=. 3329s then get_lane vector i -! 3329s else get_lane vector i)) + in result +#pop-options + +#push-options "--z3rlimit 100" + let montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) = - let constant:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + let vec_constant:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 constant in + let _:Prims.unit = assert (forall i. get_lane vec_constant i == constant) in let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector constant + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vector vec_constant in + let _:Prims.unit = assert (forall i. get_lane value_low i == get_lane vector i *. constant) in let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 value_low (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R @@ -150,20 +207,66 @@ let montgomery_multiply_by_constant <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in + let _:Prims.unit = assert (forall i. get_lane k i == get_lane value_low i *. (neg 3327s)) in + let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let _:Prims.unit = assert (forall i. get_lane modulus i == 3329s) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k modulus + in + let _:Prims.unit = + assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 modulus)); + assert (forall i. + get_lane k_times_modulus i == + (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! 16l) + <: + i16)) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector constant + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vector vec_constant + in + let _:Prims.unit = + assert (forall i. + get_lane value_high i == + (cast (((cast (get_lane vector i) <: i32) *. (cast (get_lane vec_constant i) <: i32)) >>! + 16l) + <: + i16)) in - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + in + let _:Prims.unit = + Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); + assert (forall i. get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vector i) constant); + assert (forall i. Spec.Utils.is_i16b 3329 (get_lane result i)); + assert (forall i. Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); + assert (Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); + assert (forall i. + v (get_lane result i) % 3329 == ((v (get_lane vector i) * v constant * 169) % 3329)) + in + result -let montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec256) = +#pop-options + +#push-options "--z3rlimit 100" + +let montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vec constants + in + let _:Prims.unit = + assert (forall i. get_lane value_low i == get_lane vec i *. get_lane constants i) in let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 value_low @@ -175,20 +278,67 @@ let montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in + let _:Prims.unit = assert (forall i. get_lane k i == get_lane value_low i *. (neg 3327s)) in + let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let _:Prims.unit = assert (forall i. get_lane modulus i == 3329s) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 k modulus + in + let _:Prims.unit = + assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 modulus)); + assert (forall i. + get_lane k_times_modulus i == + (cast (((cast (get_lane k i) <: i32) *. (cast (get_lane modulus i) <: i32)) >>! 16l) + <: + i16)) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm256_mulhi_epi16 vec constants + in + let _:Prims.unit = + assert (forall i. + get_lane value_high i == + (cast (((cast (get_lane vec i) <: i32) *. (cast (get_lane constants i) <: i32)) >>! 16l) + <: + i16)) in - Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus + in + let _:Prims.unit = + Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); + assert (forall i. + get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vec i) (get_lane constants i)); + assert (forall i. Spec.Utils.is_i16b 3329 (get_lane result i)); + assert (forall i. Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); + assert (Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); + assert (forall i. + v (get_lane result i) % 3329 == + ((v (get_lane vec i) * v (get_lane constants i) * 169) % 3329)) + in + result -let montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec128) = +#pop-options + +#push-options "--z3rlimit 100" + +let montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec128) = let value_low:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 vec constants + in + let _:Prims.unit = + assert (forall i. get_lane128 value_low i == get_lane128 vec i *. get_lane128 constants i) in let k:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_mullo_epi16 value_low @@ -200,20 +350,65 @@ let montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract <: Libcrux_intrinsics.Avx2_extract.t_Vec128) in + let _:Prims.unit = assert (forall i. get_lane128 k i == get_lane128 value_low i *. (neg 3327s)) in + let modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + in + let _:Prims.unit = assert (forall i. get_lane128 modulus i == 3329s) in let k_times_modulus:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 k - (Libcrux_intrinsics.Avx2_extract.mm_set1_epi16 Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS - <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) + Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 k modulus + in + let _:Prims.unit = + assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 k) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 modulus)); + assert (forall i. + get_lane128 k_times_modulus i == + (cast (((cast (get_lane128 k i) <: i32) *. (cast (get_lane128 modulus i) <: i32)) >>! 16l) + <: + i16)) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 v c + Libcrux_intrinsics.Avx2_extract.mm_mulhi_epi16 vec constants + in + let _:Prims.unit = + assert (forall i. + get_lane128 value_high i == + (cast (((cast (get_lane128 vec i) <: i32) *. (cast (get_lane128 constants i) <: i32)) >>! + 16l) + <: + i16)) + in + let result:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 value_high k_times_modulus in - Libcrux_intrinsics.Avx2_extract.mm_sub_epi16 value_high k_times_modulus + let _:Prims.unit = + Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. + get_lane128 result i == (get_lane128 value_high i) -. (get_lane128 k_times_modulus i)); + assert (forall i. + get_lane128 result i == + Spec.Utils.mont_mul_red_i16 (get_lane128 vec i) (get_lane128 constants i)); + assert (forall i. Spec.Utils.is_i16b 3329 (get_lane128 result i)); + assert (forall i. Spec.Utils.is_i16b (3328 + 1665) (get_lane128 result i)); + assert (forall (i: nat). i < 8 ==> Spec.Utils.is_i16b (3328 + 1665) (get_lane128 result i)); + assert (Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result)); + assert (forall i. + v (get_lane128 result i) % 3329 == + ((v (get_lane128 vec i) * v (get_lane128 constants i) * 169) % 3329)) + in + result -let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = +#pop-options + +let montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let k:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 v + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 vec (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi32 (cast (Libcrux_ml_kem.Vector.Traits.v_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R <: u32) @@ -233,7 +428,7 @@ let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in let value_high:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l v + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi32 16l vec in let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_sub_epi16 value_high k_times_modulus @@ -241,4 +436,8 @@ let montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi32 16l result in - Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srai_epi32 16l result + in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 3c1740a25..75781834f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -60,7 +60,14 @@ val sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) /// See Section 3.2 of the implementation notes document for an explanation /// of this code. val barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (forall i. i < 16 ==> v (get_lane result i) % 3329 == (v (get_lane vector i) % 3329))) val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 @@ -70,20 +77,66 @@ val cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vector)) + forall i. + i < 16 ==> + get_lane result i == + (if (get_lane vector i) >=. 3329s then get_lane vector i -! 3329s else get_lane vector i + )) val montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Spec.Utils.is_i16b 3328 constant) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (forall i. + i < 16 ==> + v (get_lane result i) % 3329 == ((v (get_lane vector i) * v constant * 169) % 3329))) -val montgomery_multiply_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 constants)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (forall i. + i < 16 ==> + v (get_lane result i) % 3329 == + ((v (get_lane vec i) * v (get_lane constants i) * 169) % 3329))) -val montgomery_multiply_m128i_by_constants (v c: Libcrux_intrinsics.Avx2_extract.t_Vec128) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec128 + (requires + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 constants)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec128 = result in + Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result) /\ + (forall i. + i < 8 ==> + v (get_lane128 result i) % 3329 == + ((v (get_lane128 vec i) * v (get_lane128 constants i) * 169) % 3329))) -val montgomery_reduce_i32s (v: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires + Spec.Utils.is_i16b_array (3328 * pow2 16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vec)) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + Spec.Utils.is_i16b_array (3328 + 1665) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + (Spec.Utils.is_i16b_array (3328 * 3328) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vec) ==> + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)) /\ + (forall i. i < 16 ==> v (get_lane result i) % 3329 == ((v (get_lane vec i) * 169) % 3329)) + ) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index bd62f52cd..04c4c5264 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -265,6 +265,7 @@ val lemma_mont_mul_red_i16 (x y:i16): Lemma let result:i16 = mont_mul_red_i16 x y in is_i16b 3329 result /\ v result % 3329 == (v x * v y * 169) % 3329)) + [SMTPat (mont_mul_red_i16 x y)] let lemma_mont_mul_red_i16 (x y:i16) = let vlow = x *. y in let prod = v x * v y in @@ -333,3 +334,31 @@ let lemma_mont_mul_red_i16 (x y:i16) = ((prod) * 169) % 3329; } + +let barrett_red (x:i16) = + let t1 = cast (((cast x <: i32) *. (cast 20159s <: i32)) >>! 16l) <: i16 in + let t2 = t1 +. 512s in + let q = t2 >>! 10l in + let qm = q *. 3329s in + x -. qm + +let lemma_barrett_red (x:i16) : Lemma + (requires (Spec.Utils.is_i16b 28296 x)) + (ensures (let result = barrett_red x in + Spec.Utils.is_i16b 3328 result /\ + v result % 3329 == v x % 3329)) + [SMTPat (barrett_red x)] + = admit() + +let cond_sub (x:i16) = + let xm = x -. 3329s in + let mask = xm >>! 15l in + let mm = mask &. 3329s in + xm +. mm + +let lemma_cond_sub x: + Lemma (let r = cond_sub x in + if x >=. 3329s then r == x -! 3329s else r == x) + [SMTPat (cond_sub x)] + = admit() + diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index a9f2e5474..6fa00dddd 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -92,24 +92,31 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { // } #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] -#[hax_lib::ensures(|result| fstar!("Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] +#[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> + get_lane $result i == + (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); - + hax_lib::fstar!("assert (forall i. get_lane $field_modulus i == 3329s)"); // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); - + hax_lib::fstar!("assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)"); + let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); - + hax_lib::fstar!("assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))"); + // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); - + hax_lib::fstar!("assert (forall i. get_lane $conditional_add_field_modulus i == (get_lane $sign_mask i &. 3329s))"); + let result = mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); - + hax_lib::fstar!("assert (forall i. get_lane $result i == (get_lane $v_minus_field_modulus i +. get_lane $conditional_add_field_modulus i)); + assert (forall i. get_lane $result i == Spec.Utils.cond_sub (get_lane $vector i)); + assert (forall i. get_lane $result i == (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i))"); + result } @@ -118,57 +125,140 @@ const BARRETT_MULTIPLIER: i16 = 20159; /// See Section 3.2 of the implementation notes document for an explanation /// of this code. #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + (v (get_lane $vector i) % 3329))")))] pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { - let t = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); - let t = mm256_add_epi16(t, mm256_set1_epi16(512)); - - let quotient = mm256_srai_epi16::<10>(t); - + let t0 = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); + hax_lib::fstar!("assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))"); + let t1 = mm256_add_epi16(t0, mm256_set1_epi16(512)); + hax_lib::fstar!("assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"); + let quotient = mm256_srai_epi16::<10>(t1); + hax_lib::fstar!("assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))"); let quotient_times_field_modulus = mm256_mullo_epi16(quotient, mm256_set1_epi16(FIELD_MODULUS)); - - mm256_sub_epi16(vector, quotient_times_field_modulus) + hax_lib::fstar!("assert (forall i. get_lane $quotient_times_field_modulus i == + get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)"); + let result = mm256_sub_epi16(vector, quotient_times_field_modulus); + hax_lib::fstar!("assert (forall i. get_lane $result i == + get_lane $vector i -. get_lane $quotient_times_field_modulus i); + assert (forall i. get_lane $result i == Spec.Utils.barrett_red (get_lane $vector i)); + assert (forall i. v (get_lane $result i) % 3329 == v (get_lane $vector i) % 3329); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result))"); + result } #[inline(always)] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 constant")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + ((v (get_lane $vector i) * v constant * 169) % 3329))")))] pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { - let constant = mm256_set1_epi16(constant); - let value_low = mm256_mullo_epi16(vector, constant); - + let vec_constant = mm256_set1_epi16(constant); + hax_lib::fstar!("assert (forall i. get_lane $vec_constant i == $constant)"); + let value_low = mm256_mullo_epi16(vector, vec_constant); + hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vector i *. $constant)"); let k = mm256_mullo_epi16( value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - let k_times_modulus = mm256_mulhi_epi16(k, mm256_set1_epi16(FIELD_MODULUS)); + hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"); + let modulus = mm256_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)"); + let k_times_modulus = mm256_mulhi_epi16(k, modulus); + hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus)); + assert (forall i. get_lane $k_times_modulus i == + (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm256_mulhi_epi16(vector, constant); + let value_high = mm256_mulhi_epi16(vector, vec_constant); + hax_lib::fstar!("assert (forall i. get_lane $value_high i == + (cast (((cast (get_lane $vector i) <: i32) *. (cast (get_lane $vec_constant i) <: i32)) >>! 16l) <: i16))"); - mm256_sub_epi16(value_high, k_times_modulus) + let result = mm256_sub_epi16(value_high, k_times_modulus); + hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); + assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vector i) $constant); + assert (forall i. Spec.Utils.is_i16b 3329 (get_lane $result i)); + assert (forall i. Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); + assert (Spec.Utils.is_i16b_array (3328+1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); + assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vector i) * v $constant * 169) % 3329))"); + result } #[inline(always)] -pub(crate) fn montgomery_multiply_by_constants(v: Vec256, c: Vec256) -> Vec256 { - let value_low = mm256_mullo_epi16(v, c); - +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))")))] +pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -> Vec256 { + let value_low = mm256_mullo_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vec i *. get_lane $constants i)"); + let k = mm256_mullo_epi16( value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - let k_times_modulus = mm256_mulhi_epi16(k, mm256_set1_epi16(FIELD_MODULUS)); + hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"); + + let modulus = mm256_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)"); + + let k_times_modulus = mm256_mulhi_epi16(k, modulus); + hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $k) + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $modulus)); + assert (forall i. get_lane $k_times_modulus i == + (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm256_mulhi_epi16(v, c); - mm256_sub_epi16(value_high, k_times_modulus) + let value_high = mm256_mulhi_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane $value_high i == + (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))"); + + let result = mm256_sub_epi16(value_high, k_times_modulus); + hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); + assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vec i) (get_lane $constants i)); + assert (forall i. Spec.Utils.is_i16b 3329 (get_lane $result i)); + assert (forall i. Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); + assert (Spec.Utils.is_i16b_array (3328+1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); + assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); + result } #[inline(always)] -pub(crate) fn montgomery_reduce_i32s(v: Vec256) -> Vec256 { +#[hax_lib::fstar::verification_status(panic_free)] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (3328 * pow2 16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ + (Spec.Utils.is_i16b_array (3328 * 3328) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec) ==> + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)) /\\ + (forall i. i < 16 ==> v (get_lane $result i) % 3329 == + ((v (get_lane $vec i) * 169) % 3329))")))] +pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 { let k = mm256_mullo_epi16( - v, + vec, mm256_set1_epi32(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i32), ); let k_times_modulus = mm256_mulhi_epi16(k, mm256_set1_epi32(FIELD_MODULUS as i32)); - let value_high = mm256_srli_epi32::<16>(v); + let value_high = mm256_srli_epi32::<16>(vec); let result = mm256_sub_epi16(value_high, k_times_modulus); @@ -178,16 +268,50 @@ pub(crate) fn montgomery_reduce_i32s(v: Vec256) -> Vec256 { } #[inline(always)] -pub(crate) fn montgomery_multiply_m128i_by_constants(v: Vec128, c: Vec128) -> Vec128 { - let value_low = mm_mullo_epi16(v, c); +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\\ + (forall i. i < 8 ==> v (get_lane128 $result i) % 3329 == + ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))")))] +pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec128) -> Vec128 { + let value_low = mm_mullo_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane128 $value_low i == get_lane128 $vec i *. get_lane128 $constants i)"); + let k = mm_mullo_epi16( value_low, mm_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - let k_times_modulus = mm_mulhi_epi16(k, mm_set1_epi16(FIELD_MODULUS)); + hax_lib::fstar!("assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))"); + + let modulus = mm_set1_epi16(FIELD_MODULUS); + hax_lib::fstar!("assert (forall i. get_lane128 $modulus i == 3329s)"); - let value_high = mm_mulhi_epi16(v, c); + let k_times_modulus = mm_mulhi_epi16(k, modulus); + hax_lib::fstar!("assert (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k_times_modulus == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $k) + (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $modulus)); + assert (forall i. get_lane128 $k_times_modulus i == + (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))"); - mm_sub_epi16(value_high, k_times_modulus) + + let value_high = mm_mulhi_epi16(vec, constants); + hax_lib::fstar!("assert (forall i. get_lane128 $value_high i == + (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))"); + + let result = mm_sub_epi16(value_high, k_times_modulus); + hax_lib::fstar!("Spec.Utils.lemma_range_at_percent 3329 (pow2 32); + assert (v (cast 3329s <: i32) == (3329 @% pow2 32)); + assert (v (cast 3329s <: i32) == 3329); + assert ((cast 3329s <: i32) == 3329l); + assert (forall i. get_lane128 $result i == (get_lane128 $value_high i) -. (get_lane128 $k_times_modulus i)); + assert (forall i. get_lane128 $result i == Spec.Utils.mont_mul_red_i16 (get_lane128 $vec i) (get_lane128 $constants i)); + assert (forall i. Spec.Utils.is_i16b 3329 (get_lane128 $result i)); + assert (forall i. Spec.Utils.is_i16b (3328+1665) (get_lane128 $result i)); + assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b (3328+1665) (get_lane128 $result i)); + assert (Spec.Utils.is_i16b_array (3328+1665) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result)); + assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); + + result } From abe078605410aeea70fd54d9ba46c464d474cda4 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 15 Sep 2024 10:18:36 +0200 Subject: [PATCH 276/348] ntt wip --- .../Libcrux_intrinsics.Avx2_extract.fsti | 4 ++ libcrux-intrinsics/src/avx2_extract.rs | 6 ++- .../proofs/fstar/extraction/Makefile | 1 - .../proofs/fstar/spec/Spec.Utils.fst | 52 +++++++++++++++++++ 4 files changed, 61 insertions(+), 2 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index adccc0fc0..9b7aab40f 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -106,6 +106,10 @@ val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index a0f044031..3a75871cc 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -136,7 +136,11 @@ pub fn mm256_set1_epi16(constant: i16) -> Vec256 { #[hax_lib::fstar::replace( interface, - "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16" + "unfold let ${mm256_set_epi16} = BitVec.Intrinsics.mm256_set_epi16 +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit()" )] pub fn mm256_set_epi16( input15: i16, diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index f69ac376b..93f6cf50b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -6,7 +6,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ - Libcrux_ml_kem.Vector.Portable.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 04c4c5264..a28cfaacf 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -23,6 +23,58 @@ let create len c = createi len (fun i -> c) let repeati #acc (l:usize) (f:(i:usize{v i < v l}) -> acc -> acc) acc0 : acc = Lib.LoopCombinators.repeati (v l) (fun i acc -> f (sz i) acc) acc0 +let createL len l = Rust_primitives.Hax.array_of_list len l + +let create16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 = + let l = [v15; v14; v13; v12; v11; v10; v9; v8; v7; v6; v5; v4; v3; v2; v1; v0] in + assert_norm (List.Tot.length l == 16); + createL 16 l + + +val lemma_createL_index #a len l i : + Lemma (Seq.index (createL #a len l) i == List.Tot.index l i) + [SMTPat (Seq.index (createL #a len l) i)] +let lemma_createL_index #a len l i = () + +val lemma_create16_index #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 i : + Lemma (Seq.index (create16 #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) i == + (if i = 0 then v15 else + if i = 1 then v14 else + if i = 2 then v13 else + if i = 3 then v12 else + if i = 4 then v11 else + if i = 5 then v10 else + if i = 6 then v9 else + if i = 7 then v8 else + if i = 8 then v7 else + if i = 9 then v6 else + if i = 10 then v5 else + if i = 11 then v4 else + if i = 12 then v3 else + if i = 13 then v2 else + if i = 14 then v1 else + if i = 15 then v0)) + [SMTPat (Seq.index (create16 #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) i)] +let lemma_create16_index #a v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 i = + let l = [v15; v14; v13; v12; v11; v10; v9; v8; v7; v6; v5; v4; v3; v2; v1; v0] in + assert_norm (List.Tot.index l 0 == v15); + assert_norm (List.Tot.index l 1 == v14); + assert_norm (List.Tot.index l 2 == v13); + assert_norm (List.Tot.index l 3 == v12); + assert_norm (List.Tot.index l 4 == v11); + assert_norm (List.Tot.index l 5 == v10); + assert_norm (List.Tot.index l 6 == v9); + assert_norm (List.Tot.index l 7 == v8); + assert_norm (List.Tot.index l 8 == v7); + assert_norm (List.Tot.index l 9 == v6); + assert_norm (List.Tot.index l 10 == v5); + assert_norm (List.Tot.index l 11 == v4); + assert_norm (List.Tot.index l 12 == v3); + assert_norm (List.Tot.index l 13 == v2); + assert_norm (List.Tot.index l 14 == v1); + assert_norm (List.Tot.index l 15 == v0) + + val lemma_createi_index #a len f i : Lemma (Seq.index (createi #a len f) i == f (sz i)) [SMTPat (Seq.index (createi #a len f) i)] From 3b00cb4b6f5ffb99c08d36806ca8292b63ecb74a Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 15 Sep 2024 21:15:55 +0200 Subject: [PATCH 277/348] wip --- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 24 ++++------- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 17 ++++---- .../Libcrux_ml_kem.Vector.Avx2.fsti | 2 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 6 +-- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 10 ++--- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 16 +++++++ .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 42 +++++++++++++++---- .../Libcrux_ml_kem.Vector.Portable.fsti | 2 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 4 +- .../proofs/fstar/spec/Spec.Utils.fst | 19 +++++---- libcrux-ml-kem/src/vector/avx2.rs | 2 +- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 35 +++++++--------- libcrux-ml-kem/src/vector/portable.rs | 2 +- .../src/vector/portable/arithmetic.rs | 16 +++---- libcrux-ml-kem/src/vector/portable/ntt.rs | 25 +++++++++-- libcrux-ml-kem/src/vector/traits.rs | 4 +- 16 files changed, 136 insertions(+), 90 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index c32af52fb..b21bed8c7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -247,11 +247,9 @@ let montgomery_multiply_by_constant assert ((cast 3329s <: i32) == 3329l); assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); assert (forall i. get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vector i) constant); - assert (forall i. Spec.Utils.is_i16b 3329 (get_lane result i)); - assert (forall i. Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); - assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); - assert (Spec.Utils.is_i16b_array (3328 + 1665) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); assert (forall i. v (get_lane result i) % 3329 == ((v (get_lane vector i) * v constant * 169) % 3329)) in @@ -318,11 +316,9 @@ let montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_ext assert (forall i. get_lane result i == (get_lane value_high i) -. (get_lane k_times_modulus i)); assert (forall i. get_lane result i == Spec.Utils.mont_mul_red_i16 (get_lane vec i) (get_lane constants i)); - assert (forall i. Spec.Utils.is_i16b 3329 (get_lane result i)); - assert (forall i. Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); - assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b (3328 + 1665) (get_lane result i)); - assert (Spec.Utils.is_i16b_array (3328 + 1665) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)); assert (forall i. v (get_lane result i) % 3329 == ((v (get_lane vec i) * v (get_lane constants i) * 169) % 3329)) @@ -393,11 +389,9 @@ let montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Av assert (forall i. get_lane128 result i == Spec.Utils.mont_mul_red_i16 (get_lane128 vec i) (get_lane128 constants i)); - assert (forall i. Spec.Utils.is_i16b 3329 (get_lane128 result i)); - assert (forall i. Spec.Utils.is_i16b (3328 + 1665) (get_lane128 result i)); - assert (forall (i: nat). i < 8 ==> Spec.Utils.is_i16b (3328 + 1665) (get_lane128 result i)); - assert (Spec.Utils.is_i16b_array (3328 + 1665) - (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 result i)); + assert (forall (i: nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result)); assert (forall i. v (get_lane128 result i) % 3329 == ((v (get_lane128 vec i) * v (get_lane128 constants i) * 169) % 3329)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index 75781834f..b46e7aa7e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -87,12 +87,11 @@ val montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (constant: i16) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 - (requires Spec.Utils.is_i16b 3328 constant) + (requires Spec.Utils.is_i16b 1664 constant) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Spec.Utils.is_i16b_array (3328 + 1665) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ (forall i. i < 16 ==> v (get_lane result i) % 3329 == ((v (get_lane vector i) * v constant * 169) % 3329))) @@ -100,12 +99,11 @@ val montgomery_multiply_by_constant val montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 (requires - Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 constants)) + Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 constants)) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in - Spec.Utils.is_i16b_array (3328 + 1665) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ (forall i. i < 16 ==> v (get_lane result i) % 3329 == @@ -114,12 +112,11 @@ val montgomery_multiply_by_constants (vec constants: Libcrux_intrinsics.Avx2_ext val montgomery_multiply_m128i_by_constants (vec constants: Libcrux_intrinsics.Avx2_extract.t_Vec128) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec128 (requires - Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 constants)) + Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 constants)) (ensures fun result -> let result:Libcrux_intrinsics.Avx2_extract.t_Vec128 = result in - Spec.Utils.is_i16b_array (3328 + 1665) - (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result) /\ + Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 result) /\ (forall i. i < 8 ==> v (get_lane128 result i) % 3329 == @@ -135,7 +132,7 @@ val montgomery_reduce_i32s (vec: Libcrux_intrinsics.Avx2_extract.t_Vec256) let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result) /\ - (Spec.Utils.is_i16b_array (3328 * 3328) + (Spec.Utils.is_i16b_array (3328 * pow2 15) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 vec) ==> Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 result)) /\ (forall i. i < 16 ==> v (get_lane result i) % 3329 == ((v (get_lane vec i) * 169) % 3329)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 836d4d2ab..d54b513c7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -188,7 +188,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_montgomery_multiply_by_constant_pre = - (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 3328 constant); + (fun (vector: t_SIMD256Vector) (constant: i16) -> Spec.Utils.is_i16b 1664 constant); f_montgomery_multiply_by_constant_post = (fun (vector: t_SIMD256Vector) (constant: i16) (out: t_SIMD256Vector) -> true); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index 85705d725..bdf22c030 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -113,7 +113,7 @@ let montgomery_reduce_element (value: i32) = let res:i16 = value_high -! c in let _:Prims.unit = assert (Spec.Utils.is_i16b (3328 + 1665) res) in let _:Prims.unit = - assert (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 res) + assert (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res) in let _:Prims.unit = calc ( == ) { @@ -164,7 +164,7 @@ let montgomery_reduce_element (value: i32) = #push-options "--z3rlimit 300" let montgomery_multiply_fe_by_fer (fe fer: i16) = - let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b (pow2 15) (1664) fe fer in let product:i32 = (cast (fe <: i16) <: i32) *! (cast (fer <: i16) <: i32) in montgomery_reduce_element product @@ -372,7 +372,7 @@ let montgomery_multiply_by_constant (forall j. j < v i ==> (let vecj = Seq.index vec.f_elements j in - (Spec.Utils.is_i16b (3328 + 1665) vecj /\ + (Spec.Utils.is_i16b 3328 vecj /\ v vecj % 3329 == (v (Seq.index v__vec0.f_elements j) * v c * 169) % 3329))) /\ (forall j. j >= v i ==> (Seq.index vec.f_elements j) == (Seq.index v__vec0.f_elements j))) vec diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 7afefed8f..443d81268 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -51,7 +51,7 @@ val montgomery_reduce_element (value: i32) fun result -> let result:i16 = result in Spec.Utils.is_i16b (3328 + 1665) result /\ - (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\ + (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\ v result % 3329 == (v value * 169) % 3329) /// If `fe` is some field element \'x\' of the Kyber field and `fer` is congruent to @@ -62,11 +62,11 @@ val montgomery_reduce_element (value: i32) /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. val montgomery_multiply_fe_by_fer (fe fer: i16) : Prims.Pure i16 - (requires Spec.Utils.is_i16b 3328 fer) + (requires Spec.Utils.is_i16b 1664 fer) (ensures fun result -> let result:i16 = result in - Spec.Utils.is_i16b (3328 + 1665) result /\ v result % 3329 == (v fe * v fer * 169) % 3329) + Spec.Utils.is_i16b 3328 result /\ v result % 3329 == (v fe * v fer * 169) % 3329) val add (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -119,11 +119,11 @@ val montgomery_multiply_by_constant (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (c: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Spec.Utils.is_i16b 3328 c) + (requires Spec.Utils.is_i16b 1664 c) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements /\ + Spec.Utils.is_i16b_array 3328 result.f_elements /\ (forall i. i < 16 ==> (v (Seq.index result.f_elements i) % 3329 == diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 082580f77..54b4f6ea5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -50,6 +50,8 @@ let inv_ntt_step in vec +#push-options "--z3rlimit 100" + let inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) @@ -80,6 +82,10 @@ let inv_ntt_layer_1_step in vec +#pop-options + +#push-options "--z3rlimit 100" + let inv_ntt_layer_2_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) @@ -110,6 +116,10 @@ let inv_ntt_layer_2_step in vec +#pop-options + +#push-options "--z3rlimit 100" + let inv_ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -140,6 +150,8 @@ let inv_ntt_layer_3_step in vec +#pop-options + let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -277,6 +289,8 @@ let ntt_step in vec +#push-options "--z3rlimit 100" + let ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) @@ -307,6 +321,8 @@ let ntt_layer_1_step in vec +#pop-options + let ntt_layer_2_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 737021089..6b0b4881f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -8,8 +8,13 @@ val inv_ntt_step (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) - (fun _ -> Prims.l_True) + (requires + v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + (ensures + fun vec_future -> + let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in + Spec.Utils.is_i16b_array (3328 + 1665) vec_future.f_elements) val inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -17,22 +22,35 @@ val inv_ntt_layer_1_step : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) - (fun _ -> Prims.l_True) + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements) val inv_ntt_layer_2_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1) - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements) val inv_ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Spec.Utils.is_i16b 1664 zeta) - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements) /// Compute the product of two Kyber binomials with respect to the /// modulus `X² - zeta`. @@ -76,7 +94,13 @@ val ntt_step (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) - (fun _ -> Prims.l_True) + (ensures + fun vec_future -> + let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in + forall b. + (Spec.Utils.is_i16b b vec.f_elements.[ i ] /\ Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> + (Spec.Utils.is_i16b (b + 3328 + 1665) vec_future.f_elements.[ i ] /\ + Spec.Utils.is_i16b (b + 3328 + 1665) vec_future.f_elements.[ j ])) val ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index b9a819909..8f81fb1aa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -207,7 +207,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_montgomery_multiply_by_constant_pre = (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (r: i16) -> - Spec.Utils.is_i16b 3328 r); + Spec.Utils.is_i16b 1664 r); f_montgomery_multiply_by_constant_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index d37142331..80a2c292a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -131,7 +131,7 @@ class t_Operations (v_Self: Type0) = { f_barrett_reduce:x0: v_Self -> Prims.Pure v_Self (f_barrett_reduce_pre x0) (fun result -> f_barrett_reduce_post x0 result); f_montgomery_multiply_by_constant_pre:v: v_Self -> c: i16 - -> pred: Type0{Spec.Utils.is_i16b 3328 c ==> pred}; + -> pred: Type0{Spec.Utils.is_i16b 1664 c ==> pred}; f_montgomery_multiply_by_constant_post:v_Self -> i16 -> v_Self -> Type0; f_montgomery_multiply_by_constant:x0: v_Self -> x1: i16 -> Prims.Pure v_Self @@ -373,7 +373,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) (fun _ -> Prims.l_True) val montgomery_multiply_fe (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) (fer: i16) - : Prims.Pure v_T (requires Spec.Utils.is_i16b 3328 fer) (fun _ -> Prims.l_True) + : Prims.Pure v_T (requires Spec.Utils.is_i16b 1664 fer) (fun _ -> Prims.l_True) val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index a28cfaacf..73d2f8548 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -244,7 +244,7 @@ val lemma_mont_red_i32 (x:i32): Lemma (ensures ( let result:i16 = mont_red_i32 x in is_i16b (3328 + 1665) result /\ - (is_i32b (3328 * 3328) x ==> is_i16b 3328 result) /\ + (is_i32b (3328 * pow2 15) x ==> is_i16b 3328 result) /\ v result % 3329 == (v x * 169) % 3329)) let lemma_mont_red_i32 (x:i32) = @@ -263,13 +263,12 @@ let lemma_mont_red_i32 (x:i32) = lemma_div_at_percent (v x) (pow2 16); assert (v vhigh == v x / pow2 16); assert (is_i16b 3328 vhigh); - assert (is_i32b (3328 * 3328) x ==> is_i16b 169 vhigh); let result = vhigh -. c in lemma_sub_i16b 3328 1665 vhigh c; assert (is_i16b (3328 + 1665) result); assert (v result = v vhigh - v c); assert (is_i16b (3328 + 1665) result); - assert (is_i32b (3328 * 3328) x ==> is_i16b 3328 result); + assert (is_i32b (3328 * pow2 15) x ==> is_i16b 3328 result); calc ( == ) { v k_times_modulus % pow2 16; ( == ) { assert (v k_times_modulus == v k * 3329) } @@ -312,15 +311,18 @@ let lemma_mont_red_i32 (x:i32) = } val lemma_mont_mul_red_i16 (x y:i16): Lemma - (requires (is_i16b 3328 y)) + (requires (is_intb (3326 * pow2 15) (v x * v y))) (ensures ( let result:i16 = mont_mul_red_i16 x y in - is_i16b 3329 result /\ + is_i16b 3328 result /\ v result % 3329 == (v x * v y * 169) % 3329)) [SMTPat (mont_mul_red_i16 x y)] let lemma_mont_mul_red_i16 (x y:i16) = let vlow = x *. y in let prod = v x * v y in + assert (v x <= pow2 15); + assert (is_intb (pow2 15 * 1664) prod \/ is_intb (3326 * pow2 15) prod); + assert (is_intb (3326 * pow2 15) prod); assert (v vlow == prod @% pow2 16); let k = vlow *. (neg 3327s) in assert (v k == (((prod) @% pow2 16) * (- 3327)) @% pow2 16); @@ -332,7 +334,6 @@ let lemma_mont_mul_red_i16 (x y:i16) = assert (v c == (((v k * 3329) / pow2 16))); assert (is_i16b 1665 c); let vhigh = cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16 in - lemma_mul_intb (pow2 15) 3328 (v x) (v y); assert (v x @% pow2 32 == v x); assert (v y @% pow2 32 == v y); assert (v ((cast x <: i32) *. (cast y <: i32)) == (v x * v y) @% pow2 32); @@ -342,10 +343,10 @@ let lemma_mont_mul_red_i16 (x y:i16) = assert (v vhigh == (prod / pow2 16) @% pow2 16); lemma_div_at_percent prod (pow2 16); assert (v vhigh == prod / pow2 16); - assert (is_i16b 1664 vhigh); let result = vhigh -. c in - lemma_sub_i16b 1664 1665 vhigh c; - assert (is_i16b 3329 result); + assert (is_i16b 1663 vhigh); + lemma_sub_i16b 1663 1665 vhigh c; + assert (is_i16b 3328 result); assert (v result = v vhigh - v c); calc ( == ) { v k_times_modulus % pow2 16; diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 5f21c0755..38d68824b 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -132,7 +132,7 @@ impl Operations for SIMD256Vector { } } - #[requires(fstar!("Spec.Utils.is_i16b 3328 $constant"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 $constant"))] fn montgomery_multiply_by_constant(vector: Self, constant: i16) -> Self { Self { elements: arithmetic::montgomery_multiply_by_constant(vector.elements, constant), diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 6fa00dddd..3dd5be929 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -153,8 +153,8 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 constant")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == ((v (get_lane $vector i) * v constant * 169) % 3329))")))] pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { @@ -188,18 +188,17 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> assert ((cast 3329s <: i32) == 3329l); assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vector i) $constant); - assert (forall i. Spec.Utils.is_i16b 3329 (get_lane $result i)); - assert (forall i. Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); - assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); - assert (Spec.Utils.is_i16b_array (3328+1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vector i) * v $constant * 169) % 3329))"); result } #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $constants))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))")))] pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -> Vec256 { @@ -235,10 +234,9 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - assert ((cast 3329s <: i32) == 3329l); assert (forall i. get_lane $result i == (get_lane $value_high i) -. (get_lane $k_times_modulus i)); assert (forall i. get_lane $result i == Spec.Utils.mont_mul_red_i16 (get_lane $vec i) (get_lane $constants i)); - assert (forall i. Spec.Utils.is_i16b 3329 (get_lane $result i)); - assert (forall i. Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); - assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b (3328+1665) (get_lane $result i)); - assert (Spec.Utils.is_i16b_array (3328+1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); result } @@ -247,7 +245,7 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - #[hax_lib::fstar::verification_status(panic_free)] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (3328 * pow2 16) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec))")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ - (Spec.Utils.is_i16b_array (3328 * 3328) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec) ==> + (Spec.Utils.is_i16b_array (3328 * pow2 15) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vec) ==> Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * 169) % 3329))")))] @@ -269,8 +267,8 @@ pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 { #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\\ +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 1664 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $constants))")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 ${result}) /\\ (forall i. i < 8 ==> v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))")))] pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec128) -> Vec128 { @@ -307,10 +305,9 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec assert ((cast 3329s <: i32) == 3329l); assert (forall i. get_lane128 $result i == (get_lane128 $value_high i) -. (get_lane128 $k_times_modulus i)); assert (forall i. get_lane128 $result i == Spec.Utils.mont_mul_red_i16 (get_lane128 $vec i) (get_lane128 $constants i)); - assert (forall i. Spec.Utils.is_i16b 3329 (get_lane128 $result i)); - assert (forall i. Spec.Utils.is_i16b (3328+1665) (get_lane128 $result i)); - assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b (3328+1665) (get_lane128 $result i)); - assert (Spec.Utils.is_i16b_array (3328+1665) (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result)); + assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 $result i)); + assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 $result i)); + assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result)); assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); result diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 07d6ed087..200bd05d2 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -90,7 +90,7 @@ impl Operations for PortableVector { barrett_reduce(v) } - #[requires(fstar!("Spec.Utils.is_i16b 3328 $r"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 $r"))] fn montgomery_multiply_by_constant(v: Self, r: i16) -> Self { montgomery_multiply_by_constant(v, r) } diff --git a/libcrux-ml-kem/src/vector/portable/arithmetic.rs b/libcrux-ml-kem/src/vector/portable/arithmetic.rs index beb351fd6..54a7b150f 100644 --- a/libcrux-ml-kem/src/vector/portable/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/portable/arithmetic.rs @@ -236,7 +236,7 @@ pub(crate) fn barrett_reduce(mut vec: PortableVector) -> PortableVector { #[hax_lib::fstar::options("--z3rlimit 500 --split_queries always")] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i32b (3328 * pow2 16) value ")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ - (Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 result) /\\ + (Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 result) /\\ v result % 3329 == (v value * 169) % 3329")))] pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { // This forces hax to extract code for MONTGOMERY_R before it extracts code @@ -270,7 +270,7 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { assert(Spec.Utils.is_i16b 3328 value_high)"); let res = value_high - c; hax_lib::fstar!("assert(Spec.Utils.is_i16b (3328 + 1665) res)"); - hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328 * 3328) value ==> Spec.Utils.is_i16b 3328 res)"); + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328 * pow2 15) value ==> Spec.Utils.is_i16b 3328 res)"); hax_lib::fstar!("calc ( == ) { v k_times_modulus % pow2 16; ( == ) { assert (v k_times_modulus == (v k @% pow2 16) * 3329) } @@ -318,23 +318,23 @@ pub(crate) fn montgomery_reduce_element(value: i32) -> MontgomeryFieldElement { /// `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod FIELD_MODULUS)`. #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 300")] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 fer")))] -#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b (3328 + 1665) result /\\ +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 fer")))] +#[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b 3328 result /\\ v result % 3329 == (v fe * v fer * 169) % 3329")))] pub(crate) fn montgomery_multiply_fe_by_fer( fe: FieldElement, fer: FieldElementTimesMontgomeryR, ) -> FieldElement { - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 16) (3328) fe fer"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b (pow2 15) (1664) fe fer"); let product = (fe as i32) * (fer as i32); montgomery_reduce_element(product) } #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 150")] -#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 c")))] +#[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 c")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!(" -Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements /\\ +Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\ (forall i. i < 16 ==> (v (Seq.index ${result}.f_elements i) % 3329 == (v (Seq.index ${vec}.f_elements i) * v c * 169) %3329))")))] @@ -344,7 +344,7 @@ pub(crate) fn montgomery_multiply_by_constant(mut vec: PortableVector, c: i16) - hax_lib::loop_invariant!(|i: usize| { fstar!(" (forall j. j < v i ==> (let vecj = Seq.index ${vec}.f_elements j in - (Spec.Utils.is_i16b (3328 + 1665) vecj /\\ + (Spec.Utils.is_i16b 3328 vecj /\\ v vecj % 3329 == (v (Seq.index ${_vec0}.f_elements j) * v c * 169) % 3329))) /\\ (forall j. j >= v i ==> (Seq.index ${vec}.f_elements j) == (Seq.index ${_vec0}.f_elements j))") }); vec.elements[i] = montgomery_multiply_fe_by_fer(vec.elements[i], c) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 67a8e3f92..796d57704 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -3,6 +3,10 @@ use super::vector_type::*; #[inline(always)] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::ensures(|result| fstar!("forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ + Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> + (Spec.Utils.is_i16b (b+3328+1665) ${vec}_future.f_elements.[i] /\\ + Spec.Utils.is_i16b (b+3328+1665) ${vec}_future.f_elements.[j])"))] pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); vec.elements[j] = vec.elements[i] - t; @@ -10,6 +14,7 @@ pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn ntt_layer_1_step( mut vec: PortableVector, @@ -58,7 +63,9 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe } #[inline(always)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${vec}_future.f_elements"))] pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let a_minus_b = vec.elements[j] - vec.elements[i]; vec.elements[i] = barrett_reduce_element(vec.elements[i] + vec.elements[j]); @@ -66,7 +73,11 @@ pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usi } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_1_step( mut vec: PortableVector, zeta0: i16, @@ -86,7 +97,10 @@ pub(crate) fn inv_ntt_layer_1_step( } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_2_step( mut vec: PortableVector, zeta0: i16, @@ -104,7 +118,10 @@ pub(crate) fn inv_ntt_layer_2_step( } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { inv_ntt_step(&mut vec, zeta, 0, 8); inv_ntt_step(&mut vec, zeta, 1, 9); diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index f50f6f2e3..7f780365c 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -68,7 +68,7 @@ pub trait Operations: Copy + Clone + Repr { #[requires(fstar!("Spec.Utils.is_i16b_array 28296 (f_repr $vector)"))] fn barrett_reduce(vector: Self) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 3328 c"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 c"))] fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; // Compression @@ -185,7 +185,7 @@ pub trait Operations: Copy + Clone { } // hax does not support trait with default implementations, so we use the following pattern -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $fer"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $fer"))] pub fn montgomery_multiply_fe(v: T, fer: i16) -> T { T::montgomery_multiply_by_constant(v, fer) } From b878b9b73d2a7208eff617937363ad80d748e872 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 15 Sep 2024 22:09:02 +0200 Subject: [PATCH 278/348] wip --- .../proofs/fstar/spec/Spec.Utils.fst | 30 ++++++++++++++----- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 73d2f8548..7af93a429 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -164,6 +164,11 @@ let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i3 let nat_div_ceil (x:nat) (y:pos) : nat = if (x % y = 0) then x/y else (x/y)+1 +val lemma_intb_le b b' + : Lemma (requires (b <= b')) + (ensures (forall n. is_intb b n ==> is_intb b' n)) +let lemma_intb_le b b' = () + #push-options "--z3rlimit 200" val lemma_mul_intb (b1 b2: nat) (n1 n2: int) : Lemma (requires (is_intb b1 n1 /\ is_intb b2 n2)) @@ -310,19 +315,16 @@ let lemma_mont_red_i32 (x:i32) = (v x * 169) % 3329; } -val lemma_mont_mul_red_i16 (x y:i16): Lemma +val lemma_mont_mul_red_i16_int (x y:i16): Lemma (requires (is_intb (3326 * pow2 15) (v x * v y))) (ensures ( let result:i16 = mont_mul_red_i16 x y in is_i16b 3328 result /\ v result % 3329 == (v x * v y * 169) % 3329)) - [SMTPat (mont_mul_red_i16 x y)] -let lemma_mont_mul_red_i16 (x y:i16) = + +let lemma_mont_mul_red_i16_int (x y:i16) = let vlow = x *. y in let prod = v x * v y in - assert (v x <= pow2 15); - assert (is_intb (pow2 15 * 1664) prod \/ is_intb (3326 * pow2 15) prod); - assert (is_intb (3326 * pow2 15) prod); assert (v vlow == prod @% pow2 16); let k = vlow *. (neg 3327s) in assert (v k == (((prod) @% pow2 16) * (- 3327)) @% pow2 16); @@ -338,7 +340,7 @@ let lemma_mont_mul_red_i16 (x y:i16) = assert (v y @% pow2 32 == v y); assert (v ((cast x <: i32) *. (cast y <: i32)) == (v x * v y) @% pow2 32); assert (v vhigh == (((prod) @% pow2 32) / pow2 16) @% pow2 16); - assert_norm (pow2 15 * 3328 < pow2 31); + assert_norm (pow2 15 * 3326 < pow2 31); lemma_range_at_percent prod (pow2 32); assert (v vhigh == (prod / pow2 16) @% pow2 16); lemma_div_at_percent prod (pow2 16); @@ -388,6 +390,20 @@ let lemma_mont_mul_red_i16 (x y:i16) = } +val lemma_mont_mul_red_i16 (x y:i16): Lemma + (requires (is_i16b 1664 y \/ is_intb (3326 * pow2 15) (v x * v y))) + (ensures ( + let result:i16 = mont_mul_red_i16 x y in + is_i16b 3328 result /\ + v result % 3329 == (v x * v y * 169) % 3329)) + [SMTPat (mont_mul_red_i16 x y)] +let lemma_mont_mul_red_i16 x y = + if is_i16b 1664 y then ( + lemma_mul_intb (pow2 15) 1664 (v x) (v y); + assert(is_intb (3326 * pow2 15) (v x * v y)); + lemma_mont_mul_red_i16_int x y) + else lemma_mont_mul_red_i16_int x y + let barrett_red (x:i16) = let t1 = cast (((cast x <: i32) *. (cast 20159s <: i32)) >>! 16l) <: i16 in let t2 = t1 +. 512s in From 042e8086700052fc957ebda26e3eafc938fcb5c9 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 16 Sep 2024 14:40:26 +0200 Subject: [PATCH 279/348] wip --- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 4 + .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 114 +++++++++--------- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 25 ++-- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/vector/avx2/ntt.rs | 1 + libcrux-ml-kem/src/vector/portable/ntt.rs | 77 +++++++++--- 6 files changed, 139 insertions(+), 83 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index 26d37b945..60d593980 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt open Core open FStar.Mul +#push-options "--admit_smt_queries true" + let inv_ntt_layer_1_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1 zeta2 zeta3: i16) @@ -35,6 +37,8 @@ let inv_ntt_layer_1_step in Libcrux_intrinsics.Avx2_extract.mm256_blend_epi16 204l sum sum_times_zetas +#pop-options + let inv_ntt_layer_2_step (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (zeta0 zeta1: i16) = let lhs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_permute4x64_epi64 245l vector diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 54b4f6ea5..d1efe51ac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -158,69 +158,69 @@ let ntt_multiply_binomials (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in + let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in + let aj:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in + let bj:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in let _:Prims.unit = - Spec.Utils.lemma_mul_i16b 3328 - 3328 - (Seq.index (a.f_elements) (v i)) - (Seq.index (b.f_elements) (v i)) + assert (Spec.Utils.is_i16b 3328 ai); + assert (Spec.Utils.is_i16b 3328 bi); + assert (Spec.Utils.is_i16b 3328 aj); + assert (Spec.Utils.is_i16b 3328 bj); + assert_norm (3328 * 3328 < pow2 31); + assert_norm (3328 * 3328 <= 3328 * pow2 15); + assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15); + assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) in let _:Prims.unit = - Spec.Utils.lemma_mul_i16b 3328 - 3328 - (Seq.index (a.f_elements) (v j)) - (Seq.index (b.f_elements) (v j)) - in - let ai_bi:i32 = - (cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) - in - let aj_bj:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) - <: - i32) - in + Spec.Utils.lemma_mul_i16b 3328 3328 ai bi; + Spec.Utils.lemma_mul_i16b 3328 3328 aj bj; + Spec.Utils.lemma_mul_i16b 3328 3328 ai bj; + Spec.Utils.lemma_mul_i16b 3328 3328 aj bi + in + let ai_bi:i32 = (cast (ai <: i16) <: i32) *! (cast (bi <: i16) <: i32) in + let aj_bj___:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj___ in let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 1664 aj_bj zeta in - let o0:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (ai_bi +! - ((cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) <: i32) - <: - i32) - in - let _:Prims.unit = - Spec.Utils.lemma_mul_i16b 3328 - 3328 - (Seq.index (a.f_elements) (v i)) - (Seq.index (b.f_elements) (v j)) - in + let aj_bj_zeta:i32 = (cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) in + let ai_bi_aj_bj:i32 = ai_bi +! aj_bj_zeta in + let _:Prims.unit = Spec.Utils.is_i32b (3328 * 3328 + 3328 * 1664) ai_bi_aj_bj in + let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bi_aj_bj in let _:Prims.unit = - Spec.Utils.lemma_mul_i16b 3328 - 3328 - (Seq.index (a.f_elements) (v j)) - (Seq.index (b.f_elements) (v i)) - in - let o1:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element (((cast (a - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) - <: - i32) +! - ((cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) <: i32) *! - (cast (b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) <: i32) - <: - i32) - <: - i32) + calc ( == ) { + v o0 % 3329; + ( == ) { () } + (v ai_bi_aj_bj * 169) % 3329; + ( == ) { assert (v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) } + ((v ai_bi + v aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) } + (((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } + ((((v ai * v bi) + (v aj_bj * v zeta)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj_bj * v zeta) 3329 } + ((((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } + ((((v ai * v bi) + (((v aj_bj % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj % 3329 == (v aj_bj_ * 169) % 3329) } + ((((v ai * v bi) + ((((v aj_bj_ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj_ == v aj * v bj) } + ((((v ai * v bi) + ((((v aj * v bj * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } + ((((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj * v bj * 169 * v zeta) 3329 } + ((((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) + 169 + 3329 } + (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) * 169) % 3329; + } in + let ai_bj:i32 = (cast (ai <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let aj_bi:i32 = (cast (aj <: i16) <: i32) *! (cast (bi <: i16) <: i32) in + let ai_bj_aj_bi:i32 = ai_bj +! aj_bi in + let _:Prims.unit = Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi in + let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bj_aj_bi in + let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 6b0b4881f..88b903d9c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -74,19 +74,24 @@ val ntt_multiply_binomials (i j: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) + (requires + v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array a.f_elements /\ Spec.Utils.is_i16b_array b.f_elements) (ensures fun out_future -> let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in - let x, y = - Spec.MLKEM.Math.poly_base_case_multiply (v (Seq.index a.f_elements (v i)) % 3329) - (v (Seq.index a.f_elements (v j)) % 3329) - (v (Seq.index b.f_elements (v i)) % 3329) - (v (Seq.index b.f_elements (v j)) % 3329) - ((v zeta * 169) % 3329) - in - (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\ - y == v (Seq.index out_future.f_elements (v j)) % 3329)) + (forall k. + (k <> v i /\ k <> v j) ==> + Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ + (let x, y = + Spec.MLKEM.Math.poly_base_case_multiply (v (Seq.index a.f_elements (v i)) % 3329) + (v (Seq.index a.f_elements (v j)) % 3329) + (v (Seq.index b.f_elements (v i)) % 3329) + (v (Seq.index b.f_elements (v j)) % 3329) + ((v zeta * 169) % 3329) + in + (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\ + y == v (Seq.index out_future.f_elements (v j)) % 3329))) val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 93f6cf50b..2b39a0e7c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -4,6 +4,7 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ + Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ diff --git a/libcrux-ml-kem/src/vector/avx2/ntt.rs b/libcrux-ml-kem/src/vector/avx2/ntt.rs index 8ad12720d..437c6a473 100644 --- a/libcrux-ml-kem/src/vector/avx2/ntt.rs +++ b/libcrux-ml-kem/src/vector/avx2/ntt.rs @@ -56,6 +56,7 @@ pub(crate) fn ntt_layer_3_step(vector: Vec256, zeta: i16) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] pub(crate) fn inv_ntt_layer_1_step( vector: Vec256, diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 796d57704..ce9e8953d 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -155,9 +155,13 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array ${a}.f_elements /\\ + Spec.Utils.is_i16b_array ${b}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" - let (x,y) = + (forall k. (k <> v i /\\ k <> v j) ==> + Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ + (let (x,y) = Spec.MLKEM.Math.poly_base_case_multiply (v (Seq.index a.f_elements (v i)) % 3329) (v (Seq.index a.f_elements (v j)) % 3329) @@ -165,7 +169,7 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab (v (Seq.index b.f_elements (v j)) % 3329) ((v zeta * 169) % 3329) in (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\\ - y == v (Seq.index out_future.f_elements (v j)) % 3329))"))] + y == v (Seq.index out_future.f_elements (v j)) % 3329)))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, @@ -174,20 +178,61 @@ pub(crate) fn ntt_multiply_binomials( j: usize, out: &mut PortableVector, ) { - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v i)) (Seq.index (${b}.f_elements) (v i))"); - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v j)) (Seq.index (${b}.f_elements) (v j))"); - let ai_bi = (a.elements[i] as i32) * (b.elements[i] as i32); - let aj_bj = montgomery_reduce_element((a.elements[j] as i32) * (b.elements[j] as i32)); + let ai = a.elements[i]; + let bi = b.elements[i]; + let aj = a.elements[j]; + let bj = b.elements[j]; + hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 ai); + assert(Spec.Utils.is_i16b 3328 bi); + assert(Spec.Utils.is_i16b 3328 aj); + assert(Spec.Utils.is_i16b 3328 bj); + assert_norm (3328 * 3328 < pow2 31); + assert_norm (3328 * 3328 <= 3328 * pow2 15); + assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15); + assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi; + Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj; + Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bj; + Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bi"); + let ai_bi = (ai as i32) * (bi as i32); + let aj_bj_ = (aj as i32) * (bj as i32); + let aj_bj = montgomery_reduce_element(aj_bj_); hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta"); - let o0 = montgomery_reduce_element( - ai_bi + (aj_bj as i32)* (zeta as i32), - ); - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v i)) (Seq.index (${b}.f_elements) (v j))"); - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 (Seq.index (${a}.f_elements) (v j)) (Seq.index (${b}.f_elements) (v i))"); - let o1 = montgomery_reduce_element( - (a.elements[i] as i32) * (b.elements[j] as i32) - + (a.elements[j] as i32) * (b.elements[i] as i32), - ); + let aj_bj_zeta = (aj_bj as i32) * (zeta as i32); + let ai_bi_aj_bj = ai_bi + aj_bj_zeta; + hax_lib::fstar!("Spec.Utils.is_i32b (3328*3328 + 3328*1664) ai_bi_aj_bj"); + let o0 = montgomery_reduce_element(ai_bi_aj_bj); + hax_lib::fstar!("calc ( == ) { + v o0 % 3329; + ( == ) { () } + (v ai_bi_aj_bj * 169) % 3329; + ( == ) { assert(v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) } + ((v ai_bi + v aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) } + (((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } + ((((v ai * v bi) + (v aj_bj * v zeta)) % 3329) * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj_bj * v zeta) 3329 } + (((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } + (((v ai * v bi) + ((v aj_bj % 3329 * v zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { assert(v aj_bj % 3329 == (v aj_bj_ * 169) % 3329) } + (((v ai * v bi) + (((v aj_bj_ * 169) % 3329 * v zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { assert(v aj_bj_ == v aj * v bj) } + (((v ai * v bi) + (((v aj * v bj * 169) % 3329 * v zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } + (((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj * v bj * 169 * v zeta) 3329 } + (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) 169 3329 } + (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) * 169) % 3329; + }"); + let ai_bj = (ai as i32) * (bj as i32); + let aj_bi = (aj as i32) * (bi as i32); + let ai_bj_aj_bi = ai_bj + aj_bi; + hax_lib::fstar!("Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi"); + let o1 = montgomery_reduce_element(ai_bj_aj_bi); + hax_lib::fstar!("admit()"); out.elements[i] = o0; out.elements[j] = o1; } From 24e4a0df441f88af329fc8f1c22000ea2ef09615 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 16 Sep 2024 14:52:56 +0200 Subject: [PATCH 280/348] wip --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 21 +++++++++------ libcrux-ml-kem/src/vector/portable/ntt.rs | 26 ++++++++++++------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 88b903d9c..22754376a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -76,22 +76,27 @@ val ntt_multiply_binomials : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ - Spec.Utils.is_i16b_array a.f_elements /\ Spec.Utils.is_i16b_array b.f_elements) + Spec.Utils.is_i16b_array 3228 a.f_elements /\ Spec.Utils.is_i16b_array 3228 b.f_elements) (ensures fun out_future -> let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in (forall k. (k <> v i /\ k <> v j) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ - (let x, y = - Spec.MLKEM.Math.poly_base_case_multiply (v (Seq.index a.f_elements (v i)) % 3329) - (v (Seq.index a.f_elements (v j)) % 3329) - (v (Seq.index b.f_elements (v i)) % 3329) - (v (Seq.index b.f_elements (v j)) % 3329) + (let ai = Seq.index a.f_elements (v i) in + let aj = Seq.index a.f_elements (v j) in + let bi = Seq.index b.f_elements (v i) in + let bj = Seq.index b.f_elements (v j) in + let oi = Seq.index out_future.f_elements (v i) in + let oj = Seq.index out_future.f_elements (v j) in + let x, y = + Spec.MLKEM.Math.poly_base_case_multiply ((v ai * 169) % 3329) + ((v aj * 169) % 3329) + ((v bi * 169) % 3329) + ((v bj * 169) % 3329) ((v zeta * 169) % 3329) in - (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\ - y == v (Seq.index out_future.f_elements (v j)) % 3329))) + (x == ((v oi * 169) % 3329) /\ y == ((v oj * 169) % 3329)))) val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index ce9e8953d..19d64d29a 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -156,20 +156,26 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// . #[inline(always)] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ - Spec.Utils.is_i16b_array ${a}.f_elements /\\ - Spec.Utils.is_i16b_array ${b}.f_elements "))] + Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\ + Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" (forall k. (k <> v i /\\ k <> v j) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ - (let (x,y) = + (let ai = Seq.index a.f_elements (v i) in + let aj = Seq.index a.f_elements (v j) in + let bi = Seq.index b.f_elements (v i) in + let bj = Seq.index b.f_elements (v j) in + let oi = Seq.index out_future.f_elements (v i) in + let oj = Seq.index out_future.f_elements (v j) in + let (x,y) = Spec.MLKEM.Math.poly_base_case_multiply - (v (Seq.index a.f_elements (v i)) % 3329) - (v (Seq.index a.f_elements (v j)) % 3329) - (v (Seq.index b.f_elements (v i)) % 3329) - (v (Seq.index b.f_elements (v j)) % 3329) - ((v zeta * 169) % 3329) in - (x == v (Seq.index out_future.f_elements (v i)) % 3329 /\\ - y == v (Seq.index out_future.f_elements (v j)) % 3329)))"))] + ((v ai * 169) % 3329) + ((v aj * 169) % 3329) + ((v bi * 169) % 3329) + ((v bj * 169) % 3329) + ((v zeta * 169) % 3329) in + (x == ((v oi * 169) % 3329) /\\ + y == ((v oj * 169) % 3329)))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, From ca568c3e29543ac74e773c0344364bc583b39f61 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 16 Sep 2024 15:42:24 +0200 Subject: [PATCH 281/348] wip --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 6 +- libcrux-ml-kem/src/vector/portable/ntt.rs | 60 +++++++++---------- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index d1efe51ac..515c702d7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -201,9 +201,9 @@ let ntt_multiply_binomials ((((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } ((((v ai * v bi) + (((v aj_bj % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; - ( == ) { assert (v aj_bj % 3329 == (v aj_bj_ * 169) % 3329) } - ((((v ai * v bi) + ((((v aj_bj_ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; - ( == ) { assert (v aj_bj_ == v aj * v bj) } + ( == ) { assert (v aj_bj % 3329 == (v aj_bj___ * 169) % 3329) } + ((((v ai * v bi) + ((((v aj_bj___ * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; + ( == ) { assert (v aj_bj___ == v aj * v bj) } ((((v ai * v bi) + ((((v aj * v bj * 169) % 3329) * v zeta) % 3329)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } ((((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329) * 169) % 3329; diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 19d64d29a..3e71bed0b 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -159,14 +159,14 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\ Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" - (forall k. (k <> v i /\\ k <> v j) ==> + (forall k. (k <> v $i /\\ k <> v $j) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ - (let ai = Seq.index a.f_elements (v i) in - let aj = Seq.index a.f_elements (v j) in - let bi = Seq.index b.f_elements (v i) in - let bj = Seq.index b.f_elements (v j) in - let oi = Seq.index out_future.f_elements (v i) in - let oj = Seq.index out_future.f_elements (v j) in + (let ai = Seq.index ${a}.f_elements (v $i) in + let aj = Seq.index ${a}.f_elements (v $j) in + let bi = Seq.index ${b}.f_elements (v $i) in + let bj = Seq.index ${b}.f_elements (v $j) in + let oi = Seq.index out_future.f_elements (v $i) in + let oj = Seq.index out_future.f_elements (v $j) in let (x,y) = Spec.MLKEM.Math.poly_base_case_multiply ((v ai * 169) % 3329) @@ -188,10 +188,10 @@ pub(crate) fn ntt_multiply_binomials( let bi = b.elements[i]; let aj = a.elements[j]; let bj = b.elements[j]; - hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 ai); - assert(Spec.Utils.is_i16b 3328 bi); - assert(Spec.Utils.is_i16b 3328 aj); - assert(Spec.Utils.is_i16b 3328 bj); + hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 $ai); + assert(Spec.Utils.is_i16b 3328 $bi); + assert(Spec.Utils.is_i16b 3328 $aj); + assert(Spec.Utils.is_i16b 3328 $bj); assert_norm (3328 * 3328 < pow2 31); assert_norm (3328 * 3328 <= 3328 * pow2 15); assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15); @@ -206,32 +206,32 @@ pub(crate) fn ntt_multiply_binomials( hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta"); let aj_bj_zeta = (aj_bj as i32) * (zeta as i32); let ai_bi_aj_bj = ai_bi + aj_bj_zeta; - hax_lib::fstar!("Spec.Utils.is_i32b (3328*3328 + 3328*1664) ai_bi_aj_bj"); + hax_lib::fstar!("Spec.Utils.is_i32b (3328*3328 + 3328*1664) $ai_bi_aj_bj"); let o0 = montgomery_reduce_element(ai_bi_aj_bj); hax_lib::fstar!("calc ( == ) { - v o0 % 3329; + v $o0 % 3329; ( == ) { () } - (v ai_bi_aj_bj * 169) % 3329; - ( == ) { assert(v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) } - ((v ai_bi + v aj_bj_zeta) * 169) % 3329; - ( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) } - (((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329; + (v $ai_bi_aj_bj * 169) % 3329; + ( == ) { assert(v $ai_bi_aj_bj == v $ai_bi + v $aj_bj_zeta) } + ((v $ai_bi + v $aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v $aj_bj_zeta == v $aj_bj * v $zeta) } + (((v $ai * v $bi) + (v $aj_bj * v $zeta)) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } - ((((v ai * v bi) + (v aj_bj * v zeta)) % 3329) * 169) % 3329; + ((((v $ai * v $bi) + (v $aj_bj * v $zeta)) % 3329) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj_bj * v zeta) 3329 } - (((v ai * v bi) + ((v aj_bj * v zeta) % 3329)) % 3329 * 169) % 3329; + (((v $ai * v $bi) + ((v $aj_bj * v $zeta) % 3329)) % 3329 * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj_bj) (v zeta) 3329 } - (((v ai * v bi) + ((v aj_bj % 3329 * v zeta) % 3329)) % 3329 * 169) % 3329; - ( == ) { assert(v aj_bj % 3329 == (v aj_bj_ * 169) % 3329) } - (((v ai * v bi) + (((v aj_bj_ * 169) % 3329 * v zeta) % 3329)) % 3329 * 169) % 3329; - ( == ) { assert(v aj_bj_ == v aj * v bj) } - (((v ai * v bi) + (((v aj * v bj * 169) % 3329 * v zeta) % 3329)) % 3329 * 169) % 3329; - ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v aj * v bj * 169) (v zeta) 3329 } - (((v ai * v bi) + (((v aj * v bj * 169 * v zeta) % 3329))) % 3329 * 169) % 3329; - ( == ) { Math.Lemmas.lemma_mod_add_distr (v ai * v bi) (v aj * v bj * 169 * v zeta) 3329 } - (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) % 3329 * 169) % 3329; + (((v $ai * v $bi) + ((v $aj_bj % 3329 * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { assert(v aj_bj % 3329 == (v $aj_bj_ * 169) % 3329) } + (((v $ai * v $bi) + (((v $aj_bj_ * 169) % 3329 * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { assert(v $aj_bj_ == v $aj * v $bj) } + (((v $ai * v $bi) + (((v $aj * v $bj * 169) % 3329 * v $zeta) % 3329)) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_mul_distr_l (v $aj * v $bj * 169) (v $zeta) 3329 } + (((v $ai * v $bi) + (((v $aj * v $bj * 169 * v $zeta) % 3329))) % 3329 * 169) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v $ai * v $bi) (v $aj * v $bj * 169 * v $zeta) 3329 } + (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) % 3329 * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) 169 3329 } - (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) * 169) % 3329; + (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) * 169) % 3329; }"); let ai_bj = (ai as i32) * (bj as i32); let aj_bi = (aj as i32) * (bi as i32); From c44ad6b1db43b97d621bfd70cedc01d4982f7e41 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Mon, 16 Sep 2024 17:02:05 +0200 Subject: [PATCH 282/348] wip: more intrinsics --- .../fstar-bitvec/BitVec.Intrinsics.fsti | 104 ++++++++++++++---- fstar-helpers/fstar-bitvec/Tactics.Utils.fst | 2 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 2 +- libcrux-intrinsics/src/avx2_extract.rs | 4 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 2 + 5 files changed, 93 insertions(+), 21 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index 1a2043013..c12348e75 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -27,24 +27,28 @@ let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bi let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) : bit_vec 256 = mk_bv (fun i -> - let offset = i % 16 in + let h (x: i16) = get_bit x (sz (i % 16)) in match i / 16 with - | 0 -> get_bit x15 (sz offset) - | 1 -> get_bit x14 (sz offset) - | 2 -> get_bit x13 (sz offset) - | 3 -> get_bit x12 (sz offset) - | 4 -> get_bit x11 (sz offset) - | 5 -> get_bit x10 (sz offset) - | 6 -> get_bit x9 (sz offset) - | 7 -> get_bit x8 (sz offset) - | 8 -> get_bit x7 (sz offset) - | 9 -> get_bit x6 (sz offset) - | 10 -> get_bit x5 (sz offset) - | 11 -> get_bit x4 (sz offset) - | 12 -> get_bit x3 (sz offset) - | 13 -> get_bit x2 (sz offset) - | 14 -> get_bit x1 (sz offset) - | 15 -> get_bit x0 (sz offset) + | 0 -> h x15 | 1 -> h x14 | 2 -> h x13 | 3 -> h x12 + | 4 -> h x11 | 5 -> h x10 | 6 -> h x9 | 7 -> h x8 + | 8 -> h x7 | 9 -> h x6 | 10 -> h x5 | 11 -> h x4 + | 12 -> h x3 | 13 -> h x2 | 14 -> h x1 | 15 -> h x0 + ) + +let mm256_set_epi8 + (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: i8) + : bit_vec 256 + = mk_bv (fun i -> + let h (x: i8) = get_bit x (sz (i % 8)) in + match i / 8 with + | 0 -> h x31 | 1 -> h x30 | 2 -> h x29 | 3 -> h x28 + | 4 -> h x27 | 5 -> h x26 | 6 -> h x25 | 7 -> h x24 + | 8 -> h x23 | 9 -> h x22 | 10 -> h x21 | 11 -> h x20 + | 12 -> h x19 | 13 -> h x18 | 14 -> h x17 | 15 -> h x16 + | 16 -> h x15 | 17 -> h x14 | 18 -> h x13 | 19 -> h x12 + | 20 -> h x11 | 21 -> h x10 | 22 -> h x9 | 23 -> h x8 + | 24 -> h x7 | 25 -> h x6 | 26 -> h x5 | 27 -> h x4 + | 28 -> h x3 | 29 -> h x2 | 30 -> h x1 | 31 -> h x0 ) val mm256_set1_epi16_no_semantics: i16 -> bit_vec 256 @@ -175,8 +179,70 @@ let madd_rhs (n: nat {n < 16}) = val mm256_madd_epi16_no_semantic: bit_vec 256 -> bit_vec 256 -> bit_vec 256 +let forall_bool (#max: pos) (f: (n: nat {n < max}) -> bool) + : r:bool {r <==> (forall i. f i)} + = let rec h (n: nat {n <= max}): r:bool {r <==> (forall i. i < n ==> f i)} = + n = 0 || f (n - 1) && h (n - 1) + in h max + +let mm256_madd_epi16_specialized' (x: bit_vec 256) (n: nat {n < 16}): bit_vec 256 = + mk_bv (fun i -> let local_i = i % 32 in + if local_i > 8 then 0 + else if i >= 4 then x (i - 4) + else x (i + 16)) + let mm256_madd_epi16_specialized (x: bit_vec 256) (n: nat {n < 16}) = - x + if forall_bool (fun (i: nat {i < 256}) -> i % 16 < 4 || x i = 0) + then mm256_madd_epi16_no_semantic x (madd_rhs n) + else mm256_madd_epi16_specialized' x n + +let mm256_shuffle_epi8_no_semantics (a b: bit_vec 256): bit_vec 256 = + mk_bv (fun i -> + 0 + ) + +let mm256_shuffle_epi8_i8 a (b: list _ {List.Tot.length b == 32}): bit_vec 256 = + mk_bv (fun i -> + let nth = i / 8 in + let index = List.Tot.index b nth in + if index < 0 + then 0 + else + let index = index % 16 in + a (index + i % 8) + ) + +let mk_list_32 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: a) + : (l:list a {List.Tot.length l == 32}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] in + assert_norm (List.Tot.length l == 32); + l + +let mm256_shuffle_epi8 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31 -> + mm256_set_epi8 + (Int8.int_to_t x0 ) (Int8.int_to_t x1 ) (Int8.int_to_t x2 ) (Int8.int_to_t x3 ) (Int8.int_to_t x4 ) (Int8.int_to_t x5 ) (Int8.int_to_t x6 ) (Int8.int_to_t x7 ) + (Int8.int_to_t x8 ) (Int8.int_to_t x9 ) (Int8.int_to_t x10) (Int8.int_to_t x11) (Int8.int_to_t x12) (Int8.int_to_t x13) (Int8.int_to_t x14) (Int8.int_to_t x15) + (Int8.int_to_t x16) (Int8.int_to_t x17) (Int8.int_to_t x18) (Int8.int_to_t x19) (Int8.int_to_t x20) (Int8.int_to_t x21) (Int8.int_to_t x22) (Int8.int_to_t x23) + (Int8.int_to_t x24) (Int8.int_to_t x25) (Int8.int_to_t x26) (Int8.int_to_t x27) (Int8.int_to_t x28) (Int8.int_to_t x29) (Int8.int_to_t x30) (Int8.int_to_t x31))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] -> + `(mm256_shuffle_epi8_i8 (`@x) + (mk_list_32 + (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ) + (`#x8 ) (`#x9 ) (`#x10) (`#x11) (`#x12) (`#x13) (`#x14) (`#x15) + (`#x16) (`#x17) (`#x18) (`#x19) (`#x20) (`#x21) (`#x22) (`#x23) + (`#x24) (`#x25) (`#x26) (`#x27) (`#x28) (`#x29) (`#x30) (`#x31))) + | _ -> quote (mm256_shuffle_epi8_no_semantics x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + +let asdsad x = + mm256_shuffle_epi8 x (mm256_set_epi8 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y) let mm256_madd_epi16 (x y: bit_vec 256) @@ -186,7 +252,7 @@ let mm256_madd_epi16 | _ -> quote (mm256_madd_epi16_no_semantic x y) in exact t )]result: bit_vec 256) - : bit_vec 256 + : bit_vec 256 = result open FStar.Stubs.Tactics.V2.Builtins diff --git a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst index 44e4fbab6..18030a682 100644 --- a/fstar-helpers/fstar-bitvec/Tactics.Utils.fst +++ b/fstar-helpers/fstar-bitvec/Tactics.Utils.fst @@ -245,7 +245,7 @@ let unify_app (t fn: term) norm_steps: Tac (option (list term)) let?# substs = fst (try_unify (cur_env ()) vars fn t) in raise (UnifyAppReturn ( if List.Tot.length substs <> List.Tot.length bds + 1 - then (print "unify_app: WARNING: inconsistent lengths"; None) + then (print ("unify_app: WARNING: inconsistent lengths: " ^ string_of_int (List.Tot.length substs) ^ " - 1 VS " ^ string_of_int (List.Tot.length bds + 1)); None) else ( match substs with | [] -> None diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 2d6e7c8ec..94916f178 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -42,7 +42,7 @@ val mm256_loadu_si256_i16 (input: t_Slice i16) val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_madd_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_madd_epi16 as mm256_madd_epi16} val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 365dd8137..d654ae571 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -181,6 +181,10 @@ pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_madd_epi16 as ${mm256_madd_epi16}}" +)] pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 9d394b3da..104ef8384 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -2,6 +2,7 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize #set-options "--fuel 0 --ifuel 1 --z3rlimit 15" open Core open FStar.Mul +#push-options "--ext context_pruning" let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -370,6 +371,7 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = ); result + let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = From fa71b36a9094873bbd35ff3d30dfc09509dea8d6 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 17 Sep 2024 16:51:08 +0000 Subject: [PATCH 283/348] Add conditions for generic compress and serialize functions --- libcrux-ml-kem/src/serialize.rs | 107 +++++++++++++----- libcrux-ml-kem/src/vector/avx2.rs | 20 +++- libcrux-ml-kem/src/vector/portable.rs | 30 +++-- .../src/vector/portable/compress.rs | 59 ++++++++-- libcrux-ml-kem/src/vector/traits.rs | 24 +++- 5 files changed, 188 insertions(+), 52 deletions(-) diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 5ca732a6b..58765f1aa 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -2,17 +2,39 @@ use crate::{ constants::{COEFFICIENTS_IN_RING_ELEMENT, BYTES_PER_RING_ELEMENT, SHARED_SECRET_SIZE}, helper::cloop, polynomial::{PolynomialRingElement, VECTORS_IN_RING_ELEMENT}, - vector::{decompress_1, to_unsigned_representative, Operations}, + vector::{decompress_1, to_unsigned_representative, Operations, FIELD_MODULUS}, }; #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) < v $FIELD_MODULUS"))] +#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) >= 0 /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) < v $FIELD_MODULUS"))] +pub(super) fn to_unsigned_field_modulus( + a: Vector, +) -> Vector { + to_unsigned_representative::(a) +} + +#[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> + (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS)"))] pub(super) fn compress_then_serialize_message( re: PolynomialRingElement, ) -> [u8; SHARED_SECRET_SIZE] { let mut serialized = [0u8; SHARED_SECRET_SIZE]; for i in 0..16 { - let coefficient = to_unsigned_representative::(re.coefficients[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < 16 ==> (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS)") }); + hax_lib::fstar!("assert (2 * v $i + 2 <= 32)"); + let coefficient = to_unsigned_field_modulus(re.coefficients[i]); let coefficient_compressed = Vector::compress_1(coefficient); let bytes = Vector::serialize_1(coefficient_compressed); @@ -34,13 +56,23 @@ pub(super) fn deserialize_then_decompress_message( } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] +#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> + (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS)"))] pub(super) fn serialize_uncompressed_ring_element( re: &PolynomialRingElement, ) -> [u8; BYTES_PER_RING_ELEMENT] { + hax_lib::fstar!("assert_norm (pow2 12 == 4096)"); let mut serialized = [0u8; BYTES_PER_RING_ELEMENT]; for i in 0..VECTORS_IN_RING_ELEMENT { - let coefficient = to_unsigned_representative::(re.coefficients[i]); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ (v $i < 16 ==> (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS))") }); + hax_lib::fstar!("assert (24 * v $i + 24 <= 384)"); + let coefficient = to_unsigned_field_modulus(re.coefficients[i]); let bytes = Vector::serialize_12(coefficient); serialized[24 * i..24 * i + 24].copy_from_slice(&bytes); @@ -117,17 +149,24 @@ pub(super) fn deserialize_ring_elements_reduced< } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires( - OUT_LEN == 320 -)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] +#[hax_lib::requires(fstar!("v $OUT_LEN == 320 /\\ (forall (i:nat). i < 16 ==> + (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] fn compress_then_serialize_10( re: &PolynomialRingElement, ) -> [u8; OUT_LEN] { + hax_lib::fstar!("assert_norm (pow2 10 == 1024)"); let mut serialized = [0u8; OUT_LEN]; for i in 0..VECTORS_IN_RING_ELEMENT { + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ (v $i < 16 ==> (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS))") }); + hax_lib::fstar!("assert (20 * v $i + 20 <= 320)"); let coefficient = - Vector::compress::<10>(to_unsigned_representative::(re.coefficients[i])); + Vector::compress::<10>(to_unsigned_field_modulus(re.coefficients[i])); let bytes = Vector::serialize_10(coefficient); serialized[20 * i..20 * i + 20].copy_from_slice(&bytes); @@ -137,9 +176,6 @@ fn compress_then_serialize_10( #[inline(always)] #[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires( - OUT_LEN == 352 -)] fn compress_then_serialize_11( re: &PolynomialRingElement, ) -> [u8; OUT_LEN] { @@ -155,10 +191,11 @@ fn compress_then_serialize_11( } #[inline(always)] -#[hax_lib::requires( - (COMPRESSION_FACTOR == 10 || COMPRESSION_FACTOR == 11) && - OUT_LEN == 32 * COMPRESSION_FACTOR -)] +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] +#[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ + (forall (i:nat). i < 16 ==> (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] pub(super) fn compress_then_serialize_ring_element_u< const COMPRESSION_FACTOR: usize, const OUT_LEN: usize, @@ -168,7 +205,8 @@ pub(super) fn compress_then_serialize_ring_element_u< ) -> [u8; OUT_LEN] { hax_lib::fstar!("assert ( (v (cast $COMPRESSION_FACTOR <: u32) == 10) \\/ - (v (cast $COMPRESSION_FACTOR <: u32) == 11))"); + (v (cast $COMPRESSION_FACTOR <: u32) == 11)); + Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"); match COMPRESSION_FACTOR as u32 { 10 => compress_then_serialize_10(re), 11 => compress_then_serialize_11(re), @@ -177,21 +215,29 @@ pub(super) fn compress_then_serialize_ring_element_u< } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires( - serialized.len() == 128 -)] +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] +#[hax_lib::requires(fstar!("Seq.length $serialized == 128 /\\ (forall (i:nat). i < 16 ==> + (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] fn compress_then_serialize_4( re: PolynomialRingElement, serialized: &mut [u8], ) { + hax_lib::fstar!("assert_norm (pow2 4 == 16)"); let _serialized_len = serialized.len(); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { - hax_lib::loop_invariant!(|i: usize| serialized.len() == _serialized_len); + // NOTE: Using `$serialized` in loop_invariant doesn't work here + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ + Seq.length serialized == v $_serialized_len /\\ (v $i < 16 ==> (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS))") }); + hax_lib::fstar!("assert (8 * v $i + 8 <= 128)"); let coefficient = - Vector::compress::<4>(to_unsigned_representative::(re.coefficients[i])); + Vector::compress::<4>(to_unsigned_field_modulus(re.coefficients[i])); let bytes = Vector::serialize_4(coefficient); serialized[8 * i..8 * i + 8].copy_from_slice(&bytes); @@ -223,11 +269,11 @@ fn compress_then_serialize_5( } #[inline(always)] -#[hax_lib::requires( - (COMPRESSION_FACTOR == 4 || COMPRESSION_FACTOR == 5) && - OUT_LEN == 32 * COMPRESSION_FACTOR && - out.len() == OUT_LEN -)] +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] +#[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 4 \\/ v $COMPRESSION_FACTOR == 5) /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ + Seq.length $out == v $OUT_LEN /\\ (forall (i:nat). i < 16 ==> (forall (j:nat). j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] #[hax_lib::ensures(|_| fstar!("${out_future.len()} == ${out.len()}") )] @@ -241,7 +287,8 @@ pub(super) fn compress_then_serialize_ring_element_v< ) { hax_lib::fstar!("assert ( (v (cast $COMPRESSION_FACTOR <: u32) == 4) \\/ - (v (cast $COMPRESSION_FACTOR <: u32) == 5))"); + (v (cast $COMPRESSION_FACTOR <: u32) == 5)); + Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v $COMPRESSION_FACTOR)"); match COMPRESSION_FACTOR as u32 { 4 => compress_then_serialize_4(re, out), 5 => compress_then_serialize_5(re, out), diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index e5a205174..c3c3368f2 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -7,6 +7,8 @@ mod ntt; mod sampling; mod serialize; +use crate::vector::FIELD_MODULUS; + #[derive(Clone, Copy)] #[hax_lib::fstar::before(interface,"noeq")] #[hax_lib::fstar::after(interface,"let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] @@ -127,15 +129,29 @@ impl Operations for SIMD256Vector { } } + #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\ + v (Seq.index (impl.f_repr $vector) i) < v $FIELD_MODULUS"))] + #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))] fn compress_1(vector: Self) -> Self { + hax_lib::fstar!("admit()"); Self { elements: compress::compress_message_coefficient(vector.elements), } } - #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || - COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] + #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) /\\ + (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\ + v (Seq.index (impl.f_repr $vector) i) < v $FIELD_MODULUS)"))] + #[ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) ==> + (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"))] fn compress(vector: Self) -> Self { + hax_lib::fstar!("admit()"); Self { elements: compress::compress_ciphertext_coefficient::( vector.elements, diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 1b34df9bc..144ee6ada 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -15,6 +15,8 @@ use vector_type::*; pub(crate) use vector_type::PortableVector; +use crate::vector::FIELD_MODULUS; + #[cfg(hax)] impl crate::vector::traits::Repr for PortableVector { fn repr(x: Self) -> [i16; 16] { @@ -83,14 +85,26 @@ impl Operations for PortableVector { montgomery_multiply_by_constant(v, r) } - fn compress_1(v: Self) -> Self { - compress_1(v) - } - - #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || - COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] - fn compress(v: Self) -> Self { - compress::(v) + #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\ + v (Seq.index (impl.f_repr $a) i) < v $FIELD_MODULUS"))] + #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))] + fn compress_1(a: Self) -> Self { + compress_1(a) + } + + #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) /\\ + (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\ + v (Seq.index (impl.f_repr $a) i) < v $FIELD_MODULUS)"))] + #[ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) ==> + (forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) (v $COEFFICIENT_BITS))"))] + fn compress(a: Self) -> Self { + compress::(a) } #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs index dab3e8190..8183d26d5 100644 --- a/libcrux-ml-kem/src/vector/portable/compress.rs +++ b/libcrux-ml-kem/src/vector/portable/compress.rs @@ -84,21 +84,66 @@ pub(crate) fn compress_ciphertext_coefficient(coefficient_bits: u8, fe: u16) -> } #[inline(always)] -pub(crate) fn compress_1(mut v: PortableVector) -> PortableVector { +#[cfg_attr(hax, hax_lib::fstar::before(" +let compress_message_coefficient_range_helper (fe: u16) : Lemma + (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + (ensures v (cast (compress_message_coefficient fe) <: i16) >= 0 /\\ + v (cast (compress_message_coefficient fe) <: i16) < 2) = + assert (v (cast (compress_message_coefficient fe) <: i16) >= 0 /\\ + v (cast (compress_message_coefficient fe) <: i16) < 2) +"))] +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")] +#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\ + v (Seq.index ${a}.f_elements i) < v $FIELD_MODULUS"))] +#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\ + v (${result}.f_elements.[ sz i ] <: i16) < 2"))] +pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector { + hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <. + (cast ($FIELD_MODULUS) <: u16))"); for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = compress_message_coefficient(v.elements[i] as u16) as i16; + hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==> + v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\\ + (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\\ + v (${a}.f_elements.[ sz j ] <: i16) < 2)") }); + hax_lib::fstar!("compress_message_coefficient_range_helper (cast (${a}.f_elements.[ $i ]) <: u16)"); + a.elements[i] = compress_message_coefficient(a.elements[i] as u16) as i16; + hax_lib::fstar!("assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\ + v (${a}.f_elements.[ $i ] <: i16) < 2)"); } - v + hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\ + v (${a}.f_elements.[ sz i ] <: i16) < 2)"); + a } #[inline(always)] -pub(crate) fn compress(mut v: PortableVector) -> PortableVector { +#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")] +#[hax_lib::requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) /\\ + (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\ + v (Seq.index ${a}.f_elements i) < v $FIELD_MODULUS)"))] +#[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\ + v (${result}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"))] +pub(crate) fn compress(mut a: PortableVector) -> PortableVector { + hax_lib::fstar!("assert (v (cast ($COEFFICIENT_BITS) <: u8) == v $COEFFICIENT_BITS); + assert (v (cast ($COEFFICIENT_BITS) <: u32) == v $COEFFICIENT_BITS)"); + hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> (cast (${a}.f_elements.[ sz i ]) <: u16) <. + (cast ($FIELD_MODULUS) <: u16))"); for i in 0..FIELD_ELEMENTS_IN_VECTOR { - v.elements[i] = - compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, v.elements[i] as u16) as i16; + hax_lib::loop_invariant!(|i: usize| { fstar!("(v $i < 16 ==> (forall (j:nat). (j >= v $i /\\ j < 16) ==> + v (cast (${a}.f_elements.[ sz j ]) <: u16) < v (cast ($FIELD_MODULUS) <: u16))) /\\ + (forall (j:nat). j < v $i ==> v (${a}.f_elements.[ sz j ] <: i16) >= 0 /\\ + v (${a}.f_elements.[ sz j ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))") }); + a.elements[i] = + compress_ciphertext_coefficient(COEFFICIENT_BITS as u8, a.elements[i] as u16) as i16; + hax_lib::fstar!("assert (v (${a}.f_elements.[ $i ] <: i16) >= 0 /\\ + v (${a}.f_elements.[ $i ] <: i16) < pow2 (v (cast ($COEFFICIENT_BITS) <: u32)))"); } - v + hax_lib::fstar!("assert (forall (i:nat). i < 16 ==> v (${a}.f_elements.[ sz i ] <: i16) >= 0 /\\ + v (${a}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"); + a } #[inline(always)] diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index d965a9581..1ee052c22 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -63,11 +63,22 @@ pub trait Operations: Copy + Clone + Repr { fn montgomery_multiply_by_constant(v: Self, c: i16) -> Self; // Compression - #[requires(true)] - fn compress_1(v: Self) -> Self; - #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || - COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] - fn compress(v: Self) -> Self; + #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\ + v (Seq.index (f_repr $a) i) < 3329"))] + #[ensures(|result| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) 1"))] + fn compress_1(a: Self) -> Self; + #[requires(fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) /\\ + (forall (i:nat). i < 16 ==> v (Seq.index (f_repr $a) i) >= 0 /\\ + v (Seq.index (f_repr $a) i) < 3329)"))] + #[ensures(|result| fstar!("(v $COEFFICIENT_BITS == 4 \\/ + v $COEFFICIENT_BITS == 5 \\/ + v $COEFFICIENT_BITS == 10 \\/ + v $COEFFICIENT_BITS == 11) ==> + (forall (i:nat). i < 16 ==> bounded (Seq.index (f_repr $result) i) (v $COEFFICIENT_BITS))"))] + fn compress(a: Self) -> Self; #[requires(COEFFICIENT_BITS == 4 || COEFFICIENT_BITS == 5 || COEFFICIENT_BITS == 10 || COEFFICIENT_BITS == 11)] fn decompress_ciphertext_coefficient(v: Self) -> Self; @@ -186,6 +197,9 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } +#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::ensures(|result| fstar!("f_to_i16_array $result == Spec.Utils.map2 (+.) (f_to_i16_array $a) + (Spec.Utils.map_array (fun x -> (x >>! 15l) &. $FIELD_MODULUS) (f_to_i16_array $a))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); let fm = T::bitwise_and_with_constant(t, FIELD_MODULUS); From 9ab86ed4b3df8e0f56f6aedbea0c5bf1556b2541 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 17 Sep 2024 16:54:48 +0000 Subject: [PATCH 284/348] Update F* files --- .../extraction/Libcrux_ml_kem.Serialize.fst | 131 ++++++++++--- .../extraction/Libcrux_ml_kem.Serialize.fsti | 127 +++++++++++- .../Libcrux_ml_kem.Vector.Avx2.fsti | 29 ++- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 184 ++++++++++++------ ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 33 +++- .../Libcrux_ml_kem.Vector.Portable.fst | 15 ++ .../Libcrux_ml_kem.Vector.Portable.fsti | 35 ++-- .../Libcrux_ml_kem.Vector.Traits.fst | 4 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 37 +++- 9 files changed, 470 insertions(+), 125 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 0aff4b996..b30651d80 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -9,7 +9,18 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--admit_smt_queries true" +let to_unsigned_field_modulus + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (a: v_Vector) + = + let result:v_Vector = Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector a in + let _:Prims.unit = admit () (* Panic freedom *) in + result + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let compress_then_serialize_10_ (v_OUT_LEN: usize) @@ -19,23 +30,37 @@ let compress_then_serialize_10_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + let _:Prims.unit = assert_norm (pow2 10 == 1024) in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - (fun serialized temp_1_ -> + (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i >= 0 /\ v i <= 16 /\ + (v i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in + let _:Prims.unit = assert (20 * v i + 20 <= 320) in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve 10l - (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -68,7 +93,9 @@ let compress_then_serialize_10_ in serialized) in - serialized + let result:t_Array u8 v_OUT_LEN = serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options @@ -135,7 +162,7 @@ let compress_then_serialize_11_ #pop-options -#push-options "--admit_smt_queries true" +#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let compress_then_serialize_4_ (#v_Vector: Type0) @@ -145,6 +172,7 @@ let compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = + let _:Prims.unit = assert_norm (pow2 4 == 16) in let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -152,16 +180,29 @@ let compress_then_serialize_4_ (fun serialized i -> let serialized:t_Slice u8 = serialized in let i:usize = i in - (Core.Slice.impl__len #u8 serialized <: usize) =. v__serialized_len <: bool) + v i >= 0 /\ v i <= 16 /\ Seq.length serialized == v v__serialized_len /\ + (v i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in let i:usize = i in + let _:Prims.unit = assert (8 * v i + 8 <= 128) in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve 4l - (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -194,7 +235,9 @@ let compress_then_serialize_4_ in serialized) in - let hax_temp_output:Prims.unit = () <: Prims.unit in + let result:Prims.unit = () <: Prims.unit in + let _:Prims.unit = admit () (* Panic freedom *) in + let hax_temp_output:Prims.unit = result in serialized #pop-options @@ -263,8 +306,6 @@ let compress_then_serialize_5_ #pop-options -#push-options "--admit_smt_queries true" - let compress_then_serialize_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -276,16 +317,28 @@ let compress_then_serialize_message let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun serialized temp_1_ -> + (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in let i:usize = i in + let _:Prims.unit = assert (2 * v i + 2 <= 32) in let coefficient:v_Vector = - Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) in let coefficient_compressed:v_Vector = @@ -321,9 +374,11 @@ let compress_then_serialize_message in serialized) in - serialized + let result:t_Array u8 (sz 32) = serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result -#pop-options +#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) @@ -335,7 +390,8 @@ let compress_then_serialize_ring_element_u = let _:Prims.unit = assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/ - (v (cast v_COMPRESSION_FACTOR <: u32) == 11)) + (v (cast v_COMPRESSION_FACTOR <: u32) == 11)); + Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR) in match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re @@ -346,6 +402,10 @@ let compress_then_serialize_ring_element_u <: Rust_primitives.Hax.t_Never) +#pop-options + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" + let compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) (#v_Vector: Type0) @@ -357,7 +417,8 @@ let compress_then_serialize_ring_element_v = let _:Prims.unit = assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/ - (v (cast v_COMPRESSION_FACTOR <: u32) == 5)) + (v (cast v_COMPRESSION_FACTOR <: u32) == 5)); + Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR) in let out, hax_temp_output:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with @@ -374,6 +435,8 @@ let compress_then_serialize_ring_element_v in out +#pop-options + let deserialize_then_decompress_10_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -821,7 +884,7 @@ let deserialize_to_uncompressed_ring_element in re -#push-options "--admit_smt_queries true" +#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" let serialize_uncompressed_ring_element (#v_Vector: Type0) @@ -830,20 +893,34 @@ let serialize_uncompressed_ring_element Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + let _:Prims.unit = assert_norm (pow2 12 == 4096) in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - (fun serialized temp_1_ -> + (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i >= 0 /\ v i <= 16 /\ + (v i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in let i:usize = i in + let _:Prims.unit = assert (24 * v i + 24 <= 384) in let coefficient:v_Vector = - Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) in let bytes:t_Array u8 (sz 24) = @@ -874,6 +951,8 @@ let serialize_uncompressed_ring_element in serialized) in - serialized + let result:t_Array u8 (sz 384) = serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index c5c20e382..df1a37b01 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -9,19 +9,57 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +val to_unsigned_field_modulus + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (a: v_Vector) + : Prims.Pure v_Vector + (requires + forall (i: nat). + i < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + (ensures + fun result -> + let result:v_Vector = result in + forall (i: nat). + i < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array result) i) >= 0 /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array result) i) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + val compress_then_serialize_10_ (v_OUT_LEN: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) (requires v_OUT_LEN =. sz 320) (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires + v v_OUT_LEN == 320 /\ + (forall (i: nat). + i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + (fun _ -> Prims.l_True) val compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) (requires v_OUT_LEN =. sz 352) (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_4_ (#v_Vector: Type0) @@ -29,7 +67,21 @@ val compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 128) + (requires + Seq.length serialized == 128 /\ + (forall (i: nat). + i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) (fun _ -> Prims.l_True) val compress_then_serialize_5_ @@ -45,7 +97,22 @@ val compress_then_serialize_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires + forall (i: nat). + i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) @@ -54,8 +121,21 @@ val compress_then_serialize_ring_element_u (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) (requires - (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && - v_OUT_LEN =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) + (v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11) /\ + v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ + (forall (i: nat). + i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v @@ -66,9 +146,21 @@ val compress_then_serialize_ring_element_v (out: t_Slice u8) : Prims.Pure (t_Slice u8) (requires - (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) && - v_OUT_LEN =. (sz 32 *! v_COMPRESSION_FACTOR <: usize) && - (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN) + (v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5) /\ + v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ Seq.length out == v v_OUT_LEN /\ + (forall (i: nat). + i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in @@ -176,4 +268,19 @@ val serialize_uncompressed_ring_element (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 384)) + (requires + forall (i: nat). + i < 16 ==> + (forall (j: nat). + j < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) >= + - + (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re + .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) + j) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 2aa6f7ab9..14a8a6489 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -177,11 +177,21 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_compress_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_compress_1_pre + = + (fun (vector: t_SIMD256Vector) -> + forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr vector) i) >= 0 /\ + v (Seq.index (impl.f_repr vector) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS); + f_compress_1_post + = + (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1); f_compress_1_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in { f_elements = @@ -192,14 +202,23 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> - v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || - v_COEFFICIENT_BITS =. 11l); + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr vector) i) >= 0 /\ + v (Seq.index (impl.f_repr vector) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)); f_compress_post = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) ==> + (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS)) + ); f_compress = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in { f_elements = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index 4a470d7d1..d8c5b91a8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -22,78 +22,146 @@ let compress_message_coefficient (fe: u16) = let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8 +#push-options "--fuel 0 --ifuel 0 --z3rlimit 2000" + let compress (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let _:Prims.unit = + assert (v (cast (v_COEFFICIENT_BITS) <: u8) == v v_COEFFICIENT_BITS); + assert (v (cast (v_COEFFICIENT_BITS) <: u32) == v v_COEFFICIENT_BITS) + in + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> + (cast (a.f_elements.[ sz i ]) <: u16) <. + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + in + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in + let i:usize = i in + (v i < 16 ==> + (forall (j: nat). + (j >= v i /\ j < 16) ==> + v (cast (a.f_elements.[ sz j ]) <: u16) < + v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16))) /\ + (forall (j: nat). + j < v i ==> + v (a.f_elements.[ sz j ] <: i16) >= 0 /\ + v (a.f_elements.[ sz j ] <: i16) < pow2 (v (cast (v_COEFFICIENT_BITS) <: u32)))) + a + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (compress_ciphertext_coefficient (cast (v_COEFFICIENT_BITS <: i32) <: u8) - (cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - u16) - <: - i16) + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + a with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (compress_ciphertext_coefficient (cast (v_COEFFICIENT_BITS <: i32) <: u8) + (cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + <: + u16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + let _:Prims.unit = + assert (v (a.f_elements.[ i ] <: i16) >= 0 /\ + v (a.f_elements.[ i ] <: i16) < pow2 (v (cast (v_COEFFICIENT_BITS) <: u32))) + in + a) in - v + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> + v (a.f_elements.[ sz i ] <: i16) >= 0 /\ + v (a.f_elements.[ sz i ] <: i16) < pow2 (v v_COEFFICIENT_BITS)) + in + a -let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +#pop-options + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 2000" + +let compress_message_coefficient_range_helper (fe: u16) : Lemma + (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + (ensures v (cast (compress_message_coefficient fe) <: i16) >= 0 /\ + v (cast (compress_message_coefficient fe) <: i16) < 2) = + assert (v (cast (compress_message_coefficient fe) <: i16) >= 0 /\ + v (cast (compress_message_coefficient fe) <: i16) < 2) + +let compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> + (cast (a.f_elements.[ sz i ]) <: u16) <. + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + in + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in + let i:usize = i in + (v i < 16 ==> + (forall (j: nat). + (j >= v i /\ j < 16) ==> + v (cast (a.f_elements.[ sz j ]) <: u16) < + v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16))) /\ + (forall (j: nat). + j < v i ==> + v (a.f_elements.[ sz j ] <: i16) >= 0 /\ v (a.f_elements.[ sz j ] <: i16) < 2)) + a + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (cast (compress_message_coefficient (cast (v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - u16) - <: - u8) - <: - i16) + let _:Prims.unit = + compress_message_coefficient_range_helper (cast (a.f_elements.[ i ]) <: u16) + in + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + a with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (cast (compress_message_coefficient (cast (a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + <: + u16) + <: + u8) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + let _:Prims.unit = + assert (v (a.f_elements.[ i ] <: i16) >= 0 /\ v (a.f_elements.[ i ] <: i16) < 2) + in + a) in - v + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> v (a.f_elements.[ sz i ] <: i16) >= 0 /\ v (a.f_elements.[ sz i ] <: i16) < 2) + in + a + +#pop-options let decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index 8a078f1b0..57e5a0a1d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -47,15 +47,36 @@ val compress_message_coefficient (fe: u16) val compress (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> + v (Seq.index a.f_elements i) >= 0 /\ + v (Seq.index a.f_elements i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + forall (i: nat). + i < 16 ==> + v (result.f_elements.[ sz i ] <: i16) >= 0 /\ + v (result.f_elements.[ sz i ] <: i16) < pow2 (v v_COEFFICIENT_BITS)) -val compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + forall (i: nat). + i < 16 ==> + v (Seq.index a.f_elements i) >= 0 /\ + v (Seq.index a.f_elements i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + forall (i: nat). + i < 16 ==> + v (result.f_elements.[ sz i ] <: i16) >= 0 /\ v (result.f_elements.[ sz i ] <: i16) < 2) val decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst new file mode 100644 index 000000000..dbd72c7e0 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -0,0 +1,15 @@ +module Libcrux_ml_kem.Vector.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in + () + +#push-options "--z3rlimit 300" + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 461660a87..8f46599b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -206,41 +206,52 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_by_constant v r); f_compress_1_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr a) i) >= 0 /\ + v (Seq.index (impl.f_repr a) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS); f_compress_1_post = (fun - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1); f_compress_1_ = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Compress.compress_1_ v); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Libcrux_ml_kem.Vector.Portable.Compress.compress_1_ a); f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || - v_COEFFICIENT_BITS =. 11l); + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr a) i) >= 0 /\ + v (Seq.index (impl.f_repr a) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)); f_compress_post = (fun (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) ==> + (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS)) + ); f_compress = (fun (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Compress.compress v_COEFFICIENT_BITS v); + Libcrux_ml_kem.Vector.Portable.Compress.compress v_COEFFICIENT_BITS a); f_decompress_ciphertext_coefficient_pre = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index be631a15d..05c102c6a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -45,4 +45,6 @@ let to_unsigned_representative let fm:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in - f_add #v_T #FStar.Tactics.Typeclasses.solve a fm + let result:v_T = f_add #v_T #FStar.Tactics.Typeclasses.solve a fm in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 1df7c1846..44ad4dd11 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -101,17 +101,32 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:v: v_Self -> pred: Type0{true ==> pred}; - f_compress_1_post:v_Self -> v_Self -> Type0; + f_compress_1_pre:a: v_Self + -> pred: + Type0 + { (forall (i: nat). + i < 16 ==> v (Seq.index (f_repr a) i) >= 0 /\ v (Seq.index (f_repr a) i) < 3329) ==> + pred }; + f_compress_1_post:a: v_Self -> result: v_Self + -> pred: Type0{pred ==> (forall (i: nat). i < 16 ==> bounded (Seq.index (f_repr result) i) 1)}; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self + f_compress_pre:v_COEFFICIENT_BITS: i32 -> a: v_Self -> pred: Type0 - { v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || - v_COEFFICIENT_BITS =. 11l ==> + { (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> v (Seq.index (f_repr a) i) >= 0 /\ v (Seq.index (f_repr a) i) < 3329) ==> pred }; - f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; + f_compress_post:v_COEFFICIENT_BITS: i32 -> a: v_Self -> result: v_Self + -> pred: + Type0 + { pred ==> + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) ==> + (forall (i: nat). i < 16 ==> bounded (Seq.index (f_repr result) i) (v v_COEFFICIENT_BITS)) + }; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) @@ -333,4 +348,12 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure v_T + Prims.l_True + (ensures + fun result -> + let result:v_T = result in + f_to_i16_array result == + Spec.Utils.map2 ( +. ) + (f_to_i16_array a) + (Spec.Utils.map_array (fun x -> (x >>! 15l) &. v_FIELD_MODULUS) (f_to_i16_array a))) From 774431cd06edafed3c95a8953af7a87bdf042521 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 18 Sep 2024 11:50:12 +0200 Subject: [PATCH 285/348] fstar: avx2: serialize_4 basically works --- .../fstar-bitvec/BitVec.Intrinsics.fsti | 99 ++++++++++++------- fstar-helpers/fstar-bitvec/BitVec.Utils.fst | 21 ++++ .../Libcrux_intrinsics.Avx2_extract.fsti | 14 +-- libcrux-intrinsics/src/avx2_extract.rs | 4 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 89 ++++++++++++++++- 5 files changed, 182 insertions(+), 45 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/BitVec.Utils.fst diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index c12348e75..07ddb8f04 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -24,6 +24,14 @@ let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec (i + 128)) +let mm256_set_epi32 (x0 x1 x2 x3 x4 x5 x6 x7: i32) + : bit_vec 256 + = mk_bv (fun i -> + let h (x: i32) = get_bit x (sz (i % 32)) in + match i / 32 with + | 0 -> h x7 | 1 -> h x6 | 2 -> h x5 | 3 -> h x4 + | 4 -> h x3 | 5 -> h x2 | 6 -> h x1 | 7 -> h x0) + let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) : bit_vec 256 = mk_bv (fun i -> @@ -56,10 +64,7 @@ let mm256_set1_epi16_pow2_minus_one (n: nat): bit_vec 256 = mk_bv (fun i -> if i <= n then 1 else 0) let mm256_and_si256 (x y: bit_vec 256): bit_vec 256 - = mk_bv (fun i -> if y i = 0 - then 0 - else x i - ) + = mk_bv (fun i -> if y i = 0 then 0 else x i) let mm256_set1_epi16 (constant: i16) (#[Tactics.exact (match unify_app (quote constant) (quote (fun n -> ((1s < bit_vec 256 -> bit_vec 256 let forall_bool (#max: pos) (f: (n: nat {n < max}) -> bool) : r:bool {r <==> (forall i. f i)} = let rec h (n: nat {n <= max}): r:bool {r <==> (forall i. i < n ==> f i)} = - n = 0 || f (n - 1) && h (n - 1) + match n with + | 0 -> true + | _ -> f (n - 1) && h (n - 1) in h max +/// We view `x` as a sequence of pairs of 16 bits, of the shape +/// `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)`: only the last `n` bits are non-zero. +/// We output a sequence of 32 bits `0b0…0b₁…bₙa₁…aₙ`. let mm256_madd_epi16_specialized' (x: bit_vec 256) (n: nat {n < 16}): bit_vec 256 = - mk_bv (fun i -> let local_i = i % 32 in - if local_i > 8 then 0 - else if i >= 4 then x (i - 4) - else x (i + 16)) + mk_bv (fun i -> let j = i % 32 in + // `x i` is the `j`th bit in the `i/32`th pair of 16 bits `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` + // we want to construct the `j`th bit of `0b0…0b₁…bₙa₁…aₙ` + let is_zero = + // `|b₁…bₙa₁…aₙ| = n * 2`: if we're above that, we want to produce the bit `0` + j >= n * 2 + in + if is_zero + then 0 + else if j < n + then x i // we want to produce the bit `aⱼ` + else + // the bit from `b` is in the second item of the pair `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` + x (i - n + 16) + ) let mm256_madd_epi16_specialized (x: bit_vec 256) (n: nat {n < 16}) = - if forall_bool (fun (i: nat {i < 256}) -> i % 16 < 4 || x i = 0) - then mm256_madd_epi16_no_semantic x (madd_rhs n) - else mm256_madd_epi16_specialized' x n + if forall_bool (fun (i: nat {i < 256}) -> i % 16 < n || x i = 0) + then mm256_madd_epi16_specialized' x n + else mm256_madd_epi16_no_semantic x (madd_rhs n) -let mm256_shuffle_epi8_no_semantics (a b: bit_vec 256): bit_vec 256 = - mk_bv (fun i -> - 0 - ) - -let mm256_shuffle_epi8_i8 a (b: list _ {List.Tot.length b == 32}): bit_vec 256 = +val mm256_shuffle_epi8_no_semantics (a b: bit_vec 256): bit_vec 256 +let mm256_shuffle_epi8_i8 (a: bit_vec 256) (b: list _ {List.Tot.length b == 32}): bit_vec 256 = mk_bv (fun i -> let nth = i / 8 in - let index = List.Tot.index b nth in - if index < 0 - then 0 - else - let index = index % 16 in - a (index + i % 8) - ) - -let mk_list_32 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: a) - : (l:list a {List.Tot.length l == 32}) - = let l = [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] in - assert_norm (List.Tot.length l == 32); - l + let index = List.Tot.index b (31 - nth) in + if index < 0 then 0 + else let index = index % 16 in + a (index * 8 + i % 8 + i / 128 * 128)) let mm256_shuffle_epi8 (x y: bit_vec 256) @@ -241,11 +249,32 @@ let mm256_shuffle_epi8 : bit_vec 256 = result -let asdsad x = - mm256_shuffle_epi8 x (mm256_set_epi8 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y 1y) +val mm256_permutevar8x32_epi32_no_semantics (a b: bit_vec 256): bit_vec 256 +let mm256_permutevar8x32_epi32_i32 (a: bit_vec 256) (b: list _ {List.Tot.length b == 8}): bit_vec 256 = + mk_bv (fun i -> + let j = i / 32 in + let index = (List.Tot.index b (7 - j) % 8) * 32 in + a (index + i % 32)) -let mm256_madd_epi16 +let mm256_permutevar8x32_epi32 (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 -> + mm256_set_epi32 + (Int32.int_to_t x0) (Int32.int_to_t x1) (Int32.int_to_t x2) (Int32.int_to_t x3) + (Int32.int_to_t x4) (Int32.int_to_t x5) (Int32.int_to_t x6) (Int32.int_to_t x7))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7] -> + `(mm256_permutevar8x32_epi32_i32 (`@x) + (mk_list_8 (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ))) + | _ -> quote (mm256_permutevar8x32_epi32_no_semantics x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + +let mm256_madd_epi16 + (x y: bit_vec 256) (#[( let t = match unify_app (quote y) (quote (fun n -> madd_rhs n)) [delta_only [`%madd_rhs]] with | Some [n] -> `(mm256_madd_epi16_specialized (`@x) (`#n)) @@ -255,6 +284,8 @@ let mm256_madd_epi16 : bit_vec 256 = result +val mm_storeu_bytes_si128 (_output vec: bit_vec 128): t_Slice u8 + open FStar.Stubs.Tactics.V2.Builtins open FStar.Stubs.Tactics.V2 open FStar.Tactics.V2.Derived diff --git a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst new file mode 100644 index 000000000..8cedb60aa --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst @@ -0,0 +1,21 @@ +module BitVec.Utils + +open Core +open FStar.FunctionalExtensionality +open BitVec.Equality +open Rust_primitives.BitVectors + +let mk_bv #len (f: (i:nat{i < len}) -> bit) = on (i:nat {i < len}) f + +let mk_list_32 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: a) + : (l:list a {List.Tot.length l == 32}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31] in + assert_norm (List.Tot.length l == 32); + l + +let mk_list_8 #a (x0 x1 x2 x3 x4 x5 x6 x7: a) + : (l:list a {List.Tot.length l == 8}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7] in + assert_norm (List.Tot.length l == 8); + l + diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 94916f178..828f0006f 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -60,8 +60,7 @@ val mm256_permute2x128_si256 (v_IMM8: i32) (a b: t_Vec256) val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_permutevar8x32_epi32 (vector control: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_permutevar8x32_epi32} include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} // val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -72,21 +71,16 @@ val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prim include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} -val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi32} -val mm256_set_epi8 - (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - i8) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi8} val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_shuffle_epi8 (vector control: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_shuffle_epi8} include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index d654ae571..c370ac59b 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -40,6 +40,10 @@ pub fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm_storeu_bytes_si128 as ${mm_storeu_bytes_si128}}" +)] pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { debug_assert_eq!(output.len(), 16); unimplemented!() diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 104ef8384..d952d213b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -371,7 +371,6 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = ); result - let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -615,6 +614,94 @@ let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 10)) Core.Array.t_TryFromSliceError) +let dummy_lemma n f: Lemma (BitVec.Intrinsics.forall_bool #n f == true) = admit () + +let suppose_false (scrut: bool) (arm_true arm_false: bit) + : Lemma + (requires not scrut) + (ensures (match scrut with true -> arm_true | false -> arm_false) == arm_false) + = () + +#push-options "--print_implicits" +let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < i % 16 < 4 || vector i = 0)); + assert (forall (i: nat {i < 64}). + // let local_i = i / 4 in + combined i == vector ((i / 4) * 16 + i % 4) + ) by ( + // unfold wrappers + norm [primops; iota; zeta; delta_namespace [ + `%BitVec.Intrinsics.mm256_shuffle_epi8; + `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; + `%BitVec.Intrinsics.mm256_madd_epi16; + `%BitVec.Intrinsics.mm256_castsi256_si128; + "BitVec.Utils"; + ]]; + Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + let reduce t = + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.FunctionalExtensionality"; + t; + `%BitVec.Utils.mk_bv; + `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]]; + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.List.Tot"; `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]] + in + reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); + reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); + grewrite (quote (forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) (`true); + flip (); smt (); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); + trivial () + )) + ); + combined + // let serialized:t_Array u8 (sz 16) = + // Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized combined + // in + // Core.Result.impl__unwrap #(t_Array u8 (sz 8)) + // #Core.Array.t_TryFromSliceError + // (Core.Convert.f_try_into #(t_Slice u8) + // #(t_Array u8 (sz 8)) + // #FStar.Tactics.Typeclasses.solve + // (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } + // <: + // Core.Ops.Range.t_Range usize ] + // <: + // t_Slice u8) + // <: + // Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) + + let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = From 173821f92e066dff0e4728530029c4fd10f0e7e4 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 18 Sep 2024 13:58:28 +0200 Subject: [PATCH 286/348] wip --- .../Libcrux_intrinsics.Arm64_extract.fsti | 2 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 2 +- libcrux-ml-kem/hax.py | 4 + .../Libcrux_ml_kem.Constant_time_ops.fst | 2 +- .../Libcrux_ml_kem.Constant_time_ops.fsti | 2 +- .../extraction/Libcrux_ml_kem.Constants.fsti | 2 +- .../Libcrux_ml_kem.Hash_functions.Avx2.fsti | 2 +- .../Libcrux_ml_kem.Hash_functions.Neon.fsti | 2 +- ...ibcrux_ml_kem.Hash_functions.Portable.fsti | 2 +- .../Libcrux_ml_kem.Hash_functions.fsti | 2 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 2 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 2 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 2 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 2 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 2 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 2 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 2 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 2 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 2 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 2 +- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 2 +- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 2 +- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 2 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 2 +- .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 2 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 2 +- .../extraction/Libcrux_ml_kem.Matrix.fsti | 2 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 2 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 2 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 2 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 2 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 2 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 2 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 2 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 2 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 2 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 2 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 2 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 2 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 2 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 2 +- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 2 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 2 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 2 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 2 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 2 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 2 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 2 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 2 +- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 2 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 2 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 26 ++-- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 2 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 2 +- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 2 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 2 +- .../extraction/Libcrux_ml_kem.Sampling.fsti | 2 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 2 +- .../extraction/Libcrux_ml_kem.Serialize.fsti | 2 +- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 2 +- .../extraction/Libcrux_ml_kem.Types.fsti | 2 +- .../fstar/extraction/Libcrux_ml_kem.Utils.fst | 2 +- .../extraction/Libcrux_ml_kem.Utils.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 2 +- ...Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Compress.fst | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Compress.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fst | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Ntt.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fst | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Sampling.fsti | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 2 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 2 +- .../extraction/Libcrux_ml_kem.Vector.Avx2.fst | 2 +- .../Libcrux_ml_kem.Vector.Avx2.fsti | 43 ++++-- .../Libcrux_ml_kem.Vector.Neon.Arithmetic.fst | 2 +- ...Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti | 2 +- .../Libcrux_ml_kem.Vector.Neon.Compress.fst | 2 +- .../Libcrux_ml_kem.Vector.Neon.Compress.fsti | 2 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fst | 2 +- .../Libcrux_ml_kem.Vector.Neon.Ntt.fsti | 2 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 2 +- .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 2 +- ...Libcrux_ml_kem.Vector.Neon.Vector_type.fst | 2 +- ...ibcrux_ml_kem.Vector.Neon.Vector_type.fsti | 2 +- .../extraction/Libcrux_ml_kem.Vector.Neon.fst | 2 +- .../Libcrux_ml_kem.Vector.Neon.fsti | 2 +- ...crux_ml_kem.Vector.Portable.Arithmetic.fst | 2 +- ...rux_ml_kem.Vector.Portable.Arithmetic.fsti | 2 +- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 2 +- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 2 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 110 +++++++++++---- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 83 +++++++---- ...ibcrux_ml_kem.Vector.Portable.Sampling.fst | 2 +- ...bcrux_ml_kem.Vector.Portable.Sampling.fsti | 2 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 2 +- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 2 +- ...rux_ml_kem.Vector.Portable.Vector_type.fst | 2 +- ...ux_ml_kem.Vector.Portable.Vector_type.fsti | 2 +- .../Libcrux_ml_kem.Vector.Portable.fsti | 41 ++++-- ...ibcrux_ml_kem.Vector.Rej_sample_table.fsti | 2 +- .../Libcrux_ml_kem.Vector.Traits.fst | 24 +++- .../Libcrux_ml_kem.Vector.Traits.fsti | 71 ++++++++-- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ntt.rs | 24 ++-- libcrux-ml-kem/src/vector/avx2.rs | 32 ++++- libcrux-ml-kem/src/vector/portable.rs | 37 +++-- libcrux-ml-kem/src/vector/portable/ntt.rs | 132 +++++++++++++----- libcrux-ml-kem/src/vector/traits.rs | 43 ++++-- 111 files changed, 571 insertions(+), 294 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti index a03c287ec..d4014e6a8 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Arm64_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Arm64_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 9b7aab40f..94d84faff 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,5 +1,5 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 8df66c304..062f62026 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -66,6 +66,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: "-i", include_str, "fstar", + "--z3rlimit", + "80", "--interfaces", interface_include, ] @@ -99,6 +101,8 @@ def __call__(self, parser, args, values, option_string=None) -> None: "-i", include_str, "fstar", + "--z3rlimit", + "100", "--interfaces", interface_include, ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 018593ecd..7a551b67a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Constant_time_ops -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 0d28bb910..a8ac4ec4a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Constant_time_ops -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti index 76d143aad..812c7717d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constants.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Constants -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti index a8bd8c939..b5a8cb0e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti index b873275d4..5294a8dc5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti index e9cabe1c8..89c8300ff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti index 8037424f4..076ee08eb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Hash_functions.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Hash_functions -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 723e8e4ee..b0bfe3100 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 7fb183942..5fe17a0d5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 44e9eb957..0f1cea879 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 36027ded7..0fa0378fe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 5095ea6f2..7dd84a30d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index b35947909..3fd260dcf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Instantiations.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index ae05c29fa..2e6c0ad1a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 3bab36da7..2c6e2ba1c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 4d8f75559..950cb476c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 04608ba6f..2e16c3c1d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index f9eb4fb88..812549884 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 3c0d4a676..69d9a3cbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cca -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index 2ee1ef2b7..f386e8df7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cpa.Unpacked -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 2de97dec6..7aff6f7ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index ba4b696bc..edacb43f3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ind_cpa -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index d28d5325a..fc12208e9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Invert_ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index ffe255831..d607a01ec 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Invert_ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 2333fb3db..d407bc44c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Matrix -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 8eb07756d..ac11905d4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Matrix -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index d2ddcca9f..f5a15cc47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 8e4515a33..10bf32a75 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index cd42bf0a3..61b49bfcb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 9e45629cc..6e171d854 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 52862d8b5..d2950b172 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 747dc6b36..6d42b3e47 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index 89228f7dd..7d832fab7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index 04b7b047e..d15ce31bd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem1024 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index b490657c0..e39107954 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 1b958a6e5..1a2c2f239 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 5dde35c74..7dcbffd48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index b6c6d2655..3696ab7e7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 01b944e04..559752b4d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 00602ea3e..02edf609b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index ff822c32d..522183ced 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index ab1391f87..da439bfc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem512 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index dbd466b67..b32adb8db 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index c1722ce4c..d671b9c1a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 41af82736..e545a7f2f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index c837a5760..30db4218e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index c047942db..3fa0c8aef 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 1f5be7a00..574a4c120 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 76724125e..35e4320cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index 156654afd..a793a2287 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Mlkem768 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index abfd4e93b..702b82a42 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -341,37 +341,37 @@ let ntt_binomially_sampled_ring_element in let zeta_i:usize = sz 1 in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 11207) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 11207 +! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 11207 +! (sz 2 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 11207 +! (sz 3 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 11207 +! (sz 4 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 11207 +! (sz 5 *! sz 3328 <: usize) <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in @@ -400,37 +400,37 @@ let ntt_vector_u let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 6) (sz 2 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 5) (sz 3 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 3328) + ntt_at_layer_4_plus #v_Vector zeta_i re (sz 4) (sz 4 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 3328) + ntt_at_layer_3_ #v_Vector zeta_i re (sz 3) (sz 5 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 3328) + ntt_at_layer_2_ #v_Vector zeta_i re (sz 2) (sz 6 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in let _:Prims.unit = () in let tmp0, tmp1:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 3328) + ntt_at_layer_1_ #v_Vector zeta_i re (sz 1) (sz 7 *! sz 3328 <: usize) in let zeta_i:usize = tmp0 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = tmp1 in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 2e535adc9..7c9cce2de 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 72684a2fa..002d025eb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Polynomial -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index 2d0143655..bca911ebe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Polynomial -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 9cd6b1bcb..4436feb62 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti index ed52e1e25..8d7df649d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 4ded6119b..c0b67d1b7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index c5c20e382..4f60485f0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 186d2dccc..8a875c82a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Types -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index 4216d3c89..bdc6f41fb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Types -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst index 6ee03cd7f..2ee26ba5e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Utils -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti index 2184222c0..c87b2d316 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Utils.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Utils -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index b21bed8c7..ac2d0d4c1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti index b46e7aa7e..9bc156305 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst index f8d253a4c..87c17cd2a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti index 4a83ff83f..7487aa930 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Compress.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst index 60d593980..7fb1ccee4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti index 5b5ee2e40..b7f8a6c7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst index 03a0012e0..a36ffa505 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti index 3f9eff193..d75884373 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Sampling.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index f10ac8ca3..2ebd27fbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 159f03750..259bbee63 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst index 6377b1311..d65ff8ae2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index d54b513c7..9c2b8909f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Avx2 -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -257,7 +257,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr vector)); f_ntt_layer_1_step_post = (fun @@ -268,7 +269,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) (out: t_SIMD256Vector) -> - true); + Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out)); f_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> @@ -282,10 +283,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr vector)); f_ntt_layer_2_step_post = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out)); f_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> @@ -296,10 +299,13 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_ntt_layer_3_step_pre = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> Spec.Utils.is_i16b 1664 zeta); + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr vector)); f_ntt_layer_3_step_post = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out)); f_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> @@ -310,7 +316,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr vector)); f_inv_ntt_layer_1_step_post = (fun @@ -321,7 +328,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) (out: t_SIMD256Vector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> @@ -339,10 +346,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_2_step_pre = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> - Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr vector)); f_inv_ntt_layer_2_step_post = - (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> @@ -355,10 +364,12 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = t_SIMD256Vector); f_inv_ntt_layer_3_step_pre = - (fun (vector: t_SIMD256Vector) (zeta: i16) -> Spec.Utils.is_i16b 1664 zeta); + (fun (vector: t_SIMD256Vector) (zeta: i16) -> + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr vector)); f_inv_ntt_layer_3_step_post = - (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> true); + (fun (vector: t_SIMD256Vector) (zeta: i16) (out: t_SIMD256Vector) -> + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> @@ -376,7 +387,9 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); f_ntt_multiply_post = (fun @@ -388,7 +401,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta3: i16) (out: t_SIMD256Vector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_ntt_multiply = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst index 37938e8f6..5c9bfdbfc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti index aa297220e..9429a66de 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Arithmetic.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst index e039518f2..692b153dc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti index 84e59e0c0..2afa05a7d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Compress.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst index dc8d03610..d3a6b63b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti index 46ca8d3df..94a9867ce 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index aa783010c..27e5827cd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti index 309df9740..5e9cf2737 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst index 9df16f186..116acadf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti index a665f64ac..c5dd6b6ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Vector_type.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst index b05106d98..f41cefe46 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti index 8093d76b3..f3280f83e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Neon -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst index bdf22c030..bcb88d903 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti index 443d81268..92516558b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Arithmetic.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Arithmetic -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index 4a470d7d1..1d8993c9e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index 8a078f1b0..4a89ca30f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Compress -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 515c702d7..16b31ced7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -12,6 +12,18 @@ let inv_ntt_step (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) in + let o0:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) +! + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) + <: + i16) + in + let o1:i16 = + Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -20,15 +32,7 @@ let inv_ntt_step Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - (Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) +! - (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) - <: - i16) - <: - i16) + o0 } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -41,16 +45,14 @@ let inv_ntt_step Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j - (Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta - <: - i16) + o1 } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in vec -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200" let inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -80,6 +82,25 @@ let inv_ntt_layer_1_step let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = inv_ntt_step vec zeta3 (sz 13) (sz 15) in + let _:Prims.unit = + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 13)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 15)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 12)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 14)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 9)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 11)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 8)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 10)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 5)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 7)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 4)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 6)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 1)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 3)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 0)); + assert (Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements 2)); + assert (forall (i: nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index vec.f_elements i)) + in vec #pop-options @@ -152,6 +173,8 @@ let inv_ntt_layer_3_step #pop-options +#push-options "--z3rlimit 200 --split_queries always --query_stats" + let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -167,24 +190,19 @@ let ntt_multiply_binomials assert (Spec.Utils.is_i16b 3328 bi); assert (Spec.Utils.is_i16b 3328 aj); assert (Spec.Utils.is_i16b 3328 bj); - assert_norm (3328 * 3328 < pow2 31); - assert_norm (3328 * 3328 <= 3328 * pow2 15); - assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15); - assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) - in - let _:Prims.unit = - Spec.Utils.lemma_mul_i16b 3328 3328 ai bi; - Spec.Utils.lemma_mul_i16b 3328 3328 aj bj; - Spec.Utils.lemma_mul_i16b 3328 3328 ai bj; - Spec.Utils.lemma_mul_i16b 3328 3328 aj bi + assert_norm (3328 * 3328 < pow2 31) in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 ai bi in let ai_bi:i32 = (cast (ai <: i16) <: i32) *! (cast (bi <: i16) <: i32) in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 aj bj in let aj_bj___:i32 = (cast (aj <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let _:Prims.unit = assert_norm (3328 * 3328 <= 3328 * pow2 15) in let aj_bj:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element aj_bj___ in let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 1664 aj_bj zeta in let aj_bj_zeta:i32 = (cast (aj_bj <: i16) <: i32) *! (cast (zeta <: i16) <: i32) in let ai_bi_aj_bj:i32 = ai_bi +! aj_bj_zeta in - let _:Prims.unit = Spec.Utils.is_i32b (3328 * 3328 + 3328 * 1664) ai_bi_aj_bj in + let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 1664) ai_bi_aj_bj) in + let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15) in let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bi_aj_bj in let _:Prims.unit = calc ( == ) { @@ -215,12 +233,14 @@ let ntt_multiply_binomials (((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) * 169) % 3329; } in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 ai bj in let ai_bj:i32 = (cast (ai <: i16) <: i32) *! (cast (bj <: i16) <: i32) in + let _:Prims.unit = Spec.Utils.lemma_mul_i16b 3328 3328 aj bi in let aj_bi:i32 = (cast (aj <: i16) <: i32) *! (cast (bi <: i16) <: i32) in let ai_bj_aj_bi:i32 = ai_bj +! aj_bi in - let _:Prims.unit = Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi in + let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi) in + let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) in let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bj_aj_bi in - let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -247,8 +267,13 @@ let ntt_multiply_binomials <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = admit () in out +#pop-options + +#push-options "--admit_smt_queries true" + let ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -289,6 +314,8 @@ let ntt_step in vec +#pop-options + #push-options "--z3rlimit 100" let ntt_layer_1_step @@ -323,6 +350,8 @@ let ntt_layer_1_step #pop-options +#push-options "--z3rlimit 100" + let ntt_layer_2_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) @@ -353,6 +382,10 @@ let ntt_layer_2_step in vec +#pop-options + +#push-options "--z3rlimit 100" + let ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) = let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_step vec zeta (sz 0) (sz 8) @@ -380,10 +413,22 @@ let ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Portable in vec +#pop-options + +#push-options "--z3rlimit 100" + let ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) = + let nzeta0:i16 = Core.Ops.Arith.Neg.neg zeta0 in + let nzeta1:i16 = Core.Ops.Arith.Neg.neg zeta1 in + let nzeta2:i16 = Core.Ops.Arith.Neg.neg zeta2 in + let nzeta3:i16 = Core.Ops.Arith.Neg.neg zeta3 in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta0) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta1) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta2) in + let _:Prims.unit = assert (Spec.Utils.is_i16b 1664 nzeta3) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in @@ -391,24 +436,27 @@ let ntt_multiply ntt_multiply_binomials lhs rhs zeta0 (sz 0) (sz 1) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta0 <: i16) (sz 2) (sz 3) out + ntt_multiply_binomials lhs rhs nzeta0 (sz 2) (sz 3) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta1 (sz 4) (sz 5) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta1 <: i16) (sz 6) (sz 7) out + ntt_multiply_binomials lhs rhs nzeta1 (sz 6) (sz 7) out in + let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta2 (sz 8) (sz 9) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta2 <: i16) (sz 10) (sz 11) out + ntt_multiply_binomials lhs rhs nzeta2 (sz 10) (sz 11) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta3 (sz 12) (sz 13) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs (Core.Ops.Arith.Neg.neg zeta3 <: i16) (sz 14) (sz 15) out + ntt_multiply_binomials lhs rhs nzeta3 (sz 14) (sz 15) out in out + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 22754376a..344545f74 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Ntt -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -10,11 +10,16 @@ val inv_ntt_step : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ - Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements) (ensures fun vec_future -> let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in - Spec.Utils.is_i16b_array (3328 + 1665) vec_future.f_elements) + Spec.Utils.is_i16b_array (4 * 3328) vec_future.f_elements /\ + (forall k. + (k <> v i /\ k <> v j) ==> + Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ + (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)))) val inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -23,11 +28,11 @@ val inv_ntt_layer_1_step (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements) + Spec.Utils.is_i16b_array 3328 result.f_elements) val inv_ntt_layer_2_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -35,22 +40,21 @@ val inv_ntt_layer_2_step : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + Spec.Utils.is_i16b_array 3328 vec.f_elements) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements) + Spec.Utils.is_i16b_array 3328 result.f_elements) val inv_ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires - Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (3328 + 1665) vec.f_elements) + (requires Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 vec.f_elements) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - Spec.Utils.is_i16b_array (3328 + 1665) result.f_elements) + Spec.Utils.is_i16b_array 3328 result.f_elements) /// Compute the product of two Kyber binomials with respect to the /// modulus `X² - zeta`. @@ -80,6 +84,7 @@ val ntt_multiply_binomials (ensures fun out_future -> let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in + Spec.Utils.is_i16b_array 3328 out.f_elements /\ (forall k. (k <> v i /\ k <> v j) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ @@ -90,13 +95,13 @@ val ntt_multiply_binomials let oi = Seq.index out_future.f_elements (v i) in let oj = Seq.index out_future.f_elements (v j) in let x, y = - Spec.MLKEM.Math.poly_base_case_multiply ((v ai * 169) % 3329) - ((v aj * 169) % 3329) - ((v bi * 169) % 3329) - ((v bj * 169) % 3329) + Spec.MLKEM.Math.poly_base_case_multiply (v ai % 3329) + (v aj % 3329) + (v bi % 3329) + (v bj % 3329) ((v zeta * 169) % 3329) in - (x == ((v oi * 169) % 3329) /\ y == ((v oj * 169) % 3329)))) + ((x * 169) % 3329 == v oi % 3329) /\ (y * 169) % 3329 == v oj % 3329)) val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -107,10 +112,14 @@ val ntt_step (ensures fun vec_future -> let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in - forall b. - (Spec.Utils.is_i16b b vec.f_elements.[ i ] /\ Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> - (Spec.Utils.is_i16b (b + 3328 + 1665) vec_future.f_elements.[ i ] /\ - Spec.Utils.is_i16b (b + 3328 + 1665) vec_future.f_elements.[ j ])) + (forall k. + (k <> v i /\ k <> v j) ==> + Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ + (forall b. + (Spec.Utils.is_i16b b vec.f_elements.[ i ] /\ + Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> + (Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\ + Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ]))) val ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -118,24 +127,44 @@ val ntt_layer_1_step : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3) - (fun _ -> Prims.l_True) + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (11207 + 6 * 3328) result.f_elements) val ntt_layer_2_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1) - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (11207 + 5 * 3328) result.f_elements) val ntt_layer_3_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Spec.Utils.is_i16b 1664 zeta) - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) vec.f_elements) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array (11207 + 4 * 3328) result.f_elements) val ntt_multiply (lhs rhs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta0 zeta1 zeta2 zeta3: i16) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 lhs.f_elements /\ Spec.Utils.is_i16b_array 3228 rhs.f_elements + ) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + Spec.Utils.is_i16b_array 3328 result.f_elements) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst index a96ed3aee..b9c0febd3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti index bc900ff73..cbbc36deb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Sampling.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Sampling -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index 4f479ac21..eed6ec9d6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 1456b37d8..16fd7000e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Serialize -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst index 962c322cf..948ac409c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti index fcbb04325..7f42fe833 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Vector_type.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable.Vector_type -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 8f81fb1aa..6800ca944 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -30,6 +30,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } +#push-options "--z3rlimit 200" + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = @@ -291,7 +293,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr a)); f_ntt_layer_1_step_post = (fun @@ -302,7 +305,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array (11207 + 6 * 3328) (impl.f_repr out)); f_ntt_layer_1_step = (fun @@ -320,7 +323,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta0: i16) (zeta1: i16) -> - Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr a)); f_ntt_layer_2_step_post = (fun @@ -329,7 +333,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta1: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (impl.f_repr out)); f_ntt_layer_2_step = (fun @@ -341,7 +345,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_ntt_layer_3_step_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> - Spec.Utils.is_i16b 1664 zeta); + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (impl.f_repr a)); f_ntt_layer_3_step_post = (fun @@ -349,7 +353,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (impl.f_repr out)); f_ntt_layer_3_step = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> @@ -364,7 +368,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3); + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) (impl.f_repr a)); f_inv_ntt_layer_1_step_post = (fun @@ -375,7 +380,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_1_step = (fun @@ -393,7 +398,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta0: i16) (zeta1: i16) -> - Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr a)); f_inv_ntt_layer_2_step_post = (fun @@ -402,7 +408,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta1: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_2_step = (fun @@ -414,7 +420,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = f_inv_ntt_layer_3_step_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> - Spec.Utils.is_i16b 1664 zeta); + Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (impl.f_repr a)); f_inv_ntt_layer_3_step_post = (fun @@ -422,7 +428,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_inv_ntt_layer_3_step = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) -> @@ -437,7 +443,10 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta2: i16) (zeta3: i16) -> - true); + Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); f_ntt_multiply_post = (fun @@ -449,7 +458,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = (zeta3: i16) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + Spec.Utils.is_i16b_array 3328 (impl.f_repr out)); f_ntt_multiply = (fun @@ -636,3 +645,5 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = let hax_temp_output:usize = out1 in out, hax_temp_output <: (t_Slice i16 & usize) } + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti index ce3906fea..f1aa1ee53 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Rej_sample_table.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Rej_sample_table -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 4633db34b..a4328b6ad 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Traits -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -10,14 +10,24 @@ let decompress_1_ (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) (vec: v_T) = - let s:v_T = - f_sub #v_T - #FStar.Tactics.Typeclasses.solve - (f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () <: v_T) - vec + let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in + let _:Prims.unit = + assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) + in + let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in + let _:Prims.unit = + assert (forall i. + Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ + Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in - f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s + let res:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s in + let _:Prims.unit = + assert (forall i. + Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ + Seq.index (i1._super_8706949974463268012.f_repr s) i == 1665s) + in + res #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 80a2c292a..9e1d121d7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Traits -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -167,23 +167,40 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr a) ==> pred }; - f_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; + f_ntt_layer_1_step_post: + a: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 -> + out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 6 * 3328) (f_repr out)}; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); f_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 ==> pred}; - f_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr a) ==> + pred }; + f_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr out)}; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_ntt_layer_2_step_post x0 x1 x2 result); f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta ==> pred}; - f_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (f_repr a) ==> + pred }; + f_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr out)}; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) @@ -192,23 +209,38 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array (4 * 3328) (f_repr a) ==> pred }; - f_inv_ntt_layer_1_step_post:v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; + f_inv_ntt_layer_1_step_post: + a: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 -> + out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) (fun result -> f_inv_ntt_layer_1_step_post x0 x1 x2 x3 x4 result); f_inv_ntt_layer_2_step_pre:a: v_Self -> zeta0: i16 -> zeta1: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 ==> pred}; - f_inv_ntt_layer_2_step_post:v_Self -> i16 -> i16 -> v_Self -> Type0; + -> pred: + Type0 + { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ + Spec.Utils.is_i16b_array 3328 (f_repr a) ==> + pred }; + f_inv_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 - -> pred: Type0{Spec.Utils.is_i16b 1664 zeta ==> pred}; - f_inv_ntt_layer_3_step_post:v_Self -> i16 -> v_Self -> Type0; + -> pred: + Type0{Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred}; + f_inv_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) @@ -223,9 +255,18 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 ==> + Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ + Spec.Utils.is_i16b_array 3228 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3228 (f_repr rhs) ==> pred }; - f_ntt_multiply_post:v_Self -> v_Self -> i16 -> i16 -> i16 -> i16 -> v_Self -> Type0; + f_ntt_multiply_post: + lhs: v_Self -> + rhs: v_Self -> + zeta0: i16 -> + zeta1: i16 -> + zeta2: i16 -> + zeta3: i16 -> + out: v_Self + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_ntt_multiply:x0: v_Self -> x1: v_Self -> x2: i16 -> x3: i16 -> x4: i16 -> x5: i16 -> Prims.Pure v_Self (f_ntt_multiply_pre x0 x1 x2 x3 x4 x5) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 2b39a0e7c..943264247 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,6 +3,7 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 3afdbd267..aadcf07ac 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -130,12 +130,12 @@ pub(crate) fn ntt_binomially_sampled_ring_element( ntt_at_layer_7(re); let mut zeta_i = 1; - ntt_at_layer_4_plus(&mut zeta_i, re, 6, 3); - ntt_at_layer_4_plus(&mut zeta_i, re, 5, 3); - ntt_at_layer_4_plus(&mut zeta_i, re, 4, 3); - ntt_at_layer_3(&mut zeta_i, re, 3, 3); - ntt_at_layer_2(&mut zeta_i, re, 2, 3); - ntt_at_layer_1(&mut zeta_i, re, 1, 3); + ntt_at_layer_4_plus(&mut zeta_i, re, 6, 11207); + ntt_at_layer_4_plus(&mut zeta_i, re, 5, 11207+3328); + ntt_at_layer_4_plus(&mut zeta_i, re, 4, 11207+2*3328); + ntt_at_layer_3(&mut zeta_i, re, 3, 11207+3*3328); + ntt_at_layer_2(&mut zeta_i, re, 2, 11207+4*3328); + ntt_at_layer_1(&mut zeta_i, re, 1, 11207+5*3328); re.poly_barrett_reduce() } @@ -151,12 +151,12 @@ pub(crate) fn ntt_vector_u Self { Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))] fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { Self { elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))] fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self { Self { elements: ntt::ntt_layer_3_step(vector.elements, zeta), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { Self { elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { Self { elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self { Self { elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta), } } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, rhs: &Self, diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 200bd05d2..65c12806c 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -22,8 +22,9 @@ impl crate::vector::traits::Repr for PortableVector { } } -#[hax_lib::attributes] -#[hax_lib::fstar::options("--z3rlimit 300")] +#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 200""#)] +#[hax_lib::fstar::after(interface, r#"#pop-options"#)] +#[hax_lib::attributes] impl Operations for PortableVector { #[ensures(|out| fstar!("impl.f_repr out == Seq.create 16 0s"))] fn ZERO() -> Self { @@ -111,36 +112,56 @@ impl Operations for PortableVector { decompress_ciphertext_coefficient::(v) } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { ntt_layer_2_step(a, zeta0, zeta1) } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self { ntt_layer_3_step(a, zeta) } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { inv_ntt_layer_1_step(a, zeta0, zeta1, zeta2, zeta3) } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self { inv_ntt_layer_2_step(a, zeta0, zeta1) } - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self { inv_ntt_layer_3_step(a, zeta) } + + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, rhs: &Self, diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 3e71bed0b..096c9fb7b 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -2,11 +2,14 @@ use super::arithmetic::*; use super::vector_type::*; #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] -#[hax_lib::ensures(|result| fstar!("forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ +#[hax_lib::ensures(|result| fstar!("(forall k. (k <> v i /\\ k <> v j) ==> + Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ + (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> - (Spec.Utils.is_i16b (b+3328+1665) ${vec}_future.f_elements.[i] /\\ - Spec.Utils.is_i16b (b+3328+1665) ${vec}_future.f_elements.[j])"))] + (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\ + Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j]))"))] pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); vec.elements[j] = vec.elements[i] - t; @@ -15,7 +18,10 @@ pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) ${result}.f_elements"))] pub(crate) fn ntt_layer_1_step( mut vec: PortableVector, zeta0: i16, @@ -35,7 +41,10 @@ pub(crate) fn ntt_layer_1_step( } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) ${result}.f_elements"))] pub(crate) fn ntt_layer_2_step(mut vec: PortableVector, zeta0: i16, zeta1: i16) -> PortableVector { ntt_step(&mut vec, zeta0, 0, 4); ntt_step(&mut vec, zeta0, 1, 5); @@ -49,7 +58,10 @@ pub(crate) fn ntt_layer_2_step(mut vec: PortableVector, zeta0: i16, zeta1: i16) } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) ${result}.f_elements"))] pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { ntt_step(&mut vec, zeta, 0, 8); ntt_step(&mut vec, zeta, 1, 9); @@ -64,20 +76,26 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe #[inline(always)] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ - Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] -#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${vec}_future.f_elements"))] + Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\ + (forall k. (k <> v i /\\ k <> v j) ==> + Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ + (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)))"))] pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let a_minus_b = vec.elements[j] - vec.elements[i]; - vec.elements[i] = barrett_reduce_element(vec.elements[i] + vec.elements[j]); - vec.elements[j] = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + let o0 = barrett_reduce_element(vec.elements[i] + vec.elements[j]); + let o1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + vec.elements[i] = o0; + vec.elements[j] = o1; } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::fstar::options("--z3rlimit 200")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] -#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements"))] + Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_1_step( mut vec: PortableVector, zeta0: i16, @@ -93,14 +111,32 @@ pub(crate) fn inv_ntt_layer_1_step( inv_ntt_step(&mut vec, zeta2, 9, 11); inv_ntt_step(&mut vec, zeta3, 12, 14); inv_ntt_step(&mut vec, zeta3, 13, 15); + hax_lib::fstar!( + "assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 13)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 15)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 12)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 14)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 9)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 11)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 8)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 10)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 5)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 7)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 4)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 6)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 1)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 3)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 0)); + assert (Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements 2)); + assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (Seq.index ${vec}.f_elements i))"); vec } #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] -#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements"))] + Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_2_step( mut vec: PortableVector, zeta0: i16, @@ -120,8 +156,8 @@ pub(crate) fn inv_ntt_layer_2_step( #[inline(always)] #[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ - Spec.Utils.is_i16b_array (3328 + 1665) ${vec}.f_elements"))] -#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (3328 + 1665) ${result}.f_elements"))] + Spec.Utils.is_i16b_array 3328 ${vec}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVector { inv_ntt_step(&mut vec, zeta, 0, 8); inv_ntt_step(&mut vec, zeta, 1, 9); @@ -155,10 +191,12 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always --query_stats")] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\ Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" + Spec.Utils.is_i16b_array 3328 ${out}.f_elements /\\ (forall k. (k <> v $i /\\ k <> v $j) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ (let ai = Seq.index ${a}.f_elements (v $i) in @@ -169,13 +207,13 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab let oj = Seq.index out_future.f_elements (v $j) in let (x,y) = Spec.MLKEM.Math.poly_base_case_multiply - ((v ai * 169) % 3329) - ((v aj * 169) % 3329) - ((v bi * 169) % 3329) - ((v bj * 169) % 3329) + (v ai % 3329) + (v aj % 3329) + (v bi % 3329) + (v bj % 3329) ((v zeta * 169) % 3329) in - (x == ((v oi * 169) % 3329) /\\ - y == ((v oj * 169) % 3329)))"))] + ((x * 169) % 3329 == v oi % 3329) /\\ + (y * 169) % 3329 == v oj % 3329)))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, @@ -192,21 +230,19 @@ pub(crate) fn ntt_multiply_binomials( assert(Spec.Utils.is_i16b 3328 $bi); assert(Spec.Utils.is_i16b 3328 $aj); assert(Spec.Utils.is_i16b 3328 $bj); - assert_norm (3328 * 3328 < pow2 31); - assert_norm (3328 * 3328 <= 3328 * pow2 15); - assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15); - assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"); - hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi; - Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj; - Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bj; - Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bi"); + assert_norm (3328 * 3328 < pow2 31)"); + + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bi"); let ai_bi = (ai as i32) * (bi as i32); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bj"); let aj_bj_ = (aj as i32) * (bj as i32); + hax_lib::fstar!("assert_norm (3328 * 3328 <= 3328 * pow2 15)"); let aj_bj = montgomery_reduce_element(aj_bj_); hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 1664 $aj_bj $zeta"); let aj_bj_zeta = (aj_bj as i32) * (zeta as i32); let ai_bi_aj_bj = ai_bi + aj_bj_zeta; - hax_lib::fstar!("Spec.Utils.is_i32b (3328*3328 + 3328*1664) $ai_bi_aj_bj"); + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*1664) $ai_bi_aj_bj)"); + hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 1664 <= 3328 * pow2 15)"); let o0 = montgomery_reduce_element(ai_bi_aj_bj); hax_lib::fstar!("calc ( == ) { v $o0 % 3329; @@ -233,14 +269,17 @@ pub(crate) fn ntt_multiply_binomials( ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + ((v aj * v bj * 169 * v zeta))) 169 3329 } (((v $ai * v $bi) + ((v $aj * v $bj * 169 * v $zeta))) * 169) % 3329; }"); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $ai $bj"); let ai_bj = (ai as i32) * (bj as i32); + hax_lib::fstar!("Spec.Utils.lemma_mul_i16b 3328 3328 $aj $bi"); let aj_bi = (aj as i32) * (bi as i32); let ai_bj_aj_bi = ai_bj + aj_bi; - hax_lib::fstar!("Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi"); + hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) "); + hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"); let o1 = montgomery_reduce_element(ai_bj_aj_bi); - hax_lib::fstar!("admit()"); out.elements[i] = o0; out.elements[j] = o1; + hax_lib::fstar!("admit()"); } // #[inline(always)] @@ -259,6 +298,14 @@ pub(crate) fn ntt_multiply_binomials( // } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta0 /\\ + Spec.Utils.is_i16b 1664 $zeta1 /\\ + Spec.Utils.is_i16b 1664 $zeta2 /\\ + Spec.Utils.is_i16b 1664 $zeta3 /\\ + Spec.Utils.is_i16b_array 3228 ${lhs}.f_elements /\\ + Spec.Utils.is_i16b_array 3228 ${rhs}.f_elements "))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn ntt_multiply( lhs: &PortableVector, rhs: &PortableVector, @@ -267,14 +314,23 @@ pub(crate) fn ntt_multiply( zeta2: i16, zeta3: i16, ) -> PortableVector { + let nzeta0 = -zeta0; + let nzeta1 = -zeta1; + let nzeta2 = -zeta2; + let nzeta3 = -zeta3; + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta0)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta1)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta2)"); + hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta3)"); let mut out = zero(); ntt_multiply_binomials(lhs, rhs, zeta0, 0, 1, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta0, 2, 3, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta0, 2, 3, &mut out); ntt_multiply_binomials(lhs, rhs, zeta1, 4, 5, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta1, 6, 7, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta1, 6, 7, &mut out); + hax_lib::fstar!("admit()"); ntt_multiply_binomials(lhs, rhs, zeta2, 8, 9, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta2, 10, 11, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta2, 10, 11, &mut out); ntt_multiply_binomials(lhs, rhs, zeta3, 12, 13, &mut out); - ntt_multiply_binomials(lhs, rhs, -zeta3, 14, 15, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta3, 14, 15, &mut out); out } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 7f780365c..c26d49382 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -82,21 +82,39 @@ pub trait Operations: Copy + Clone + Repr { fn decompress_ciphertext_coefficient(v: Self) -> Self; // NTT - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ + Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\ + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; - #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3"))] + #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ + Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ + Spec.Utils.is_i16b_array 3228 (f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3228 (f_repr ${rhs}) "))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; @@ -205,9 +223,16 @@ pub fn to_unsigned_representative(a: T) -> T { #[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { - let s = T::sub(T::ZERO(), &vec); + let z = T::ZERO(); + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); + let s = T::sub(z, &vec); + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ + Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); - T::bitwise_and_with_constant(s, 1665) + let res = T::bitwise_and_with_constant(s, 1665); + hax_lib::fstar!("assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ + Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 1665s)"); + res } /// Internal vectors. From e8928fc5424f83c8cb35b980033be17621fc0ef0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 18 Sep 2024 15:11:46 +0200 Subject: [PATCH 287/348] ready to pr --- .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti | 2 +- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 6800ca944..1ab0710b5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 200" +#push-options "--z3rlimit 400" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 943264247..065cdb688 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -3,6 +3,8 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ + Libcrux_ml_kem.Vector.Portable.fsti \ + Libcrux_ml_kem.Vector.Portable.fst \ Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ From 81cec41b01f723760e3c820d174c9bbc233ced2f Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Wed, 18 Sep 2024 13:12:37 +0000 Subject: [PATCH 288/348] refreshed c --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 38 +- .../c/internal/libcrux_mlkem_avx2.h | 44 +- .../c/internal/libcrux_mlkem_portable.h | 44 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 38 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 44 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1172 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 9 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1118 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 16 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 733 ++++++----- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 662 +++++----- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 2121 insertions(+), 2071 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 4d2c0d71b..d0d648272 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc +Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 94d0d4958..49fee3ce8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_core_H @@ -75,7 +75,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_181( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( uint8_t value[1568U]); /** @@ -88,7 +88,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_a61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -101,7 +101,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a61( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( uint8_t value[3168U]); /** @@ -113,7 +113,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_641( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( uint8_t value[1568U]); /** @@ -124,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_eb1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,7 +136,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_011( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -159,7 +159,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_180( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( uint8_t value[1184U]); /** @@ -172,7 +172,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_a60( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -185,7 +185,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a60( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( uint8_t value[2400U]); /** @@ -197,7 +197,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_640( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( uint8_t value[1088U]); /** @@ -208,7 +208,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_eb0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -220,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_010( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_18( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( uint8_t value[800U]); /** @@ -256,7 +256,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_a6( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -269,7 +269,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a6( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( uint8_t value[1632U]); /** @@ -281,7 +281,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_64( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( uint8_t value[768U]); /** @@ -292,7 +292,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_eb( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -349,7 +349,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_01( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 1cd3faf93..313e8fff2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5f1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key); /** A monomorphic instance of @@ -48,7 +48,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( uint8_t randomness[64U]); /** @@ -64,7 +64,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_971(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -84,7 +84,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -107,7 +107,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -132,7 +132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -158,7 +158,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_dd1( +void libcrux_ml_kem_ind_cca_decapsulate_e21( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -170,7 +170,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5f0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key); /** A monomorphic instance of @@ -186,7 +186,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( uint8_t randomness[64U]); /** @@ -202,7 +202,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_970(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -222,7 +222,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -245,7 +245,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_7a0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -270,7 +270,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -296,7 +296,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_dd0( +void libcrux_ml_kem_ind_cca_decapsulate_e20( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5f(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key); /** A monomorphic instance of @@ -324,7 +324,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( uint8_t randomness[64U]); /** @@ -339,7 +339,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_97( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( uint8_t randomness[64U]); /** @@ -360,7 +360,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -383,7 +383,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_7a( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -408,7 +408,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -434,7 +434,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_dd( +void libcrux_ml_kem_ind_cca_decapsulate_e2( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 9f6de4c75..48768729f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c11(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key); /** A monomorphic instance of @@ -54,7 +54,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( uint8_t randomness[64U]); /** @@ -71,7 +71,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_291(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -92,7 +92,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -115,7 +115,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_771( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -141,7 +141,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -167,7 +167,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_2c1( +void libcrux_ml_kem_ind_cca_decapsulate_161( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -179,7 +179,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c10(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key); /** A monomorphic instance of @@ -196,7 +196,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( uint8_t randomness[64U]); /** @@ -213,7 +213,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_290(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -234,7 +234,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_770( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -283,7 +283,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -309,7 +309,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_2c0( +void libcrux_ml_kem_ind_cca_decapsulate_160( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key); /** A monomorphic instance of @@ -338,7 +338,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( uint8_t randomness[64U]); /** @@ -355,7 +355,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked @@ -376,7 +376,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -399,7 +399,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -425,7 +425,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -451,7 +451,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_2c( +void libcrux_ml_kem_ind_cca_decapsulate_16( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 915607633..a1eb2b1e5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index f7be648a5..203ac4320 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 333ef14b6..da448bb61 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_core.h" @@ -96,7 +96,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_181( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -116,7 +116,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_a61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -132,7 +132,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_a61( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -151,7 +151,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_641( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -169,7 +169,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_eb1( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -183,7 +183,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_011( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -216,7 +216,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_180( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -236,7 +236,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_a60( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_a60( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -271,7 +271,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_640( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -289,7 +289,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_eb0( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -303,7 +303,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_010( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -336,7 +336,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_07 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_18( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -356,7 +356,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_a6( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -371,7 +371,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_e7 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_a6( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -390,7 +390,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_15 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_64( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -408,7 +408,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_f6_eb( +uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -480,7 +480,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_01( +Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 3acddc4dd..5ae6d35b2 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 67d826015..6a58e99a4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 1a20f0d72..5ba67b2cc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,11 +35,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_0b0( +static void decapsulate_010( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_dd0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e20(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0b0(private_key, ciphertext, ret); + decapsulate_010(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_090( +static void decapsulate_unpacked_300( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_090(private_key, ciphertext, ret); + decapsulate_unpacked_300(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_4a0( +static tuple_21 encapsulate_d90( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_7a0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4a0(uu____0, copy_of_randomness); + return encapsulate_d90(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_640( +static tuple_21 encapsulate_unpacked_8b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_640( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_640(uu____0, copy_of_randomness); + return encapsulate_unpacked_8b0(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7c0( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_500( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_970(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f70(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7c0(copy_of_randomness); + return generate_keypair_500(copy_of_randomness); } /** @@ -246,11 +246,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_cc0(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_cc0(copy_of_randomness); + return generate_keypair_unpacked_5a0(copy_of_randomness); } /** @@ -274,8 +274,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_f10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5f0(public_key); +static bool validate_public_key_ae0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_060(public_key); } /** @@ -286,7 +286,7 @@ static bool validate_public_key_f10(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_f10(public_key.value)) { + if (validate_public_key_ae0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index e480630b2..117cbb9c5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 738510bf0..d76b92948 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem1024_portable.h" @@ -35,11 +35,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c91( +static void decapsulate_b31( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2c1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_161(private_key, ciphertext, ret); } /** @@ -53,7 +53,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c91(private_key, ciphertext, ret); + decapsulate_b31(private_key, ciphertext, ret); } /** @@ -80,11 +80,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_fc1( +static void decapsulate_unpacked_171( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21(key_pair, ciphertext, ret); } @@ -99,7 +99,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fc1(private_key, ciphertext, ret); + decapsulate_unpacked_171(private_key, ciphertext, ret); } /** @@ -119,14 +119,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_a41( +static tuple_21 encapsulate_cd1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_771(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a41(uu____0, copy_of_randomness); + return encapsulate_cd1(uu____0, copy_of_randomness); } /** @@ -167,7 +167,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_d71( +static tuple_21 encapsulate_unpacked_571( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -175,7 +175,7 @@ static tuple_21 encapsulate_unpacked_d71( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( uu____0, copy_of_randomness); } @@ -197,7 +197,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d71(uu____0, copy_of_randomness); + return encapsulate_unpacked_571(uu____0, copy_of_randomness); } /** @@ -212,12 +212,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_eb1( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_291(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c1(copy_of_randomness); } /** @@ -228,7 +228,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_eb1(copy_of_randomness); + return generate_keypair_ff1(copy_of_randomness); } /** @@ -247,11 +247,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b41(uint8_t randomness[64U]) { +generate_keypair_unpacked_c61(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( copy_of_randomness); } @@ -264,7 +264,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b41(copy_of_randomness); + return generate_keypair_unpacked_c61(copy_of_randomness); } /** @@ -275,8 +275,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_8c1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c11(public_key); +static bool validate_public_key_091(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_821(public_key); } /** @@ -287,7 +287,7 @@ static bool validate_public_key_8c1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_8c1(public_key.value)) { + if (validate_public_key_091(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index bbc233838..09598b5e0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 2c3cab337..2686fd558 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 34bacef60..1949286a4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_0b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_01(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_dd(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e2(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_0b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_0b(private_key, ciphertext, ret); + decapsulate_01(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_09( +static void decapsulate_unpacked_30( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_09( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_09(private_key, ciphertext, ret); + decapsulate_unpacked_30(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_4a( +static tuple_ec encapsulate_d9( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_7a(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4a(uu____0, copy_of_randomness); + return encapsulate_d9(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_64( +static tuple_ec encapsulate_unpacked_8b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_64( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_64(uu____0, copy_of_randomness); + return encapsulate_unpacked_8b(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7c( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_50( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_97(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7c(copy_of_randomness); + return generate_keypair_50(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_cc(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_cc(copy_of_randomness); + return generate_keypair_unpacked_5a(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_f1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5f(public_key); +static bool validate_public_key_ae(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_f1(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_f1(public_key.value)) { + if (validate_public_key_ae(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index df78482c6..9aae3051a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 051419a0b..bc1b33818 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_c90( +static void decapsulate_b30( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_160(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_c90( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_c90(private_key, ciphertext, ret); + decapsulate_b30(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_fc0( +static void decapsulate_unpacked_170( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_fc0( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fc0(private_key, ciphertext, ret); + decapsulate_unpacked_170(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_a40( +static tuple_ec encapsulate_cd0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_770(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a40(uu____0, copy_of_randomness); + return encapsulate_cd0(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_d70( +static tuple_ec encapsulate_unpacked_570( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -171,7 +171,7 @@ static tuple_ec encapsulate_unpacked_d70( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d70(uu____0, copy_of_randomness); + return encapsulate_unpacked_570(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_eb0( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ff0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_290(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c0(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_eb0(copy_of_randomness); + return generate_keypair_ff0(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_b40(uint8_t randomness[64U]) { +generate_keypair_unpacked_c60(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b40(copy_of_randomness); + return generate_keypair_unpacked_c60(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_8c0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c10(public_key); +static bool validate_public_key_090(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_820(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_8c0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_8c0(public_key.value)) { + if (validate_public_key_090(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index d1650f96a..83e67c6de 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 3248134f9..be002b2a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 3a3a8b8a9..673055121 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_0b1( +static void decapsulate_011( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_dd1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e21(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_0b1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0b1(private_key, ciphertext, ret); + decapsulate_011(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_091( +static void decapsulate_unpacked_301( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_091( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_091(private_key, ciphertext, ret); + decapsulate_unpacked_301(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4a1( +static tuple_3c encapsulate_d91( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_7a1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b31(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4a1(uu____0, copy_of_randomness); + return encapsulate_d91(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_641( +static tuple_3c encapsulate_unpacked_8b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_641( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_641(uu____0, copy_of_randomness); + return encapsulate_unpacked_8b1(uu____0, copy_of_randomness); } /** @@ -205,12 +205,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7c1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_501( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_971(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f71(copy_of_randomness); } /** @@ -221,7 +221,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7c1(copy_of_randomness); + return generate_keypair_501(copy_of_randomness); } /** @@ -240,11 +240,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_cc1(uint8_t randomness[64U]) { +generate_keypair_unpacked_5a1(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( copy_of_randomness); } @@ -257,7 +257,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_cc1(copy_of_randomness); + return generate_keypair_unpacked_5a1(copy_of_randomness); } /** @@ -268,8 +268,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_f11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5f1(public_key); +static bool validate_public_key_ae1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_061(public_key); } /** @@ -280,7 +280,7 @@ static bool validate_public_key_f11(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_f11(public_key.value)) { + if (validate_public_key_ae1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 6fdcc0131..940d04ca9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index fe01f4249..afdf0b2fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_c9( +static void decapsulate_b3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_2c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_16(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_c9( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c9(private_key, ciphertext, ret); + decapsulate_b3(private_key, ciphertext, ret); } /** @@ -78,10 +78,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_fc( +static void decapsulate_unpacked_17( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2(key_pair, ciphertext, ret); } @@ -95,7 +95,7 @@ static void decapsulate_unpacked_fc( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_fc(private_key, ciphertext, ret); + decapsulate_unpacked_17(private_key, ciphertext, ret); } /** @@ -115,14 +115,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_a4( +static tuple_3c encapsulate_cd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_77(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a4(uu____0, copy_of_randomness); + return encapsulate_cd(uu____0, copy_of_randomness); } /** @@ -163,7 +163,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_d7( +static tuple_3c encapsulate_unpacked_57( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -171,7 +171,7 @@ static tuple_3c encapsulate_unpacked_d7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( uu____0, copy_of_randomness); } @@ -191,7 +191,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_d7(uu____0, copy_of_randomness); + return encapsulate_unpacked_57(uu____0, copy_of_randomness); } /** @@ -206,12 +206,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_eb( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_29(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); } /** @@ -222,7 +222,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_eb(copy_of_randomness); + return generate_keypair_ff(copy_of_randomness); } /** @@ -241,11 +241,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_b4(uint8_t randomness[64U]) { +generate_keypair_unpacked_c6(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( copy_of_randomness); } @@ -258,7 +258,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b4(copy_of_randomness); + return generate_keypair_unpacked_c6(copy_of_randomness); } /** @@ -269,8 +269,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_8c(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c1(public_key); +static bool validate_public_key_09(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); } /** @@ -281,7 +281,7 @@ static bool validate_public_key_8c(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_8c(public_key.value)) { + if (validate_public_key_09(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0c3f24150..107f7b5e1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 853fdc9a5..6cc32fdef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_mlkem_avx2.h" @@ -161,11 +161,11 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) { */ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = mm256_mulhi_epi16( + __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); - __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); return mm256_sub_epi16(vector, quotient_times_field_modulus); @@ -182,16 +182,17 @@ __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { - __m256i constant0 = mm256_set1_epi16(constant); - __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i vec_constant = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, vec_constant); __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(vector, constant0); + __m256i modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); + __m256i value_high = mm256_mulhi_epi16(vector, vec_constant); return mm256_sub_epi16(value_high, k_times_modulus); } @@ -241,16 +242,17 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = mm256_mullo_epi16(v, c); + __m256i vec, __m256i constants) { + __m256i value_low = mm256_mullo_epi16(vec, constants); __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(v, c); + __m256i modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); + __m256i value_high = mm256_mulhi_epi16(vec, constants); return mm256_sub_epi16(value_high, k_times_modulus); } @@ -306,16 +308,16 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = mm_mullo_epi16(v, c); + __m128i vec, __m128i constants) { + __m128i value_low = mm_mullo_epi16(vec, constants); __m128i k = mm_mullo_epi16( value_low, mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = mm_mulhi_epi16( - k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = mm_mulhi_epi16(v, c); + __m128i modulus = mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m128i k_times_modulus = mm_mulhi_epi16(k, modulus); + __m128i value_high = mm_mulhi_epi16(vec, constants); return mm_sub_epi16(value_high, k_times_modulus); } @@ -430,15 +432,15 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = mm256_mullo_epi16( - v, + vec, mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); __m256i k_times_modulus = mm256_mulhi_epi16( k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i value_high = mm256_srli_epi32((int32_t)16, vec, __m256i); __m256i result = mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); return mm256_srai_epi32((int32_t)16, result0, __m256i); @@ -1037,7 +1039,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_5b(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1065,8 +1067,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_3b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_to_reduced_ring_element_55(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1085,12 +1087,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a51( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_301( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_5b();); + deserialized_pk[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1102,7 +1104,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_3b(ring_element); + deserialize_to_reduced_ring_element_55(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1115,7 +1117,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_8a(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_f5(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1128,8 +1130,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_83(__m256i vector) { - return shift_right_8a(vector); +static __m256i shift_right_09_22(__m256i vector) { + return shift_right_f5(vector); } /** @@ -1138,8 +1140,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_f8(__m256i a) { - __m256i t = shift_right_09_83(a); +static __m256i to_unsigned_representative_4f(__m256i a) { + __m256i t = shift_right_09_22(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1151,13 +1153,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2e( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_f8(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_4f(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1175,7 +1177,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_561( +static KRML_MUSTINLINE void serialize_secret_key_501( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1193,7 +1195,7 @@ static KRML_MUSTINLINE void serialize_secret_key_561( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2e(&re, ret0); + serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1208,14 +1210,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_0f1( +static KRML_MUSTINLINE void serialize_public_key_511( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_561(t_as_ntt, ret0); + serialize_secret_key_501(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1235,15 +1237,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5f1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_a51( + deserialize_ring_elements_reduced_301( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_0f1( + serialize_public_key_511( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1284,10 +1286,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_411( +static void closure_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_5b();); + ret[i] = ZERO_20_1b();); } /** @@ -1419,7 +1421,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d83( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_613( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1544,7 +1546,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d84( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_614( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1587,8 +1589,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_a8(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); +from_i16_array_20_82(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1605,9 +1607,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_f51( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a1( int16_t s[272U]) { - return from_i16_array_20_a8( + return from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1617,7 +1619,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_ce1( +static KRML_MUSTINLINE void sample_from_xof_c11( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1632,7 +1634,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce1( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_d83( + bool done = sample_from_uniform_distribution_next_613( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -1644,7 +1646,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce1( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_d84( + done = sample_from_uniform_distribution_next_614( copy_of_randomness, sampled_coefficients, out); } } @@ -1653,7 +1655,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce1( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_f51(copy_of_out[i]);); + ret0[i] = closure_8a1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1665,12 +1667,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_d61( +static KRML_MUSTINLINE void sample_matrix_A_ff1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_411(A_transpose[i]);); + closure_ba1(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -1685,7 +1687,7 @@ static KRML_MUSTINLINE void sample_matrix_A_d61( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_ce1(copy_of_seeds, sampled); + sample_from_xof_c11(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1779,7 +1781,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_92(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_6a(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1813,7 +1815,7 @@ sample_from_binomial_distribution_2_92(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_a8( + return from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1824,7 +1826,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_2c(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_5f(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1857,7 +1859,7 @@ sample_from_binomial_distribution_3_2c(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_a8( + return from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1868,8 +1870,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_200(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_92(randomness); +sample_from_binomial_distribution_8e0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_6a(randomness); } /** @@ -1878,7 +1880,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_75( +static KRML_MUSTINLINE void ntt_at_layer_7_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -1903,7 +1905,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_de(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_25(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1914,8 +1916,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_25(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_de(b, zeta_r); +ntt_layer_int_vec_step_0a(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_25(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1928,7 +1930,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_51( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1941,7 +1943,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_51( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_25( + ntt_layer_int_vec_step_0a( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -1958,7 +1960,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_7a( +static KRML_MUSTINLINE void ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -1974,7 +1976,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_0d( +static KRML_MUSTINLINE void ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -1992,7 +1994,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_1e( +static KRML_MUSTINLINE void ntt_at_layer_1_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2016,7 +2018,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_5e( +static KRML_MUSTINLINE void poly_barrett_reduce_20_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2032,17 +2034,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ca( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_75(re); + ntt_at_layer_7_ea(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_7a(&zeta_i, re); - ntt_at_layer_2_0d(&zeta_i, re); - ntt_at_layer_1_1e(&zeta_i, re); - poly_barrett_reduce_20_5e(re); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_6e(&zeta_i, re); + poly_barrett_reduce_20_85(re); } /** @@ -2053,11 +2055,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3f1( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_e41( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_5b();); + re_as_ntt[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2072,9 +2074,9 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_3f1( PRFxN_a9_412(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_200( + re_as_ntt[i0] = sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2099,9 +2101,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_d9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2128,7 +2130,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3e1( +static KRML_MUSTINLINE void add_to_ring_element_20_471( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2148,7 +2150,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_9a(__m256i v) { +static __m256i to_standard_domain_f5(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2163,14 +2165,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_33( +static KRML_MUSTINLINE void add_standard_error_reduce_20_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_9a(self->coefficients[j]); + to_standard_domain_f5(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2183,14 +2185,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_b51( +static KRML_MUSTINLINE void compute_As_plus_e_ef1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_5b();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2211,10 +2213,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_b51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3e1(&result0[i1], &product); + ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_471(&result0[i1], &product); } - add_standard_error_reduce_20_33(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2233,7 +2235,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_f11( +static tuple_9b0 generate_keypair_unpacked_471( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab1(key_generation_seed, hashed); @@ -2245,14 +2247,14 @@ static tuple_9b0 generate_keypair_unpacked_f11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_d61(ret, true, A_transpose); + sample_matrix_A_ff1(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_3f1(copy_of_prf_input0, 0U); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -2264,10 +2266,10 @@ static tuple_9b0 generate_keypair_unpacked_f11( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_3f1(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_e41(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_b51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ef1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -2319,10 +2321,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_511( +static void closure_1c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_5b();); + ret[i] = ZERO_20_1b();); } /** @@ -2335,7 +2337,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_b7( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2372,7 +2374,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -2381,18 +2383,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_f11(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_471(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_511(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_b7(&ind_cpa_public_key.A[j][i1]); + clone_3a_33(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2402,7 +2404,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f01( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_0f1( + serialize_public_key_511( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -2450,17 +2452,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_7e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_f11(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_471(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_0f1( + serialize_public_key_511( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_561(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_501(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2484,7 +2486,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f61( +static KRML_MUSTINLINE void serialize_kem_secret_key_eb1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2539,7 +2541,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_971(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2548,13 +2550,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_971(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_7e1(ind_cpa_keypair_randomness); + generate_keypair_931(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_f61( + serialize_kem_secret_key_eb1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2563,13 +2565,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_971(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a60(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a60( - uu____2, libcrux_ml_kem_types_from_07_180(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b10( + uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); } /** @@ -2581,10 +2583,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_e71(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_5b();); + error_1[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2600,7 +2602,7 @@ sample_ring_element_cbd_3b1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_200( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2649,7 +2651,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_ad( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2670,7 +2672,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_05( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_88( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2689,7 +2691,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_4d( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2706,11 +2708,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_8a(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_de(a_minus_b, zeta_r); + b = montgomery_multiply_fe_25(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2721,7 +2723,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2736,7 +2738,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_8a( + inv_ntt_layer_int_vec_step_reduce_e0( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2753,18 +2755,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8c1( +static KRML_MUSTINLINE void invert_ntt_montgomery_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ad(&zeta_i, re); - invert_ntt_at_layer_2_05(&zeta_i, re); - invert_ntt_at_layer_3_4d(&zeta_i, re); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_5e(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_88(&zeta_i, re); + invert_ntt_at_layer_3_f7(&zeta_i, re); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_85(re); } /** @@ -2777,7 +2779,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_bb( +static KRML_MUSTINLINE void add_error_reduce_20_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2798,14 +2800,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_681( +static KRML_MUSTINLINE void compute_vector_u_e31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_5b();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2825,11 +2827,11 @@ static KRML_MUSTINLINE void compute_vector_u_681( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3e1(&result0[i1], &product); + ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_20_471(&result0[i1], &product); } - invert_ntt_montgomery_8c1(&result0[i1]); - add_error_reduce_20_bb(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_971(&result0[i1]); + add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2846,9 +2848,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_96(__m256i vec) { - __m256i s = libcrux_ml_kem_vector_avx2_sub_09( - libcrux_ml_kem_vector_avx2_ZERO_09(), &vec); +static __m256i decompress_1_34(__m256i vec) { + __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); + __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, (int16_t)1665); } @@ -2860,8 +2862,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_f0(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2869,7 +2871,7 @@ deserialize_then_decompress_message_f0(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_96(coefficient_compressed);); + re.coefficients[i0] = decompress_1_34(coefficient_compressed);); return re; } @@ -2884,7 +2886,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_58( +add_message_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2911,18 +2913,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_e51( +compute_ring_element_v_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3e1(&result, &product);); - invert_ntt_montgomery_8c1(&result); - result = add_message_error_reduce_20_58(error_2, message, result); + ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_471(&result, &product);); + invert_ntt_montgomery_971(&result); + result = add_message_error_reduce_20_69(error_2, message, result); return result; } @@ -2933,7 +2935,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_57(__m256i vector) { +compress_ciphertext_coefficient_fd(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2980,8 +2982,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_63(__m256i vector) { - return compress_ciphertext_coefficient_57(vector); +static __m256i compress_09_76(__m256i vector) { + return compress_ciphertext_coefficient_fd(vector); } /** @@ -2990,14 +2992,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_a1( +static KRML_MUSTINLINE void compress_then_serialize_10_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_63(to_unsigned_representative_f8(re->coefficients[i0])); + compress_09_76(to_unsigned_representative_4f(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3015,7 +3017,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_570(__m256i vector) { +compress_ciphertext_coefficient_fd0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3062,8 +3064,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_630(__m256i vector) { - return compress_ciphertext_coefficient_570(vector); +static __m256i compress_09_760(__m256i vector) { + return compress_ciphertext_coefficient_fd0(vector); } /** @@ -3073,10 +3075,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_51( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_a1(re, uu____0); + compress_then_serialize_10_bf(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3089,7 +3091,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fe1( +static void compress_then_serialize_u_9f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3105,7 +3107,7 @@ static void compress_then_serialize_u_fe1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_51(&re, ret); + compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3118,7 +3120,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_571(__m256i vector) { +compress_ciphertext_coefficient_fd1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3165,8 +3167,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_631(__m256i vector) { - return compress_ciphertext_coefficient_571(vector); +static __m256i compress_09_761(__m256i vector) { + return compress_ciphertext_coefficient_fd1(vector); } /** @@ -3175,7 +3177,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_59( +static KRML_MUSTINLINE void compress_then_serialize_4_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3184,7 +3186,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_59( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_631(to_unsigned_representative_f8(re.coefficients[i0])); + compress_09_761(to_unsigned_representative_4f(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3201,7 +3203,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_572(__m256i vector) { +compress_ciphertext_coefficient_fd2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3248,8 +3250,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_632(__m256i vector) { - return compress_ciphertext_coefficient_572(vector); +static __m256i compress_09_762(__m256i vector) { + return compress_ciphertext_coefficient_fd2(vector); } /** @@ -3258,7 +3260,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_14( +static KRML_MUSTINLINE void compress_then_serialize_5_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3267,7 +3269,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_14( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_632(to_unsigned_representative_f8(re.coefficients[i0])); + compress_09_762(to_unsigned_representative_4f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3284,9 +3286,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_4e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_59(re, out); + compress_then_serialize_4_c0(re, out); } /** @@ -3306,7 +3308,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_991( +static void encrypt_unpacked_061( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3314,7 +3316,7 @@ static void encrypt_unpacked_991( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_3f1(copy_of_prf_input0, 0U); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3324,7 +3326,7 @@ static void encrypt_unpacked_991( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_3b1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_e71(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3335,28 +3337,28 @@ static void encrypt_unpacked_991( PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_200( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_681(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e31(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f0(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e51(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e71(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fe1( + compress_then_serialize_u_9f1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_4e( + compress_then_serialize_ring_element_v_0c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3380,7 +3382,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3407,7 +3409,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_991(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_061(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3417,7 +3419,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd1( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3438,7 +3440,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_411(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_151(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -3462,10 +3464,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_501(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_a51( + deserialize_ring_elements_reduced_301( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -3473,7 +3475,7 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_d61(ret0, false, A); + sample_matrix_A_ff1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -3507,7 +3509,7 @@ static void encrypt_831(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_991(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_061(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3522,7 +3524,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_0a1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6e1(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -3548,11 +3550,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_411( + entropy_preprocess_af_151( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -3562,7 +3564,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a1( size_t); uint8_t ret[32U]; H_a9_311(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3576,19 +3578,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_831(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_501(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_0a1(shared_secret, shared_secret_array); + kdf_af_6e1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3608,7 +3610,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_f8(__m256i vector) { +decompress_ciphertext_coefficient_2d(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3652,8 +3654,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_0c(__m256i vector) { - return decompress_ciphertext_coefficient_f8(vector); +static __m256i decompress_ciphertext_coefficient_09_ac(__m256i vector) { + return decompress_ciphertext_coefficient_2d(vector); } /** @@ -3663,8 +3665,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_bf(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_then_decompress_10_56(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3676,7 +3678,7 @@ deserialize_then_decompress_10_bf(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_0c(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac(coefficient); } return re; } @@ -3688,7 +3690,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_f80(__m256i vector) { +decompress_ciphertext_coefficient_2d0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3732,8 +3734,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_0c0(__m256i vector) { - return decompress_ciphertext_coefficient_f80(vector); +static __m256i decompress_ciphertext_coefficient_09_ac0(__m256i vector) { + return decompress_ciphertext_coefficient_2d0(vector); } /** @@ -3743,15 +3745,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_b5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_then_decompress_11_42(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_0c0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac0(coefficient); } return re; } @@ -3763,8 +3765,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a4(Eurydice_slice serialized) { - return deserialize_then_decompress_10_bf(serialized); +deserialize_then_decompress_ring_element_u_d5(Eurydice_slice serialized) { + return deserialize_then_decompress_10_56(serialized); } /** @@ -3773,17 +3775,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_c7( +static KRML_MUSTINLINE void ntt_vector_u_27( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_7a(&zeta_i, re); - ntt_at_layer_2_0d(&zeta_i, re); - ntt_at_layer_1_1e(&zeta_i, re); - poly_barrett_reduce_20_5e(re); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_6e(&zeta_i, re); + poly_barrett_reduce_20_85(re); } /** @@ -3794,12 +3796,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_fd1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4a1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_5b();); + u_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3817,8 +3819,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_fd1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a4(u_bytes); - ntt_vector_u_c7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); + ntt_vector_u_27(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3832,7 +3834,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_f81(__m256i vector) { +decompress_ciphertext_coefficient_2d1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3876,8 +3878,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_0c1(__m256i vector) { - return decompress_ciphertext_coefficient_f81(vector); +static __m256i decompress_ciphertext_coefficient_09_ac1(__m256i vector) { + return decompress_ciphertext_coefficient_2d1(vector); } /** @@ -3887,15 +3889,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_fb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_then_decompress_4_44(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_0c1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac1(coefficient); } return re; } @@ -3907,7 +3909,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_f82(__m256i vector) { +decompress_ciphertext_coefficient_2d2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3951,8 +3953,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_0c2(__m256i vector) { - return decompress_ciphertext_coefficient_f82(vector); +static __m256i decompress_ciphertext_coefficient_09_ac2(__m256i vector) { + return decompress_ciphertext_coefficient_2d2(vector); } /** @@ -3962,8 +3964,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_57(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_then_decompress_5_f0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3971,7 +3973,7 @@ deserialize_then_decompress_5_57(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_0c2(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_ac2(re.coefficients[i0]); } return re; } @@ -3983,8 +3985,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { - return deserialize_then_decompress_4_fb(serialized); +deserialize_then_decompress_ring_element_v_08(Eurydice_slice serialized) { + return deserialize_then_decompress_4_44(serialized); } /** @@ -3998,7 +4000,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_55(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4020,17 +4022,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_3d1( +compute_message_3f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3e1(&result, &product);); - invert_ntt_montgomery_8c1(&result); - result = subtract_reduce_20_55(v, result); + ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_471(&result, &product);); + invert_ntt_montgomery_971(&result); + result = subtract_reduce_20_8c(v, result); return result; } @@ -4040,12 +4042,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_51( +static KRML_MUSTINLINE void compress_then_serialize_message_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_f8(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_4f(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4068,19 +4070,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_691( +static void decrypt_unpacked_4c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_fd1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4a1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_03( + deserialize_then_decompress_ring_element_v_08( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3d1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_51(message, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4131,11 +4133,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_691(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_4c1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4164,7 +4166,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4175,11 +4177,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a81( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_991(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_061(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4197,8 +4199,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_1d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_5b(); +deserialize_to_uncompressed_ring_element_ae(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4215,12 +4217,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_961( +static KRML_MUSTINLINE void deserialize_secret_key_881( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_5b();); + secret_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4232,7 +4234,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_961( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_1d(secret_bytes); + deserialize_to_uncompressed_ring_element_ae(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4254,10 +4256,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_961(secret_key, secret_as_ntt); + deserialize_secret_key_881(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4269,7 +4271,7 @@ static void decrypt_b21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_691(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_4c1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4295,7 +4297,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_dd1( +void libcrux_ml_kem_ind_cca_decapsulate_e21( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4313,7 +4315,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4335,7 +4337,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4345,17 +4347,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_831(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_501(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_0a1(Eurydice_array_to_slice( + kdf_af_6e1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_0a1(shared_secret0, shared_secret1); + kdf_af_6e1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4370,12 +4372,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a50( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_300( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_5b();); + deserialized_pk[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4387,7 +4389,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_3b(ring_element); + deserialize_to_reduced_ring_element_55(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4402,7 +4404,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_560( +static KRML_MUSTINLINE void serialize_secret_key_500( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4420,7 +4422,7 @@ static KRML_MUSTINLINE void serialize_secret_key_560( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2e(&re, ret0); + serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4435,14 +4437,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_0f0( +static KRML_MUSTINLINE void serialize_public_key_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_560(t_as_ntt, ret0); + serialize_secret_key_500(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4462,15 +4464,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5f0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_a50( + deserialize_ring_elements_reduced_300( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_0f0( + serialize_public_key_510( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4511,10 +4513,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_410( +static void closure_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_5b();); + ret[i] = ZERO_20_1b();); } /** @@ -4649,7 +4651,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d81( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_611( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4777,7 +4779,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d82( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_612( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4815,9 +4817,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_f50( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a0( int16_t s[272U]) { - return from_i16_array_20_a8( + return from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4827,7 +4829,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_ce0( +static KRML_MUSTINLINE void sample_from_xof_c10( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4842,7 +4844,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_d81( + bool done = sample_from_uniform_distribution_next_611( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4854,7 +4856,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce0( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_d82( + done = sample_from_uniform_distribution_next_612( copy_of_randomness, sampled_coefficients, out); } } @@ -4863,7 +4865,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce0( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_f50(copy_of_out[i]);); + ret0[i] = closure_8a0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4875,12 +4877,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_d60( +static KRML_MUSTINLINE void sample_matrix_A_ff0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_410(A_transpose[i]);); + closure_ba0(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4895,7 +4897,7 @@ static KRML_MUSTINLINE void sample_matrix_A_d60( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_ce0(copy_of_seeds, sampled); + sample_from_xof_c10(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4993,11 +4995,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3f0( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_e40( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_5b();); + re_as_ntt[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5012,9 +5014,9 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_3f0( PRFxN_a9_411(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_200( + re_as_ntt[i0] = sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5038,7 +5040,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3e0( +static KRML_MUSTINLINE void add_to_ring_element_20_470( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5058,14 +5060,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_b50( +static KRML_MUSTINLINE void compute_As_plus_e_ef0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_5b();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5086,10 +5088,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_b50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3e0(&result0[i1], &product); + ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_470(&result0[i1], &product); } - add_standard_error_reduce_20_33(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5108,7 +5110,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_f10( +static tuple_54 generate_keypair_unpacked_470( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab0(key_generation_seed, hashed); @@ -5120,14 +5122,14 @@ static tuple_54 generate_keypair_unpacked_f10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_d60(ret, true, A_transpose); + sample_matrix_A_ff0(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_3f0(copy_of_prf_input0, 0U); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -5139,10 +5141,10 @@ static tuple_54 generate_keypair_unpacked_f10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_3f0(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_e40(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_b50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ef0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -5194,10 +5196,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_510( +static void closure_1c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_5b();); + ret[i] = ZERO_20_1b();); } /** @@ -5227,7 +5229,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5236,18 +5238,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_f10(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_470(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_510(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_b7(&ind_cpa_public_key.A[j][i1]); + clone_3a_33(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5257,7 +5259,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f00( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_0f0( + serialize_public_key_510( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5305,17 +5307,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_7e0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_f10(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_470(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_0f0( + serialize_public_key_510( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_560(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_500(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5339,7 +5341,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f60( +static KRML_MUSTINLINE void serialize_kem_secret_key_eb0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5394,7 +5396,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_970(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5403,13 +5405,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_970(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_7e0(ind_cpa_keypair_randomness); + generate_keypair_930(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f60( + serialize_kem_secret_key_eb0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5418,13 +5420,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_970(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a61(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a61( - uu____2, libcrux_ml_kem_types_from_07_181(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b11( + uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); } /** @@ -5436,10 +5438,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_e70(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_5b();); + error_1[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5455,7 +5457,7 @@ sample_ring_element_cbd_3b0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_200( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5492,18 +5494,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8c0( +static KRML_MUSTINLINE void invert_ntt_montgomery_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ad(&zeta_i, re); - invert_ntt_at_layer_2_05(&zeta_i, re); - invert_ntt_at_layer_3_4d(&zeta_i, re); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_5e(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_88(&zeta_i, re); + invert_ntt_at_layer_3_f7(&zeta_i, re); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_85(re); } /** @@ -5512,14 +5514,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_680( +static KRML_MUSTINLINE void compute_vector_u_e30( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_5b();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5539,11 +5541,11 @@ static KRML_MUSTINLINE void compute_vector_u_680( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3e0(&result0[i1], &product); + ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_20_470(&result0[i1], &product); } - invert_ntt_montgomery_8c0(&result0[i1]); - add_error_reduce_20_bb(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_970(&result0[i1]); + add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5561,18 +5563,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_e50( +compute_ring_element_v_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3e0(&result, &product);); - invert_ntt_montgomery_8c0(&result); - result = add_message_error_reduce_20_58(error_2, message, result); + ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_470(&result, &product);); + invert_ntt_montgomery_970(&result); + result = add_message_error_reduce_20_69(error_2, message, result); return result; } @@ -5582,14 +5584,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_ce0( +static KRML_MUSTINLINE void compress_then_serialize_11_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_630(to_unsigned_representative_f8(re->coefficients[i0])); + compress_09_760(to_unsigned_representative_4f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5607,10 +5609,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_510( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_810( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_ce0(re, uu____0); + compress_then_serialize_11_770(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5623,7 +5625,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_fe0( +static void compress_then_serialize_u_9f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5639,7 +5641,7 @@ static void compress_then_serialize_u_fe0( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_510(&re, ret); + compress_then_serialize_ring_element_u_810(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5652,9 +5654,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_4e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_14(re, out); + compress_then_serialize_5_2c(re, out); } /** @@ -5674,7 +5676,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_990( +static void encrypt_unpacked_060( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5682,7 +5684,7 @@ static void encrypt_unpacked_990( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_3f0(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5692,7 +5694,7 @@ static void encrypt_unpacked_990( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_3b0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_e70(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5703,28 +5705,28 @@ static void encrypt_unpacked_990( PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_200( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_680(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e30(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f0(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e50(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e70(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fe0( + compress_then_serialize_u_9f0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_4e0( + compress_then_serialize_ring_element_v_0c0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5748,7 +5750,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5775,7 +5777,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_990(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_060(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5785,7 +5787,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd0( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5806,7 +5808,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_410(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_150(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5830,10 +5832,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_500(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_a50( + deserialize_ring_elements_reduced_300( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5841,7 +5843,7 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_d60(ret0, false, A); + sample_matrix_A_ff0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5875,7 +5877,7 @@ static void encrypt_830(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_990(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_060(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5890,7 +5892,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_0a0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6e0(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -5916,11 +5918,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_7a0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_410( + entropy_preprocess_af_150( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5930,7 +5932,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_7a0( size_t); uint8_t ret[32U]; H_a9_310(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5944,19 +5946,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_7a0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_830(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_500(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_0a0(shared_secret, shared_secret_array); + kdf_af_6e0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5976,8 +5978,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_a40(Eurydice_slice serialized) { - return deserialize_then_decompress_11_b5(serialized); +deserialize_then_decompress_ring_element_u_d50(Eurydice_slice serialized) { + return deserialize_then_decompress_11_42(serialized); } /** @@ -5986,17 +5988,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_c70( +static KRML_MUSTINLINE void ntt_vector_u_270( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_7a(&zeta_i, re); - ntt_at_layer_2_0d(&zeta_i, re); - ntt_at_layer_1_1e(&zeta_i, re); - poly_barrett_reduce_20_5e(re); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_db(&zeta_i, re); + ntt_at_layer_2_10(&zeta_i, re); + ntt_at_layer_1_6e(&zeta_i, re); + poly_barrett_reduce_20_85(re); } /** @@ -6007,12 +6009,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_fd0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4a0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_5b();); + u_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6030,8 +6032,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_fd0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a40(u_bytes); - ntt_vector_u_c70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d50(u_bytes); + ntt_vector_u_270(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6045,8 +6047,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { - return deserialize_then_decompress_5_57(serialized); +deserialize_then_decompress_ring_element_v_080(Eurydice_slice serialized) { + return deserialize_then_decompress_5_f0(serialized); } /** @@ -6056,17 +6058,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_3d0( +compute_message_3f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3e0(&result, &product);); - invert_ntt_montgomery_8c0(&result); - result = subtract_reduce_20_55(v, result); + ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_470(&result, &product);); + invert_ntt_montgomery_970(&result); + result = subtract_reduce_20_8c(v, result); return result; } @@ -6080,19 +6082,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_690( +static void decrypt_unpacked_4c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_fd0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4a0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_030( + deserialize_then_decompress_ring_element_v_080( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3d0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_51(message, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6131,12 +6133,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_690(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_4c0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6165,7 +6167,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6176,11 +6178,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a80( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_990(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_060(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6197,12 +6199,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_960( +static KRML_MUSTINLINE void deserialize_secret_key_880( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_5b();); + secret_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6214,7 +6216,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_960( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_1d(secret_bytes); + deserialize_to_uncompressed_ring_element_ae(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -6236,10 +6238,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_b20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_960(secret_key, secret_as_ntt); + deserialize_secret_key_880(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6251,7 +6253,7 @@ static void decrypt_b20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_690(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_4c0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -6277,7 +6279,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_dd0( +void libcrux_ml_kem_ind_cca_decapsulate_e20( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6296,7 +6298,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6318,7 +6320,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6328,17 +6330,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_830(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_500(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_0a0(Eurydice_array_to_slice( + kdf_af_6e0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_0a0(shared_secret0, shared_secret1); + kdf_af_6e0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6353,12 +6355,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a5( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_30( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_5b();); + deserialized_pk[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6370,7 +6372,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_3b(ring_element); + deserialize_to_reduced_ring_element_55(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6385,7 +6387,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_56( +static KRML_MUSTINLINE void serialize_secret_key_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6403,7 +6405,7 @@ static KRML_MUSTINLINE void serialize_secret_key_56( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2e(&re, ret0); + serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6418,14 +6420,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_0f( +static KRML_MUSTINLINE void serialize_public_key_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_56(t_as_ntt, ret0); + serialize_secret_key_50(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6445,15 +6447,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_5f(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_a5( + deserialize_ring_elements_reduced_30( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_0f( + serialize_public_key_51( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6494,10 +6496,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_41( +static void closure_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_5b();); + ret[i] = ZERO_20_1b();); } /** @@ -6626,7 +6628,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d8( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_61( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6748,7 +6750,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_d80( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_610( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6786,9 +6788,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_f5( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a( int16_t s[272U]) { - return from_i16_array_20_a8( + return from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6798,7 +6800,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_ce( +static KRML_MUSTINLINE void sample_from_xof_c1( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6813,7 +6815,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_d8( + bool done = sample_from_uniform_distribution_next_61( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -6825,7 +6827,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_d80( + done = sample_from_uniform_distribution_next_610( copy_of_randomness, sampled_coefficients, out); } } @@ -6834,7 +6836,7 @@ static KRML_MUSTINLINE void sample_from_xof_ce( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_f5(copy_of_out[i]);); + ret0[i] = closure_8a(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6846,12 +6848,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_d6( +static KRML_MUSTINLINE void sample_matrix_A_ff( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_41(A_transpose[i]);); + closure_ba(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6866,7 +6868,7 @@ static KRML_MUSTINLINE void sample_matrix_A_d6( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_ce(copy_of_seeds, sampled); + sample_from_xof_c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6957,8 +6959,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_20(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_2c(randomness); +sample_from_binomial_distribution_8e(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_5f(randomness); } /** @@ -6969,11 +6971,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3f( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_e4( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_5b();); + re_as_ntt[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6988,9 +6990,9 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_3f( PRFxN_a9_41(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_20( + re_as_ntt[i0] = sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7014,7 +7016,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3e( +static KRML_MUSTINLINE void add_to_ring_element_20_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7034,14 +7036,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_b5( +static KRML_MUSTINLINE void compute_As_plus_e_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_5b();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7062,10 +7064,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3e(&result0[i1], &product); + ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_47(&result0[i1], &product); } - add_standard_error_reduce_20_33(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7084,7 +7086,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_f1( +static tuple_4c generate_keypair_unpacked_47( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_ab(key_generation_seed, hashed); @@ -7096,14 +7098,14 @@ static tuple_4c generate_keypair_unpacked_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_d6(ret, true, A_transpose); + sample_matrix_A_ff(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_3f(copy_of_prf_input0, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -7115,10 +7117,10 @@ static tuple_4c generate_keypair_unpacked_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_3f(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_e4(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_b5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_ef(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -7170,10 +7172,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_51( +static void closure_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_5b();); + ret[i] = ZERO_20_1b();); } /** @@ -7203,7 +7205,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7212,18 +7214,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_f1(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_47(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_51(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_b7(&ind_cpa_public_key.A[j][i1]); + clone_3a_33(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7233,7 +7235,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_0f( + serialize_public_key_51( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -7281,17 +7283,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_7e( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_f1(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_47(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_0f( + serialize_public_key_51( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_56(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_50(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7315,7 +7317,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f6( +static KRML_MUSTINLINE void serialize_kem_secret_key_eb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7369,7 +7371,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_97( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7379,13 +7381,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_97( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_7e(ind_cpa_keypair_randomness); + generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_f6( + serialize_kem_secret_key_eb( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7394,13 +7396,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_97( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a6( - uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -7458,10 +7460,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_5b();); + error_1[i] = ZERO_20_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7477,7 +7479,7 @@ sample_ring_element_cbd_3b(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_200( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7514,18 +7516,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8c( +static KRML_MUSTINLINE void invert_ntt_montgomery_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_ad(&zeta_i, re); - invert_ntt_at_layer_2_05(&zeta_i, re); - invert_ntt_at_layer_3_4d(&zeta_i, re); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_5e(re); + invert_ntt_at_layer_1_16(&zeta_i, re); + invert_ntt_at_layer_2_88(&zeta_i, re); + invert_ntt_at_layer_3_f7(&zeta_i, re); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_85(re); } /** @@ -7534,14 +7536,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_68( +static KRML_MUSTINLINE void compute_vector_u_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_5b();); + result0[i] = ZERO_20_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7561,11 +7563,11 @@ static KRML_MUSTINLINE void compute_vector_u_68( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3e(&result0[i1], &product); + ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + add_to_ring_element_20_47(&result0[i1], &product); } - invert_ntt_montgomery_8c(&result0[i1]); - add_error_reduce_20_bb(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_97(&result0[i1]); + add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7583,18 +7585,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_e5( +compute_ring_element_v_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3e(&result, &product);); - invert_ntt_montgomery_8c(&result); - result = add_message_error_reduce_20_58(error_2, message, result); + ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_47(&result, &product);); + invert_ntt_montgomery_97(&result); + result = add_message_error_reduce_20_69(error_2, message, result); return result; } @@ -7607,7 +7609,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_fe( +static void compress_then_serialize_u_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7623,7 +7625,7 @@ static void compress_then_serialize_u_fe( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_51(&re, ret); + compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7646,7 +7648,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_99( +static void encrypt_unpacked_06( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7654,7 +7656,7 @@ static void encrypt_unpacked_99( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_3f(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7664,7 +7666,7 @@ static void encrypt_unpacked_99( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_3b(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_e7(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7675,28 +7677,28 @@ static void encrypt_unpacked_99( PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_200( + sample_from_binomial_distribution_8e0( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_68(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_e3(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_f0(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e5(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e7(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_fe( + compress_then_serialize_u_9f( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_4e( + compress_then_serialize_ring_element_v_0c( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7720,7 +7722,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7747,7 +7749,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_99(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_06(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7757,7 +7759,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_fd( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7778,7 +7780,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_41(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_15(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -7802,10 +7804,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_50(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_a5( + deserialize_ring_elements_reduced_30( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7813,7 +7815,7 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_d6(ret0, false, A); + sample_matrix_A_ff(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7847,7 +7849,7 @@ static void encrypt_83(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_99(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_06(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7862,7 +7864,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_0a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6e(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7888,11 +7890,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_7a( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_41( + entropy_preprocess_af_15( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7902,7 +7904,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_7a( size_t); uint8_t ret[32U]; H_a9_31(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7916,19 +7918,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_7a( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_83(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_0a(shared_secret, shared_secret_array); + kdf_af_6e(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7949,12 +7951,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_fd( +static KRML_MUSTINLINE void deserialize_then_decompress_u_4a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_5b();); + u_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7972,8 +7974,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_fd( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a4(u_bytes); - ntt_vector_u_c7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); + ntt_vector_u_27(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7987,17 +7989,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_3d( +compute_message_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_5b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_d9(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3e(&result, &product);); - invert_ntt_montgomery_8c(&result); - result = subtract_reduce_20_55(v, result); + ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_47(&result, &product);); + invert_ntt_montgomery_97(&result); + result = subtract_reduce_20_8c(v, result); return result; } @@ -8011,19 +8013,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_69( +static void decrypt_unpacked_4c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_fd(ciphertext, u_as_ntt); + deserialize_then_decompress_u_4a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_03( + deserialize_then_decompress_ring_element_v_08( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3d(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_51(message, ret0); + compress_then_serialize_message_2d(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8062,11 +8064,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_69(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_4c(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -8095,7 +8097,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8106,11 +8108,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_a8( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_99(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_06(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8127,12 +8129,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_96( +static KRML_MUSTINLINE void deserialize_secret_key_88( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_5b();); + secret_as_ntt[i] = ZERO_20_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8144,7 +8146,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_96( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_1d(secret_bytes); + deserialize_to_uncompressed_ring_element_ae(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -8166,10 +8168,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_96(secret_key, secret_as_ntt); + deserialize_secret_key_88(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8181,7 +8183,7 @@ static void decrypt_b2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_69(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_4c(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8207,7 +8209,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_dd( +void libcrux_ml_kem_ind_cca_decapsulate_e2( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8225,7 +8227,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8247,7 +8249,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8257,16 +8259,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_dd( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_83(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_0a(Eurydice_array_to_slice((size_t)32U, + kdf_af_6e(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_0a(shared_secret0, shared_secret1); + kdf_af_6e(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 4b48ccfc8..6a24cf71d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem_avx2_H @@ -137,7 +137,7 @@ __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, __m256i rhs); __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c); + __m256i vec, __m256i constants); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); @@ -163,7 +163,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c); + __m128i vec, __m128i constants); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta); @@ -207,7 +207,8 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, int16_t zeta); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + __m256i vec); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, int16_t zeta0, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 0294757ad..72dbc2626 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 6c4024457..0e8d513e6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 9d561600e..1d9374fbc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_mlkem_portable.h" @@ -1091,15 +1091,15 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); + vec.elements[i0], c); } - return v; + return vec; } /** @@ -1300,12 +1300,13 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; - vec->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - vec->elements[i] + vec->elements[j]); - vec->elements[j] = + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + vec->elements[i] + vec->elements[j]); + int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); + vec->elements[i] = o0; + vec->elements[j] = o1; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1416,17 +1417,26 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, size_t j, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int32_t ai_bi = (int32_t)a->elements[i] * (int32_t)b->elements[i]; + int16_t ai = a->elements[i]; + int16_t bi = b->elements[i]; + int16_t aj = a->elements[j]; + int16_t bj = b->elements[j]; + int32_t ai_bi = (int32_t)ai * (int32_t)bi; + int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; int16_t aj_bj = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]); + aj_bj_); + int32_t aj_bj_zeta = (int32_t)aj_bj * (int32_t)zeta; + int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - ai_bi + (int32_t)aj_bj * (int32_t)zeta); + ai_bi_aj_bj); + int32_t ai_bj = (int32_t)ai * (int32_t)bj; + int32_t aj_bi = (int32_t)aj * (int32_t)bi; + int32_t ai_bj_aj_bi = ai_bj + aj_bi; int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); + ai_bj_aj_bi); out->elements[i] = o0; out->elements[j] = o1; } @@ -1436,24 +1446,28 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + int16_t nzeta0 = -zeta0; + int16_t nzeta1 = -zeta1; + int16_t nzeta2 = -zeta2; + int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); return out; } @@ -2275,7 +2289,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_de(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_1c(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2303,8 +2317,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_32(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_to_reduced_ring_element_62(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2325,12 +2339,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_651( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_071( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_de();); + deserialized_pk[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2342,7 +2356,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_651( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_32(ring_element); + deserialize_to_reduced_ring_element_62(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2386,7 +2400,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_bc( +to_unsigned_representative_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = shift_right_0d_f1(a); @@ -2402,14 +2416,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_e7( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_bc(re->coefficients[i0]); + to_unsigned_representative_87(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2427,7 +2441,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f71( +static KRML_MUSTINLINE void serialize_secret_key_cd1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2445,7 +2459,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f71( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_e7(&re, ret0); + serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2460,14 +2474,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_7a1( +static KRML_MUSTINLINE void serialize_public_key_771( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_f71(t_as_ntt, ret0); + serialize_secret_key_cd1(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2487,15 +2501,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c11(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_651( + deserialize_ring_elements_reduced_071( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_7a1( + serialize_public_key_771( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2537,10 +2551,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_a61( +static void closure_a31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_de();); + ret[i] = ZERO_20_1c();); } /** @@ -2677,7 +2691,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b23( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_893( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2789,7 +2803,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b24( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_894( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2832,8 +2846,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_84(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); +from_i16_array_20_d3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2853,9 +2867,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_fc1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2866,7 +2880,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_591( +static KRML_MUSTINLINE void sample_from_xof_1b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2880,7 +2894,7 @@ static KRML_MUSTINLINE void sample_from_xof_591( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_b23( + bool done = sample_from_uniform_distribution_next_893( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2892,7 +2906,7 @@ static KRML_MUSTINLINE void sample_from_xof_591( uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_b24( + done = sample_from_uniform_distribution_next_894( copy_of_randomness, sampled_coefficients, out); } } @@ -2901,7 +2915,7 @@ static KRML_MUSTINLINE void sample_from_xof_591( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_fc1(copy_of_out[i]);); + ret0[i] = closure_2c1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2914,12 +2928,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_931( +static KRML_MUSTINLINE void sample_matrix_A_0b1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_a61(A_transpose[i]);); + closure_a31(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2934,7 +2948,7 @@ static KRML_MUSTINLINE void sample_matrix_A_931( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_591(copy_of_seeds, sampled); + sample_from_xof_1b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3011,7 +3025,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_28(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_d9(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3045,7 +3059,7 @@ sample_from_binomial_distribution_2_28(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3056,7 +3070,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_1e(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_af(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3089,7 +3103,7 @@ sample_from_binomial_distribution_3_1e(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_84( + return from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3100,8 +3114,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_61(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_28(randomness); +sample_from_binomial_distribution_d8(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_d9(randomness); } /** @@ -3110,7 +3124,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_43( +static KRML_MUSTINLINE void ntt_at_layer_7_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3138,7 +3152,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_7e( +montgomery_multiply_fe_77( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3152,12 +3166,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_65( + ntt_layer_int_vec_step_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_7e(b, zeta_r); + montgomery_multiply_fe_77(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3171,7 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_07( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_06( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3184,7 +3198,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_07( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_65( + ntt_layer_int_vec_step_67( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3201,7 +3215,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_90( +static KRML_MUSTINLINE void ntt_at_layer_3_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3219,7 +3233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_95( +static KRML_MUSTINLINE void ntt_at_layer_2_8a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3238,7 +3252,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_32( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3263,7 +3277,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_f0( +static KRML_MUSTINLINE void poly_barrett_reduce_20_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3281,17 +3295,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_01( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_43(re); + ntt_at_layer_7_99(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_90(&zeta_i, re); - ntt_at_layer_2_95(&zeta_i, re); - ntt_at_layer_1_32(&zeta_i, re); - poly_barrett_reduce_20_f0(re); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_82(&zeta_i, re); + ntt_at_layer_2_8a(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_20_6b(re); } /** @@ -3303,11 +3317,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_181( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_061( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_de();); + re_as_ntt[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3322,9 +3336,9 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_181( PRFxN_f1_bf2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_61( + re_as_ntt[i0] = sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3349,9 +3363,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_73(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_23(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3380,7 +3394,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_171( +static KRML_MUSTINLINE void add_to_ring_element_20_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3405,7 +3419,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_bf( +to_standard_domain_22( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3421,14 +3435,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_c2( +static KRML_MUSTINLINE void add_standard_error_reduce_20_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_22(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3443,14 +3457,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_371( +static KRML_MUSTINLINE void compute_As_plus_e_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_de();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3471,10 +3485,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_371( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_171(&result0[i1], &product); + ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fc1(&result0[i1], &product); } - add_standard_error_reduce_20_c2(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -3494,7 +3508,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_c01( +static tuple_540 generate_keypair_unpacked_831( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d01(key_generation_seed, hashed); @@ -3506,14 +3520,14 @@ static tuple_540 generate_keypair_unpacked_c01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_931(ret, true, A_transpose); + sample_matrix_A_0b1(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_181(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3525,10 +3539,10 @@ static tuple_540 generate_keypair_unpacked_c01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_181(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_061(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_371(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_3c1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -3581,10 +3595,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_181( +static void closure_d61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_de();); + ret[i] = ZERO_20_1c();); } /** @@ -3597,7 +3611,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_ea( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3638,7 +3652,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -3647,18 +3661,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_c01(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_831(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_181(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_d61(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_ea(&ind_cpa_public_key.A[j][i1]); + clone_3a_d9(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3668,7 +3682,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f81( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_7a1( + serialize_public_key_771( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -3717,17 +3731,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e11( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_c01(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_831(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_7a1( + serialize_public_key_771( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f71(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cd1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3751,7 +3765,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_84( +static KRML_MUSTINLINE void serialize_kem_secret_key_d5( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3807,7 +3821,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_291(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3816,13 +3830,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_291(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); + generate_keypair_fc1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_84( + serialize_kem_secret_key_d5( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3831,13 +3845,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_291(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_e7_a61(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a61( - uu____2, libcrux_ml_kem_types_from_07_181(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b11( + uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); } /** @@ -3850,10 +3864,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_de1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a21(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_de();); + error_1[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3869,7 +3883,7 @@ sample_ring_element_cbd_de1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_61( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3918,7 +3932,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_c8( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_e7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3939,7 +3953,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_d9( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3958,7 +3972,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_45( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3978,7 +3992,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_e9( + inv_ntt_layer_int_vec_step_reduce_42( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3986,7 +4000,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_7e(a_minus_b, zeta_r); + b = montgomery_multiply_fe_77(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3998,7 +4012,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_82( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4013,7 +4027,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_82( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_e9( + inv_ntt_layer_int_vec_step_reduce_42( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4030,18 +4044,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7e1( +static KRML_MUSTINLINE void invert_ntt_montgomery_311( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_c8(&zeta_i, re); - invert_ntt_at_layer_2_d9(&zeta_i, re); - invert_ntt_at_layer_3_45(&zeta_i, re); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_f0(re); + invert_ntt_at_layer_1_e7(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_6b(re); } /** @@ -4054,7 +4068,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_d6( +static KRML_MUSTINLINE void add_error_reduce_20_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4078,14 +4092,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_501( +static KRML_MUSTINLINE void compute_vector_u_4b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_de();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4105,11 +4119,11 @@ static KRML_MUSTINLINE void compute_vector_u_501( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(a_element, &r_as_ntt[j]); - add_to_ring_element_20_171(&result0[i1], &product); + ntt_multiply_20_23(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fc1(&result0[i1], &product); } - invert_ntt_montgomery_7e1(&result0[i1]); - add_error_reduce_20_d6(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_311(&result0[i1]); + add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4127,13 +4141,15 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_d0(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = +decompress_1_4c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &vec); - return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - s, (int16_t)1665); + libcrux_ml_kem_vector_portable_sub_0d(z, &vec); + libcrux_ml_kem_vector_portable_vector_type_PortableVector res = + libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + s, (int16_t)1665); + return res; } /** @@ -4143,8 +4159,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_b0(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_then_decompress_message_52(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4154,7 +4170,7 @@ deserialize_then_decompress_message_b0(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_d0(coefficient_compressed); + decompress_1_4c(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4170,7 +4186,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_0c( +add_message_error_reduce_20_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4200,18 +4216,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_cc1( +compute_ring_element_v_661( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_171(&result, &product);); - invert_ntt_montgomery_7e1(&result); - result = add_message_error_reduce_20_0c(error_2, message, result); + ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fc1(&result, &product);); + invert_ntt_montgomery_311(&result); + result = add_message_error_reduce_20_8c(error_2, message, result); return result; } @@ -4285,14 +4301,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_8e0( +static KRML_MUSTINLINE void compress_then_serialize_11_e20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9a0(to_unsigned_representative_bc(re->coefficients[i0])); + compress_0d_9a0(to_unsigned_representative_87(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4310,10 +4326,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_810( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_8e0(re, uu____0); + compress_then_serialize_11_e20(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4326,7 +4342,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_431( +static void compress_then_serialize_u_ed1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4342,7 +4358,7 @@ static void compress_then_serialize_u_431( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_810(&re, ret); + compress_then_serialize_ring_element_u_310(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4386,7 +4402,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_9f( +static KRML_MUSTINLINE void compress_then_serialize_4_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4395,7 +4411,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_9f( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9a1(to_unsigned_representative_bc(re.coefficients[i0])); + compress_0d_9a1(to_unsigned_representative_87(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4443,7 +4459,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_90( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4452,7 +4468,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_90( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9a2(to_unsigned_representative_bc(re.coefficients[i0])); + compress_0d_9a2(to_unsigned_representative_87(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4469,9 +4485,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_90(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -4492,7 +4508,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a71( +static void encrypt_unpacked_d71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4500,7 +4516,7 @@ static void encrypt_unpacked_a71( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_181(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4510,7 +4526,7 @@ static void encrypt_unpacked_a71( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_de1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a21(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4521,28 +4537,28 @@ static void encrypt_unpacked_a71( PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_61( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_501(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_4b1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_b0(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_cc1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_661(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_431( + compress_then_serialize_u_ed1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7a0( + compress_then_serialize_ring_element_v_2d0( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4567,7 +4583,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( +tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4594,7 +4610,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_a71(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_d71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4604,7 +4620,7 @@ tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_631( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4625,7 +4641,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_fe(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_da(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4650,10 +4666,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8a1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_951(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_651( + deserialize_ring_elements_reduced_071( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4661,7 +4677,7 @@ static void encrypt_8a1(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_931(ret0, false, A); + sample_matrix_A_0b1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4695,7 +4711,7 @@ static void encrypt_8a1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_a71(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_d71(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4710,7 +4726,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_65(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_3b(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -4736,11 +4752,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_771( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_fe( + entropy_preprocess_af_da( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4750,7 +4766,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_771( size_t); uint8_t ret[32U]; H_f1_fd1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4764,19 +4780,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_771( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_eb1(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_8a1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_951(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_641(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_65(shared_secret, shared_secret_array); + kdf_af_3b(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4833,8 +4849,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_40(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_then_decompress_10_0e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4900,8 +4916,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_19(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_then_decompress_11_73(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4923,8 +4939,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_120(Eurydice_slice serialized) { - return deserialize_then_decompress_11_19(serialized); +deserialize_then_decompress_ring_element_u_990(Eurydice_slice serialized) { + return deserialize_then_decompress_11_73(serialized); } /** @@ -4933,17 +4949,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ec0( +static KRML_MUSTINLINE void ntt_vector_u_740( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_90(&zeta_i, re); - ntt_at_layer_2_95(&zeta_i, re); - ntt_at_layer_1_32(&zeta_i, re); - poly_barrett_reduce_20_f0(re); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_82(&zeta_i, re); + ntt_at_layer_2_8a(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_20_6b(re); } /** @@ -4954,12 +4970,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b81( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_de();); + u_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4977,8 +4993,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a31( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_120(u_bytes); - ntt_vector_u_ec0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_990(u_bytes); + ntt_vector_u_740(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5029,8 +5045,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_72(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_then_decompress_4_33(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5089,8 +5105,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_then_decompress_5_df(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5112,8 +5128,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_050(Eurydice_slice serialized) { - return deserialize_then_decompress_5_fe(serialized); +deserialize_then_decompress_ring_element_v_bf0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_df(serialized); } /** @@ -5127,7 +5143,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_43(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_78(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5152,17 +5168,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_521( +compute_message_3b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_171(&result, &product);); - invert_ntt_montgomery_7e1(&result); - result = subtract_reduce_20_43(v, result); + ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fc1(&result, &product);); + invert_ntt_montgomery_311(&result); + result = subtract_reduce_20_78(v, result); return result; } @@ -5172,13 +5188,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_f9( +static KRML_MUSTINLINE void compress_then_serialize_message_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_bc(re.coefficients[i0]); + to_unsigned_representative_87(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5202,19 +5218,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_791( +static void decrypt_unpacked_871( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_a31(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b81(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_050( + deserialize_then_decompress_ring_element_v_bf0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_521(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5266,12 +5282,12 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_791(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_871(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5300,7 +5316,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5311,11 +5327,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_341( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_a71(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_d71(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5333,8 +5349,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_d9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_de(); +deserialize_to_uncompressed_ring_element_7b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -5353,12 +5369,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_c51( +static KRML_MUSTINLINE void deserialize_secret_key_751( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_de();); + secret_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5370,7 +5386,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_c51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_d9(secret_bytes); + deserialize_to_uncompressed_ring_element_7b(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -5392,10 +5408,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_fb1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c31(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_c51(secret_key, secret_as_ntt); + deserialize_secret_key_751(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5407,7 +5423,7 @@ static void decrypt_fb1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_791(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_871(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5433,7 +5449,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_2c1( +void libcrux_ml_kem_ind_cca_decapsulate_161( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5452,7 +5468,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fb1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c31(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5474,7 +5490,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5484,17 +5500,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_8a1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_951(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_65(Eurydice_array_to_slice((size_t)32U, + kdf_af_3b(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_65(shared_secret0, shared_secret1); + kdf_af_3b(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_011(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5509,12 +5525,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_650( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_070( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_de();); + deserialized_pk[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5526,7 +5542,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_650( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_32(ring_element); + deserialize_to_reduced_ring_element_62(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5541,7 +5557,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f70( +static KRML_MUSTINLINE void serialize_secret_key_cd0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5559,7 +5575,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f70( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_e7(&re, ret0); + serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5574,14 +5590,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_7a0( +static KRML_MUSTINLINE void serialize_public_key_770( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_f70(t_as_ntt, ret0); + serialize_secret_key_cd0(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5601,15 +5617,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c10(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_650( + deserialize_ring_elements_reduced_070( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_7a0( + serialize_public_key_770( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5651,10 +5667,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_a60( +static void closure_a30( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_de();); + ret[i] = ZERO_20_1c();); } /** @@ -5791,7 +5807,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b21( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_891( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5903,7 +5919,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b22( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_892( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5942,9 +5958,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_fc0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5955,7 +5971,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_590( +static KRML_MUSTINLINE void sample_from_xof_1b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5969,7 +5985,7 @@ static KRML_MUSTINLINE void sample_from_xof_590( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_b21( + bool done = sample_from_uniform_distribution_next_891( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -5981,7 +5997,7 @@ static KRML_MUSTINLINE void sample_from_xof_590( uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_b22( + done = sample_from_uniform_distribution_next_892( copy_of_randomness, sampled_coefficients, out); } } @@ -5990,7 +6006,7 @@ static KRML_MUSTINLINE void sample_from_xof_590( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_fc0(copy_of_out[i]);); + ret0[i] = closure_2c0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6003,12 +6019,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_930( +static KRML_MUSTINLINE void sample_matrix_A_0b0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_a60(A_transpose[i]);); + closure_a30(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6023,7 +6039,7 @@ static KRML_MUSTINLINE void sample_matrix_A_930( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_590(copy_of_seeds, sampled); + sample_from_xof_1b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6100,8 +6116,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_610(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_1e(randomness); +sample_from_binomial_distribution_d80(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_af(randomness); } /** @@ -6113,11 +6129,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_180( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_060( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_de();); + re_as_ntt[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6132,9 +6148,9 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_180( PRFxN_f1_bf0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_610( + re_as_ntt[i0] = sample_from_binomial_distribution_d80( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6158,7 +6174,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_170( +static KRML_MUSTINLINE void add_to_ring_element_20_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6182,14 +6198,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_370( +static KRML_MUSTINLINE void compute_As_plus_e_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_de();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6210,10 +6226,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_370( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_170(&result0[i1], &product); + ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fc0(&result0[i1], &product); } - add_standard_error_reduce_20_c2(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6233,7 +6249,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_c00( +static tuple_4c0 generate_keypair_unpacked_830( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d00(key_generation_seed, hashed); @@ -6245,14 +6261,14 @@ static tuple_4c0 generate_keypair_unpacked_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_930(ret, true, A_transpose); + sample_matrix_A_0b0(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_180(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6264,10 +6280,10 @@ static tuple_4c0 generate_keypair_unpacked_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_180(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_060(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_370(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_3c0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -6320,10 +6336,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_180( +static void closure_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_de();); + ret[i] = ZERO_20_1c();); } /** @@ -6354,7 +6370,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6363,18 +6379,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_c00(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_830(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_180(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_d60(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_ea(&ind_cpa_public_key.A[j][i1]); + clone_3a_d9(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6384,7 +6400,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f80( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_7a0( + serialize_public_key_770( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6433,17 +6449,17 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e10( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_c00(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_830(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_7a0( + serialize_public_key_770( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f70(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cd0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6467,7 +6483,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_27( +static KRML_MUSTINLINE void serialize_kem_secret_key_9d( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6523,7 +6539,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_290(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6532,13 +6548,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_290(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); + generate_keypair_fc0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_27( + serialize_kem_secret_key_9d( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6547,13 +6563,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_290(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a6( - uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -6598,10 +6614,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_de0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a20(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_de();); + error_1[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6617,7 +6633,7 @@ sample_ring_element_cbd_de0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_61( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6654,18 +6670,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7e0( +static KRML_MUSTINLINE void invert_ntt_montgomery_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_c8(&zeta_i, re); - invert_ntt_at_layer_2_d9(&zeta_i, re); - invert_ntt_at_layer_3_45(&zeta_i, re); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_f0(re); + invert_ntt_at_layer_1_e7(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_6b(re); } /** @@ -6674,14 +6690,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_500( +static KRML_MUSTINLINE void compute_vector_u_4b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_de();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6701,11 +6717,11 @@ static KRML_MUSTINLINE void compute_vector_u_500( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(a_element, &r_as_ntt[j]); - add_to_ring_element_20_170(&result0[i1], &product); + ntt_multiply_20_23(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fc0(&result0[i1], &product); } - invert_ntt_montgomery_7e0(&result0[i1]); - add_error_reduce_20_d6(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_310(&result0[i1]); + add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6723,18 +6739,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_cc0( +compute_ring_element_v_660( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_170(&result, &product);); - invert_ntt_montgomery_7e0(&result); - result = add_message_error_reduce_20_0c(error_2, message, result); + ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fc0(&result, &product);); + invert_ntt_montgomery_310(&result); + result = add_message_error_reduce_20_8c(error_2, message, result); return result; } @@ -6744,14 +6760,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_8a( +static KRML_MUSTINLINE void compress_then_serialize_10_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9a(to_unsigned_representative_bc(re->coefficients[i0])); + compress_0d_9a(to_unsigned_representative_87(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6769,10 +6785,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_81( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_8a(re, uu____0); + compress_then_serialize_10_a9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6785,7 +6801,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_430( +static void compress_then_serialize_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6801,7 +6817,7 @@ static void compress_then_serialize_u_430( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_81(&re, ret); + compress_then_serialize_ring_element_u_31(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6814,9 +6830,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_7a( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_9f(re, out); + compress_then_serialize_4_55(re, out); } /** @@ -6837,7 +6853,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a70( +static void encrypt_unpacked_d70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6845,7 +6861,7 @@ static void encrypt_unpacked_a70( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_180(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6855,7 +6871,7 @@ static void encrypt_unpacked_a70( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_de0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a20(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6866,28 +6882,28 @@ static void encrypt_unpacked_a70( PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_61( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_500(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_4b0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_b0(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_cc0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_660(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_430( + compress_then_serialize_u_ed0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7a( + compress_then_serialize_ring_element_v_2d( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6912,7 +6928,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( +tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6939,7 +6955,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_a70(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_d70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6949,7 +6965,7 @@ tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_630( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6970,7 +6986,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_e3(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -6995,10 +7011,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8a0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_950(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_650( + deserialize_ring_elements_reduced_070( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -7006,7 +7022,7 @@ static void encrypt_8a0(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_930(ret0, false, A); + sample_matrix_A_0b0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -7040,7 +7056,7 @@ static void encrypt_8a0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_a70(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_d70(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7055,7 +7071,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_56(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -7081,11 +7097,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_770( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6d( + entropy_preprocess_af_e3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7095,7 +7111,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_770( size_t); uint8_t ret[32U]; H_f1_fd0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7109,19 +7125,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_770( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_8a0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_950(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e6(shared_secret, shared_secret_array); + kdf_af_56(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7141,8 +7157,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_12(Eurydice_slice serialized) { - return deserialize_then_decompress_10_40(serialized); +deserialize_then_decompress_ring_element_u_99(Eurydice_slice serialized) { + return deserialize_then_decompress_10_0e(serialized); } /** @@ -7151,17 +7167,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ec( +static KRML_MUSTINLINE void ntt_vector_u_74( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_90(&zeta_i, re); - ntt_at_layer_2_95(&zeta_i, re); - ntt_at_layer_1_32(&zeta_i, re); - poly_barrett_reduce_20_f0(re); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_82(&zeta_i, re); + ntt_at_layer_2_8a(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_20_6b(re); } /** @@ -7172,12 +7188,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b80( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_de();); + u_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7195,8 +7211,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a30( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_ec(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); + ntt_vector_u_74(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7210,8 +7226,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_05(Eurydice_slice serialized) { - return deserialize_then_decompress_4_72(serialized); +deserialize_then_decompress_ring_element_v_bf(Eurydice_slice serialized) { + return deserialize_then_decompress_4_33(serialized); } /** @@ -7221,17 +7237,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_520( +compute_message_3b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_170(&result, &product);); - invert_ntt_montgomery_7e0(&result); - result = subtract_reduce_20_43(v, result); + ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fc0(&result, &product);); + invert_ntt_montgomery_310(&result); + result = subtract_reduce_20_78(v, result); return result; } @@ -7245,19 +7261,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_790( +static void decrypt_unpacked_870( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_a30(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b80(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_05( + deserialize_then_decompress_ring_element_v_bf( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_520(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7297,11 +7313,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_790(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_870(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -7330,7 +7346,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7341,11 +7357,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_340( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_a70(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_d70(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7362,12 +7378,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_c50( +static KRML_MUSTINLINE void deserialize_secret_key_750( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_de();); + secret_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7379,7 +7395,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_c50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_d9(secret_bytes); + deserialize_to_uncompressed_ring_element_7b(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -7401,10 +7417,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fb0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c30(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_c50(secret_key, secret_as_ntt); + deserialize_secret_key_750(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7416,7 +7432,7 @@ static void decrypt_fb0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_790(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_870(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7442,7 +7458,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_2c0( +void libcrux_ml_kem_ind_cca_decapsulate_160( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7460,7 +7476,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fb0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7482,7 +7498,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7492,17 +7508,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_8a0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_950(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e6(Eurydice_array_to_slice((size_t)32U, + kdf_af_56(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_e6(shared_secret0, shared_secret1); + kdf_af_56(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_01(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7517,12 +7533,12 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_65( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_07( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_de();); + deserialized_pk[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7534,7 +7550,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_65( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_32(ring_element); + deserialize_to_reduced_ring_element_62(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7549,7 +7565,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f7( +static KRML_MUSTINLINE void serialize_secret_key_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7567,7 +7583,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f7( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_e7(&re, ret0); + serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7582,14 +7598,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_7a( +static KRML_MUSTINLINE void serialize_public_key_77( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_f7(t_as_ntt, ret0); + serialize_secret_key_cd(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7609,15 +7625,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_c1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_65( + deserialize_ring_elements_reduced_07( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_7a( + serialize_public_key_77( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7659,10 +7675,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_a6( +static void closure_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_de();); + ret[i] = ZERO_20_1c();); } /** @@ -7799,7 +7815,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7911,7 +7927,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_b20( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7950,9 +7966,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_fc( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( int16_t s[272U]) { - return from_i16_array_20_84( + return from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7963,7 +7979,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_59( +static KRML_MUSTINLINE void sample_from_xof_1b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7977,7 +7993,7 @@ static KRML_MUSTINLINE void sample_from_xof_59( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_b2( + bool done = sample_from_uniform_distribution_next_89( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -7989,7 +8005,7 @@ static KRML_MUSTINLINE void sample_from_xof_59( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_b20( + done = sample_from_uniform_distribution_next_890( copy_of_randomness, sampled_coefficients, out); } } @@ -7998,7 +8014,7 @@ static KRML_MUSTINLINE void sample_from_xof_59( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_fc(copy_of_out[i]);); + ret0[i] = closure_2c(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8011,12 +8027,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_93( +static KRML_MUSTINLINE void sample_matrix_A_0b( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_a6(A_transpose[i]);); + closure_a3(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8031,7 +8047,7 @@ static KRML_MUSTINLINE void sample_matrix_A_93( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_59(copy_of_seeds, sampled); + sample_from_xof_1b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8110,11 +8126,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_18( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_06( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_de();); + re_as_ntt[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8129,9 +8145,9 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_18( PRFxN_f1_bf(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_61( + re_as_ntt[i0] = sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8155,7 +8171,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_17( +static KRML_MUSTINLINE void add_to_ring_element_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8179,14 +8195,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_37( +static KRML_MUSTINLINE void compute_As_plus_e_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_de();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8207,10 +8223,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_17(&result0[i1], &product); + ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_fc(&result0[i1], &product); } - add_standard_error_reduce_20_c2(&result0[i1], &error_as_ntt[i1]); + add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8230,7 +8246,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_c0( +static tuple_9b generate_keypair_unpacked_83( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_d0(key_generation_seed, hashed); @@ -8242,14 +8258,14 @@ static tuple_9b generate_keypair_unpacked_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_93(ret, true, A_transpose); + sample_matrix_A_0b(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_18(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8261,10 +8277,10 @@ static tuple_9b generate_keypair_unpacked_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_18(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_06(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_37(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_3c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); @@ -8317,10 +8333,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_18( +static void closure_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_de();); + ret[i] = ZERO_20_1c();); } /** @@ -8351,7 +8367,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -8360,18 +8376,18 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_c0(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_83(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_18(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_d6(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_ea(&ind_cpa_public_key.A[j][i1]); + clone_3a_d9(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8381,7 +8397,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_f8( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_7a( + serialize_public_key_77( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -8430,17 +8446,17 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_c0(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_83(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_7a( + serialize_public_key_77( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f7(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_cd(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8464,7 +8480,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_94( +static KRML_MUSTINLINE void serialize_kem_secret_key_d7( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8520,7 +8536,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8529,13 +8545,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); + generate_keypair_fc(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_94( + serialize_kem_secret_key_d7( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8544,13 +8560,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a60(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a60( - uu____2, libcrux_ml_kem_types_from_07_180(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b10( + uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); } /** @@ -8563,10 +8579,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_de(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a2(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_de();); + error_1[i] = ZERO_20_1c();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8582,7 +8598,7 @@ sample_ring_element_cbd_de(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_61( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8619,18 +8635,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7e( +static KRML_MUSTINLINE void invert_ntt_montgomery_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_c8(&zeta_i, re); - invert_ntt_at_layer_2_d9(&zeta_i, re); - invert_ntt_at_layer_3_45(&zeta_i, re); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_82(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_f0(re); + invert_ntt_at_layer_1_e7(&zeta_i, re); + invert_ntt_at_layer_2_e9(&zeta_i, re); + invert_ntt_at_layer_3_2b(&zeta_i, re); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_6b(re); } /** @@ -8639,14 +8655,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_50( +static KRML_MUSTINLINE void compute_vector_u_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_de();); + result0[i] = ZERO_20_1c();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8666,11 +8682,11 @@ static KRML_MUSTINLINE void compute_vector_u_50( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(a_element, &r_as_ntt[j]); - add_to_ring_element_20_17(&result0[i1], &product); + ntt_multiply_20_23(a_element, &r_as_ntt[j]); + add_to_ring_element_20_fc(&result0[i1], &product); } - invert_ntt_montgomery_7e(&result0[i1]); - add_error_reduce_20_d6(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_31(&result0[i1]); + add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8688,18 +8704,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_cc( +compute_ring_element_v_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_17(&result, &product);); - invert_ntt_montgomery_7e(&result); - result = add_message_error_reduce_20_0c(error_2, message, result); + ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_fc(&result, &product);); + invert_ntt_montgomery_31(&result); + result = add_message_error_reduce_20_8c(error_2, message, result); return result; } @@ -8712,7 +8728,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_43( +static void compress_then_serialize_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8728,7 +8744,7 @@ static void compress_then_serialize_u_43( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_81(&re, ret); + compress_then_serialize_ring_element_u_31(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8752,7 +8768,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a7( +static void encrypt_unpacked_d7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -8760,7 +8776,7 @@ static void encrypt_unpacked_a7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_18(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8770,7 +8786,7 @@ static void encrypt_unpacked_a7( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_de(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a2(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8781,28 +8797,28 @@ static void encrypt_unpacked_a7( PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_61( + sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_50(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_4b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_b0(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_cc(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_66(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_43( + compress_then_serialize_u_ed( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_7a( + compress_then_serialize_ring_element_v_2d( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8827,7 +8843,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( +tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8854,7 +8870,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_a7(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_d7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8864,7 +8880,7 @@ tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_63( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8885,7 +8901,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_70(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a0(Eurydice_slice randomness, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -8910,10 +8926,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8a(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_95(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_65( + deserialize_ring_elements_reduced_07( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -8921,7 +8937,7 @@ static void encrypt_8a(Eurydice_slice public_key, uint8_t message[32U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_93(ret0, false, A); + sample_matrix_A_0b(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -8955,7 +8971,7 @@ static void encrypt_8a(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_a7(uu____3, copy_of_message, randomness, result); + encrypt_unpacked_d7(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8970,7 +8986,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_f1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_a2(Eurydice_slice shared_secret, uint8_t ret[32U]) { core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); @@ -8996,11 +9012,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_70( + entropy_preprocess_af_a0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -9010,7 +9026,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( size_t); uint8_t ret[32U]; H_f1_fd(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -9024,19 +9040,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_8a(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_640(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_f1(shared_secret, shared_secret_array); + kdf_af_a2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9057,12 +9073,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b8( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_de();); + u_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -9080,8 +9096,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_12(u_bytes); - ntt_vector_u_ec(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); + ntt_vector_u_74(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9095,17 +9111,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_52( +compute_message_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_de(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_73(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_17(&result, &product);); - invert_ntt_montgomery_7e(&result); - result = subtract_reduce_20_43(v, result); + ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_fc(&result, &product);); + invert_ntt_montgomery_31(&result); + result = subtract_reduce_20_78(v, result); return result; } @@ -9119,19 +9135,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_79( +static void decrypt_unpacked_87( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_a3(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b8(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_05( + deserialize_then_decompress_ring_element_v_bf( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_52(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9171,11 +9187,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34( +void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_79(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_87(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -9204,7 +9220,7 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9215,11 +9231,11 @@ void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_34( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_a7(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_d7(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9236,12 +9252,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_c5( +static KRML_MUSTINLINE void deserialize_secret_key_75( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_de();); + secret_as_ntt[i] = ZERO_20_1c();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9253,7 +9269,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_c5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_d9(secret_bytes); + deserialize_to_uncompressed_ring_element_7b(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -9275,10 +9291,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_fb(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c3(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_c5(secret_key, secret_as_ntt); + deserialize_secret_key_75(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9290,7 +9306,7 @@ static void decrypt_fb(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_79(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_87(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -9316,7 +9332,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_2c( +void libcrux_ml_kem_ind_cca_decapsulate_16( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -9334,7 +9350,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_fb(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c3(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -9356,7 +9372,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9366,16 +9382,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_2c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_8a(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f1(Eurydice_array_to_slice((size_t)32U, + kdf_af_a2(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_f1(shared_secret0, shared_secret1); + kdf_af_a2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_010(ciphertext), + libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f3c85de51..96aea78f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem_portable_H @@ -275,7 +275,7 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c); + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3a42178da..d2431db67 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 07e36f873..a99c22075 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index e449ed71b..2d71356b1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 61765adc0..07a720d52 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 0d55aa7db..b6fe897dd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 143574be0..9a07033c8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 4d2c0d71b..d0d648272 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc +Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index f66fb9aee..192ed0185 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_core_H @@ -218,7 +218,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_a2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_44( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -233,7 +233,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_07_18(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_07_a9(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -267,7 +267,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_64_a6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_64_b1(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -283,7 +283,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_e7_a6(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_e7_f1(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -313,7 +313,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_15_64(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_15_e9(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -330,7 +330,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_eb( +static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -415,7 +415,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_ba with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_bf( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_27( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8e6993e53..cccfb172a 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 625169aa1..68004878d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_avx2_H @@ -200,13 +200,13 @@ static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16( + t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( @@ -229,19 +229,20 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i vec_constant = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, vec_constant); __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, vec_constant); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -304,17 +305,19 @@ libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i vec, __m256i constants) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vec, constants); __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vec, constants); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -376,17 +379,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i vec, __m128i constants) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(vec, constants); __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i modulus = libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16(k, modulus); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(vec, constants); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } @@ -525,9 +528,9 @@ static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, + vec, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); @@ -535,7 +538,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { k, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); __m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, vec, __m256i); __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = @@ -1211,7 +1214,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_5b(void) { +libcrux_ml_kem_polynomial_ZERO_20_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1240,8 +1243,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_02(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ac(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -1252,10 +1255,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_96( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,12 +1276,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1291,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_1d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_96( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1324,8 +1327,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_9b(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e8(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -1336,7 +1339,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1388,9 +1391,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_48( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( vector); } @@ -1402,10 +1405,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_62( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1418,7 +1421,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_62( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_48( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( coefficient); } return re; @@ -1432,7 +1435,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1484,9 +1487,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_480( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( vector); } @@ -1498,10 +1501,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_74( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1509,7 +1512,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_74( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_480( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( coefficient); } return re; @@ -1523,9 +1526,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_30( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_62(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1540,7 +1543,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_de( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1553,9 +1556,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_25(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_de(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1569,7 +1572,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1582,7 +1585,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_25( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -1600,7 +1603,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_7a( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_db( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1619,7 +1622,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_0d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1639,7 +1642,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_6e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1665,7 +1668,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1682,21 +1685,24 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_7a(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_0d(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U, + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, + (size_t)6U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_6e(&zeta_i, re, (size_t)1U, + (size_t)7U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); } /** @@ -1709,12 +1715,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e0( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1734,9 +1740,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e0( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_30( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_f8(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_99(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1751,7 +1757,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1803,9 +1809,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_481( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( vector); } @@ -1817,10 +1823,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_7c( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1828,7 +1834,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_7c( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_481( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( coefficient); } return re; @@ -1842,7 +1848,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1894,9 +1900,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_482( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_9b2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( vector); } @@ -1908,10 +1914,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_6e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1919,7 +1925,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_482( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( re.coefficients[i0]); } return re; @@ -1933,9 +1939,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bc( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_7c(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d(serialized); } /** @@ -1950,11 +1956,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_d9( +libcrux_ml_kem_polynomial_ntt_multiply_20_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1982,7 +1988,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2003,7 +2009,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2027,7 +2033,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_05( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2049,7 +2055,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_4d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2070,13 +2076,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8a(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_de(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2089,7 +2095,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2104,7 +2110,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_8a( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2122,22 +2128,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ad(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_05(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_4d(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_6a(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); } /** @@ -2152,7 +2158,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_6d( +libcrux_ml_kem_polynomial_subtract_reduce_20_71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2176,21 +2182,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_3e( +libcrux_ml_kem_matrix_compute_message_75( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_d9(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_6d(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_71(v, result); return result; } @@ -2201,7 +2207,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_2c(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2215,9 +2221,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_59( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_86( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_2c(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(vector); } /** @@ -2228,8 +2234,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_f8(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_59(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_4f(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_86(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2243,13 +2249,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_8f( +libcrux_ml_kem_serialize_compress_then_serialize_message_5e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2274,20 +2280,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_e0(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_bc( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_3e(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_75(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_8f(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_5e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2302,11 +2308,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_ca(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_04(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_1d(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2318,7 +2324,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_ca(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2376,9 +2382,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_7a( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_8b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -2389,10 +2395,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2413,12 +2419,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -2431,7 +2437,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_3b( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( ring_element); deserialized_pk[i0] = uu____0; } @@ -2448,8 +2454,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_6c(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_32(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -2459,10 +2465,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_41( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_ba( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } } @@ -2610,7 +2616,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d8( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2744,7 +2750,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d80( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2791,9 +2797,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_a8(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_82(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2812,8 +2818,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_f5(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_a8( +libcrux_ml_kem_sampling_sample_from_xof_closure_8a(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_82( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2824,7 +2830,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_ce( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2841,7 +2847,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_ce( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d8( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -2854,7 +2860,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_ce( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_d80( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( copy_of_randomness, sampled_coefficients, out); } } @@ -2864,7 +2870,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_f5(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_8a(copy_of_out[i]); } memcpy( ret, ret0, @@ -2878,12 +2884,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_d6( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ff( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_41(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_ba(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -2903,7 +2909,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_d6( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_ce(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_c1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2963,8 +2969,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_f9(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_95(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -3026,7 +3032,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_92( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3061,7 +3067,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_92( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_a8( + return libcrux_ml_kem_polynomial_from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3073,7 +3079,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_2c( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_5f( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3107,7 +3113,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_2c( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_a8( + return libcrux_ml_kem_polynomial_from_i16_array_20_82( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3119,9 +3125,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_92( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( randomness); } @@ -3132,7 +3138,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_75( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3154,20 +3160,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ca( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_75(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_51(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_7a(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_0d(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_1e(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_5e(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + (size_t)11207U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + (size_t)11207U + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( + &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_db( + &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_10( + &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_6e( + &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); } /** @@ -3180,11 +3189,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3203,9 +3212,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ca(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3230,8 +3239,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_0f(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -3244,11 +3253,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3267,7 +3276,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3322,8 +3331,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_e5(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ad(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -3337,7 +3346,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_bb( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3359,14 +3368,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_68( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3387,12 +3396,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_68( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_d9(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_bb(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_1f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3411,10 +3420,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_96( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_34( __m256i vec) { - __m256i s = libcrux_ml_kem_vector_avx2_sub_09( - libcrux_ml_kem_vector_avx2_ZERO_09(), &vec); + __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); + __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, (int16_t)1665); } @@ -3427,10 +3436,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3438,7 +3447,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_96(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_34(coefficient_compressed); } return re; } @@ -3455,7 +3464,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_58( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3483,22 +3492,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_e5( +libcrux_ml_kem_matrix_compute_ring_element_v_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_5b(); + libcrux_ml_kem_polynomial_ZERO_20_1b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_d9(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_8c(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_58( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( error_2, message, result); return result; } @@ -3511,7 +3520,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3566,9 +3575,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_49( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( vector); } @@ -3580,14 +3589,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_a1( +libcrux_ml_kem_serialize_compress_then_serialize_10_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3c( - libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_49( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3607,7 +3616,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e00( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3662,9 +3671,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_490( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e00( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( vector); } @@ -3676,14 +3685,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_ce( +libcrux_ml_kem_serialize_compress_then_serialize_11_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3c0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_490( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3704,10 +3713,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_51( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a1(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_bf(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3721,7 +3730,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fe( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3737,7 +3746,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fe( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_51(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3752,7 +3761,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e01( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3807,9 +3816,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_491( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e01( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( vector); } @@ -3821,7 +3830,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_59( +libcrux_ml_kem_serialize_compress_then_serialize_4_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3829,8 +3838,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_59( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3c1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_491( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3849,7 +3858,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e02( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3904,9 +3913,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3c2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_492( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_e02( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( vector); } @@ -3918,7 +3927,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_14( +libcrux_ml_kem_serialize_compress_then_serialize_5_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -3926,8 +3935,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_14( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_3c2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_492( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -3947,9 +3956,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_c0(re, out); } /** @@ -3970,7 +3979,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3978,7 +3987,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -3988,7 +3997,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_3b( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4000,30 +4009,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_20( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_68(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_e3(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_e5( + libcrux_ml_kem_matrix_compute_ring_element_v_e7( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_fe( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_4e( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4047,12 +4056,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_83(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_50(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -4060,7 +4069,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_83(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_d6(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_ff(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -4094,7 +4103,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_83(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_99(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4111,7 +4120,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ac( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; @@ -4142,7 +4151,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_9b( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4160,7 +4169,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_9b( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_ca(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4184,7 +4193,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_9b( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -4195,18 +4204,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_9b( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_83(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_2c( + libcrux_ml_kem_ind_cca_kdf_43_ac( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_2c(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4236,10 +4245,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_39( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a9(private_key, ciphertext, ret); } /** @@ -4253,7 +4262,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_39(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e(private_key, ciphertext, ret); } @@ -4313,11 +4322,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2f( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_bd( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4347,7 +4356,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2f( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -4359,11 +4368,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_99( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4400,10 +4409,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5a( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_2f(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28(key_pair, ciphertext, ret); } @@ -4418,7 +4427,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5a( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( private_key, ciphertext, ret); } @@ -4433,7 +4442,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -4475,11 +4484,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b3( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_3e( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -4490,7 +4499,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_eb(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4505,20 +4514,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_83(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_2c(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4551,14 +4560,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_82( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_7a(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); } /** @@ -4576,7 +4585,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_82( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( uu____0, copy_of_randomness); } @@ -4599,7 +4608,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_56( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4627,7 +4636,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_56( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_99(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4637,7 +4646,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_56( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4671,7 +4680,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_69( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4679,7 +4688,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_69( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_56( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( uu____0, copy_of_randomness); } @@ -4700,7 +4709,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_69( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( uu____0, copy_of_randomness); } @@ -4725,8 +4734,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ef(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_ba(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -4736,7 +4745,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_9a( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_f5( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4754,14 +4763,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_33( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_9a( + libcrux_ml_kem_vector_traits_to_standard_domain_f5( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4776,14 +4785,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_b5( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4805,12 +4814,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_d9(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3e(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_33( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -4831,7 +4840,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); @@ -4843,14 +4852,14 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_d6(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_ff(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f( + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( @@ -4863,12 +4872,12 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3f(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_b5(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_ef(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; @@ -4916,14 +4925,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2e( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_f8( + libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -4943,7 +4952,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_56( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4961,7 +4970,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_56( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2e(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4977,14 +4986,14 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_56(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_50(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5009,17 +5018,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_7e(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_0f( + libcrux_ml_kem_ind_cpa_serialize_public_key_51( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_56(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_50(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5045,7 +5054,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5101,7 +5110,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_97(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5110,13 +5119,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_97(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_7e(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_f6( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5125,13 +5134,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_97(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a6( - uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -5147,12 +5156,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_90( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_97(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); } /** @@ -5164,7 +5173,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_90( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( copy_of_randomness); } @@ -5183,9 +5192,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_db( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_cf( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_5b(); + return libcrux_ml_kem_polynomial_ZERO_20_1b(); } /** @@ -5203,10 +5212,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_a8( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_5b(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); } } @@ -5222,7 +5231,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_dd( +libcrux_ml_kem_polynomial_clone_3a_3f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5247,7 +5256,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -5256,7 +5265,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f1( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5264,7 +5273,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_a8(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -5272,7 +5281,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_dd(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_3f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5284,7 +5293,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_0f( + libcrux_ml_kem_ind_cpa_serialize_public_key_51( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -5339,12 +5348,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f7( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_e2( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( copy_of_randomness); } @@ -5358,7 +5367,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_f7( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( copy_of_randomness); } @@ -5374,7 +5383,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_99( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5385,7 +5394,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a2( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_a2(ciphertext), + libcrux_ml_kem_types_as_slice_a8_44(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5419,7 +5428,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_9b0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_a90( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5437,7 +5446,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_9b0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_ca(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5461,7 +5470,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_9b0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( @@ -5472,18 +5481,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_9b0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_83(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a2( + libcrux_ml_kem_ind_cca_kdf_6c_99( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a2(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5517,10 +5526,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_a90(private_key, ciphertext, ret); } /** @@ -5534,7 +5543,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7f( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( private_key, ciphertext, ret); } @@ -5549,7 +5558,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_1e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); } @@ -5574,11 +5583,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b30( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_1e( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5589,7 +5598,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_31( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_eb(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5604,20 +5613,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_7a0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_83(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a2(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5653,14 +5662,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_3d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_7a0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); } /** @@ -5678,7 +5687,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_3d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( uu____0, copy_of_randomness); } @@ -5691,16 +5700,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_5f( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_06( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_0f( + libcrux_ml_kem_ind_cpa_serialize_public_key_51( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5719,9 +5728,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_eb( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_5f(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); } /** @@ -5733,7 +5742,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_eb( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index bb59cfd8c..1bf8861de 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_mlkem768_portable_H @@ -1199,15 +1199,15 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t c) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector vec, int16_t c) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = + vec.elements[i0] = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( - v.elements[i0], c); + vec.elements[i0], c); } - return v; + return vec; } /** @@ -1410,12 +1410,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; - vec->elements[i] = - libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - vec->elements[i] + vec->elements[j]); - vec->elements[j] = + int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( + vec->elements[i] + vec->elements[j]); + int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); + vec->elements[i] = o0; + vec->elements[j] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1527,17 +1528,26 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, size_t i, size_t j, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int32_t ai_bi = (int32_t)a->elements[i] * (int32_t)b->elements[i]; + int16_t ai = a->elements[i]; + int16_t bi = b->elements[i]; + int16_t aj = a->elements[j]; + int16_t bj = b->elements[j]; + int32_t ai_bi = (int32_t)ai * (int32_t)bi; + int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; int16_t aj_bj = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[j] * (int32_t)b->elements[j]); + aj_bj_); + int32_t aj_bj_zeta = (int32_t)aj_bj * (int32_t)zeta; + int32_t ai_bi_aj_bj = ai_bi + aj_bj_zeta; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - ai_bi + (int32_t)aj_bj * (int32_t)zeta); + ai_bi_aj_bj); + int32_t ai_bj = (int32_t)ai * (int32_t)bj; + int32_t aj_bi = (int32_t)aj * (int32_t)bi; + int32_t ai_bj_aj_bi = ai_bj + aj_bi; int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( - (int32_t)a->elements[i] * (int32_t)b->elements[j] + - (int32_t)a->elements[j] * (int32_t)b->elements[i]); + ai_bj_aj_bi); out->elements[i] = o0; out->elements[j] = o1; } @@ -1547,24 +1557,28 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( libcrux_ml_kem_vector_portable_vector_type_PortableVector *lhs, libcrux_ml_kem_vector_portable_vector_type_PortableVector *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { + int16_t nzeta0 = -zeta0; + int16_t nzeta1 = -zeta1; + int16_t nzeta2 = -zeta2; + int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta0, (size_t)2U, (size_t)3U, &out); + lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta1, (size_t)6U, (size_t)7U, &out); + lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta2, (size_t)10U, (size_t)11U, &out); + lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, -zeta3, (size_t)14U, (size_t)15U, &out); + lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); return out; } @@ -2481,7 +2495,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_de(void) { +libcrux_ml_kem_polynomial_ZERO_20_1c(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2509,8 +2523,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_45(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_0f(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -2520,10 +2534,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2542,12 +2556,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_92( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2560,7 +2574,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ea( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_af( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2592,8 +2606,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b2(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_99(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -2641,10 +2655,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_66( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_40( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2712,10 +2726,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_76( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_c9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2738,9 +2752,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_79( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_66(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_40(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2755,7 +2769,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7e( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2769,12 +2783,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_65( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7e(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2788,7 +2802,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2801,7 +2815,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_65( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2818,7 +2832,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_90( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2838,7 +2852,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_95( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2859,7 +2873,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_32( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2886,7 +2900,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2904,21 +2918,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_fe( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_90(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_95(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_32(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U, + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_82(&zeta_i, re, (size_t)3U, + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_8a(&zeta_i, re, (size_t)2U, + (size_t)6U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, + (size_t)7U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); } /** @@ -2930,12 +2947,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2955,9 +2972,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_79( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_fe(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3009,10 +3026,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_83( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_51( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3073,10 +3090,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_65( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3099,9 +3116,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_83(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_51(serialized); } /** @@ -3115,11 +3132,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_73( +libcrux_ml_kem_polynomial_ntt_multiply_20_23( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3148,7 +3165,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_17( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3172,7 +3189,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3195,7 +3212,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d9( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3216,7 +3233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_45( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3238,7 +3255,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3246,7 +3263,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_7e(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3259,7 +3276,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3274,7 +3291,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e9( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3291,22 +3308,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_c8(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_d9(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_45(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_82(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); } /** @@ -3320,7 +3337,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_71( +libcrux_ml_kem_polynomial_subtract_reduce_20_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3346,21 +3363,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_c1( +libcrux_ml_kem_matrix_compute_message_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_73(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_71(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_f5(v, result); return result; } @@ -3402,7 +3419,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( +libcrux_ml_kem_vector_traits_to_unsigned_representative_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_shift_right_0d_f1(a); @@ -3419,13 +3436,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_5e( +libcrux_ml_kem_serialize_compress_then_serialize_message_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3451,20 +3468,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_c1(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a9(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_5e(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_f1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3478,11 +3495,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_4b(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_30(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ea(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_92(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3494,7 +3511,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_4b(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3548,9 +3565,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_64( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_2e( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -3560,10 +3577,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_32( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3585,12 +3602,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / @@ -3603,7 +3620,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_32( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( ring_element); deserialized_pk[i0] = uu____0; } @@ -3620,8 +3637,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_24(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4d(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -3631,10 +3648,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_a6( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_a3( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } } @@ -3783,7 +3800,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b2( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3905,7 +3922,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b20( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3951,9 +3968,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_84(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_d3(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3974,8 +3991,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_fc(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_84( +libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_20_d3( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3986,7 +4003,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4003,7 +4020,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b2( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { @@ -4016,7 +4033,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_b20( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( copy_of_randomness, sampled_coefficients, out); } } @@ -4026,7 +4043,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_fc(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_2c(copy_of_out[i]); } memcpy( ret, ret0, @@ -4040,12 +4057,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_93( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0b( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_a6(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_a3(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4065,7 +4082,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_93( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_59(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_1b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4125,8 +4142,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_8d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_06(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -4169,7 +4186,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_28( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4204,7 +4221,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_28( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4215,7 +4232,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_1e( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_af( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4249,7 +4266,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_1e( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_84( + return libcrux_ml_kem_polynomial_from_i16_array_20_d3( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4260,9 +4277,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_28( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( randomness); } @@ -4272,7 +4289,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_43( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4295,20 +4312,23 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_01( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_43(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_99(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_07(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_90(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_95(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_32(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_f0(re); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + (size_t)11207U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + (size_t)11207U + (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( + &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_3_82( + &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_8a( + &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_4f( + &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); } /** @@ -4321,11 +4341,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4344,9 +4364,9 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_01(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4371,8 +4391,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_fc(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_20(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -4385,11 +4405,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4408,7 +4428,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4460,8 +4480,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_9e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_matrix_compute_vector_u_closure_52(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -4474,7 +4494,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_d6( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4498,14 +4518,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_50( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4526,12 +4546,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_50( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_73(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_23(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_d6(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_06(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4550,14 +4570,16 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_d0( +libcrux_ml_kem_vector_traits_decompress_1_4c( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = - libcrux_ml_kem_vector_portable_sub_0d(uu____0, &vec); - return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( - s, (int16_t)1665); + libcrux_ml_kem_vector_portable_sub_0d(z, &vec); + libcrux_ml_kem_vector_portable_vector_type_PortableVector res = + libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( + s, (int16_t)1665); + return res; } /** @@ -4567,10 +4589,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4580,7 +4602,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_d0(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_4c(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4597,7 +4619,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_0c( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4627,22 +4649,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_cc( +libcrux_ml_kem_matrix_compute_ring_element_v_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_de(); + libcrux_ml_kem_polynomial_ZERO_20_1c(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_73(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7e(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_0c( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( error_2, message, result); return result; } @@ -4688,7 +4710,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_8a( +libcrux_ml_kem_serialize_compress_then_serialize_10_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4696,7 +4718,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_8a( size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_9a( - libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4749,7 +4771,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_8e( +libcrux_ml_kem_serialize_compress_then_serialize_11_e2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4757,7 +4779,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_8e( size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_9a0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4777,10 +4799,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_8a(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_a9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4793,7 +4815,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4809,7 +4831,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4857,7 +4879,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_9f( +libcrux_ml_kem_serialize_compress_then_serialize_4_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4867,7 +4889,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_9f( size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_compress_0d_9a1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4919,7 +4941,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_90( +libcrux_ml_kem_serialize_compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4929,7 +4951,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_90( size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = libcrux_ml_kem_vector_portable_compress_0d_9a2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4948,9 +4970,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_9f(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_55(re, out); } /** @@ -4971,7 +4993,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4979,7 +5001,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -4989,7 +5011,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_de( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5001,30 +5023,30 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_61( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_50(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_4b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_cc( + libcrux_ml_kem_matrix_compute_ring_element_v_66( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_43( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_7a( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5048,12 +5070,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_8a(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_95(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); Eurydice_slice seed = @@ -5061,7 +5083,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_8a(Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_93(ret0, false, A); + libcrux_ml_kem_matrix_sample_matrix_A_0b(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); @@ -5095,7 +5117,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_8a(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____3, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5111,7 +5133,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_77( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_85( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { Result_00 dst; @@ -5141,7 +5163,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_55( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5159,7 +5181,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_55( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_4b(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5183,7 +5205,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_55( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -5194,18 +5216,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_55( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8a(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_77( + libcrux_ml_kem_ind_cca_kdf_43_85( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_77(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5235,10 +5257,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a2( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_55(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); } /** @@ -5251,7 +5273,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a2( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a2( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( private_key, ciphertext, ret); } @@ -5311,11 +5333,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_61( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5345,7 +5367,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_61( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -5357,11 +5379,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_61( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5397,10 +5419,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_54( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_61(key_pair, ciphertext, + libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33(key_pair, ciphertext, ret); } @@ -5414,7 +5436,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_54( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_54( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( private_key, ciphertext, ret); } @@ -5428,7 +5450,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( Eurydice_slice randomness, uint8_t ret[32U]) { Result_00 dst; Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); @@ -5468,11 +5490,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -5483,7 +5505,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_eb(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5498,20 +5520,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_77( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8a(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_77(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5543,14 +5565,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_7c( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_77(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -5567,7 +5589,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_7c( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( uu____0, copy_of_randomness); } @@ -5590,7 +5612,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_80( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5618,7 +5640,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_80( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a7(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5628,7 +5650,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_80( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5661,7 +5683,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_8c( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5669,7 +5691,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_8c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_80( + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( uu____0, copy_of_randomness); } @@ -5689,7 +5711,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_8c( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( uu____0, copy_of_randomness); } @@ -5713,8 +5735,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_30(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_39(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -5724,7 +5746,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_bf( +libcrux_ml_kem_vector_traits_to_standard_domain_22( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5741,7 +5763,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_c2( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5749,7 +5771,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_20_c2( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_bf( + libcrux_ml_kem_vector_traits_to_standard_domain_22( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5765,14 +5787,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_37( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5794,12 +5816,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_37( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_73(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_17(&result0[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_c2( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( &result0[i1], &error_as_ntt[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -5820,7 +5842,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); @@ -5832,14 +5854,14 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_93(ret, true, A_transpose); + libcrux_ml_kem_matrix_sample_matrix_A_0b(ret, true, A_transpose); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18( + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( @@ -5852,12 +5874,12 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_18(copy_of_prf_input, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_37(A_transpose, secret_as_ntt, + libcrux_ml_kem_matrix_compute_As_plus_e_3c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; Result_00 dst; @@ -5904,14 +5926,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_e7( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_bc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_87( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5930,7 +5952,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5948,7 +5970,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f7( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_e7(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5963,14 +5985,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_7a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f7(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(t_as_ntt, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5995,17 +6017,17 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_7a( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f7(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6030,7 +6052,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_94( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6086,7 +6108,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6095,13 +6117,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_94( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6110,13 +6132,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_29(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_e7_a6(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_64_a6( - uu____2, libcrux_ml_kem_types_from_07_18(copy_of_public_key)); + return libcrux_ml_kem_types_from_64_b1( + uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); } /** @@ -6132,12 +6154,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_eb( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_29(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); } /** @@ -6148,7 +6170,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_eb( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( copy_of_randomness); } @@ -6167,9 +6189,9 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_5d( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_53( size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_de(); + return libcrux_ml_kem_polynomial_ZERO_20_1c(); } /** @@ -6187,10 +6209,10 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_43( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_de(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); } } @@ -6205,7 +6227,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_78( +libcrux_ml_kem_polynomial_clone_3a_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6233,7 +6255,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -6242,7 +6264,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_c0( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6250,7 +6272,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_43(i, + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -6258,7 +6280,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_78(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_3a_cc(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6270,7 +6292,7 @@ libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_7a( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t), @@ -6324,12 +6346,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_49( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dd( + return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( copy_of_randomness); } @@ -6342,7 +6364,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_49( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( copy_of_randomness); } @@ -6357,7 +6379,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_00( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6368,7 +6390,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_a2(ciphertext), + libcrux_ml_kem_types_as_slice_a8_44(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6401,7 +6423,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_550( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6419,7 +6441,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_550( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_4b(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6443,7 +6465,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_550( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( @@ -6454,18 +6476,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_550( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8a(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57( + libcrux_ml_kem_ind_cca_kdf_6c_00( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_bf(ciphertext), + libcrux_ml_kem_types_as_ref_ba_27(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6499,10 +6521,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bf( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_550(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); } /** @@ -6515,7 +6537,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bf( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_bf( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( private_key, ciphertext, ret); } @@ -6529,7 +6551,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_d6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); } @@ -6553,11 +6575,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_770( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_d6( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_17( @@ -6568,7 +6590,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_770( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_fd( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_eb(public_key), + libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6583,20 +6605,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_770( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_eb(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8a(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_64(copy_of_ciphertext); + libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6632,14 +6654,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_0d( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_770(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -6656,7 +6678,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_0d( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( uu____0, copy_of_randomness); } @@ -6668,16 +6690,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c1( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_82( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_65( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_7a( + libcrux_ml_kem_ind_cpa_serialize_public_key_77( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6695,9 +6717,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8c( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c1(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); } /** @@ -6708,7 +6730,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8c( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_8c( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 99d581eaf..2b1602161 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 4b2865ef7..56236f271 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: 1735cba2e140f5092bd1f11f902c535cb93a35dc + * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 */ #ifndef __libcrux_sha3_portable_H From 1e994bdc0f40faf5be754fd692bd32063b47bfc7 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 18 Sep 2024 16:14:34 +0200 Subject: [PATCH 289/348] fmt --- libcrux-intrinsics/src/avx2_extract.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 3a75871cc..ddd3ada9e 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -197,7 +197,6 @@ pub fn mm256_add_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } - pub fn mm256_madd_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } @@ -205,7 +204,6 @@ pub fn mm256_add_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } - #[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == Spec.Utils.map2 (-.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] pub fn mm256_sub_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 { From 89f91b111447c397d6809bf950b3999f9dcd5e8d Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Wed, 18 Sep 2024 14:29:50 +0000 Subject: [PATCH 290/348] portable --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 065cdb688..d8a390871 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -4,7 +4,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ Libcrux_ml_kem.Ntt.fst \ Libcrux_ml_kem.Vector.Portable.fsti \ - Libcrux_ml_kem.Vector.Portable.fst \ Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ From a0fca270d6aa1b87baad440858a9ec8bd88b14fa Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Wed, 18 Sep 2024 21:48:57 +0200 Subject: [PATCH 291/348] trait --- .../Libcrux_ml_kem.Vector.Portable.fsti | 2 +- .../Libcrux_ml_kem.Vector.Traits.fst | 17 ++++++-- .../proofs/fstar/spec/Spec.Utils.fst | 41 ++++++++++++++++--- libcrux-ml-kem/src/vector/traits.rs | 12 ++++-- 4 files changed, 59 insertions(+), 13 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 1ab0710b5..6800ca944 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 400" +#push-options "--z3rlimit 200" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index a4328b6ad..fa3af71db 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul -#push-options "--z3rlimit 50" +#push-options "--z3rlimit 100" let decompress_1_ (#v_T: Type0) @@ -14,6 +14,17 @@ let decompress_1_ let _:Prims.unit = assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) in + let _:Prims.unit = + assert (forall i. + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + ((0 - v x) == 0 \/ (0 - v x) == - 1)) + in + let _:Prims.unit = + assert (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) + in let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = assert (forall i. @@ -24,8 +35,8 @@ let decompress_1_ let res:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s in let _:Prims.unit = assert (forall i. - Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ - Seq.index (i1._super_8706949974463268012.f_repr s) i == 1665s) + Seq.index (i1._super_8706949974463268012.f_repr res) i == 0s \/ + Seq.index (i1._super_8706949974463268012.f_repr res) i == 1665s) in res diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 7af93a429..cb1f38eb1 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -209,9 +209,25 @@ val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () -#push-options "--z3rlimit 250" +#push-options "--z3rlimit 100 --split_queries always" let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): - Lemma (v @% p == v) = () + Lemma (v @% p == v) = + let m = v % p in + if v < 0 then ( + Math.Lemmas.modulo_lemma (v+p) p; + assert ((v + p) % p == v % p); + Math.Lemmas.lemma_mod_plus v 1 p; + assert (m == v + p); + assert (m >= p/2); + assert (v @% p == m - p); + assert (v @% p == v)) + else ( + assert (v >= 0 /\ v < p); + Math.Lemmas.modulo_lemma v p; + assert (v % p == v); + assert (m < p/2); + assert (v @% p == v) + ) #pop-options val lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) : @@ -235,9 +251,22 @@ let mont_red_i32 (x:i32) : i16 = let vhigh = cast (x >>! 16l) <: i16 in vhigh -. k_times_modulus -#push-options "--z3rlimit 250" +#push-options "--z3rlimit 100" let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): - Lemma ((v @% p) % p == v % p) = () + Lemma ((v @% p) % p == v % p) = + let m = v % p in + assert (m >= 0 /\ m < p); + if m >= p/2 then ( + assert ((v @%p) % p == (m - p) %p); + Math.Lemmas.lemma_mod_plus m (-1) p; + assert ((v @%p) % p == m %p); + Math.Lemmas.lemma_mod_mod m v p; + assert ((v @%p) % p == v % p) + ) else ( + assert ((v @%p) % p == m%p); + Math.Lemmas.lemma_mod_mod m v p; + assert ((v @%p) % p == v % p) + ) #pop-options let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): @@ -412,9 +441,9 @@ let barrett_red (x:i16) = x -. qm let lemma_barrett_red (x:i16) : Lemma - (requires (Spec.Utils.is_i16b 28296 x)) + (requires (is_i16b 28296 x)) (ensures (let result = barrett_red x in - Spec.Utils.is_i16b 3328 result /\ + is_i16b 3328 result /\ v result % 3329 == v x % 3329)) [SMTPat (barrett_red x)] = admit() diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index c26d49382..6b9aa17f5 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -219,19 +219,25 @@ pub fn to_unsigned_representative(a: T) -> T { T::add(a, &fm) } -#[hax_lib::fstar::options("--z3rlimit 50")] +#[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { let z = T::ZERO(); hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); + hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in + ((0 - v x) == 0 \\/ (0 - v x) == -1))"); + hax_lib::fstar!("assert(forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"); + let s = T::sub(z, &vec); hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); let res = T::bitwise_and_with_constant(s, 1665); - hax_lib::fstar!("assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ - Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 1665s)"); + hax_lib::fstar!("assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr ${res}) i == 0s \\/ + Seq.index (i1._super_8706949974463268012.f_repr ${res}) i == 1665s)"); res } From 645c2294f7f1d68c82cf184aa599d99714a15c71 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 08:50:57 +0200 Subject: [PATCH 292/348] wip --- .../BitVec.Intrinsics.Constants.fst | 264 ++ .../BitVec.Intrinsics.TestShuffle.fst | 203 ++ fstar-helpers/fstar-bitvec/BitVec.Utils.fst | 16 + fstar-helpers/fstar-bitvec/dep.graph | 2316 +++++++++++++++++ .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 47 +- libcrux-ml-kem/src/vector/avx2/serialize.rs | 184 +- .../fstar/extraction/Libcrux_platform.X86.fst | 69 + 7 files changed, 3066 insertions(+), 33 deletions(-) create mode 100644 fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst create mode 100644 fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst create mode 100644 fstar-helpers/fstar-bitvec/dep.graph create mode 100644 sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst new file mode 100644 index 000000000..9d2614842 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.Constants.fst @@ -0,0 +1,264 @@ +module BitVec.Intrinsics.Constants + +open Core +open Rust_primitives +open FStar.Mul +open FStar.FunctionalExtensionality +open BitVec.Utils +open BitVec.Equality + +let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : bit_vec 256 + = mk_bv (fun i -> + let offset = i % 16 in + match i / 16 with + | 0 -> get_bit x15 (sz offset) + | 1 -> get_bit x14 (sz offset) + | 2 -> get_bit x13 (sz offset) + | 3 -> get_bit x12 (sz offset) + | 4 -> get_bit x11 (sz offset) + | 5 -> get_bit x10 (sz offset) + | 6 -> get_bit x9 (sz offset) + | 7 -> get_bit x8 (sz offset) + | 8 -> get_bit x7 (sz offset) + | 9 -> get_bit x6 (sz offset) + | 10 -> get_bit x5 (sz offset) + | 11 -> get_bit x4 (sz offset) + | 12 -> get_bit x3 (sz offset) + | 13 -> get_bit x2 (sz offset) + | 14 -> get_bit x1 (sz offset) + | 15 -> get_bit x0 (sz offset) + ) + +let madd_rhs (n: nat {n < 16}) = + mm256_set_epi16 + (1s < bit_vec 256 = admit () + +open Tactics.Utils + +open FStar.Tactics + +(** Unifies `t` with `fn x1 ... xN`, where `x1` and `xN` are +unification variables. This returns a list of terms to substitute `x1` +... `xN` with. *) +let unify_app (t fn: term) norm_steps: Tac (option (list term)) + = let bds = fst (collect_arr_bs (tc (cur_env ()) fn)) in + let _fake_goal = + (* create a goal `b1 -> ... -> bn -> squash True` *) + let trivial = pack_comp (C_Total (`squash True)) in + unshelve (fresh_uvar (Some (mk_arr bds trivial))) + in + (* get back the binders `b1`, ..., `bn` *) + let bds = intros () in + let args = map (fun (b: binder) -> b <: term) bds in + let norm_term = norm_term (hnf::norm_steps) in + let fn, t = norm_term (mk_e_app fn args), norm_term t in + let vars = map (fun b -> + let b = inspect_binder b in + let {bv_index = uniq; bv_ppname = ppname} = inspect_bv b.binder_bv in + let nv: namedv_view = {uniq; ppname; sort = seal (`_)} in + (FStar.Reflection.V2.pack_namedv nv, b.binder_sort) + ) bds in + let?# substs = fst (try_unify (cur_env ()) vars fn t) in + if List.Tot.length substs <> List.Tot.length bds + then fail "unify_app: inconsistent lengths"; + (* solve the trivial goal introduced at the begining *) + trivial (); + Some (List.Tot.rev (map (fun (_, t) -> t) substs)) + +irreducible let add (x y: int): int = x + y + +let f (a b c d: int): int = add (add (add a b) c) d + +// #push-options "--print_full_names --print_implicits --print_bound_var_types" +let _ = assert true by ( + let r = + unify_app + (quote (f 1 2 3 4)) + (quote f) + [delta_only [`%f]] + in + let s = term_to_string (quote r) + in + print s + ) + +let test x y (#[( + let n = fresh_namedv () in + let y = quote y in + let y' = `(madd_rhs (`#n)) in + let n = FStar.Reflection.V2.pack_namedv n in + let t = match try_unify (cur_env ()) [(n,`(n: nat {n < 16}))] y y' with + | (Some [v, t'], _) -> + `(stupid (`#t')) + | _ -> `(stupid (`#y)) in + exact t +)]f: bit_vec 256 -> bit_vec 256) = f x + +let xx = fun x -> test x (madd_rhs 12) + +irreducible let vec256_to_i16s (bv: bit_vec 256) + : (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + & (i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) + = admit () + +irreducible let rw_vec256_to_i16_ints + (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) + : Lemma ( + vec256_to_i16s (mm256_set_epi16 x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15) + == ((x0, x1, x2, x3, x4, x5, x6, x7), (x8, x9, x10, x11, x12, x13, x14, x15)) + ) = admit () + +let madd_rhs (n: nat {n < 16}) = + mm256_set_epi16 + (1s <= 1 + && v x0 = v x2 && v x0 = v x4 && v x0 = v x6 && v x0 = v x8 + && v x0 = v x10 && v x0 = v x12 && v x0 = v x14 + && v x1 = 1 && v x3 = 1 && v x5 = 1 && v x7 = 1 + && v x9 = 1 && v x11= 1 && v x13= 1 && v x15= 1 + then match Tactics.Pow2.log2 (v x0 <: nat) with + | Some coef -> + if coef < 16 + then ( + assert (v ((1s < None + else None +#pop-options + +open FStar.Tactics.V2 +[@@FStar.Tactics.V2.postprocess_with (fun _ -> + compute (); + Tactics.Seq.norm_index (); + compute (); + fail "x" +)] +let aa = + let n = 12 in + let tuple = ( + ( (1s < n | None -> 0 in + x + +open Tactics.Utils +open FStar.Tactics.V2 +module Visit = FStar.Tactics.Visit + +let rec any (f: 'a -> bool) (l: list 'a): bool + = match l with + | [] -> false + | hd::tl -> if f hd + then true + else any f tl + +exception FoundFreeLocalVar +let is_closed_term (x: term): Tac bool + = try + let _ = FStar.Tactics.Visit.visit_tm ( + function + | Tv_Var _ | Tv_BVar _ -> raise FoundFreeLocalVar + | x -> x + ) x + in true + with | FoundFreeLocalVar -> false + | e -> raise e + +let rw_mm256_set_epi16 t = + let?# (f, [arg,_]) = expect_app_n t 1 in + let?# _ = expect_free_var f (`%vec256_to_i16_ints) in + let?? _ = is_closed_term arg in + let?# (f, args) = expect_app_n arg 16 in + let?# _ = expect_free_var f (`%mm256_set_epi16) in + pointwise' (fun _ -> + let _ = let?# (lhs, _, _) = expect_lhs_eq_rhs () in + Some (if any (fun (arg, _) -> term_eq lhs arg) args + then norm [primops; iota; delta; zeta_full] + else ()) + in trefl () + ); + Some () + +let rec expect_madd_rhs' (bv: bit_vec 256) (n:nat {n < 16}) + : result: option (n: nat {n < 16}) { match result with + | Some n -> bv == madd_rhs n + | _ -> True + } + = if bv_equality bv (madd_rhs n) + then ( bv_equality_elim bv (madd_rhs n); + Some n ) + else if n = 0 then None + else expect_madd_rhs' bv (n - 1) + +irreducible let expect_madd_rhs (bv: bit_vec 256): option (n: nat {n < 16}) + = expect_madd_rhs' bv 15 + +// let rewrite_expect_madd_rhs +// (bv: bit_vec 256) (n: nat {n < 16}) +// : Lemma (requires bv == madd_rhs n) +// (ensures ) +// = () + diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst new file mode 100644 index 000000000..0c60d6587 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.TestShuffle.fst @@ -0,0 +1,203 @@ +module BitVec.Intrinsics.TestShuffle + +open Rust_primitives +open FStar.Mul +open BitVec.Utils +open BitVec.Intrinsics + +assume val stuck: #a:Type -> #b:Type -> a -> b + +let index64 l (i: nat {i < List.Tot.length l}) = + match l with + | [x0;x1;x2;x3] -> + (match i with + | 0 -> x0 | 1 -> x1 | 2 -> x2 | 3 -> x3) + | [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15;x16;x17;x18;x19;x20;x21;x22;x23;x24;x25;x26;x27;x28;x29;x30;x31;x32;x33;x34;x35;x36;x37;x38;x39;x40;x41;x42;x43;x44;x45;x46;x47;x48;x49;x50;x51;x52;x53;x54;x55;x56;x57;x58;x59;x60;x61;x62;x63] -> + (match i with + | 0 -> x0 | 1 -> x1 | 2 -> x2 | 3 -> x3 | 4 -> x4 | 5 -> x5 | 6 -> x6 | 7 -> x7 | 8 -> x8 | 9 -> x9 | 10 -> x10 | 11 -> x11 | 12 -> x12 | 13 -> x13 | 14 -> x14 | 15 -> x15 + | 16 -> x16 | 17 -> x17 | 18 -> x18 | 19 -> x19 | 20 -> x20 | 21 -> x21 | 22 -> x22 | 23 -> x23 | 24 -> x24 | 25 -> x25 | 26 -> x26 | 27 -> x27 | 28 -> x28 | 29 -> x29 | 30 -> x30 | 31 -> x31 + | 32 -> x32 | 33 -> x33 | 34 -> x34 | 35 -> x35 | 36 -> x36 | 37 -> x37 | 38 -> x38 | 39 -> x39 | 40 -> x40 | 41 -> x41 | 42 -> x42 | 43 -> x43 | 44 -> x44 | 45 -> x45 | 46 -> x46 | 47 -> x47 + | 48 -> x48 | 49 -> x49 | 50 -> x50 | 51 -> x51 | 52 -> x52 | 53 -> x53 | 54 -> x54 | 55 -> x55 | 56 -> x56 | 57 -> x57 | 58 -> x58 | 59 -> x59 | 60 -> x60 | 61 -> x61 | 62 -> x62 | 63 -> x63) + | _ -> stuck "index" + +assume val nth: list bit -> nat -> bit + +let bv_of_list_list (n: pos) (l: list (l: list bit {List.Tot.length l == n})): bit_vec (List.Tot.length l * n) + = mk_bv (fun i -> nth (index64 l (i / n)) (i % n)) + +let z: l: list bit {List.Tot.length l == 4} = [0;0;0;0] + +type result #t0 #t1 #t2 #t3 #t4 = { + vector: t0; + adjacent_2_combined: t1; + adjacent_8_combined: t2; + combined': t3; + combined: t4; + } + +// /// We view `x` as a sequence of pairs of 16 bits, of the shape +// /// `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)`: only the last `n` bits are non-zero. +// /// We output a sequence of 32 bits `0b0…0b₁…bₙa₁…aₙ`. +// let mm256_madd_epi16_specialized' (x: bit_vec 256) (n: nat {n < 16}): bit_vec 256 = +// mk_bv (fun i -> let j = i % 32 in +// // `x i` is the `j`th bit in the `i/32`th pair of 16 bits `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` +// // we want to construct the `j`th bit of `0b0…0b₁…bₙa₁…aₙ` +// let is_zero = +// // `|b₁…bₙa₁…aₙ| = n * 2`: if we're above that, we want to produce the bit `0` +// j >= n * 2 +// in +// if is_zero +// then 0 +// else if j < n +// then x i // we want to produce the bit `aⱼ` +// else +// // the bit from `b` is in the second item of the pair `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` +// x (i - n + 16) +// ) + +// let mm256_permutevar8x32_epi32_i32 (a: bit_vec 256) (b: list _ {List.Tot.length b == 8}): bit_vec 256 = +// mk_bv (fun i -> +// let j = i / 32 in +// let index = (List.Tot.index b (7 - j) % 8) * 32 in +// a (index + i % 32)) + +let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_madd_epi16_specialized' vector 4 + // Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector + // (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < bit) = [f 0;f 1;f 2;f 3;f 4;f 5;f 6;f 7;f 8;f 9;f 10;f 11;f 12;f 13;f 14;f 15;f 16;f 17;f 18;f 19;f 20;f 21;f 22;f 23;f 24;f 25;f 26;f 27;f 28;f 29;f 30;f 31;f 32;f 33;f 34;f 35;f 36;f 37;f 38;f 39;f 40;f 41;f 42;f 43;f 44;f 45;f 46;f 47;f 48;f 49;f 50;f 51;f 52;f 53;f 54;f 55;f 56;f 57;f 58;f 59;f 60;f 61;f 62;f 63;f 64;f 65;f 66;f 67;f 68;f 69;f 70;f 71;f 72;f 73;f 74;f 75;f 76;f 77;f 78;f 79;f 80;f 81;f 82;f 83;f 84;f 85;f 86;f 87;f 88;f 89;f 90;f 91;f 92;f 93;f 94;f 95;f 96;f 97;f 98;f 99;f 100;f 101;f 102;f 103;f 104;f 105;f 106;f 107;f 108;f 109;f 110;f 111;f 112;f 113;f 114;f 115;f 116;f 117;f 118;f 119;f 120;f 121;f 122;f 123;f 124;f 125;f 126;f 127;f 128;f 129;f 130;f 131;f 132;f 133;f 134;f 135;f 136;f 137;f 138;f 139;f 140;f 141;f 142;f 143;f 144;f 145;f 146;f 147;f 148;f 149;f 150;f 151;f 152;f 153;f 154;f 155;f 156;f 157;f 158;f 159;f 160;f 161;f 162;f 163;f 164;f 165;f 166;f 167;f 168;f 169;f 170;f 171;f 172;f 173;f 174;f 175;f 176;f 177;f 178;f 179;f 180;f 181;f 182;f 183;f 184;f 185;f 186;f 187;f 188;f 189;f 190;f 191;f 192;f 193;f 194;f 195;f 196;f 197;f 198;f 199;f 200;f 201;f 202;f 203;f 204;f 205;f 206;f 207;f 208;f 209;f 210;f 211;f 212;f 213;f 214;f 215;f 216;f 217;f 218;f 219;f 220;f 221;f 222;f 223;f 224;f 225;f 226;f 227;f 228;f 229;f 230;f 231;f 232;f 233;f 234;f 235;f 236;f 237;f 238;f 239;f 240;f 241;f 242;f 243;f 244;f 245;f 246;f 247;f 248;f 249;f 250;f 251;f 252;f 253;f 254;f 255] +let map128 (f: (i: nat {i < 128}) -> bit) = [f 0;f 1;f 2;f 3;f 4;f 5;f 6;f 7;f 8;f 9;f 10;f 11;f 12;f 13;f 14;f 15;f 16;f 17;f 18;f 19;f 20;f 21;f 22;f 23;f 24;f 25;f 26;f 27;f 28;f 29;f 30;f 31;f 32;f 33;f 34;f 35;f 36;f 37;f 38;f 39;f 40;f 41;f 42;f 43;f 44;f 45;f 46;f 47;f 48;f 49;f 50;f 51;f 52;f 53;f 54;f 55;f 56;f 57;f 58;f 59;f 60;f 61;f 62;f 63;f 64;f 65;f 66;f 67;f 68;f 69;f 70;f 71;f 72;f 73;f 74;f 75;f 76;f 77;f 78;f 79;f 80;f 81;f 82;f 83;f 84;f 85;f 86;f 87;f 88;f 89;f 90;f 91;f 92;f 93;f 94;f 95;f 96;f 97;f 98;f 99;f 100;f 101;f 102;f 103;f 104;f 105;f 106;f 107;f 108;f 109;f 110;f 111;f 112;f 113;f 114;f 115;f 116;f 117;f 118;f 119;f 120;f 121;f 122;f 123;f 124;f 125;f 126;f 127] + +let test (a b c d e f g h i j k l m n o p: (l: list bit {List.Tot.length l == 4})) = + let input = bv_of_list_list 4 [ + a;z;z;z; b;z;z;z; c;z;z;z; d;z;z;z; + e;z;z;z; f;z;z;z; g;z;z;z; h;z;z;z; + i;z;z;z; j;z;z;z; k;z;z;z; l;z;z;z; + m;z;z;z; n;z;z;z; o;z;z;z; p;z;z;z; + + // z;z;z;a; z;z;z;b; z;z;z;c; z;z;z;d; + // z;z;z;e; z;z;z;f; z;z;z;g; z;z;z;h; + // z;z;z;i; z;z;z;j; z;z;z;k; z;z;z;l; + // z;z;z;m; z;z;z;n; z;z;z;o; z;z;z;p; + ] in + serialize_4_ input + + +// let xx a b c d e f g h i j k l m n o p = +// Pervasives.norm [iota; primops; zeta_full; delta] ( +// Pervasives.norm [iota; primops; zeta; delta] ( +// let {vector; adjacent_2_combined; adjacent_8_combined; combined'; combined} = test a b c d e f g h i j k l m n o p in +// let vector = map256 (fun (idx: nat{idx < 256}) -> vector idx) in +// let adjacent_2_combined = map256 (fun (idx: nat{idx < 256}) -> adjacent_2_combined idx) in +// let adjacent_8_combined = map256 (fun (idx: nat{idx < 256}) -> adjacent_8_combined idx) in +// let combined' = map256 (fun (idx: nat{idx < 256}) -> combined' idx) in +// let combined = map128 (fun (idx: nat{idx < 128}) -> combined idx) in +// // map128 (fun (idx: nat {idx < 128}) -> test a b c d e f g h i j k l m n o p idx) +// {vector; adjacent_2_combined; adjacent_8_combined; combined'; combined} +// // (vector, adjacent_2_combined) +// ) +// ) + + + +open FStar.Tactics.V2 +open Tactics.Utils + + +open Libcrux_intrinsics.Avx2_extract {t_Vec256, t_Vec128} +// open BitVec.Intrinsics { + +// } + +#push-options "--compat_pre_core 0" +let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + BitVec.Intrinsics.mm256_madd_epi16 vector + (BitVec.Intrinsics.mm256_set_epi16 (1s < i % 16 < 4 || vector i = 0)); + assert (forall (i: nat {i < 64}). + // let local_i = i / 4 in + combined i == vector ((i / 4) * 16 + i % 4) + ) by ( + // unfold wrappers + norm [primops; iota; zeta; delta_namespace [ + `%BitVec.Intrinsics.mm256_shuffle_epi8; + `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; + `%BitVec.Intrinsics.mm256_madd_epi16; + `%BitVec.Intrinsics.mm256_castsi256_si128; + "BitVec.Utils"; + ]]; + Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + let reduce t = + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.FunctionalExtensionality"; + t; + `%BitVec.Utils.mk_bv; + `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]]; + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.List.Tot"; `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]] + in + reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); + reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); + grewrite (quote (forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) (`true); + flip (); smt (); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); + // focus (fun _ -> dump' "Goal!!"); + trivial () + )) + ); + combined diff --git a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst index 8cedb60aa..360b2424e 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst +++ b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst @@ -19,3 +19,19 @@ let mk_list_8 #a (x0 x1 x2 x3 x4 x5 x6 x7: a) assert_norm (List.Tot.length l == 8); l +let rw_get_bit_cast #t #u + (x: int_t t) (nth: usize) + : Lemma (requires v nth < bits u /\ v nth < bits u) + (ensures eq2 #bit (get_bit (cast_mod #t #u x) nth) (if v nth < bits t then get_bit x nth else 0)) + [SMTPat (get_bit (cast_mod #t #u x) nth)] + = () + +let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) + : Lemma (requires v y >= 0 /\ v y < bits t) + (ensures eq2 #bit (get_bit (x >>! y) i ) + (if v i < bits t - v y + then get_bit x (mk_int (v i + v y)) + else if signed t + then get_bit x (mk_int (bits t - 1)) + else 0)) + = () diff --git a/fstar-helpers/fstar-bitvec/dep.graph b/fstar-helpers/fstar-bitvec/dep.graph new file mode 100644 index 000000000..58c54a479 --- /dev/null +++ b/fstar-helpers/fstar-bitvec/dep.graph @@ -0,0 +1,2316 @@ +digraph { + "fstar_int32" -> "fstar_uint" + "fstar_int32" -> "fstar_uint" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "prims" + "fstar_int32" -> "prims" + "fstar_pervasives" -> "fstar_pervasives_native" + "fstar_pervasives" -> "fstar_pervasives_native" + "fstar_pervasives" -> "prims" + "fstar_pervasives" -> "prims" + "fstar_seq" -> "fstar_seq_properties" + "fstar_seq" -> "fstar_seq_properties" + "fstar_seq" -> "fstar_seq_base" + "fstar_seq" -> "fstar_seq_base" + "fstar_seq" -> "fstar_pervasives" + "fstar_seq" -> "fstar_pervasives" + "fstar_seq" -> "prims" + "fstar_seq" -> "prims" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_uint32" + "fstar_int32" -> "fstar_math_lemmas" + "fstar_int32" -> "fstar_math_lemmas" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_mul" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_int" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "fstar_pervasives" + "fstar_int32" -> "prims" + "fstar_int32" -> "prims" + "fstar_int32" -> "fstar_int32" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_stubs_tactics_types" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_reflection_v1" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_reflection_v1" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v1_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v1_syntaxhelpers" -> "prims" + "fstar_tactics_v1_syntaxhelpers" -> "prims" + "core_option" -> "fstar_pervasives" + "core_option" -> "fstar_pervasives" + "core_option" -> "prims" + "core_option" -> "prims" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "prims" + "fstar_seq_properties" -> "prims" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "prims" + "fstar_squash" -> "prims" + "fstar_squash" -> "fstar_squash" + "fstar_stubs_tactics_v1_builtins" -> "fstar_tactics_unseal" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_tactics_types" + "fstar_stubs_tactics_v1_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v1_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v1_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v1_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_reflection_v1_data" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_tactics_v1_builtins" -> "fstar_stubs_reflection_v1_builtins" + "fstar_stubs_tactics_v1_builtins" -> "fstar_vconfig" + "fstar_stubs_tactics_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v1_builtins" -> "prims" + "fstar_stubs_tactics_v1_builtins" -> "prims" + "fstar_tactics_print" -> "fstar_tactics_namedview" + "fstar_tactics_print" -> "fstar_tactics_namedview" + "fstar_tactics_print" -> "fstar_tactics_v2_derived" + "fstar_tactics_print" -> "fstar_tactics_v2_derived" + "fstar_tactics_print" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_print" -> "fstar_tactics_effect" + "fstar_tactics_print" -> "fstar_tactics_effect" + "fstar_tactics_print" -> "fstar_reflection_v2" + "fstar_tactics_print" -> "fstar_reflection_v2" + "fstar_tactics_print" -> "fstar_pervasives" + "fstar_tactics_print" -> "fstar_pervasives" + "fstar_tactics_print" -> "prims" + "fstar_tactics_print" -> "prims" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_mul" + "lib_inttypes" -> "fstar_mul" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "prims" + "lib_inttypes" -> "prims" + "fstar_reflection_v1_compare" -> "fstar_reflection_v2_compare" + "fstar_reflection_v1_compare" -> "fstar_reflection_v2_compare" + "fstar_reflection_v1_compare" -> "fstar_pervasives" + "fstar_reflection_v1_compare" -> "fstar_pervasives" + "fstar_reflection_v1_compare" -> "prims" + "fstar_reflection_v1_compare" -> "prims" + "fstar_classical" -> "fstar_squash" + "fstar_classical" -> "fstar_squash" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "prims" + "fstar_classical" -> "prims" + "fstar_classical" -> "fstar_classical" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "prims" + "fstar_seq_base" -> "prims" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_properties" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_list_tot_base" + "fstar_seq_properties" -> "fstar_squash" + "fstar_seq_properties" -> "fstar_squash" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_list_tot" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_pervasives_native" + "fstar_seq_properties" -> "fstar_classical" + "fstar_seq_properties" -> "fstar_classical" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_seq_base" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "fstar_pervasives" + "fstar_seq_properties" -> "prims" + "fstar_seq_properties" -> "prims" + "fstar_seq_properties" -> "fstar_seq_properties" + "fstar_calc" -> "fstar_classical" + "fstar_calc" -> "fstar_classical" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_squash" + "fstar_calc" -> "fstar_squash" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "prims" + "fstar_calc" -> "prims" + "fstar_calc" -> "fstar_calc" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "prims" + "fstar_reflection_termeq" -> "prims" + "tactics_pow2" -> "fstar_tactics_effect" + "tactics_pow2" -> "fstar_tactics_effect" + "tactics_pow2" -> "fstar_tactics_v2" + "tactics_pow2" -> "fstar_tactics_v2" + "tactics_pow2" -> "tactics_utils" + "tactics_pow2" -> "tactics_utils" + "tactics_pow2" -> "core" + "tactics_pow2" -> "core" + "tactics_pow2" -> "fstar_pervasives" + "tactics_pow2" -> "fstar_pervasives" + "tactics_pow2" -> "prims" + "tactics_pow2" -> "prims" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "fstar_pervasives" + "fstar_classical" -> "prims" + "fstar_classical" -> "prims" + "fstar_stubs_reflection_v2_builtins" -> "fstar_stubs_reflection_v2_data" + "fstar_stubs_reflection_v2_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v2_builtins" -> "fstar_vconfig" + "fstar_stubs_reflection_v2_builtins" -> "fstar_stubs_syntax_syntax" + "fstar_stubs_reflection_v2_builtins" -> "fstar_order" + "fstar_stubs_reflection_v2_builtins" -> "fstar_order" + "fstar_stubs_reflection_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_builtins" -> "prims" + "fstar_stubs_reflection_v2_builtins" -> "prims" + "rust_primitives_bitvectors" -> "fstar_math_lemmas" + "rust_primitives_bitvectors" -> "fstar_math_lemmas" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "prims" + "rust_primitives_bitvectors" -> "prims" + "rust_primitives_bitvectors" -> "rust_primitives_bitvectors" + "fstar_option" -> "fstar_pervasives_native" + "fstar_option" -> "fstar_pervasives_native" + "fstar_option" -> "fstar_all" + "fstar_option" -> "fstar_all" + "fstar_option" -> "fstar_pervasives" + "fstar_option" -> "fstar_pervasives" + "fstar_option" -> "prims" + "fstar_option" -> "prims" + "fstar_propositionalextensionality" -> "fstar_pervasives" + "fstar_propositionalextensionality" -> "fstar_pervasives" + "fstar_propositionalextensionality" -> "prims" + "fstar_propositionalextensionality" -> "prims" + "fstar_erasedlogic" -> "fstar_ghost" + "fstar_erasedlogic" -> "fstar_ghost" + "fstar_erasedlogic" -> "fstar_pervasives" + "fstar_erasedlogic" -> "fstar_pervasives" + "fstar_erasedlogic" -> "prims" + "fstar_erasedlogic" -> "prims" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "core" + "bitveceq" -> "core" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "prims" + "bitveceq" -> "prims" + "bitveceq" -> "bitveceq" + "fstar_issue" -> "fstar_stubs_pprint" + "fstar_issue" -> "fstar_range" + "fstar_issue" -> "fstar_pervasives" + "fstar_issue" -> "fstar_pervasives" + "fstar_issue" -> "prims" + "fstar_issue" -> "prims" + "fstar_mul" -> "fstar_pervasives" + "fstar_mul" -> "fstar_pervasives" + "fstar_mul" -> "prims" + "fstar_mul" -> "prims" + "tactics_utils" -> "fstar_tactics_effect" + "tactics_utils" -> "fstar_tactics_effect" + "tactics_utils" -> "fstar_char" + "tactics_utils" -> "fstar_string" + "tactics_utils" -> "fstar_reflection_v2" + "tactics_utils" -> "fstar_reflection_v2" + "tactics_utils" -> "fstar_tactics_util" + "tactics_utils" -> "fstar_tactics_util" + "tactics_utils" -> "fstar_tactics_v1" + "tactics_utils" -> "fstar_tactics_v1" + "tactics_utils" -> "fstar_tactics" + "tactics_utils" -> "fstar_tactics" + "tactics_utils" -> "fstar_pervasives_native" + "tactics_utils" -> "fstar_pervasives_native" + "tactics_utils" -> "fstar_mul" + "tactics_utils" -> "fstar_mul" + "tactics_utils" -> "fstar_class_printable" + "tactics_utils" -> "fstar_class_printable" + "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_utils" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_utils" -> "fstar_tactics_v2" + "tactics_utils" -> "fstar_tactics_v2" + "tactics_utils" -> "fstar_list_tot" + "tactics_utils" -> "fstar_list_tot" + "tactics_utils" -> "fstar_option" + "tactics_utils" -> "fstar_option" + "tactics_utils" -> "core" + "tactics_utils" -> "core" + "tactics_utils" -> "fstar_pervasives" + "tactics_utils" -> "fstar_pervasives" + "tactics_utils" -> "prims" + "tactics_utils" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "bitvec_intrinsics" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "prims" + "fstar_stubs_tactics_types" -> "fstar_issue" + "fstar_stubs_tactics_types" -> "fstar_range" + "fstar_stubs_tactics_types" -> "fstar_stubs_typechecker_core" + "fstar_stubs_tactics_types" -> "fstar_stubs_tactics_common" + "fstar_stubs_tactics_types" -> "fstar_stubs_reflection_types" + "fstar_stubs_tactics_types" -> "fstar_pervasives" + "fstar_stubs_tactics_types" -> "fstar_pervasives" + "fstar_stubs_tactics_types" -> "prims" + "fstar_stubs_tactics_types" -> "prims" + "fstar_exn" -> "fstar_pervasives" + "fstar_exn" -> "fstar_pervasives" + "fstar_exn" -> "prims" + "fstar_exn" -> "prims" + "core_iter" -> "rust_primitives_arrays" + "core_iter" -> "rust_primitives_arrays" + "core_iter" -> "core_ops_range" + "core_iter" -> "core_iter_adapters_step_by" + "core_iter" -> "core_iter_adapters_step_by" + "core_iter" -> "fstar_pervasives_native" + "core_iter" -> "fstar_pervasives_native" + "core_iter" -> "core_ops" + "core_iter" -> "core_ops" + "core_iter" -> "fstar_tactics_typeclasses" + "core_iter" -> "fstar_tactics_typeclasses" + "core_iter" -> "core_iter_adapters_enumerate" + "core_iter" -> "core_iter_adapters_enumerate" + "core_iter" -> "core_iter_traits_iterator" + "core_iter" -> "core_iter_traits_iterator" + "core_iter" -> "rust_primitives" + "core_iter" -> "rust_primitives" + "core_iter" -> "fstar_pervasives" + "core_iter" -> "fstar_pervasives" + "core_iter" -> "prims" + "core_iter" -> "prims" + "fstar_functionalextensionality" -> "fstar_pervasives_native" + "fstar_functionalextensionality" -> "fstar_pervasives_native" + "fstar_functionalextensionality" -> "fstar_tactics_effect" + "fstar_functionalextensionality" -> "fstar_tactics_effect" + "fstar_functionalextensionality" -> "fstar_stubs_tactics_types" + "fstar_functionalextensionality" -> "fstar_stubs_reflection_types" + "fstar_functionalextensionality" -> "fstar_stubs_tactics_v2_builtins" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "prims" + "fstar_functionalextensionality" -> "prims" + "fstar_functionalextensionality" -> "fstar_functionalextensionality" + "core_iter_adapters_step_by" -> "rust_primitives" + "core_iter_adapters_step_by" -> "rust_primitives" + "core_iter_adapters_step_by" -> "fstar_pervasives" + "core_iter_adapters_step_by" -> "fstar_pervasives" + "core_iter_adapters_step_by" -> "prims" + "core_iter_adapters_step_by" -> "prims" + "fstar_tactics_v1_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v1_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v1_derived" -> "fstar_squash" + "fstar_tactics_v1_derived" -> "fstar_squash" + "fstar_tactics_v1_derived" -> "fstar_range" + "fstar_tactics_v1_derived" -> "fstar_pervasives_native" + "fstar_tactics_v1_derived" -> "fstar_pervasives_native" + "fstar_tactics_v1_derived" -> "fstar_tactics_visit" + "fstar_tactics_v1_derived" -> "fstar_tactics_visit" + "fstar_tactics_v1_derived" -> "fstar_list_tot_base" + "fstar_tactics_v1_derived" -> "fstar_list_tot_base" + "fstar_tactics_v1_derived" -> "fstar_vconfig" + "fstar_tactics_v1_derived" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1_derived" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1_derived" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1_derived" -> "fstar_tactics_util" + "fstar_tactics_v1_derived" -> "fstar_tactics_util" + "fstar_tactics_v1_derived" -> "fstar_stubs_tactics_result" + "fstar_tactics_v1_derived" -> "fstar_stubs_tactics_types" + "fstar_tactics_v1_derived" -> "fstar_tactics_effect" + "fstar_tactics_v1_derived" -> "fstar_tactics_effect" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1" + "fstar_tactics_v1_derived" -> "fstar_reflection_v1" + "fstar_tactics_v1_derived" -> "fstar_pervasives" + "fstar_tactics_v1_derived" -> "fstar_pervasives" + "fstar_tactics_v1_derived" -> "prims" + "fstar_tactics_v1_derived" -> "prims" + "fstar_tactics_visit" -> "fstar_pervasives_native" + "fstar_tactics_visit" -> "fstar_pervasives_native" + "fstar_tactics_visit" -> "fstar_tactics_util" + "fstar_tactics_visit" -> "fstar_tactics_util" + "fstar_tactics_visit" -> "fstar_tactics_effect" + "fstar_tactics_visit" -> "fstar_tactics_effect" + "fstar_tactics_visit" -> "fstar_reflection_v2" + "fstar_tactics_visit" -> "fstar_reflection_v2" + "fstar_tactics_visit" -> "fstar_pervasives" + "fstar_tactics_visit" -> "fstar_pervasives" + "fstar_tactics_visit" -> "prims" + "fstar_tactics_visit" -> "prims" + "rust_primitives_bitvectors" -> "fstar_uint8" + "rust_primitives_bitvectors" -> "fstar_uint8" + "rust_primitives_bitvectors" -> "fstar_uint16" + "rust_primitives_bitvectors" -> "fstar_uint16" + "rust_primitives_bitvectors" -> "fstar_uint32" + "rust_primitives_bitvectors" -> "fstar_uint32" + "rust_primitives_bitvectors" -> "fstar_int16" + "rust_primitives_bitvectors" -> "fstar_int16" + "rust_primitives_bitvectors" -> "fstar_int32" + "rust_primitives_bitvectors" -> "fstar_int32" + "rust_primitives_bitvectors" -> "fstar_seq" + "rust_primitives_bitvectors" -> "fstar_seq" + "rust_primitives_bitvectors" -> "fstar_functionalextensionality" + "rust_primitives_bitvectors" -> "fstar_functionalextensionality" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_integers" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "rust_primitives_arrays" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_mul" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "fstar_pervasives" + "rust_primitives_bitvectors" -> "prims" + "rust_primitives_bitvectors" -> "prims" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "prims" + "fstar_uint16" -> "prims" + "fstar_uint16" -> "fstar_uint16" + "core_num_error" -> "rust_primitives" + "core_num_error" -> "rust_primitives" + "core_num_error" -> "fstar_pervasives" + "core_num_error" -> "fstar_pervasives" + "core_num_error" -> "prims" + "core_num_error" -> "prims" + "bitveceq" -> "fstar_math_lemmas" + "bitveceq" -> "fstar_math_lemmas" + "bitveceq" -> "fstar_seq" + "bitveceq" -> "fstar_seq" + "bitveceq" -> "fstar_classical_sugar" + "bitveceq" -> "fstar_classical_sugar" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "fstar_functionalextensionality" + "bitveceq" -> "mkseq" + "bitveceq" -> "mkseq" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "fstar_mul" + "bitveceq" -> "core" + "bitveceq" -> "core" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "fstar_pervasives" + "bitveceq" -> "prims" + "bitveceq" -> "prims" + "lib_inttypes" -> "fstar_bitvector" + "lib_inttypes" -> "fstar_bitvector" + "lib_inttypes" -> "fstar_seq" + "lib_inttypes" -> "fstar_seq" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_uint" + "lib_inttypes" -> "fstar_pervasives_native" + "lib_inttypes" -> "fstar_pervasives_native" + "lib_inttypes" -> "fstar_int_cast_full" + "lib_inttypes" -> "fstar_int_cast_full" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int" + "lib_inttypes" -> "fstar_int_cast" + "lib_inttypes" -> "fstar_int_cast" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int128" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int64" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int32" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int16" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_int8" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint128" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint64" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint32" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint16" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_uint8" + "lib_inttypes" -> "fstar_math_lemmas" + "lib_inttypes" -> "fstar_math_lemmas" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "fstar_pervasives" + "lib_inttypes" -> "prims" + "lib_inttypes" -> "prims" + "lib_inttypes" -> "lib_inttypes" + "fstar_int_cast_full" -> "fstar_uint128" + "fstar_int_cast_full" -> "fstar_uint128" + "fstar_int_cast_full" -> "fstar_uint64" + "fstar_int_cast_full" -> "fstar_uint64" + "fstar_int_cast_full" -> "fstar_int_cast" + "fstar_int_cast_full" -> "fstar_int_cast" + "fstar_int_cast_full" -> "fstar_pervasives" + "fstar_int_cast_full" -> "fstar_pervasives" + "fstar_int_cast_full" -> "prims" + "fstar_int_cast_full" -> "prims" + "rust_primitives_hax" -> "fstar_list_tot" + "rust_primitives_hax" -> "fstar_list_tot" + "rust_primitives_hax" -> "lib_inttypes" + "rust_primitives_hax" -> "lib_inttypes" + "rust_primitives_hax" -> "core_slice" + "rust_primitives_hax" -> "fstar_tactics_typeclasses" + "rust_primitives_hax" -> "fstar_tactics_typeclasses" + "rust_primitives_hax" -> "core_ops_index" + "rust_primitives_hax" -> "core_ops_index" + "rust_primitives_hax" -> "fstar_seq" + "rust_primitives_hax" -> "fstar_seq" + "rust_primitives_hax" -> "rust_primitives_arrays" + "rust_primitives_hax" -> "rust_primitives_arrays" + "rust_primitives_hax" -> "rust_primitives_integers" + "rust_primitives_hax" -> "rust_primitives_integers" + "rust_primitives_hax" -> "fstar_pervasives" + "rust_primitives_hax" -> "fstar_pervasives" + "rust_primitives_hax" -> "prims" + "rust_primitives_hax" -> "prims" + "fstar_reflection_v2_formula" -> "fstar_pervasives_native" + "fstar_reflection_v2_formula" -> "fstar_pervasives_native" + "fstar_reflection_v2_formula" -> "fstar_reflection_termeq_simple" + "fstar_reflection_v2_formula" -> "fstar_reflection_termeq_simple" + "fstar_reflection_v2_formula" -> "fstar_tactics_namedview" + "fstar_reflection_v2_formula" -> "fstar_tactics_namedview" + "fstar_reflection_v2_formula" -> "fstar_stubs_tactics_v2_builtins" + "fstar_reflection_v2_formula" -> "fstar_tactics_effect" + "fstar_reflection_v2_formula" -> "fstar_tactics_effect" + "fstar_reflection_v2_formula" -> "fstar_stubs_tactics_common" + "fstar_reflection_v2_formula" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_formula" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_formula" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_formula" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_formula" -> "fstar_reflection_const" + "fstar_reflection_v2_formula" -> "fstar_reflection_const" + "fstar_reflection_v2_formula" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_formula" -> "fstar_list_tot_base" + "fstar_reflection_v2_formula" -> "fstar_list_tot_base" + "fstar_reflection_v2_formula" -> "fstar_pervasives" + "fstar_reflection_v2_formula" -> "fstar_pervasives" + "fstar_reflection_v2_formula" -> "prims" + "fstar_reflection_v2_formula" -> "prims" + "fstar_tactics_unseal" -> "fstar_tactics_effect" + "fstar_tactics_unseal" -> "fstar_tactics_effect" + "fstar_tactics_unseal" -> "fstar_sealed" + "fstar_tactics_unseal" -> "fstar_pervasives" + "fstar_tactics_unseal" -> "fstar_pervasives" + "fstar_tactics_unseal" -> "prims" + "fstar_tactics_unseal" -> "prims" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_math_lemmas" + "fstar_int128" -> "fstar_math_lemmas" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "prims" + "fstar_int128" -> "prims" + "fstar_int128" -> "fstar_int128" + "tactics_seq" -> "fstar_tactics_effect" + "tactics_seq" -> "fstar_tactics_effect" + "tactics_seq" -> "fstar_pervasives_native" + "tactics_seq" -> "fstar_pervasives_native" + "tactics_seq" -> "tactics_pow2" + "tactics_seq" -> "tactics_pow2" + "tactics_seq" -> "tactics_utils" + "tactics_seq" -> "tactics_utils" + "tactics_seq" -> "fstar_option" + "tactics_seq" -> "fstar_option" + "tactics_seq" -> "fstar_mul" + "tactics_seq" -> "fstar_mul" + "tactics_seq" -> "fstar_class_printable" + "tactics_seq" -> "fstar_class_printable" + "tactics_seq" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_seq" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_seq" -> "fstar_tactics_v2" + "tactics_seq" -> "fstar_tactics_v2" + "tactics_seq" -> "fstar_seq_base" + "tactics_seq" -> "fstar_seq_base" + "tactics_seq" -> "fstar_list_tot" + "tactics_seq" -> "fstar_list_tot" + "tactics_seq" -> "core" + "tactics_seq" -> "core" + "tactics_seq" -> "fstar_pervasives" + "tactics_seq" -> "fstar_pervasives" + "tactics_seq" -> "prims" + "tactics_seq" -> "prims" + "rust_primitives" -> "fstar_seq" + "rust_primitives" -> "fstar_seq" + "rust_primitives" -> "fstar_tactics_typeclasses" + "rust_primitives" -> "fstar_tactics_typeclasses" + "rust_primitives" -> "core_ops_control_flow" + "rust_primitives" -> "core_ops_control_flow" + "rust_primitives" -> "core_result" + "rust_primitives" -> "core_result" + "rust_primitives" -> "core_option" + "rust_primitives" -> "core_option" + "rust_primitives" -> "rust_primitives_bitvectors" + "rust_primitives" -> "rust_primitives_bitvectors" + "rust_primitives" -> "rust_primitives_arrays" + "rust_primitives" -> "rust_primitives_arrays" + "rust_primitives" -> "rust_primitives_integers" + "rust_primitives" -> "rust_primitives_integers" + "rust_primitives" -> "fstar_pervasives" + "rust_primitives" -> "fstar_pervasives" + "rust_primitives" -> "prims" + "rust_primitives" -> "prims" + "fstar_set" -> "fstar_classical" + "fstar_set" -> "fstar_classical" + "fstar_set" -> "fstar_functionalextensionality" + "fstar_set" -> "fstar_functionalextensionality" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "prims" + "fstar_set" -> "prims" + "fstar_set" -> "fstar_set" + "fstar_tactics_v1_logic" -> "fstar_pervasives_native" + "fstar_tactics_v1_logic" -> "fstar_pervasives_native" + "fstar_tactics_v1_logic" -> "fstar_squash" + "fstar_tactics_v1_logic" -> "fstar_squash" + "fstar_tactics_v1_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v1_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v1_logic" -> "fstar_classical" + "fstar_tactics_v1_logic" -> "fstar_classical" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1" + "fstar_tactics_v1_logic" -> "fstar_reflection_v1" + "fstar_tactics_v1_logic" -> "fstar_tactics_util" + "fstar_tactics_v1_logic" -> "fstar_tactics_util" + "fstar_tactics_v1_logic" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1_logic" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1_logic" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1_logic" -> "fstar_tactics_effect" + "fstar_tactics_v1_logic" -> "fstar_tactics_effect" + "fstar_tactics_v1_logic" -> "fstar_pervasives" + "fstar_tactics_v1_logic" -> "fstar_pervasives" + "fstar_tactics_v1_logic" -> "prims" + "fstar_tactics_v1_logic" -> "prims" + "fstar_class_printable" -> "fstar_seq" + "fstar_class_printable" -> "fstar_seq" + "fstar_class_printable" -> "fstar_uint64" + "fstar_class_printable" -> "fstar_uint64" + "fstar_class_printable" -> "fstar_int64" + "fstar_class_printable" -> "fstar_int64" + "fstar_class_printable" -> "fstar_uint32" + "fstar_class_printable" -> "fstar_uint32" + "fstar_class_printable" -> "fstar_int32" + "fstar_class_printable" -> "fstar_int32" + "fstar_class_printable" -> "fstar_uint16" + "fstar_class_printable" -> "fstar_uint16" + "fstar_class_printable" -> "fstar_int16" + "fstar_class_printable" -> "fstar_int16" + "fstar_class_printable" -> "fstar_int8" + "fstar_class_printable" -> "fstar_int8" + "fstar_class_printable" -> "fstar_uint8" + "fstar_class_printable" -> "fstar_uint8" + "fstar_class_printable" -> "fstar_char" + "fstar_class_printable" -> "fstar_list_tot" + "fstar_class_printable" -> "fstar_list_tot" + "fstar_class_printable" -> "fstar_tactics_typeclasses" + "fstar_class_printable" -> "fstar_tactics_typeclasses" + "fstar_class_printable" -> "fstar_seq_properties" + "fstar_class_printable" -> "fstar_seq_properties" + "fstar_class_printable" -> "fstar_string" + "fstar_class_printable" -> "fstar_pervasives" + "fstar_class_printable" -> "fstar_pervasives" + "fstar_class_printable" -> "prims" + "fstar_class_printable" -> "prims" + "tactics_getbit" -> "fstar_functionalextensionality" + "tactics_getbit" -> "fstar_functionalextensionality" + "tactics_getbit" -> "tactics_machineints" + "tactics_getbit" -> "tactics_machineints" + "tactics_getbit" -> "rust_primitives_hax" + "tactics_getbit" -> "rust_primitives_hax" + "tactics_getbit" -> "tactics_seq" + "tactics_getbit" -> "tactics_seq" + "tactics_getbit" -> "bitveceq" + "tactics_getbit" -> "bitveceq" + "tactics_getbit" -> "tactics_pow2" + "tactics_getbit" -> "tactics_pow2" + "tactics_getbit" -> "tactics_utils" + "tactics_getbit" -> "tactics_utils" + "tactics_getbit" -> "fstar_option" + "tactics_getbit" -> "fstar_option" + "tactics_getbit" -> "fstar_mul" + "tactics_getbit" -> "fstar_mul" + "tactics_getbit" -> "fstar_class_printable" + "tactics_getbit" -> "fstar_class_printable" + "tactics_getbit" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_getbit" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_getbit" -> "fstar_tactics_v2" + "tactics_getbit" -> "fstar_tactics_v2" + "tactics_getbit" -> "fstar_list_tot" + "tactics_getbit" -> "fstar_list_tot" + "tactics_getbit" -> "core" + "tactics_getbit" -> "core" + "tactics_getbit" -> "fstar_pervasives" + "tactics_getbit" -> "fstar_pervasives" + "tactics_getbit" -> "prims" + "tactics_getbit" -> "prims" + "tactics_machineints" -> "fstar_uint8" + "tactics_machineints" -> "fstar_uint8" + "tactics_machineints" -> "fstar_tactics_effect" + "tactics_machineints" -> "fstar_tactics_effect" + "tactics_machineints" -> "fstar_list_tot" + "tactics_machineints" -> "fstar_list_tot" + "tactics_machineints" -> "lib_inttypes" + "tactics_machineints" -> "lib_inttypes" + "tactics_machineints" -> "fstar_pervasives_native" + "tactics_machineints" -> "fstar_pervasives_native" + "tactics_machineints" -> "rust_primitives_integers" + "tactics_machineints" -> "rust_primitives_integers" + "tactics_machineints" -> "tactics_utils" + "tactics_machineints" -> "tactics_utils" + "tactics_machineints" -> "fstar_option" + "tactics_machineints" -> "fstar_option" + "tactics_machineints" -> "fstar_class_printable" + "tactics_machineints" -> "fstar_class_printable" + "tactics_machineints" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_machineints" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_machineints" -> "fstar_tactics_v2" + "tactics_machineints" -> "fstar_tactics_v2" + "tactics_machineints" -> "fstar_pervasives" + "tactics_machineints" -> "fstar_pervasives" + "tactics_machineints" -> "prims" + "tactics_machineints" -> "prims" + "fstar_preorder" -> "fstar_pervasives" + "fstar_preorder" -> "fstar_pervasives" + "fstar_preorder" -> "prims" + "fstar_preorder" -> "prims" + "fstar_reflection_const" -> "fstar_pervasives" + "fstar_reflection_const" -> "fstar_pervasives" + "fstar_reflection_const" -> "prims" + "fstar_reflection_const" -> "prims" + "fstar_tactics_bv" -> "fstar_pervasives_native" + "fstar_tactics_bv" -> "fstar_pervasives_native" + "fstar_tactics_bv" -> "fstar_uint" + "fstar_tactics_bv" -> "fstar_uint" + "fstar_tactics_bv" -> "fstar_bv" + "fstar_tactics_bv" -> "fstar_bv" + "fstar_tactics_bv" -> "fstar_reflection_v2_arith" + "fstar_tactics_bv" -> "fstar_reflection_v2_arith" + "fstar_tactics_bv" -> "fstar_reflection_v2_formula" + "fstar_tactics_bv" -> "fstar_reflection_v2_formula" + "fstar_tactics_bv" -> "fstar_tactics_v2" + "fstar_tactics_bv" -> "fstar_tactics_v2" + "fstar_tactics_bv" -> "fstar_pervasives" + "fstar_tactics_bv" -> "fstar_pervasives" + "fstar_tactics_bv" -> "prims" + "fstar_tactics_bv" -> "prims" + "fstar_tactics_v2" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2" -> "fstar_tactics_smt" + "fstar_tactics_v2" -> "fstar_tactics_smt" + "fstar_tactics_v2" -> "fstar_tactics_mapply" + "fstar_tactics_v2" -> "fstar_tactics_mapply" + "fstar_tactics_v2" -> "fstar_tactics_namedview" + "fstar_tactics_v2" -> "fstar_tactics_namedview" + "fstar_tactics_v2" -> "fstar_tactics_visit" + "fstar_tactics_v2" -> "fstar_tactics_visit" + "fstar_tactics_v2" -> "fstar_tactics_print" + "fstar_tactics_v2" -> "fstar_tactics_print" + "fstar_tactics_v2" -> "fstar_tactics_util" + "fstar_tactics_v2" -> "fstar_tactics_util" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2" -> "fstar_tactics_v2_logic" + "fstar_tactics_v2" -> "fstar_tactics_v2_logic" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2" -> "fstar_tactics_effect" + "fstar_tactics_v2" -> "fstar_tactics_effect" + "fstar_tactics_v2" -> "fstar_stubs_tactics_types" + "fstar_tactics_v2" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2" -> "fstar_reflection_v2" + "fstar_tactics_v2" -> "fstar_reflection_v2" + "fstar_tactics_v2" -> "fstar_stubs_reflection_types" + "fstar_tactics_v2" -> "fstar_pervasives" + "fstar_tactics_v2" -> "fstar_pervasives" + "fstar_tactics_v2" -> "prims" + "fstar_tactics_v2" -> "prims" + "fstar_stubs_tactics_result" -> "fstar_stubs_tactics_types" + "fstar_stubs_tactics_result" -> "fstar_pervasives" + "fstar_stubs_tactics_result" -> "fstar_pervasives" + "fstar_stubs_tactics_result" -> "prims" + "fstar_stubs_tactics_result" -> "prims" + "fstar_tactics_effect" -> "fstar_stubs_tactics_result" + "fstar_tactics_effect" -> "fstar_stubs_tactics_types" + "fstar_tactics_effect" -> "fstar_stubs_reflection_types" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "prims" + "fstar_tactics_effect" -> "prims" + "fstar_tactics_effect" -> "fstar_tactics_effect" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "prims" + "fstar_monotonic_witnessed" -> "prims" + "fstar_range" -> "fstar_sealed" + "fstar_range" -> "fstar_pervasives" + "fstar_range" -> "fstar_pervasives" + "fstar_range" -> "prims" + "fstar_range" -> "prims" + "fstar_monotonic_witnessed" -> "fstar_classical" + "fstar_monotonic_witnessed" -> "fstar_classical" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_preorder" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "fstar_pervasives" + "fstar_monotonic_witnessed" -> "prims" + "fstar_monotonic_witnessed" -> "prims" + "fstar_monotonic_witnessed" -> "fstar_monotonic_witnessed" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "prims" + "fstar_uint32" -> "prims" + "fstar_uint32" -> "fstar_uint32" + "fstar_st" -> "fstar_set" + "fstar_st" -> "fstar_set" + "fstar_st" -> "fstar_monotonic_witnessed" + "fstar_st" -> "fstar_monotonic_witnessed" + "fstar_st" -> "fstar_preorder" + "fstar_st" -> "fstar_preorder" + "fstar_st" -> "fstar_heap" + "fstar_st" -> "fstar_heap" + "fstar_st" -> "fstar_tset" + "fstar_st" -> "fstar_tset" + "fstar_st" -> "fstar_pervasives" + "fstar_st" -> "fstar_pervasives" + "fstar_st" -> "prims" + "fstar_st" -> "prims" + "bitvec_intrinsics" -> "fstar_list_tot" + "bitvec_intrinsics" -> "fstar_list_tot" + "bitvec_intrinsics" -> "fstar_string" + "bitvec_intrinsics" -> "fstar_tactics_v2_derived" + "bitvec_intrinsics" -> "fstar_tactics_v2_derived" + "bitvec_intrinsics" -> "fstar_stubs_tactics_v2_builtins" + "bitvec_intrinsics" -> "libcrux_intrinsics_avx2_extract" + "bitvec_intrinsics" -> "libcrux_intrinsics_avx2_extract" + "bitvec_intrinsics" -> "fstar_tactics" + "bitvec_intrinsics" -> "fstar_tactics" + "bitvec_intrinsics" -> "fstar_int16" + "bitvec_intrinsics" -> "fstar_int16" + "bitvec_intrinsics" -> "fstar_tactics_v2" + "bitvec_intrinsics" -> "fstar_tactics_v2" + "bitvec_intrinsics" -> "fstar_int32" + "bitvec_intrinsics" -> "fstar_int32" + "bitvec_intrinsics" -> "tactics_utils" + "bitvec_intrinsics" -> "tactics_utils" + "bitvec_intrinsics" -> "bitvec_equality" + "bitvec_intrinsics" -> "bitvec_equality" + "bitvec_intrinsics" -> "bitvec_utils" + "bitvec_intrinsics" -> "bitvec_utils" + "bitvec_intrinsics" -> "fstar_mul" + "bitvec_intrinsics" -> "fstar_mul" + "bitvec_intrinsics" -> "rust_primitives" + "bitvec_intrinsics" -> "rust_primitives" + "bitvec_intrinsics" -> "core" + "bitvec_intrinsics" -> "core" + "bitvec_intrinsics" -> "fstar_pervasives" + "bitvec_intrinsics" -> "fstar_pervasives" + "bitvec_intrinsics" -> "prims" + "bitvec_intrinsics" -> "prims" + "fstar_stubs_typechecker_core" -> "fstar_pervasives" + "fstar_stubs_typechecker_core" -> "fstar_pervasives" + "fstar_stubs_typechecker_core" -> "prims" + "fstar_stubs_typechecker_core" -> "prims" + "fstar_char" -> "fstar_uint32" + "fstar_char" -> "fstar_uint32" + "fstar_char" -> "fstar_pervasives" + "fstar_char" -> "fstar_pervasives" + "fstar_char" -> "prims" + "fstar_char" -> "prims" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_math_lemmas" + "fstar_int8" -> "fstar_math_lemmas" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "prims" + "fstar_int8" -> "prims" + "fstar_int8" -> "fstar_int8" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_mul" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_uint" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "fstar_pervasives" + "fstar_uint32" -> "prims" + "fstar_uint32" -> "prims" + "fstar_tset" -> "fstar_squash" + "fstar_tset" -> "fstar_squash" + "fstar_tset" -> "fstar_strongexcludedmiddle" + "fstar_tset" -> "fstar_strongexcludedmiddle" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_predicateextensionality" + "fstar_tset" -> "fstar_predicateextensionality" + "fstar_tset" -> "fstar_functionalextensionality" + "fstar_tset" -> "fstar_functionalextensionality" + "fstar_tset" -> "fstar_propositionalextensionality" + "fstar_tset" -> "fstar_propositionalextensionality" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "prims" + "fstar_tset" -> "prims" + "fstar_tset" -> "fstar_tset" + "tactics_folds" -> "tactics_utils" + "tactics_folds" -> "tactics_utils" + "tactics_folds" -> "rust_primitives_hax_folds" + "tactics_folds" -> "fstar_option" + "tactics_folds" -> "fstar_option" + "tactics_folds" -> "fstar_mul" + "tactics_folds" -> "fstar_mul" + "tactics_folds" -> "fstar_class_printable" + "tactics_folds" -> "fstar_class_printable" + "tactics_folds" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_folds" -> "fstar_tactics_v2_syntaxhelpers" + "tactics_folds" -> "fstar_tactics_v2" + "tactics_folds" -> "fstar_tactics_v2" + "tactics_folds" -> "fstar_seq_base" + "tactics_folds" -> "fstar_seq_base" + "tactics_folds" -> "fstar_list_tot" + "tactics_folds" -> "fstar_list_tot" + "tactics_folds" -> "core" + "tactics_folds" -> "core" + "tactics_folds" -> "fstar_pervasives" + "tactics_folds" -> "fstar_pervasives" + "tactics_folds" -> "prims" + "tactics_folds" -> "prims" + "fstar_vconfig" -> "fstar_pervasives" + "fstar_vconfig" -> "fstar_pervasives" + "fstar_vconfig" -> "prims" + "fstar_vconfig" -> "prims" + "fstar_reflection_v2_derived" -> "fstar_list_tot_base" + "fstar_reflection_v2_derived" -> "fstar_list_tot_base" + "fstar_reflection_v2_derived" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived" -> "fstar_list_tot" + "fstar_reflection_v2_derived" -> "fstar_list_tot" + "fstar_reflection_v2_derived" -> "fstar_vconfig" + "fstar_reflection_v2_derived" -> "fstar_order" + "fstar_reflection_v2_derived" -> "fstar_order" + "fstar_reflection_v2_derived" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_derived" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_derived" -> "fstar_reflection_const" + "fstar_reflection_v2_derived" -> "fstar_reflection_const" + "fstar_reflection_v2_derived" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_derived" -> "fstar_pervasives" + "fstar_reflection_v2_derived" -> "fstar_pervasives" + "fstar_reflection_v2_derived" -> "prims" + "fstar_reflection_v2_derived" -> "prims" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_set" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "fstar_pervasives" + "fstar_tset" -> "prims" + "fstar_tset" -> "prims" + "fstar_tactics" -> "fstar_tactics_v1" + "fstar_tactics" -> "fstar_tactics_v1" + "fstar_tactics" -> "fstar_pervasives" + "fstar_tactics" -> "fstar_pervasives" + "fstar_tactics" -> "prims" + "fstar_tactics" -> "prims" + "fstar_reflection_v1_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v1_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v1_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v1_derived_lemmas" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_derived_lemmas" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_derived_lemmas" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1_derived_lemmas" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1_derived_lemmas" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v1_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v1_derived_lemmas" -> "prims" + "fstar_reflection_v1_derived_lemmas" -> "prims" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "fstar_pervasives" + "fstar_set" -> "prims" + "fstar_set" -> "prims" + "fstar_classical_sugar" -> "fstar_squash" + "fstar_classical_sugar" -> "fstar_squash" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "prims" + "fstar_classical_sugar" -> "prims" + "fstar_classical_sugar" -> "fstar_classical_sugar" + "rust_primitives_integers" -> "fstar_pervasives_native" + "rust_primitives_integers" -> "fstar_pervasives_native" + "rust_primitives_integers" -> "fstar_int" + "rust_primitives_integers" -> "fstar_int" + "rust_primitives_integers" -> "fstar_int128" + "rust_primitives_integers" -> "fstar_int128" + "rust_primitives_integers" -> "fstar_uint128" + "rust_primitives_integers" -> "fstar_uint128" + "rust_primitives_integers" -> "fstar_int64" + "rust_primitives_integers" -> "fstar_int64" + "rust_primitives_integers" -> "fstar_uint64" + "rust_primitives_integers" -> "fstar_uint64" + "rust_primitives_integers" -> "fstar_int32" + "rust_primitives_integers" -> "fstar_int32" + "rust_primitives_integers" -> "fstar_uint32" + "rust_primitives_integers" -> "fstar_uint32" + "rust_primitives_integers" -> "fstar_int16" + "rust_primitives_integers" -> "fstar_int16" + "rust_primitives_integers" -> "fstar_uint16" + "rust_primitives_integers" -> "fstar_uint16" + "rust_primitives_integers" -> "fstar_int8" + "rust_primitives_integers" -> "fstar_int8" + "rust_primitives_integers" -> "fstar_uint8" + "rust_primitives_integers" -> "fstar_uint8" + "rust_primitives_integers" -> "lib_inttypes" + "rust_primitives_integers" -> "lib_inttypes" + "rust_primitives_integers" -> "fstar_mul" + "rust_primitives_integers" -> "fstar_mul" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "prims" + "rust_primitives_integers" -> "prims" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "fstar_pervasives" + "fstar_squash" -> "prims" + "fstar_squash" -> "prims" + "fstar_stubs_reflection_types" -> "fstar_sealed" + "fstar_stubs_reflection_types" -> "fstar_range" + "fstar_stubs_reflection_types" -> "fstar_pervasives" + "fstar_stubs_reflection_types" -> "fstar_pervasives" + "fstar_stubs_reflection_types" -> "prims" + "fstar_stubs_reflection_types" -> "prims" + "fstar_tactics_v1" -> "fstar_tactics_smt" + "fstar_tactics_v1" -> "fstar_tactics_smt" + "fstar_tactics_v1" -> "fstar_tactics_visit" + "fstar_tactics_v1" -> "fstar_tactics_visit" + "fstar_tactics_v1" -> "fstar_tactics_print" + "fstar_tactics_v1" -> "fstar_tactics_print" + "fstar_tactics_v1" -> "fstar_tactics_util" + "fstar_tactics_v1" -> "fstar_tactics_util" + "fstar_tactics_v1" -> "fstar_tactics_v1_logic" + "fstar_tactics_v1" -> "fstar_tactics_v1_logic" + "fstar_tactics_v1" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1" -> "fstar_tactics_v1_syntaxhelpers" + "fstar_tactics_v1" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1" -> "fstar_tactics_v1_derived" + "fstar_tactics_v1" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_v1" -> "fstar_tactics_effect" + "fstar_tactics_v1" -> "fstar_tactics_effect" + "fstar_tactics_v1" -> "fstar_stubs_tactics_types" + "fstar_tactics_v1" -> "fstar_reflection_v1_compare" + "fstar_tactics_v1" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1" -> "fstar_reflection_v1_formula" + "fstar_tactics_v1" -> "fstar_reflection_v1_derived" + "fstar_tactics_v1" -> "fstar_reflection_v1_derived" + "fstar_tactics_v1" -> "fstar_stubs_reflection_v1_builtins" + "fstar_tactics_v1" -> "fstar_stubs_reflection_v1_data" + "fstar_tactics_v1" -> "fstar_reflection_const" + "fstar_tactics_v1" -> "fstar_reflection_const" + "fstar_tactics_v1" -> "fstar_stubs_reflection_types" + "fstar_tactics_v1" -> "fstar_pervasives" + "fstar_tactics_v1" -> "fstar_pervasives" + "fstar_tactics_v1" -> "prims" + "fstar_tactics_v1" -> "prims" + "fstar_list_tot" -> "fstar_list_tot_properties" + "fstar_list_tot" -> "fstar_list_tot_properties" + "fstar_list_tot" -> "fstar_list_tot_base" + "fstar_list_tot" -> "fstar_list_tot_base" + "fstar_list_tot" -> "fstar_pervasives" + "fstar_list_tot" -> "fstar_pervasives" + "fstar_list_tot" -> "prims" + "fstar_list_tot" -> "prims" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "prims" + "fstar_tactics_mapply" -> "prims" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "prims" + "fstar_ghost" -> "prims" + "fstar_ghost" -> "fstar_ghost" + "fstar_bitvector" -> "fstar_seq" + "fstar_bitvector" -> "fstar_seq" + "fstar_bitvector" -> "fstar_mul" + "fstar_bitvector" -> "fstar_mul" + "fstar_bitvector" -> "fstar_pervasives" + "fstar_bitvector" -> "fstar_pervasives" + "fstar_bitvector" -> "prims" + "fstar_bitvector" -> "prims" + "core" -> "core_ops" + "core" -> "core_ops" + "core" -> "core_iter" + "core" -> "core_num" + "core" -> "rust_primitives" + "core" -> "rust_primitives" + "core" -> "fstar_pervasives" + "core" -> "fstar_pervasives" + "core" -> "prims" + "core" -> "prims" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "prims" + "fstar_uint" -> "prims" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_sealed" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_tactics_builtins" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxcoercions" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxcoercions" -> "prims" + "fstar_tactics_v2_syntaxcoercions" -> "prims" + "fstar_tactics_v2_logic" -> "fstar_pervasives_native" + "fstar_tactics_v2_logic" -> "fstar_pervasives_native" + "fstar_tactics_v2_logic" -> "fstar_squash" + "fstar_tactics_v2_logic" -> "fstar_squash" + "fstar_tactics_v2_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v2_logic" -> "fstar_indefinitedescription" + "fstar_tactics_v2_logic" -> "fstar_classical" + "fstar_tactics_v2_logic" -> "fstar_classical" + "fstar_tactics_v2_logic" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_logic" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_logic" -> "fstar_tactics_util" + "fstar_tactics_v2_logic" -> "fstar_tactics_util" + "fstar_tactics_v2_logic" -> "fstar_tactics_namedview" + "fstar_tactics_v2_logic" -> "fstar_tactics_namedview" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2_logic" -> "fstar_tactics_v2_derived" + "fstar_tactics_v2_logic" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2_logic" -> "fstar_tactics_effect" + "fstar_tactics_v2_logic" -> "fstar_tactics_effect" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2" + "fstar_tactics_v2_logic" -> "fstar_reflection_v2" + "fstar_tactics_v2_logic" -> "fstar_pervasives" + "fstar_tactics_v2_logic" -> "fstar_pervasives" + "fstar_tactics_v2_logic" -> "prims" + "fstar_tactics_v2_logic" -> "prims" + "fstar_uint" -> "fstar_calc" + "fstar_uint" -> "fstar_calc" + "fstar_uint" -> "fstar_seq_base" + "fstar_uint" -> "fstar_seq_base" + "fstar_uint" -> "fstar_classical" + "fstar_uint" -> "fstar_classical" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_seq" + "fstar_uint" -> "fstar_math_lib" + "fstar_uint" -> "fstar_math_lib" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_math_lemmas" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_bitvector" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_mul" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "fstar_pervasives" + "fstar_uint" -> "prims" + "fstar_uint" -> "prims" + "fstar_uint" -> "fstar_uint" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "prims" + "fstar_uint8" -> "prims" + "fstar_uint8" -> "fstar_uint8" + "fstar_monotonic_pure" -> "fstar_pervasives" + "fstar_monotonic_pure" -> "fstar_pervasives" + "fstar_monotonic_pure" -> "prims" + "fstar_monotonic_pure" -> "prims" + "core_ops_index" -> "fstar_tactics_typeclasses" + "core_ops_index" -> "fstar_tactics_typeclasses" + "core_ops_index" -> "fstar_pervasives" + "core_ops_index" -> "fstar_pervasives" + "core_ops_index" -> "prims" + "core_ops_index" -> "prims" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "prims" + "fstar_uint64" -> "prims" + "fstar_uint64" -> "fstar_uint64" + "fstar_float" -> "fstar_pervasives" + "fstar_float" -> "fstar_pervasives" + "fstar_float" -> "prims" + "fstar_float" -> "prims" + "fstar_reflection_v2_compare" -> "fstar_ghost" + "fstar_reflection_v2_compare" -> "fstar_ghost" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2_compare" -> "fstar_pervasives_native" + "fstar_reflection_v2_compare" -> "fstar_pervasives_native" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "prims" + "fstar_reflection_v2_compare" -> "prims" + "fstar_reflection_v2_compare" -> "fstar_reflection_v2_compare" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_math_lib" + "fstar_int" -> "fstar_math_lib" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "prims" + "fstar_int" -> "prims" + "fstar_int" -> "fstar_int" + "fstar_int16" -> "fstar_uint" + "fstar_int16" -> "fstar_uint" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "prims" + "fstar_int16" -> "prims" + "fstar_list" -> "fstar_pervasives_native" + "fstar_list" -> "fstar_pervasives_native" + "fstar_list" -> "fstar_list_tot" + "fstar_list" -> "fstar_list_tot" + "fstar_list" -> "fstar_all" + "fstar_list" -> "fstar_all" + "fstar_list" -> "fstar_pervasives" + "fstar_list" -> "fstar_pervasives" + "fstar_list" -> "prims" + "fstar_list" -> "prims" + "fstar_predicateextensionality" -> "fstar_propositionalextensionality" + "fstar_predicateextensionality" -> "fstar_propositionalextensionality" + "fstar_predicateextensionality" -> "fstar_functionalextensionality" + "fstar_predicateextensionality" -> "fstar_functionalextensionality" + "fstar_predicateextensionality" -> "fstar_pervasives" + "fstar_predicateextensionality" -> "fstar_pervasives" + "fstar_predicateextensionality" -> "prims" + "fstar_predicateextensionality" -> "prims" + "fstar_reflection_v1_derived" -> "fstar_list_tot_base" + "fstar_reflection_v1_derived" -> "fstar_list_tot_base" + "fstar_reflection_v1_derived" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived" -> "fstar_pervasives_native" + "fstar_reflection_v1_derived" -> "fstar_vconfig" + "fstar_reflection_v1_derived" -> "fstar_order" + "fstar_reflection_v1_derived" -> "fstar_order" + "fstar_reflection_v1_derived" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1_derived" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1_derived" -> "fstar_reflection_const" + "fstar_reflection_v1_derived" -> "fstar_reflection_const" + "fstar_reflection_v1_derived" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1_derived" -> "fstar_pervasives" + "fstar_reflection_v1_derived" -> "fstar_pervasives" + "fstar_reflection_v1_derived" -> "prims" + "fstar_reflection_v1_derived" -> "prims" + "fstar_stubs_reflection_v2_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v2_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v2_data" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v2_data" -> "fstar_stubs_syntax_syntax" + "fstar_stubs_reflection_v2_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v2_data" -> "prims" + "fstar_stubs_reflection_v2_data" -> "prims" + "fstar_stubs_reflection_v1_builtins" -> "fstar_vconfig" + "fstar_stubs_reflection_v1_builtins" -> "fstar_stubs_reflection_v1_data" + "fstar_stubs_reflection_v1_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v1_builtins" -> "fstar_order" + "fstar_stubs_reflection_v1_builtins" -> "fstar_order" + "fstar_stubs_reflection_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_builtins" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_builtins" -> "prims" + "fstar_stubs_reflection_v1_builtins" -> "prims" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "prims" + "fstar_uint128" -> "prims" + "fstar_reflection_v2_arith" -> "fstar_classical" + "fstar_reflection_v2_arith" -> "fstar_classical" + "fstar_reflection_v2_arith" -> "fstar_list_tot" + "fstar_reflection_v2_arith" -> "fstar_list_tot" + "fstar_reflection_v2_arith" -> "fstar_pervasives_native" + "fstar_reflection_v2_arith" -> "fstar_pervasives_native" + "fstar_reflection_v2_arith" -> "fstar_list_tot_base" + "fstar_reflection_v2_arith" -> "fstar_list_tot_base" + "fstar_reflection_v2_arith" -> "fstar_order" + "fstar_reflection_v2_arith" -> "fstar_order" + "fstar_reflection_v2_arith" -> "fstar_reflection_v2" + "fstar_reflection_v2_arith" -> "fstar_reflection_v2" + "fstar_reflection_v2_arith" -> "fstar_tactics_v2" + "fstar_reflection_v2_arith" -> "fstar_tactics_v2" + "fstar_reflection_v2_arith" -> "fstar_pervasives" + "fstar_reflection_v2_arith" -> "fstar_pervasives" + "fstar_reflection_v2_arith" -> "prims" + "fstar_reflection_v2_arith" -> "prims" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "fstar_pervasives" + "fstar_functionalextensionality" -> "prims" + "fstar_functionalextensionality" -> "prims" + "fstar_reflection_termeq" -> "fstar_classical_sugar" + "fstar_reflection_termeq" -> "fstar_classical_sugar" + "fstar_reflection_termeq" -> "fstar_sealed" + "fstar_reflection_termeq" -> "fstar_pervasives_native" + "fstar_reflection_termeq" -> "fstar_pervasives_native" + "fstar_reflection_termeq" -> "fstar_strongexcludedmiddle" + "fstar_reflection_termeq" -> "fstar_strongexcludedmiddle" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_list_tot" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_termeq" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "fstar_pervasives" + "fstar_reflection_termeq" -> "prims" + "fstar_reflection_termeq" -> "prims" + "fstar_reflection_termeq" -> "fstar_reflection_termeq" + "fstar_reflection_v2_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v2_derived_lemmas" -> "fstar_classical" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives_native" + "fstar_reflection_v2_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v2_derived_lemmas" -> "fstar_list_tot" + "fstar_reflection_v2_derived_lemmas" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_derived_lemmas" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2_derived_lemmas" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_derived_lemmas" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2_derived_lemmas" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v2_derived_lemmas" -> "fstar_pervasives" + "fstar_reflection_v2_derived_lemmas" -> "prims" + "fstar_reflection_v2_derived_lemmas" -> "prims" + "core_ops_range" -> "rust_primitives_hax" + "core_ops_range" -> "rust_primitives_hax" + "core_ops_range" -> "fstar_seq" + "core_ops_range" -> "fstar_seq" + "core_ops_range" -> "core_ops_index" + "core_ops_range" -> "core_ops_index" + "core_ops_range" -> "fstar_tactics_typeclasses" + "core_ops_range" -> "fstar_tactics_typeclasses" + "core_ops_range" -> "fstar_pervasives_native" + "core_ops_range" -> "fstar_pervasives_native" + "core_ops_range" -> "core_iter_traits_iterator" + "core_ops_range" -> "core_iter_traits_iterator" + "core_ops_range" -> "rust_primitives" + "core_ops_range" -> "rust_primitives" + "core_ops_range" -> "fstar_pervasives" + "core_ops_range" -> "fstar_pervasives" + "core_ops_range" -> "prims" + "core_ops_range" -> "prims" + "core_iter_traits_iterator" -> "fstar_tactics_typeclasses" + "core_iter_traits_iterator" -> "fstar_tactics_typeclasses" + "core_iter_traits_iterator" -> "core_iter_adapters_step_by" + "core_iter_traits_iterator" -> "core_iter_adapters_step_by" + "core_iter_traits_iterator" -> "core_iter_adapters_enumerate" + "core_iter_traits_iterator" -> "core_iter_adapters_enumerate" + "core_iter_traits_iterator" -> "rust_primitives" + "core_iter_traits_iterator" -> "rust_primitives" + "core_iter_traits_iterator" -> "fstar_pervasives" + "core_iter_traits_iterator" -> "fstar_pervasives" + "core_iter_traits_iterator" -> "prims" + "core_iter_traits_iterator" -> "prims" + "fstar_bv" -> "fstar_list" + "fstar_bv" -> "fstar_list" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "prims" + "fstar_bv" -> "prims" + "fstar_math_lemmas" -> "fstar_calc" + "fstar_math_lemmas" -> "fstar_calc" + "fstar_math_lemmas" -> "fstar_math_lib" + "fstar_math_lemmas" -> "fstar_math_lib" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "prims" + "fstar_math_lemmas" -> "prims" + "fstar_math_lemmas" -> "fstar_math_lemmas" + "fstar_tactics_builtins" -> "fstar_stubs_tactics_v1_builtins" + "fstar_tactics_builtins" -> "fstar_pervasives" + "fstar_tactics_builtins" -> "fstar_pervasives" + "fstar_tactics_builtins" -> "prims" + "fstar_tactics_builtins" -> "prims" + "fstar_string" -> "fstar_all" + "fstar_string" -> "fstar_all" + "fstar_string" -> "fstar_list" + "fstar_string" -> "fstar_list" + "fstar_string" -> "fstar_char" + "fstar_string" -> "fstar_list_tot" + "fstar_string" -> "fstar_list_tot" + "fstar_string" -> "fstar_pervasives" + "fstar_string" -> "fstar_pervasives" + "fstar_string" -> "prims" + "fstar_string" -> "prims" + "fstar_pervasives" -> "prims" + "fstar_pervasives" -> "prims" + "fstar_pervasives" -> "fstar_pervasives" + "fstar_tactics_util" -> "fstar_pervasives_native" + "fstar_tactics_util" -> "fstar_pervasives_native" + "fstar_tactics_util" -> "fstar_list_tot_base" + "fstar_tactics_util" -> "fstar_list_tot_base" + "fstar_tactics_util" -> "fstar_tactics_effect" + "fstar_tactics_util" -> "fstar_tactics_effect" + "fstar_tactics_util" -> "fstar_pervasives" + "fstar_tactics_util" -> "fstar_pervasives" + "fstar_tactics_util" -> "prims" + "fstar_tactics_util" -> "prims" + "core_slice_iter" -> "rust_primitives" + "core_slice_iter" -> "rust_primitives" + "core_slice_iter" -> "fstar_pervasives" + "core_slice_iter" -> "fstar_pervasives" + "core_slice_iter" -> "prims" + "core_slice_iter" -> "prims" + "core_ops_control_flow" -> "fstar_pervasives" + "core_ops_control_flow" -> "fstar_pervasives" + "core_ops_control_flow" -> "prims" + "core_ops_control_flow" -> "prims" + "core_slice" -> "fstar_tactics_typeclasses" + "core_slice" -> "fstar_tactics_typeclasses" + "core_slice" -> "core_ops_index" + "core_slice" -> "core_ops_index" + "core_slice" -> "core_slice_iter" + "core_slice" -> "core_slice_iter" + "core_slice" -> "fstar_seq" + "core_slice" -> "fstar_seq" + "core_slice" -> "rust_primitives_integers" + "core_slice" -> "rust_primitives_integers" + "core_slice" -> "rust_primitives_arrays" + "core_slice" -> "rust_primitives_arrays" + "core_slice" -> "fstar_pervasives" + "core_slice" -> "fstar_pervasives" + "core_slice" -> "prims" + "core_slice" -> "prims" + "fstar_all" -> "fstar_exn" + "fstar_all" -> "fstar_exn" + "fstar_all" -> "fstar_st" + "fstar_all" -> "fstar_st" + "fstar_all" -> "fstar_heap" + "fstar_all" -> "fstar_heap" + "fstar_all" -> "fstar_pervasives" + "fstar_all" -> "fstar_pervasives" + "fstar_all" -> "prims" + "fstar_all" -> "prims" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "fstar_pervasives" + "fstar_ghost" -> "prims" + "fstar_ghost" -> "prims" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "prims" + "fstar_indefinitedescription" -> "prims" + "fstar_list_tot_properties" -> "fstar_classical" + "fstar_list_tot_properties" -> "fstar_classical" + "fstar_list_tot_properties" -> "fstar_strongexcludedmiddle" + "fstar_list_tot_properties" -> "fstar_strongexcludedmiddle" + "fstar_list_tot_properties" -> "fstar_classical_sugar" + "fstar_list_tot_properties" -> "fstar_classical_sugar" + "fstar_list_tot_properties" -> "fstar_pervasives_native" + "fstar_list_tot_properties" -> "fstar_pervasives_native" + "fstar_list_tot_properties" -> "fstar_list_tot_base" + "fstar_list_tot_properties" -> "fstar_list_tot_base" + "fstar_list_tot_properties" -> "fstar_pervasives" + "fstar_list_tot_properties" -> "fstar_pervasives" + "fstar_list_tot_properties" -> "prims" + "fstar_list_tot_properties" -> "prims" + "fstar_stubs_syntax_syntax" -> "fstar_stubs_reflection_types" + "fstar_stubs_syntax_syntax" -> "fstar_pervasives" + "fstar_stubs_syntax_syntax" -> "fstar_pervasives" + "fstar_stubs_syntax_syntax" -> "prims" + "fstar_stubs_syntax_syntax" -> "prims" + "core_ops_arith" -> "fstar_tactics_typeclasses" + "core_ops_arith" -> "fstar_tactics_typeclasses" + "core_ops_arith" -> "rust_primitives" + "core_ops_arith" -> "rust_primitives" + "core_ops_arith" -> "fstar_pervasives" + "core_ops_arith" -> "fstar_pervasives" + "core_ops_arith" -> "prims" + "core_ops_arith" -> "prims" + "rust_primitives_hax_folds" -> "fstar_math_lemmas" + "rust_primitives_hax_folds" -> "fstar_math_lemmas" + "rust_primitives_hax_folds" -> "lib_inttypes" + "rust_primitives_hax_folds" -> "lib_inttypes" + "rust_primitives_hax_folds" -> "fstar_seq" + "rust_primitives_hax_folds" -> "fstar_seq" + "rust_primitives_hax_folds" -> "fstar_mul" + "rust_primitives_hax_folds" -> "fstar_mul" + "rust_primitives_hax_folds" -> "core_ops_range" + "rust_primitives_hax_folds" -> "rust_primitives" + "rust_primitives_hax_folds" -> "rust_primitives" + "rust_primitives_hax_folds" -> "fstar_pervasives" + "rust_primitives_hax_folds" -> "fstar_pervasives" + "rust_primitives_hax_folds" -> "prims" + "rust_primitives_hax_folds" -> "prims" + "fstar_strongexcludedmiddle" -> "fstar_pervasives" + "fstar_strongexcludedmiddle" -> "fstar_pervasives" + "fstar_strongexcludedmiddle" -> "prims" + "fstar_strongexcludedmiddle" -> "prims" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_uint32" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_mul" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_uint" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "fstar_pervasives" + "fstar_uint8" -> "prims" + "fstar_uint8" -> "prims" + "fstar_stubs_tactics_v2_builtins" -> "fstar_issue" + "fstar_stubs_tactics_v2_builtins" -> "fstar_list_tot" + "fstar_stubs_tactics_v2_builtins" -> "fstar_list_tot" + "fstar_stubs_tactics_v2_builtins" -> "fstar_ghost" + "fstar_stubs_tactics_v2_builtins" -> "fstar_ghost" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives_native" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives_native" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_pprint" + "fstar_stubs_tactics_v2_builtins" -> "fstar_tactics_unseal" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_tactics_types" + "fstar_stubs_tactics_v2_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v2_builtins" -> "fstar_tactics_effect" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_reflection_v2_builtins" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_reflection_v2_data" + "fstar_stubs_tactics_v2_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v2_builtins" -> "fstar_reflection_const" + "fstar_stubs_tactics_v2_builtins" -> "fstar_stubs_reflection_types" + "fstar_stubs_tactics_v2_builtins" -> "fstar_vconfig" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v2_builtins" -> "fstar_pervasives" + "fstar_stubs_tactics_v2_builtins" -> "prims" + "fstar_stubs_tactics_v2_builtins" -> "prims" + "rust_primitives_arrays" -> "fstar_pervasives_native" + "rust_primitives_arrays" -> "fstar_pervasives_native" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "fstar_mul" + "rust_primitives_arrays" -> "fstar_mul" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "prims" + "rust_primitives_arrays" -> "prims" + "fstar_reflection_v1" -> "fstar_reflection_v1_compare" + "fstar_reflection_v1" -> "fstar_reflection_const" + "fstar_reflection_v1" -> "fstar_reflection_const" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived_lemmas" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived_lemmas" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1" -> "fstar_pervasives" + "fstar_reflection_v1" -> "fstar_pervasives" + "fstar_reflection_v1" -> "prims" + "fstar_reflection_v1" -> "prims" + "fstar_bv" -> "fstar_math_lemmas" + "fstar_bv" -> "fstar_math_lemmas" + "fstar_bv" -> "fstar_seq" + "fstar_bv" -> "fstar_seq" + "fstar_bv" -> "fstar_bitvector" + "fstar_bv" -> "fstar_bitvector" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_uint" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "fstar_pervasives" + "fstar_bv" -> "prims" + "fstar_bv" -> "prims" + "fstar_bv" -> "fstar_bv" + "fstar_list_tot_base" -> "fstar_classical_sugar" + "fstar_list_tot_base" -> "fstar_classical_sugar" + "fstar_list_tot_base" -> "fstar_pervasives_native" + "fstar_list_tot_base" -> "fstar_pervasives_native" + "fstar_list_tot_base" -> "fstar_pervasives" + "fstar_list_tot_base" -> "fstar_pervasives" + "fstar_list_tot_base" -> "prims" + "fstar_list_tot_base" -> "prims" + "fstar_math_lib" -> "fstar_mul" + "fstar_math_lib" -> "fstar_mul" + "fstar_math_lib" -> "fstar_pervasives" + "fstar_math_lib" -> "fstar_pervasives" + "fstar_math_lib" -> "prims" + "fstar_math_lib" -> "prims" + "core_num" -> "fstar_tactics_typeclasses" + "core_num" -> "fstar_tactics_typeclasses" + "core_num" -> "core_ops_arith" + "core_num" -> "core_num_error" + "core_num" -> "core_result" + "core_num" -> "core_result" + "core_num" -> "fstar_math_lemmas" + "core_num" -> "fstar_math_lemmas" + "core_num" -> "lib_inttypes" + "core_num" -> "lib_inttypes" + "core_num" -> "fstar_uint128" + "core_num" -> "fstar_uint128" + "core_num" -> "fstar_uint32" + "core_num" -> "fstar_uint32" + "core_num" -> "rust_primitives" + "core_num" -> "rust_primitives" + "core_num" -> "fstar_pervasives" + "core_num" -> "fstar_pervasives" + "core_num" -> "prims" + "core_num" -> "prims" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_mul" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "fstar_pervasives" + "fstar_math_lemmas" -> "prims" + "fstar_math_lemmas" -> "prims" + "fstar_reflection_termeq_simple" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_uint32" + "fstar_int16" -> "fstar_math_lemmas" + "fstar_int16" -> "fstar_math_lemmas" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_mul" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_int" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "fstar_pervasives" + "fstar_int16" -> "prims" + "fstar_int16" -> "prims" + "fstar_int16" -> "fstar_int16" + "bitvec_utils" -> "rust_primitives_bitvectors" + "bitvec_utils" -> "rust_primitives_bitvectors" + "bitvec_utils" -> "bitvec_equality" + "bitvec_utils" -> "bitvec_equality" + "bitvec_utils" -> "fstar_functionalextensionality" + "bitvec_utils" -> "fstar_functionalextensionality" + "bitvec_utils" -> "core" + "bitvec_utils" -> "core" + "bitvec_utils" -> "fstar_pervasives" + "bitvec_utils" -> "fstar_pervasives" + "bitvec_utils" -> "prims" + "bitvec_utils" -> "prims" + "fstar_tactics_typeclasses" -> "fstar_stubs_pprint" + "fstar_tactics_typeclasses" -> "fstar_list_tot" + "fstar_tactics_typeclasses" -> "fstar_list_tot" + "fstar_tactics_typeclasses" -> "fstar_tactics_util" + "fstar_tactics_typeclasses" -> "fstar_tactics_util" + "fstar_tactics_typeclasses" -> "fstar_reflection_termeq_simple" + "fstar_tactics_typeclasses" -> "fstar_reflection_termeq_simple" + "fstar_tactics_typeclasses" -> "fstar_pervasives_native" + "fstar_tactics_typeclasses" -> "fstar_pervasives_native" + "fstar_tactics_typeclasses" -> "fstar_stubs_reflection_v2_builtins" + "fstar_tactics_typeclasses" -> "fstar_list_tot_base" + "fstar_tactics_typeclasses" -> "fstar_list_tot_base" + "fstar_tactics_typeclasses" -> "fstar_tactics_namedview" + "fstar_tactics_typeclasses" -> "fstar_tactics_namedview" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_derived" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_derived" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_typeclasses" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_typeclasses" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_stubs_tactics_common" + "fstar_tactics_typeclasses" -> "fstar_reflection_v2" + "fstar_tactics_typeclasses" -> "fstar_reflection_v2" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "prims" + "fstar_tactics_typeclasses" -> "prims" + "fstar_tactics_typeclasses" -> "fstar_tactics_typeclasses" + "rust_primitives_integers" -> "fstar_int_cast" + "rust_primitives_integers" -> "fstar_int_cast" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "fstar_pervasives" + "rust_primitives_integers" -> "prims" + "rust_primitives_integers" -> "prims" + "rust_primitives_integers" -> "rust_primitives_integers" + "fstar_tactics_namedview" -> "fstar_range" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "prims" + "fstar_tactics_namedview" -> "prims" + "fstar_reflection_v2" -> "fstar_reflection_v2_compare" + "fstar_reflection_v2" -> "fstar_reflection_v2_compare" + "fstar_reflection_v2" -> "fstar_reflection_const" + "fstar_reflection_v2" -> "fstar_reflection_const" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived_lemmas" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2" -> "fstar_reflection_v2_derived" + "fstar_reflection_v2" -> "fstar_stubs_reflection_v2_builtins" + "fstar_reflection_v2" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2" -> "fstar_pervasives" + "fstar_reflection_v2" -> "fstar_pervasives" + "fstar_reflection_v2" -> "prims" + "fstar_reflection_v2" -> "prims" + "fstar_int_cast" -> "fstar_int" + "fstar_int_cast" -> "fstar_int" + "fstar_int_cast" -> "fstar_int64" + "fstar_int_cast" -> "fstar_int64" + "fstar_int_cast" -> "fstar_int32" + "fstar_int_cast" -> "fstar_int32" + "fstar_int_cast" -> "fstar_int16" + "fstar_int_cast" -> "fstar_int16" + "fstar_int_cast" -> "fstar_int8" + "fstar_int_cast" -> "fstar_int8" + "fstar_int_cast" -> "fstar_uint64" + "fstar_int_cast" -> "fstar_uint64" + "fstar_int_cast" -> "fstar_uint32" + "fstar_int_cast" -> "fstar_uint32" + "fstar_int_cast" -> "fstar_uint16" + "fstar_int_cast" -> "fstar_uint16" + "fstar_int_cast" -> "fstar_uint8" + "fstar_int_cast" -> "fstar_uint8" + "fstar_int_cast" -> "fstar_pervasives" + "fstar_int_cast" -> "fstar_pervasives" + "fstar_int_cast" -> "prims" + "fstar_int_cast" -> "prims" + "fstar_stubs_errors_msg" -> "fstar_stubs_pprint" + "fstar_stubs_errors_msg" -> "fstar_pervasives" + "fstar_stubs_errors_msg" -> "fstar_pervasives" + "fstar_stubs_errors_msg" -> "prims" + "fstar_stubs_errors_msg" -> "prims" + "fstar_tactics_mapply" -> "fstar_squash" + "fstar_tactics_mapply" -> "fstar_squash" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_typeclasses" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_mapply" -> "fstar_tactics_v2_derived" + "fstar_tactics_mapply" -> "fstar_tactics_v2_derived" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_mapply" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_mapply" -> "fstar_tactics_namedview" + "fstar_tactics_mapply" -> "fstar_tactics_namedview" + "fstar_tactics_mapply" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_tactics_effect" + "fstar_tactics_mapply" -> "fstar_reflection_v2_formula" + "fstar_tactics_mapply" -> "fstar_reflection_v2_formula" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_reflection_v2" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "fstar_pervasives" + "fstar_tactics_mapply" -> "prims" + "fstar_tactics_mapply" -> "prims" + "fstar_tactics_mapply" -> "fstar_tactics_mapply" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_tset" + "fstar_monotonic_heap" -> "fstar_tset" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "prims" + "fstar_monotonic_heap" -> "prims" + "fstar_stubs_tactics_common" -> "fstar_range" + "fstar_stubs_tactics_common" -> "fstar_stubs_errors_msg" + "fstar_stubs_tactics_common" -> "fstar_pervasives" + "fstar_stubs_tactics_common" -> "fstar_pervasives" + "fstar_stubs_tactics_common" -> "prims" + "fstar_stubs_tactics_common" -> "prims" + "fstar_stubs_reflection_v1_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v1_data" -> "fstar_sealed_inhabited" + "fstar_stubs_reflection_v1_data" -> "fstar_stubs_reflection_types" + "fstar_stubs_reflection_v1_data" -> "fstar_stubs_reflection_v2_builtins" + "fstar_stubs_reflection_v1_data" -> "fstar_stubs_reflection_v2_data" + "fstar_stubs_reflection_v1_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_data" -> "fstar_pervasives" + "fstar_stubs_reflection_v1_data" -> "prims" + "fstar_stubs_reflection_v1_data" -> "prims" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_list_tot" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "fstar_pervasives" + "fstar_seq_base" -> "prims" + "fstar_seq_base" -> "prims" + "fstar_seq_base" -> "fstar_seq_base" + "fstar_tactics_v2_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v2_derived" -> "fstar_propositionalextensionality" + "fstar_tactics_v2_derived" -> "fstar_squash" + "fstar_tactics_v2_derived" -> "fstar_squash" + "fstar_tactics_v2_derived" -> "fstar_range" + "fstar_tactics_v2_derived" -> "fstar_pervasives_native" + "fstar_tactics_v2_derived" -> "fstar_pervasives_native" + "fstar_tactics_v2_derived" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_derived" -> "fstar_reflection_termeq_simple" + "fstar_tactics_v2_derived" -> "fstar_tactics_visit" + "fstar_tactics_v2_derived" -> "fstar_tactics_visit" + "fstar_tactics_v2_derived" -> "fstar_list_tot_base" + "fstar_tactics_v2_derived" -> "fstar_list_tot_base" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxcoercions" + "fstar_tactics_v2_derived" -> "fstar_tactics_namedview" + "fstar_tactics_v2_derived" -> "fstar_tactics_namedview" + "fstar_tactics_v2_derived" -> "fstar_vconfig" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2_derived" -> "fstar_tactics_v2_syntaxhelpers" + "fstar_tactics_v2_derived" -> "fstar_tactics_util" + "fstar_tactics_v2_derived" -> "fstar_tactics_util" + "fstar_tactics_v2_derived" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2_derived" -> "fstar_stubs_tactics_result" + "fstar_tactics_v2_derived" -> "fstar_stubs_tactics_types" + "fstar_tactics_v2_derived" -> "fstar_tactics_effect" + "fstar_tactics_v2_derived" -> "fstar_tactics_effect" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2_formula" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2" + "fstar_tactics_v2_derived" -> "fstar_reflection_v2" + "fstar_tactics_v2_derived" -> "fstar_pervasives" + "fstar_tactics_v2_derived" -> "fstar_pervasives" + "fstar_tactics_v2_derived" -> "prims" + "fstar_tactics_v2_derived" -> "prims" + "fstar_uint128" -> "fstar_pervasives_native" + "fstar_uint128" -> "fstar_pervasives_native" + "fstar_uint128" -> "fstar_int_cast" + "fstar_uint128" -> "fstar_int_cast" + "fstar_uint128" -> "fstar_calc" + "fstar_uint128" -> "fstar_calc" + "fstar_uint128" -> "fstar_classical_sugar" + "fstar_uint128" -> "fstar_classical_sugar" + "fstar_uint128" -> "fstar_tactics_effect" + "fstar_uint128" -> "fstar_tactics_effect" + "fstar_uint128" -> "fstar_tactics_bv" + "fstar_uint128" -> "fstar_tactics_bv" + "fstar_uint128" -> "fstar_tactics_v2" + "fstar_uint128" -> "fstar_tactics_v2" + "fstar_uint128" -> "fstar_bv" + "fstar_uint128" -> "fstar_bv" + "fstar_uint128" -> "fstar_math_lemmas" + "fstar_uint128" -> "fstar_math_lemmas" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint64" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_uint32" + "fstar_uint128" -> "fstar_bitvector" + "fstar_uint128" -> "fstar_bitvector" + "fstar_uint128" -> "fstar_seq" + "fstar_uint128" -> "fstar_seq" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_uint" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_mul" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "fstar_pervasives" + "fstar_uint128" -> "prims" + "fstar_uint128" -> "prims" + "fstar_uint128" -> "fstar_uint128" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "core" + "bitvec_equality" -> "core" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "prims" + "fstar_int8" -> "fstar_uint" + "fstar_int8" -> "fstar_uint" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_uint32" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_mul" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_int" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "fstar_pervasives" + "fstar_int8" -> "prims" + "fstar_int8" -> "prims" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "fstar_seq" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "lib_inttypes" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "fstar_list_tot" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "rust_primitives_integers" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "fstar_pervasives" + "rust_primitives_arrays" -> "prims" + "rust_primitives_arrays" -> "prims" + "rust_primitives_arrays" -> "rust_primitives_arrays" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_int64" + "fstar_int128" -> "fstar_uint" + "fstar_int128" -> "fstar_uint" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_uint32" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_mul" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_int" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "fstar_pervasives" + "fstar_int128" -> "prims" + "fstar_int128" -> "prims" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_uint32" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_mul" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_uint" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "fstar_pervasives" + "fstar_uint16" -> "prims" + "fstar_uint16" -> "prims" + "fstar_calc" -> "fstar_range" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_preorder" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "fstar_pervasives" + "fstar_calc" -> "prims" + "fstar_calc" -> "prims" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_functionalextensionality" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "fstar_mul" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "rust_primitives" + "bitvec_equality" -> "core" + "bitvec_equality" -> "core" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "fstar_pervasives" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "prims" + "bitvec_equality" -> "bitvec_equality" + "fstar_sealed" -> "fstar_pervasives" + "fstar_sealed" -> "fstar_pervasives" + "fstar_sealed" -> "prims" + "fstar_sealed" -> "prims" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_seq" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_uint" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_math_lemmas" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_bitvector" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_mul" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "fstar_pervasives" + "fstar_int" -> "prims" + "fstar_int" -> "prims" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_uint32" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_mul" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_uint" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "fstar_pervasives" + "fstar_uint64" -> "prims" + "fstar_uint64" -> "prims" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_ghost" + "fstar_indefinitedescription" -> "fstar_squash" + "fstar_indefinitedescription" -> "fstar_squash" + "fstar_indefinitedescription" -> "fstar_classical" + "fstar_indefinitedescription" -> "fstar_classical" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "fstar_pervasives" + "fstar_indefinitedescription" -> "prims" + "fstar_indefinitedescription" -> "prims" + "fstar_indefinitedescription" -> "fstar_indefinitedescription" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_math_lemmas" + "fstar_int64" -> "fstar_math_lemmas" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "prims" + "fstar_int64" -> "prims" + "fstar_int64" -> "fstar_int64" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "fstar_pervasives" + "fstar_classical_sugar" -> "prims" + "fstar_classical_sugar" -> "prims" + "fstar_reflection_termeq_simple" -> "fstar_reflection_termeq" + "fstar_reflection_termeq_simple" -> "fstar_reflection_termeq" + "fstar_reflection_termeq_simple" -> "fstar_stubs_reflection_types" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "fstar_pervasives" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_reflection_termeq_simple" -> "prims" + "fstar_reflection_termeq_simple" -> "fstar_reflection_termeq_simple" + "fstar_pervasives_native" -> "prims" + "fstar_pervasives_native" -> "prims" + "fstar_tactics_typeclasses" -> "fstar_stubs_reflection_types" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_tactics_effect" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "fstar_pervasives" + "fstar_tactics_typeclasses" -> "prims" + "fstar_tactics_typeclasses" -> "prims" + "fstar_stubs_pprint" -> "fstar_float" + "fstar_stubs_pprint" -> "fstar_char" + "fstar_stubs_pprint" -> "fstar_pervasives" + "fstar_stubs_pprint" -> "fstar_pervasives" + "fstar_stubs_pprint" -> "prims" + "fstar_stubs_pprint" -> "prims" + "fstar_sealed_inhabited" -> "fstar_sealed" + "fstar_sealed_inhabited" -> "fstar_pervasives" + "fstar_sealed_inhabited" -> "fstar_pervasives" + "fstar_sealed_inhabited" -> "prims" + "fstar_sealed_inhabited" -> "prims" + "fstar_tactics_namedview" -> "fstar_list_tot" + "fstar_tactics_namedview" -> "fstar_list_tot" + "fstar_tactics_namedview" -> "fstar_pervasives_native" + "fstar_tactics_namedview" -> "fstar_pervasives_native" + "fstar_tactics_namedview" -> "fstar_stubs_reflection_v2_data" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_reflection_v2" + "fstar_tactics_namedview" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_namedview" -> "fstar_tactics_util" + "fstar_tactics_namedview" -> "fstar_tactics_util" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_tactics_effect" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "fstar_pervasives" + "fstar_tactics_namedview" -> "prims" + "fstar_tactics_namedview" -> "prims" + "fstar_tactics_namedview" -> "fstar_tactics_namedview" + "fstar_heap" -> "fstar_preorder" + "fstar_heap" -> "fstar_preorder" + "fstar_heap" -> "fstar_monotonic_heap" + "fstar_heap" -> "fstar_monotonic_heap" + "fstar_heap" -> "fstar_pervasives" + "fstar_heap" -> "fstar_pervasives" + "fstar_heap" -> "prims" + "fstar_heap" -> "prims" + "mkseq" -> "fstar_tactics_effect" + "mkseq" -> "fstar_tactics_effect" + "mkseq" -> "fstar_classical" + "mkseq" -> "fstar_classical" + "mkseq" -> "fstar_list_tot" + "mkseq" -> "fstar_list_tot" + "mkseq" -> "fstar_pervasives_native" + "mkseq" -> "fstar_pervasives_native" + "mkseq" -> "fstar_tactics" + "mkseq" -> "fstar_tactics" + "mkseq" -> "fstar_seq" + "mkseq" -> "fstar_seq" + "mkseq" -> "fstar_reflection_v2" + "mkseq" -> "fstar_reflection_v2" + "mkseq" -> "rust_primitives_integers" + "mkseq" -> "rust_primitives_integers" + "mkseq" -> "fstar_tactics_v2" + "mkseq" -> "fstar_tactics_v2" + "mkseq" -> "core" + "mkseq" -> "core" + "mkseq" -> "fstar_pervasives" + "mkseq" -> "fstar_pervasives" + "mkseq" -> "prims" + "mkseq" -> "prims" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_list_tot_base" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives_native" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_namedview" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_stubs_tactics_types" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_tactics_effect" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_reflection_v2" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_reflection_v2" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxhelpers" -> "fstar_pervasives" + "fstar_tactics_v2_syntaxhelpers" -> "prims" + "fstar_tactics_v2_syntaxhelpers" -> "prims" + "bitvec_intrinsics_constants" -> "fstar_tactics_visit" + "bitvec_intrinsics_constants" -> "fstar_tactics_visit" + "bitvec_intrinsics_constants" -> "tactics_seq" + "bitvec_intrinsics_constants" -> "tactics_seq" + "bitvec_intrinsics_constants" -> "tactics_pow2" + "bitvec_intrinsics_constants" -> "tactics_pow2" + "bitvec_intrinsics_constants" -> "fstar_tactics_effect" + "bitvec_intrinsics_constants" -> "fstar_tactics_effect" + "bitvec_intrinsics_constants" -> "fstar_list_tot" + "bitvec_intrinsics_constants" -> "fstar_list_tot" + "bitvec_intrinsics_constants" -> "fstar_reflection_v2" + "bitvec_intrinsics_constants" -> "fstar_reflection_v2" + "bitvec_intrinsics_constants" -> "fstar_pervasives_native" + "bitvec_intrinsics_constants" -> "fstar_pervasives_native" + "bitvec_intrinsics_constants" -> "fstar_tactics" + "bitvec_intrinsics_constants" -> "fstar_tactics" + "bitvec_intrinsics_constants" -> "tactics_utils" + "bitvec_intrinsics_constants" -> "tactics_utils" + "bitvec_intrinsics_constants" -> "fstar_tactics_v2" + "bitvec_intrinsics_constants" -> "fstar_tactics_v2" + "bitvec_intrinsics_constants" -> "fstar_int32" + "bitvec_intrinsics_constants" -> "fstar_int32" + "bitvec_intrinsics_constants" -> "fstar_int16" + "bitvec_intrinsics_constants" -> "fstar_int16" + "bitvec_intrinsics_constants" -> "bitvec_equality" + "bitvec_intrinsics_constants" -> "bitvec_equality" + "bitvec_intrinsics_constants" -> "bitvec_utils" + "bitvec_intrinsics_constants" -> "bitvec_utils" + "bitvec_intrinsics_constants" -> "fstar_functionalextensionality" + "bitvec_intrinsics_constants" -> "fstar_functionalextensionality" + "bitvec_intrinsics_constants" -> "fstar_mul" + "bitvec_intrinsics_constants" -> "fstar_mul" + "bitvec_intrinsics_constants" -> "rust_primitives" + "bitvec_intrinsics_constants" -> "rust_primitives" + "bitvec_intrinsics_constants" -> "core" + "bitvec_intrinsics_constants" -> "core" + "bitvec_intrinsics_constants" -> "fstar_pervasives" + "bitvec_intrinsics_constants" -> "fstar_pervasives" + "bitvec_intrinsics_constants" -> "prims" + "bitvec_intrinsics_constants" -> "prims" + "fstar_order" -> "fstar_pervasives_native" + "fstar_order" -> "fstar_pervasives_native" + "fstar_order" -> "fstar_pervasives" + "fstar_order" -> "fstar_pervasives" + "fstar_order" -> "prims" + "fstar_order" -> "prims" + "fstar_tactics_effect" -> "fstar_range" + "fstar_tactics_effect" -> "fstar_stubs_tactics_result" + "fstar_tactics_effect" -> "fstar_stubs_tactics_types" + "fstar_tactics_effect" -> "fstar_stubs_reflection_types" + "fstar_tactics_effect" -> "fstar_monotonic_pure" + "fstar_tactics_effect" -> "fstar_monotonic_pure" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "fstar_pervasives" + "fstar_tactics_effect" -> "prims" + "fstar_tactics_effect" -> "prims" + "core_ops" -> "core_ops_index" + "core_ops" -> "core_ops_index" + "core_ops" -> "fstar_tactics_typeclasses" + "core_ops" -> "fstar_tactics_typeclasses" + "core_ops" -> "rust_primitives" + "core_ops" -> "rust_primitives" + "core_ops" -> "fstar_pervasives" + "core_ops" -> "fstar_pervasives" + "core_ops" -> "prims" + "core_ops" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "fstar_mul" + "libcrux_intrinsics_avx2_extract" -> "core" + "libcrux_intrinsics_avx2_extract" -> "fstar_pervasives" + "libcrux_intrinsics_avx2_extract" -> "prims" + "libcrux_intrinsics_avx2_extract" -> "libcrux_intrinsics_avx2_extract" + "core_result" -> "fstar_pervasives" + "core_result" -> "fstar_pervasives" + "core_result" -> "prims" + "core_result" -> "prims" + "fstar_monotonic_heap" -> "fstar_erasedlogic" + "fstar_monotonic_heap" -> "fstar_erasedlogic" + "fstar_monotonic_heap" -> "fstar_squash" + "fstar_monotonic_heap" -> "fstar_squash" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_set" + "fstar_monotonic_heap" -> "fstar_pervasives_native" + "fstar_monotonic_heap" -> "fstar_pervasives_native" + "fstar_monotonic_heap" -> "fstar_functionalextensionality" + "fstar_monotonic_heap" -> "fstar_functionalextensionality" + "fstar_monotonic_heap" -> "fstar_classical" + "fstar_monotonic_heap" -> "fstar_classical" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_preorder" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "fstar_pervasives" + "fstar_monotonic_heap" -> "prims" + "fstar_monotonic_heap" -> "prims" + "fstar_monotonic_heap" -> "fstar_monotonic_heap" + "fstar_tactics_smt" -> "fstar_vconfig" + "fstar_tactics_smt" -> "fstar_stubs_tactics_v2_builtins" + "fstar_tactics_smt" -> "fstar_tactics_effect" + "fstar_tactics_smt" -> "fstar_tactics_effect" + "fstar_tactics_smt" -> "fstar_pervasives" + "fstar_tactics_smt" -> "fstar_pervasives" + "fstar_tactics_smt" -> "prims" + "fstar_tactics_smt" -> "prims" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_order" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_v2_data" + "fstar_reflection_v2_compare" -> "fstar_stubs_reflection_types" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "fstar_pervasives" + "fstar_reflection_v2_compare" -> "prims" + "fstar_reflection_v2_compare" -> "prims" + "fstar_int64" -> "fstar_uint" + "fstar_int64" -> "fstar_uint" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_uint32" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_mul" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_int" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "fstar_pervasives" + "fstar_int64" -> "prims" + "fstar_int64" -> "prims" + "core_iter_adapters_enumerate" -> "rust_primitives" + "core_iter_adapters_enumerate" -> "rust_primitives" + "core_iter_adapters_enumerate" -> "fstar_pervasives" + "core_iter_adapters_enumerate" -> "fstar_pervasives" + "core_iter_adapters_enumerate" -> "prims" + "core_iter_adapters_enumerate" -> "prims" + "fstar_reflection_v1_formula" -> "fstar_pervasives_native" + "fstar_reflection_v1_formula" -> "fstar_pervasives_native" + "fstar_reflection_v1_formula" -> "fstar_stubs_reflection_v1_data" + "fstar_reflection_v1_formula" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_formula" -> "fstar_reflection_v1_derived" + "fstar_reflection_v1_formula" -> "fstar_stubs_reflection_v1_builtins" + "fstar_reflection_v1_formula" -> "fstar_reflection_const" + "fstar_reflection_v1_formula" -> "fstar_reflection_const" + "fstar_reflection_v1_formula" -> "fstar_stubs_reflection_types" + "fstar_reflection_v1_formula" -> "fstar_stubs_tactics_v1_builtins" + "fstar_reflection_v1_formula" -> "fstar_tactics_effect" + "fstar_reflection_v1_formula" -> "fstar_tactics_effect" + "fstar_reflection_v1_formula" -> "fstar_list_tot_base" + "fstar_reflection_v1_formula" -> "fstar_list_tot_base" + "fstar_reflection_v1_formula" -> "fstar_pervasives" + "fstar_reflection_v1_formula" -> "fstar_pervasives" + "fstar_reflection_v1_formula" -> "prims" + "fstar_reflection_v1_formula" -> "prims" +} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index d952d213b..0ef3a6427 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -10,26 +10,8 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -open FStar.Tactics - -open Tactics.Utils - -let rw_get_bit_cast #t #u - (x: int_t t) (nth: usize) - : Lemma (requires v nth < bits u /\ v nth < bits u) - (ensures eq2 #bit (get_bit (cast_mod #t #u x) nth) (if v nth < bits t then get_bit x nth else 0)) - [SMTPat (get_bit (cast_mod #t #u x) nth)] - = () - -let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) - : Lemma (requires v y >= 0 /\ v y < bits t) - (ensures eq2 #bit (get_bit (x >>! y) i ) - (if v i < bits t - v y - then get_bit x (mk_int (v i + v y)) - else if signed t - then get_bit x (mk_int (bits t - 1)) - else 0)) - = () +// open FStar.Tactics +// open Tactics.Utils #push-options "--compat_pre_core 2" // [@@Tactics.postprocess_with (fun _ -> norm [delta_only [`%Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16]]; fail "x")] @@ -59,7 +41,9 @@ let deserialize_1_ (bytes: t_Slice u8 {Seq.length bytes == 2}) = in let result = Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb in let bv = bit_vec_of_int_t_array (bytes <: t_Array _ (sz 2)) 8 in - assert (forall (i: nat {i < 16}). bv i == result (i * 16)) by ( + assert (forall (i: nat {i < 256}). (if i % 16 = 0 then bv i else 0) == result i) by ( + let open FStar.Tactics in + let open Tactics.Utils in let light_norm () = // simplify the term: compute `+/*+` on ints, remove cast/array_of_list/funext indirections norm [ iota; primops @@ -73,7 +57,7 @@ let deserialize_1_ (bytes: t_Slice u8 {Seq.length bytes == 2}) = ] in light_norm (); // instantiate the forall with concrete values, and run a tactic for each possible values - Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> light_norm (); // norm index rewrites `Seq.index (Seq.seq_of_list ...) N` or // `List.Tot.index ... N` when we have list literals @@ -241,6 +225,8 @@ let deserialize_4_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) in let bv = bit_vec_of_int_t_array (bytes <: t_Array _ (sz 8)) 8 in assert (forall (i: nat {i < 64}). bv i == result ((i / 4) * 16 + i % 4)) by ( + let open FStar.Tactics in + let open Tactics.Utils in let light_norm () = norm [ iota; primops ; delta_namespace [ @@ -252,7 +238,7 @@ let deserialize_4_ (bytes: t_Slice u8) = ] ] in light_norm (); - Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> light_norm (); Tactics.Seq.norm_index (); norm [iota; primops; zeta_full; @@ -307,8 +293,6 @@ let deserialize_5_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 11l coefficients -open Tactics.Utils - let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -329,7 +313,9 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let result: t_Array u8 (sz 2) = Rust_primitives.Hax.array_of_list 2 list in let bv = bit_vec_of_int_t_array result 8 in assert (forall (i: nat {i < 16}). bv i == vector (i * 16)) by ( - Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + let open FStar.Tactics in + let open Tactics.Utils in + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> let light_norm () = // get rid of indirections (array_of_list, funext, casts, etc.) norm [ iota; primops @@ -350,7 +336,7 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = // three times. It's basically the same thing. let _ = repeatn 3 (fun _ -> // Try to rewrite any subterm using the following three lemmas (corresponding to (1) (3) and (2)) - l_to_r[`rw_get_bit_cast; `bit_vec_to_int_t_lemma; `rw_get_bit_shr]; + l_to_r[`BitVec.Utils.rw_get_bit_cast; `bit_vec_to_int_t_lemma; `BitVec.Utils.rw_get_bit_shr]; // get rid of useless indirections light_norm (); // after using those lemmas, more mk_int and v appears, let's get rid of those @@ -652,9 +638,10 @@ let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in assume (BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || vector i = 0)); assert (forall (i: nat {i < 64}). - // let local_i = i / 4 in combined i == vector ((i / 4) * 16 + i % 4) ) by ( + let open FStar.Tactics in + let open Tactics.Utils in // unfold wrappers norm [primops; iota; zeta; delta_namespace [ `%BitVec.Intrinsics.mm256_shuffle_epi8; @@ -663,7 +650,7 @@ let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = `%BitVec.Intrinsics.mm256_castsi256_si128; "BitVec.Utils"; ]]; - Tactics.Utils.prove_forall_nat_pointwise (Tactics.Utils.print_time "SMT query succeeded in " (fun _ -> + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> let reduce t = norm [primops; iota; zeta_full; delta_namespace [ "FStar.FunctionalExtensionality"; @@ -678,7 +665,7 @@ let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); - grewrite (quote (forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) (`true); + grewrite (quote (BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) (`true); flip (); smt (); reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); trivial () diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 9d389017a..100a8a10d 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -47,7 +47,58 @@ pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // significant bit from each element and collate them into two bytes. let bits_packed = mm_movemask_epi8(msbs); - [bits_packed as u8, (bits_packed >> 8) as u8] + let result = [bits_packed as u8, (bits_packed >> 8) as u8]; + + hax_lib::fstar!( + r#" +let bv = bit_vec_of_int_t_array ${result} 8 in +assert (forall (i: nat {i < 16}). bv i == ${vector} (i * 16)) by ( + let open FStar.Tactics in + let open Tactics.Utils in + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> + let light_norm () = + // get rid of indirections (array_of_list, funext, casts, etc.) + norm [ iota; primops + ; delta_only [ + `%cast; `%cast_tc_integers + ; `%bit_vec_of_int_t_array + ; `%Rust_primitives.Hax.array_of_list + ; `%FunctionalExtensionality.on + ; `%bits;`%Lib.IntTypes.bits + ] + ] in + light_norm (); + // normalize List.index / Seq.index when we have literals + Tactics.Seq.norm_index (); + // here, we need to take care of (1) the cast and (2) the shift + // (introduced in `list`) and (3) bv<->i16 indirection + // introduced by `bit_vec_to_int_t`. Thus, we repeat the tactic + // three times. It's basically the same thing. + let _ = repeatn 3 (fun _ -> + // Try to rewrite any subterm using the following three lemmas (corresponding to (1) (3) and (2)) + l_to_r[`BitVec.Utils.rw_get_bit_cast; `bit_vec_to_int_t_lemma; `BitVec.Utils.rw_get_bit_shr]; + // get rid of useless indirections + light_norm (); + // after using those lemmas, more mk_int and v appears, let's get rid of those + Tactics.MachineInts.(transform norm_machine_int_term); + // Special treatment for case (3) + norm [primops; iota; zeta_full; delta_only [ + `%BitVec.Intrinsics.mm_movemask_epi8; + ]] + ) in + // Now we normalize away all the FunExt / mk_bv terms + norm [primops; iota; zeta_full; delta_namespace ["BitVec"; "FStar"]]; + // Ask the SMT to solve now + // dump' "Goal:"; + smt_sync (); + // dump' "Success"; + smt () + )) +) +"# + ); + + result } #[inline(always)] @@ -111,7 +162,53 @@ pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { // Now that they're all in the most significant bit position, shift them // down to the least significant bit. - mm256_srli_epi16::<15>(coefficients_in_msb) + let result = mm256_srli_epi16::<15>(coefficients_in_msb); + + hax_lib::fstar!( + r#" +let bv = bit_vec_of_int_t_array (${bytes} <: t_Array _ (sz 2)) 8 in +assert (forall (i: nat {i < 256}). (if i % 16 = 0 then bv i else 0) == result i) by ( + let open FStar.Tactics in + let open Tactics.Utils in + let light_norm () = + // simplify the term: compute `+/*+` on ints, remove cast/array_of_list/funext indirections + norm [ iota; primops + ; delta_namespace [ + `%cast; `%cast_tc_integers + ; `%bit_vec_of_int_t_array + ; `%Rust_primitives.Hax.array_of_list + ; "FStar.FunctionalExtensionality" + ; `%bits;`%Lib.IntTypes.bits + ] + ] in + light_norm (); + // instantiate the forall with concrete values, and run a tactic for each possible values + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> + light_norm (); + // norm index rewrites `Seq.index (Seq.seq_of_list ...) N` or + // `List.Tot.index ... N` when we have list literals + Tactics.Seq.norm_index (); + // Reduce more aggressively + norm [iota; primops; zeta_full; + delta_namespace [ + "FStar"; + "BitVec"; + ]; unascribe + ]; + // Rewrite and normalize machine integers, hopefully in ints + Tactics.MachineInts.(transform norm_machine_int_term); + // norm: primops to get rid of >=, <=, +, *, -, etc. + // zeta delta iota: normalize bitvectors + norm [iota; primops; zeta; delta]; + dump' "Goal:"; + // ask the smt to solve now + smt_sync () + )) +) +"# + ); + + result } #[inline(always)] @@ -171,6 +268,45 @@ pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { mm256_permutevar8x32_epi32(adjacent_8_combined, mm256_set_epi32(0, 0, 0, 0, 0, 0, 4, 0)); let combined = mm256_castsi256_si128(combined); + hax_lib::fstar!( + r#" +assert (forall (i: nat {i < 64}). + ${combined} i == ${vector} ((i / 4) * 16 + i % 4) +) by ( + let open FStar.Tactics in + let open Tactics.Utils in + // unfold wrappers + norm [primops; iota; zeta; delta_namespace [ + `%BitVec.Intrinsics.mm256_shuffle_epi8; + `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; + `%BitVec.Intrinsics.mm256_madd_epi16; + `%BitVec.Intrinsics.mm256_castsi256_si128; + "BitVec.Utils"; + ]]; + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> + let reduce t = + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.FunctionalExtensionality"; + t; + `%BitVec.Utils.mk_bv; + `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]]; + norm [primops; iota; zeta_full; delta_namespace [ + "FStar.List.Tot"; `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) + ]] + in + reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); + reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); + grewrite (quote (BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (${vector} i) 0))) (`true); + flip (); smt (); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); + trivial () + )) +); +"# + ); + // ... so that we can read them out in one go. mm_storeu_bytes_si128(&mut serialized, combined); @@ -239,7 +375,49 @@ pub(crate) fn deserialize_4(bytes: &[u8]) -> Vec256 { let coefficients_in_lsb = mm256_srli_epi16::<4>(coefficients_in_msb); // Zero the remaining bits. - mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16((1 << 4) - 1)) + let result = mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16((1 << 4) - 1)); + + hax_lib::fstar!( + r#" +let bv = bit_vec_of_int_t_array (${bytes} <: t_Array _ (sz 8)) 8 in +assert (forall (i: nat {i < 64}). bv i == ${result} ((i / 4) * 16 + i % 4)) by ( + let open FStar.Tactics in + let open Tactics.Utils in + let light_norm () = + norm [ iota; primops + ; delta_namespace [ + `%cast; `%cast_tc_integers + ; `%bit_vec_of_int_t_array + ; `%Rust_primitives.Hax.array_of_list + ; "FStar.FunctionalExtensionality" + ; `%bits;`%Lib.IntTypes.bits + ] + ] in + light_norm (); + prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> + light_norm (); + Tactics.Seq.norm_index (); + norm [iota; primops; zeta_full; + delta_namespace [ + "FStar"; + "BitVec"; + ]; unascribe + ]; + Tactics.MachineInts.(transform norm_machine_int_term); + norm [iota; primops; zeta_full; + delta_namespace [ + "FStar"; + "BitVec"; + ]; unascribe + ]; + dump' "Goal:"; + smt_sync () + )) +) +"# + ); + + result } #[inline(always)] diff --git a/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst new file mode 100644 index 000000000..0e4db4e49 --- /dev/null +++ b/sys/platform/proofs/fstar/extraction/Libcrux_platform.X86.fst @@ -0,0 +1,69 @@ +module Libcrux_platform.X86 +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open Core +open FStar.Mul + +(* item error backend: (reject_Unsafe) ExplicitRejection { reason: "a node of kind [Unsafe] have been found in the AST" } +Last available AST for this item: + +#[inline(never)] +#[inline(always)] +#[cfg(any(target_arch = "x86", target_arch = "x86_64"))] +#[allow(non_upper_case_globals)] +#[no_std()] +#[feature(register_tool)] +#[register_tool(_hax)] +unsafe fn init__cpuid(leaf: int) -> core::core_arch::x86::cpuid::t_CpuidResult { + rust_primitives::hax::dropped_body +} + + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_platform"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "x86"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "init"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "cpuid"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (reject_Unsafe) ExplicitRejection { reason: "a node of kind [Unsafe] have been found in the AST" } +Last available AST for this item: + +#[inline(never)] +#[inline(always)] +#[cfg(any(target_arch = "x86", target_arch = "x86_64"))] +#[allow(non_upper_case_globals)] +#[no_std()] +#[feature(register_tool)] +#[register_tool(_hax)] +unsafe fn init__cpuid_count( + leaf: int, + sub_leaf: int, +) -> core::core_arch::x86::cpuid::t_CpuidResult { + rust_primitives::hax::dropped_body +} + + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_platform"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "x86"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "init"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "cpuid_count"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) From f1a7d8939d06ec9e229b1c09eceee744adf3a765 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 09:26:18 +0200 Subject: [PATCH 293/348] wip --- libcrux-intrinsics/src/avx2_extract.rs | 11 +++++------ libcrux-ml-kem/src/vector/avx2/serialize.rs | 8 +++++++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index c370ac59b..4454babb5 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -16,8 +16,10 @@ pub struct Vec256(u8); #[derive(Copy, Clone)] #[hax_lib::fstar::replace( interface, - "unfold type $:{Vec128} = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8)" + r#" +unfold type $:{Vec128} = bit_vec 128 +val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) +"# )] pub struct Vec128(u8); @@ -40,10 +42,7 @@ pub fn mm_storeu_si128(output: &mut [i16], vector: Vec128) { unimplemented!() } -#[hax_lib::fstar::replace( - interface, - "include BitVec.Intrinsics {mm_storeu_bytes_si128 as ${mm_storeu_bytes_si128}}" -)] +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_storeu_bytes_si128}")] pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { debug_assert_eq!(output.len(), 16); unimplemented!() diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 100a8a10d..03d042950 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -211,6 +211,11 @@ assert (forall (i: nat {i < 256}). (if i % 16 = 0 then bv i else 0) == result i) result } +#[hax_lib::requires( + fstar!( + r#"BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || vector i = 0)"# + ) +)] #[inline(always)] pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { let mut serialized = [0u8; 16]; @@ -303,7 +308,7 @@ assert (forall (i: nat {i < 64}). reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); trivial () )) -); +) "# ); @@ -313,6 +318,7 @@ assert (forall (i: nat {i < 64}). serialized[0..8].try_into().unwrap() } +#[hax_lib::requires(bytes.len() == 8)] #[inline(always)] pub(crate) fn deserialize_4(bytes: &[u8]) -> Vec256 { // Every 4 bits from each byte of input should be put into its own 16-bit lane. From 11cd99108b59f384a9e67e97f621c7a369bdb362 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 11:28:58 +0200 Subject: [PATCH 294/348] fixes --- .../fstar-bitvec/BitVec.Intrinsics.fsti | 2 +- libcrux-intrinsics/src/avx2_extract.rs | 24 +++++++++++++++---- 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index 59b90347a..6d866e472 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -285,7 +285,7 @@ let mm256_madd_epi16 : bit_vec 256 = result -val mm_storeu_bytes_si128 (_output vec: bit_vec 128): t_Slice u8 +val mm_storeu_bytes_si128 (_output: t_Slice u8) (vec: bit_vec 128): t_Slice u8 open FStar.Stubs.Tactics.V2.Builtins open FStar.Stubs.Tactics.V2 diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 65b5ec84a..5710c9675 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -135,7 +135,14 @@ pub fn mm256_set_epi8( Spec.Utils.create (sz 16) $constant"))] #[hax_lib::fstar::replace( interface, - "include BitVec.Intrinsics {mm256_set1_epi16 as ${mm256_set1_epi16}}" + r#" +include BitVec.Intrinsics {mm256_set1_epi16 as ${mm256_set1_epi16}} +val lemma_mm256_set1_epi16 constant + : Lemma ( vec256_as_i16x16 (mm256_set1_epi16 constant) + == Spec.Utils.create (sz 16) constant + ) + [SMTPat (vec256_as_i16x16 (mm256_set1_epi16 constant))] +"# )] pub fn mm256_set1_epi16(constant: i16) -> Vec256 { unimplemented!() @@ -148,7 +155,7 @@ include BitVec.Intrinsics {mm256_set_epi16 as ${mm256_set_epi16}} let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : Lemma (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) - [SMTPat (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit()" + [SMTPat (vec256_as_i16x16 (${mm256_set_epi16} v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() "# )] pub fn mm256_set_epi16( @@ -273,8 +280,17 @@ pub fn mm256_mul_epu32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } -#[hax_lib::ensures(|result| fstar!("vec256_as_i16x16 $result == - Spec.Utils.map2 (&.) (vec256_as_i16x16 $lhs) (vec256_as_i16x16 $rhs)"))] +#[hax_lib::fstar::replace( + interface, + r#" +include BitVec.Intrinsics {mm256_and_si256 as ${mm256_and_si256}} +val lemma_mm256_and_si256 lhs rhs + : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) + == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) + ) + [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] +"# +)] pub fn mm256_and_si256(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } From 1afb5c2a819ec9b36f1c97f9fb63b588c2066cdc Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 11:29:22 +0200 Subject: [PATCH 295/348] regenerated F* --- .../Libcrux_intrinsics.Avx2_extract.fst | 128 +---- .../Libcrux_intrinsics.Avx2_extract.fsti | 186 +++++-- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 20 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 22 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 20 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 22 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 20 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 22 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 46 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 20 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 30 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 14 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 30 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 14 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 30 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 14 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 30 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 14 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 26 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 14 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 26 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 14 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 26 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 14 +- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 26 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 14 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 30 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 14 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 30 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 14 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 30 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 14 +- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 30 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 14 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 466 +++++++++--------- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 8 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 242 ++++----- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 32 +- .../Libcrux_ml_kem.Vector.Portable.fsti | 2 +- 39 files changed, 870 insertions(+), 898 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 44910de0c..0428a32bc 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -1,125 +1,11 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul -(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! -Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: -{ Ast.Make.e = - Ast.Make.App { - f = - { Ast.Make.e = - (Ast.Make.GlobalVar - `Concrete ({ Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "rust_primitives"; - path = - [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); - disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Value })); - span = - { Span.id = 2213; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath - "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } - ] - }; - typ = - (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], - Ast.Make.TApp { - ident = - `Concrete ({ Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "rust_primitives"; - path = - [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); - disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Type }); - args = []} - )) - }; - args = - [{ Ast.Make.e = - (Ast.Make.Literal - (Ast.String - "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); - span = - { Span.id = 2213; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath - "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } - ] - }; - typ = Ast.Make.TStr }; - { Ast.Make.e = - (Ast.Make.Literal - (Ast.String - "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"2\"; line = \"213\" };\n lo = { Types.col = \"0\"; line = \"207\" } };\n ty = Types.Never }")); - span = - { Span.id = 2213; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath - "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } - ] - }; - typ = Ast.Make.TStr } - ]; - generic_args = []; bounds_impls = []; trait = None}; - span = - { Span.id = 2213; - data = - [{ Span.Imported.filename = - (Span.Imported.Real - (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); - hi = { Span.Imported.col = 2; line = 213 }; - lo = { Span.Imported.col = 0; line = 207 } } - ] - }; - typ = - Ast.Make.TApp { - ident = - `Concrete ({ Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "rust_primitives"; - path = - [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); - disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Type }); - args = []} - } - -Last AST: -/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = - { Concrete_ident.Imported.krate = "libcrux_intrinsics"; - path = - [{ Concrete_ident.Imported.data = - (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; - { Concrete_ident.Imported.data = - (Concrete_ident.Imported.ValueNs "mm256_mullo_epi16"); - disambiguator = 0 } - ] - }; - kind = Concrete_ident.Kind.Value }) */ -const _: () = (); - *) +include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} +val lemma_mm256_set1_epi16 lhs rhs + : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) + == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) + ) + [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 828f0006f..272f5a4f3 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -1,21 +1,27 @@ module Libcrux_intrinsics.Avx2_extract -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open Core open FStar.Mul unfold type t_Vec128 = bit_vec 128 - val vec128_as_i16x8 (x:t_Vec128) : t_Array i16 (sz 8) +val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8) +let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i unfold type t_Vec256 = bit_vec 256 - val vec256_as_i16x16 (x:t_Vec256) : t_Array i16 (sz 16) - -val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val vec256_as_i16x16 (x: bit_vec 256) : t_Array i16 (sz 16) +let get_lane (v: bit_vec 256) (i:nat{i < 16}) = Seq.index (vec256_as_i16x16 v) i + +val mm256_add_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( +. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} -// val mm256_and_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) @@ -24,15 +30,11 @@ val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) val mm256_castsi128_si256 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_castsi256_si128 as mm256_castsi256_si128} - val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_extracti128_si256 as mm256_extracti128_si256} - val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -42,13 +44,18 @@ val mm256_loadu_si256_i16 (input: t_Slice i16) val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_madd_epi16 as mm256_madd_epi16} - val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_mulhi_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - -include BitVec.Intrinsics {mm256_mullo_epi16 as mm256_mullo_epi16} +val mm256_mulhi_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec256_as_i16x16 lhs) + (vec256_as_i16x16 rhs)) val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -60,29 +67,28 @@ val mm256_permute2x128_si256 (v_IMM8: i32) (a b: t_Vec256) val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_permutevar8x32_epi32} - -include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} -// val mm256_set1_epi16 (constant: i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_permutevar8x32_epi32 (vector control: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} - -include BitVec.Intrinsics {mm256_set_epi32} +val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_set_epi8} +val mm256_set_epi8 + (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: + i8) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_shuffle_epi8} - -include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} +val mm256_shuffle_epi8 (vector control: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -94,13 +100,17 @@ val mm256_sllv_epi32 (vector counts: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure t_Vec256 + (requires v_SHIFT_BY >=. 0l && v_SHIFT_BY <. 16l) + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map_array (fun x -> x >>! v_SHIFT_BY) (vec256_as_i16x16 vector)) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} - val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -113,7 +123,14 @@ val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: t_Vec256) val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: t_Vec256) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) -val mm256_sub_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_sub_epi16 (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 + Prims.l_True + (ensures + fun result -> + let result:t_Vec256 = result in + vec256_as_i16x16 result == + Spec.Utils.map2 ( -. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) val mm256_unpackhi_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -128,19 +145,44 @@ val mm256_unpacklo_epi64 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun val mm256_xor_si256 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm_add_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_add_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} - -val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - -val mm_mullo_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) - -include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} - -val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +val mm_mulhi_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 (fun x y -> cast (((cast x <: i32) *. (cast y <: i32)) >>! 16l) <: i16) + (vec128_as_i16x8 lhs) + (vec128_as_i16x8 rhs)) + +val mm_mullo_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) + +val mm_set1_epi16 (constant: i16) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant) val mm_set_epi8 (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: @@ -150,10 +192,62 @@ val mm_set_epi8 val mm_shuffle_epi8 (vector control: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -val mm_storeu_bytes_si128 (output: t_Slice u8) (vector: t_Vec128) - : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_storeu_bytes_si128} val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) - : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16) + Prims.l_True + (ensures + fun output_future -> + let output_future:t_Slice i16 = output_future in + (Core.Slice.impl__len #i16 output_future <: usize) =. + (Core.Slice.impl__len #i16 output <: usize)) + +val mm_sub_epi16 (lhs rhs: t_Vec128) + : Prims.Pure t_Vec128 + Prims.l_True + (ensures + fun result -> + let result:t_Vec128 = result in + vec128_as_i16x8 result == + Spec.Utils.map2 ( -. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) + +include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} +val lemma_mm256_and_si256 lhs rhs + : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) + == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) + ) + [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] + +include BitVec.Intrinsics {mm256_castsi256_si128 as mm256_castsi256_si128} + +include BitVec.Intrinsics {mm256_extracti128_si256 as mm256_extracti128_si256} + +include BitVec.Intrinsics {mm256_madd_epi16 as mm256_madd_epi16} -val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_mullo_epi16 as mm256_mullo_epi16} +let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() + +include BitVec.Intrinsics {mm256_set1_epi16 as mm256_set1_epi16} +val lemma_mm256_set1_epi16 constant + : Lemma ( vec256_as_i16x16 (mm256_set1_epi16 constant) + == Spec.Utils.create (sz 16) constant + ) + [SMTPat (vec256_as_i16x16 (mm256_set1_epi16 constant))] + +include BitVec.Intrinsics {mm256_set_epi16 as mm256_set_epi16} +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() + +include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} + +include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} + +include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} + +include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index b0bfe3100..fef0d96bb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -11,16 +11,6 @@ let _ = let open Libcrux_ml_kem.Vector.Avx2 in () -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -56,6 +46,16 @@ let generate_keypair #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash randomness +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key + let encapsulate_unpacked (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 5fe17a0d5..60d996386 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -11,17 +11,6 @@ let _ = let open Libcrux_ml_kem.Vector.Avx2 in () -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -79,6 +68,17 @@ val generate_keypair v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) + /// Portable encapsualte val encapsulate_unpacked (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 0f1cea879..1b25322d3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -11,16 +11,6 @@ let _ = let open Libcrux_ml_kem.Vector.Neon in () -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -58,6 +48,16 @@ let generate_keypair #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + public_key + let encapsulate_unpacked (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 0fa0378fe..72a311393 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -11,17 +11,6 @@ let _ = let open Libcrux_ml_kem.Vector.Neon in () -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -79,6 +68,17 @@ val generate_keypair v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) + /// Portable encapsualte val encapsulate_unpacked (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 7dd84a30d..bea8567f3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -11,16 +11,6 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -58,6 +48,16 @@ let generate_keypair #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + public_key + let encapsulate_unpacked (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 3fd260dcf..6ba23785d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -11,17 +11,6 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -79,6 +68,17 @@ val generate_keypair v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) + /// Portable encapsualte val encapsulate_unpacked (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 2e6c0ad1a..2ca3571c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -3,29 +3,6 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -114,3 +91,26 @@ let generate_keypair v_ETA1 v_ETA1_RANDOMNESS_SIZE randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + if Libcrux_platform.Platform.simd256_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + else + if Libcrux_platform.Platform.simd128_support () + then + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + else + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index 2c6e2ba1c..f74dd66e8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -3,16 +3,6 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -67,3 +57,13 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index f5a15cc47..3becfc426 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,6 +28,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 128) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 10bf32a75..176cc9784 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 61b49bfcb..2c782f7a5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,6 +28,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 128) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index 6e171d854..ab4413e4d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index d2950b172..92509e13b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,6 +28,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 128) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 6d42b3e47..8397ad5eb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index 7d832fab7..ae991e1ab 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -54,3 +39,18 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = in let _:Prims.unit = admit () (* Panic freedom *) in result + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + if + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index d15ce31bd..fd793d70a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -62,13 +62,6 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -117,3 +110,10 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Spec.MLKEM.Instances.mlkem1024_generate_keypair randomness in valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index e39107954..84c164f5d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -3,19 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -41,6 +28,19 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 192) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 1a2c2f239..222fdaf4d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 7dcbffd48..103a0efc1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -3,19 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -41,6 +28,19 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 192) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index 3696ab7e7..0bb4a418a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 559752b4d..d71d18276 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -3,19 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -41,6 +28,19 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 192) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 02edf609b..f238d623b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 522183ced..3e97c4564 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -3,19 +3,6 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -52,3 +39,16 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = in let _:Prims.unit = admit () (* Panic freedom *) in result + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + if + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + else + Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index da439bfc4..ef6a7c30f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -37,13 +37,6 @@ let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -92,3 +85,10 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Spec.MLKEM.Instances.mlkem512_generate_keypair randomness in valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index b32adb8db..aa6931d6c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,6 +28,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 128) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index d671b9c1a..dbf416647 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index e545a7f2f..2846f5a89 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,6 +28,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 128) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 30db4218e..d9968514d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index 3fa0c8aef..2f77deb3b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,6 +28,21 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 128) randomness +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + let encapsulate_unpacked (public_key: Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 574a4c120..0edff9a45 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -3,13 +3,6 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -35,6 +28,13 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Prims.l_True (fun _ -> Prims.l_True) +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) + let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 35e4320cf..3fa153282 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -3,21 +3,6 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -54,3 +39,18 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = in let _:Prims.unit = admit () (* Panic freedom *) in result + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + if + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + then + Core.Option.Option_Some public_key + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + else + Core.Option.Option_None + <: + Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index a793a2287..9e2339b6f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -62,13 +62,6 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -117,3 +110,10 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Spec.MLKEM.Instances.mlkem768_generate_keypair randomness in valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) + +/// Validate a public key. +/// Returns `Some(public_key)` if valid, and `None` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) + Prims.l_True + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index dc40a8552..b0c0cc4cb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -2,7 +2,6 @@ module Libcrux_ml_kem.Vector.Avx2.Serialize #set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul -#push-options "--ext context_pruning" let _ = (* This module has implicit dependencies, here we make them explicit. *) @@ -10,12 +9,7 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -// open FStar.Tactics -// open Tactics.Utils - -#push-options "--compat_pre_core 2" -// [@@Tactics.postprocess_with (fun _ -> norm [delta_only [`%Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16]]; fail "x")] -let deserialize_1_ (bytes: t_Slice u8 {Seq.length bytes == 2}) = +let deserialize_1_ (bytes: t_Slice u8) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) @@ -27,58 +21,58 @@ let deserialize_1_ (bytes: t_Slice u8 {Seq.length bytes == 2}) = (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) in - let shift_lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < - light_norm (); - // norm index rewrites `Seq.index (Seq.seq_of_list ...) N` or - // `List.Tot.index ... N` when we have list literals - Tactics.Seq.norm_index (); - // Reduce more aggressively - norm [iota; primops; zeta_full; - delta_namespace [ - "FStar"; - "BitVec"; - ]; unascribe - ]; - // Rewrite and normalize machine integers, hopefully in ints - Tactics.MachineInts.(transform norm_machine_int_term); - // norm: primops to get rid of >=, <=, +, *, -, etc. - // zeta delta iota: normalize bitvectors - norm [iota; primops; zeta; delta]; - dump' "Goal:"; - // ask the smt to solve now - smt_sync () - )) - ); + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + (); + (let open FStar.Tactics in + let open Tactics.Utils in + let light_norm () = + norm [ + iota; + primops; + delta_namespace [ + `%cast; + `%cast_tc_integers; + `%bit_vec_of_int_t_array; + `%Rust_primitives.Hax.array_of_list; + "FStar.FunctionalExtensionality"; + `%bits; + `%Lib.IntTypes.bits + ] + ] + in + light_norm (); + prove_forall_nat_pointwise (print_time "SMT query succeeded in " + (fun _ -> + light_norm (); + Tactics.Seq.norm_index (); + norm [ + iota; + primops; + zeta_full; + delta_namespace ["FStar"; "BitVec"]; + unascribe + ]; + (let open Tactics.MachineInts in transform norm_machine_int_term); + norm [iota; primops; zeta; delta]; + dump' "Goal:"; + smt_sync ())))) + in result let deserialize_10_ (bytes: t_Slice u8) = @@ -198,7 +192,6 @@ let deserialize_12_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec256) let deserialize_4_ (bytes: t_Slice u8) = - assume (Seq.length bytes == 8); let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 7 ] <: u8) <: i16) (cast (bytes.[ sz 7 ] <: u8) <: i16) (cast (bytes.[ sz 6 ] <: u8) <: i16) @@ -211,53 +204,70 @@ let deserialize_4_ (bytes: t_Slice u8) = (cast (bytes.[ sz 0 ] <: u8) <: i16) in let coefficients_in_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < - light_norm (); - Tactics.Seq.norm_index (); - norm [iota; primops; zeta_full; - delta_namespace [ - "FStar"; - "BitVec"; - ]; unascribe - ]; - Tactics.MachineInts.(transform norm_machine_int_term); - norm [iota; primops; zeta_full; - delta_namespace [ - "FStar"; - "BitVec"; - ]; unascribe - ]; - dump' "Goal:"; - smt_sync () - )) - ); + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients_in_lsb + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 ((1s < + (); + (let open FStar.Tactics in + let open Tactics.Utils in + let light_norm () = + norm [ + iota; + primops; + delta_namespace [ + `%cast; + `%cast_tc_integers; + `%bit_vec_of_int_t_array; + `%Rust_primitives.Hax.array_of_list; + "FStar.FunctionalExtensionality"; + `%bits; + `%Lib.IntTypes.bits + ] + ] + in + light_norm (); + prove_forall_nat_pointwise (print_time "SMT query succeeded in " + (fun _ -> + light_norm (); + Tactics.Seq.norm_index (); + norm [ + iota; + primops; + zeta_full; + delta_namespace ["FStar"; "BitVec"]; + unascribe + ]; + (let open Tactics.MachineInts in transform norm_machine_int_term); + norm [ + iota; + primops; + zeta_full; + delta_namespace ["FStar"; "BitVec"]; + unascribe + ]; + dump' "Goal:"; + smt_sync ())))) + in result let deserialize_5_ (bytes: t_Slice u8) = @@ -293,7 +303,6 @@ let deserialize_5_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 11l coefficients - let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15l vector @@ -308,53 +317,58 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_intrinsics.Avx2_extract.mm_packs_epi16 low_msbs high_msbs in let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in - let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); - let result: t_Array u8 (sz 2) = Rust_primitives.Hax.array_of_list 2 list in - let bv = bit_vec_of_int_t_array result 8 in - assert (forall (i: nat {i < 16}). bv i == vector (i * 16)) by ( - let open FStar.Tactics in - let open Tactics.Utils in - prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> - let light_norm () = - // get rid of indirections (array_of_list, funext, casts, etc.) - norm [ iota; primops - ; delta_only [ - `%cast; `%cast_tc_integers - ; `%bit_vec_of_int_t_array - ; `%Rust_primitives.Hax.array_of_list - ; `%FunctionalExtensionality.on - ; `%bits;`%Lib.IntTypes.bits - ] - ] in - light_norm (); - // normalize List.index / Seq.index when we have literals - Tactics.Seq.norm_index (); - // here, we need to take care of (1) the cast and (2) the shift - // (introduced in `list`) and (3) bv<->i16 indirection - // introduced by `bit_vec_to_int_t`. Thus, we repeat the tactic - // three times. It's basically the same thing. - let _ = repeatn 3 (fun _ -> - // Try to rewrite any subterm using the following three lemmas (corresponding to (1) (3) and (2)) - l_to_r[`BitVec.Utils.rw_get_bit_cast; `bit_vec_to_int_t_lemma; `BitVec.Utils.rw_get_bit_shr]; - // get rid of useless indirections - light_norm (); - // after using those lemmas, more mk_int and v appears, let's get rid of those - Tactics.MachineInts.(transform norm_machine_int_term); - // Special treatment for case (3) - norm [primops; iota; zeta_full; delta_only [ - `%BitVec.Intrinsics.mm_movemask_epi8; - ]] - ) in - // Now we normalize away all the FunExt / mk_bv terms - norm [primops; iota; zeta_full; delta_namespace ["BitVec"; "FStar"]]; - // Ask the SMT to solve now - // dump' "Goal:"; - smt_sync (); - // dump' "Success"; - smt () - )) - ); + let result:t_Array u8 (sz 2) = + let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 2); + Rust_primitives.Hax.array_of_list 2 list + in + let _:Prims.unit = + let bv = bit_vec_of_int_t_array result 8 in + FStar.Tactics.Effect.assert_by_tactic (forall (i: nat{i < 16}). bv i == vector (i * 16)) + (fun _ -> + (); + (let open FStar.Tactics in + let open Tactics.Utils in + prove_forall_nat_pointwise (print_time "SMT query succeeded in " + (fun _ -> + let light_norm () = + norm [ + iota; + primops; + delta_only [ + `%cast; + `%cast_tc_integers; + `%bit_vec_of_int_t_array; + `%Rust_primitives.Hax.array_of_list; + `%FunctionalExtensionality.on; + `%bits; + `%Lib.IntTypes.bits + ] + ] + in + light_norm (); + Tactics.Seq.norm_index (); + let _ = + repeatn 3 + (fun _ -> + l_to_r [ + `BitVec.Utils.rw_get_bit_cast; + `bit_vec_to_int_t_lemma; + `BitVec.Utils.rw_get_bit_shr + ]; + light_norm (); + (let open Tactics.MachineInts in transform norm_machine_int_term); + norm [ + primops; + iota; + zeta_full; + delta_only [`%BitVec.Intrinsics.mm_movemask_epi8] + ]) + in + norm [primops; iota; zeta_full; delta_namespace ["BitVec"; "FStar"]]; + smt_sync (); + smt ())))) + in result let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = @@ -600,95 +614,6 @@ let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 10)) Core.Array.t_TryFromSliceError) -let dummy_lemma n f: Lemma (BitVec.Intrinsics.forall_bool #n f == true) = admit () - -let suppose_false (scrut: bool) (arm_true arm_false: bit) - : Lemma - (requires not scrut) - (ensures (match scrut with true -> arm_true | false -> arm_false) == arm_false) - = () - -#push-options "--print_implicits" -let serialize_4__ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in - let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < i % 16 < 4 || vector i = 0)); - assert (forall (i: nat {i < 64}). - combined i == vector ((i / 4) * 16 + i % 4) - ) by ( - let open FStar.Tactics in - let open Tactics.Utils in - // unfold wrappers - norm [primops; iota; zeta; delta_namespace [ - `%BitVec.Intrinsics.mm256_shuffle_epi8; - `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; - `%BitVec.Intrinsics.mm256_madd_epi16; - `%BitVec.Intrinsics.mm256_castsi256_si128; - "BitVec.Utils"; - ]]; - prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> - let reduce t = - norm [primops; iota; zeta_full; delta_namespace [ - "FStar.FunctionalExtensionality"; - t; - `%BitVec.Utils.mk_bv; - `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) - ]]; - norm [primops; iota; zeta_full; delta_namespace [ - "FStar.List.Tot"; `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) - ]] - in - reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); - reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); - reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); - grewrite (quote (BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) (`true); - flip (); smt (); - reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); - trivial () - )) - ); - combined - // let serialized:t_Array u8 (sz 16) = - // Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized combined - // in - // Core.Result.impl__unwrap #(t_Array u8 (sz 8)) - // #Core.Array.t_TryFromSliceError - // (Core.Convert.f_try_into #(t_Slice u8) - // #(t_Array u8 (sz 8)) - // #FStar.Tactics.Typeclasses.solve - // (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 8 } - // <: - // Core.Ops.Range.t_Range usize ] - // <: - // t_Slice u8) - // <: - // Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) - - let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -716,6 +641,69 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 combined in + let _:Prims.unit = + FStar.Tactics.Effect.assert_by_tactic (forall (i: nat{i < 64}). + combined i == vector ((i / 4) * 16 + i % 4)) + (fun _ -> + (); + (let open FStar.Tactics in + let open Tactics.Utils in + norm [ + primops; + iota; + zeta; + delta_namespace [ + `%BitVec.Intrinsics.mm256_shuffle_epi8; + `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; + `%BitVec.Intrinsics.mm256_madd_epi16; + `%BitVec.Intrinsics.mm256_castsi256_si128; + "BitVec.Utils" + ] + ]; + prove_forall_nat_pointwise (print_time "SMT query succeeded in " + (fun _ -> + let reduce t = + norm [ + primops; + iota; + zeta_full; + delta_namespace [ + "FStar.FunctionalExtensionality"; + t; + `%BitVec.Utils.mk_bv; + `%( + ); + `%op_Subtraction; + `%( / ); + `%( * ); + `%( % ) + ] + ]; + norm [ + primops; + iota; + zeta_full; + delta_namespace [ + "FStar.List.Tot"; + `%( + ); + `%op_Subtraction; + `%( / ); + `%( * ); + `%( % ) + ] + ] + in + reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); + reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); + grewrite (quote + (BitVec.Intrinsics.forall_bool #256 + (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) + (`true); + flip (); + smt (); + reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); + trivial ())))) + in let serialized:t_Array u8 (sz 16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized combined in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 259bbee63..2b90d7374 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -19,7 +19,9 @@ val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val deserialize_4_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) + (fun _ -> Prims.l_True) val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -37,7 +39,9 @@ val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 8)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 8)) + (requires BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || vector i = 0)) + (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index eed6ec9d6..b676b472e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -244,6 +244,127 @@ let serialize_5_int (v: t_Slice i16) = in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_5_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; + r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; + r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); + Rust_primitives.Hax.array_of_list 22 list + +let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_4_:(u8 & u8 & u8 & u8 & u8) = + serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r5_9_:(u8 & u8 & u8 & u8 & u8) = + serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); + Rust_primitives.Hax.array_of_list 10 list + let deserialize_1_ (v: t_Slice u8) = let result0:i16 = cast ((v.[ sz 0 ] <: u8) &. 1uy <: u8) <: i16 in let result1:i16 = cast (((v.[ sz 0 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in @@ -348,36 +469,6 @@ let deserialize_10_lemma inputs = #pop-options -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -522,36 +613,6 @@ let deserialize_4_lemma inputs = #pop-options -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. @@ -742,37 +803,6 @@ let serialize_10_lemma inputs = #pop-options -let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; - r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; - r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); - Rust_primitives.Hax.array_of_list 22 list - let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -943,33 +973,3 @@ let serialize_4_lemma inputs = (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 4)) #pop-options - -let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_4_:(u8 & u8 & u8 & u8 & u8) = - serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r5_9_:(u8 & u8 & u8 & u8 & u8) = - serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; - r5_9_._5 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); - Rust_primitives.Hax.array_of_list 10 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 16fd7000e..856f8399d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -53,6 +53,22 @@ val serialize_5_int (v: t_Slice i16) (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 22) + (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 10) + (fun _ -> Prims.l_True) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 v =. sz 2) @@ -69,11 +85,6 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 22) - (fun _ -> Prims.l_True) - val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 24) @@ -90,11 +101,6 @@ val deserialize_4_ (bytes: t_Slice u8) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 10) - (fun _ -> Prims.l_True) - val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) @@ -109,9 +115,6 @@ val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) -val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) @@ -125,6 +128,3 @@ val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) - -val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 1ab0710b5..6800ca944 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 400" +#push-options "--z3rlimit 200" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations From 48b0caaa63d17997d3cb37b5f9cced79efd9c1c3 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 11:33:10 +0200 Subject: [PATCH 296/348] Avx2.Serialize: verified --- libcrux-ml-kem/proofs/fstar/extraction/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index d8a390871..28ef09d36 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,4 +1,5 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst +SLOW_MODULES += Libcrux_ml_kem.Vector.Avx2.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ @@ -8,7 +9,6 @@ ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ - Libcrux_ml_kem.Vector.Avx2.Serialize.fst \ Libcrux_ml_kem.Vector.Portable.Compress.fst \ Libcrux_ml_kem.Vector.Portable.Sampling.fst \ Libcrux_ml_kem.Vector.Portable.Vector_type.fst \ From d16265c8a01d35ce78101bcc7103a9c017d64b63 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 19 Sep 2024 12:17:13 +0200 Subject: [PATCH 297/348] arith --- .../Libcrux_ml_kem.Vector.Portable.fsti | 2 +- .../extraction/Libcrux_ml_kem.Vector.Traits.fst | 16 +++++++++------- .../extraction/Libcrux_ml_kem.Vector.Traits.fsti | 8 +++++++- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 12 ++++++++++-- libcrux-ml-kem/src/vector/portable.rs | 2 +- libcrux-ml-kem/src/vector/traits.rs | 8 ++++++-- 6 files changed, 34 insertions(+), 14 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 6800ca944..d7a0d3f21 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 200" +#push-options "--admit_smt_queries true" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index fa3af71db..1c6967d6d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -32,13 +32,7 @@ let decompress_1_ Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in - let res:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s in - let _:Prims.unit = - assert (forall i. - Seq.index (i1._super_8706949974463268012.f_repr res) i == 0s \/ - Seq.index (i1._super_8706949974463268012.f_repr res) i == 1665s) - in - res + f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s #pop-options @@ -59,6 +53,10 @@ let to_standard_domain v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS +#push-options "--z3rlimit 100" + +#push-options "--admit_smt_queries true" + let to_unsigned_representative (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) @@ -69,3 +67,7 @@ let to_unsigned_representative f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in f_add #v_T #FStar.Tactics.Typeclasses.solve a fm + +#pop-options + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 9e1d121d7..222c69504 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -422,4 +422,10 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) : Prims.Pure v_T (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:v_T = result in + forall i. + (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in + (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index cb1f38eb1..bfa2fcd9a 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -214,9 +214,11 @@ let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2} Lemma (v @% p == v) = let m = v % p in if v < 0 then ( - Math.Lemmas.modulo_lemma (v+p) p; - assert ((v + p) % p == v % p); Math.Lemmas.lemma_mod_plus v 1 p; + assert ((v + p) % p == v % p); + assert (v + p >= 0); + assert (v + p < p); + Math.Lemmas.modulo_lemma (v+p) p; assert (m == v + p); assert (m >= p/2); assert (v @% p == m - p); @@ -460,3 +462,9 @@ let lemma_cond_sub x: [SMTPat (cond_sub x)] = admit() + +let lemma_shift_right_15_i16 (x:i16): + Lemma (if v x >= 0 then (x >>! 15l) == 0s else (x >>! 15l) == -1s) = + Rust_primitives.Integers.mk_int_v_lemma #i16_inttype 0s; + Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (-1s); + () diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 65c12806c..6f9ca5d53 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -22,7 +22,7 @@ impl crate::vector::traits::Repr for PortableVector { } } -#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 200""#)] +#[hax_lib::fstar::before(interface, r#"#push-options "--admit_smt_queries true""#)] #[hax_lib::fstar::after(interface, r#"#pop-options"#)] #[hax_lib::attributes] impl Operations for PortableVector { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 6b9aa17f5..32effc445 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -212,7 +212,13 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] +#[hax_lib::ensures(|result| fstar!("forall i. + (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in + (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); let fm = T::bitwise_and_with_constant(t, FIELD_MODULUS); @@ -236,8 +242,6 @@ pub fn decompress_1(vec: T) -> T { Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); let res = T::bitwise_and_with_constant(s, 1665); - hax_lib::fstar!("assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr ${res}) i == 0s \\/ - Seq.index (i1._super_8706949974463268012.f_repr ${res}) i == 1665s)"); res } From 2f27e118b652d3afc053d7249ef30637f4dce816 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 19 Sep 2024 12:35:37 +0200 Subject: [PATCH 298/348] spec --- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index dabcb0f5c..0fba37313 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -1,5 +1,5 @@ module Spec.MLKEM.Math -#set-options "--fuel 0 --ifuel 1 --z3rlimit 30" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 80" open FStar.Mul open Core @@ -94,6 +94,7 @@ let poly_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let a = field_add a t in (a,b) +#push-options "--split_queries always" let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (128 / len) - 1 in @@ -103,6 +104,7 @@ let poly_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in let (a_ntt, b_ntt) = poly_ntt_step p.[sz idx0] p.[sz idx1] (round + k) in if idx < len then a_ntt else b_ntt) +#pop-options val poly_ntt: polynomial -> polynomial let poly_ntt p = From aaee0796430a5157cce3854346ebe32e3e039fce Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 13:11:16 +0200 Subject: [PATCH 299/348] fix specs --- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 7af93a429..e011d3f5f 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -208,10 +208,10 @@ val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : is_i16b (b1 + b2) (n1 +! n2))) let lemma_add_i16b (b1 b2:nat) (n1 n2:i16) = () - -#push-options "--z3rlimit 250" -let lemma_range_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): - Lemma (v @% p == v) = () +#push-options "--z3rlimit 50" +let lemma_range_at_percent (v:int) (p:int{p>0 /\ p%2=0 /\ v < p/2 /\ v >= -p / 2}): + Lemma (v @% p == v) = + if v % p >= p/2 then () else () #pop-options val lemma_sub_i16b (b1 b2:nat) (n1 n2:i16) : @@ -235,9 +235,9 @@ let mont_red_i32 (x:i32) : i16 = let vhigh = cast (x >>! 16l) <: i16 in vhigh -. k_times_modulus -#push-options "--z3rlimit 250" +#push-options "--z3rlimit 550" let lemma_at_percent_mod (v:int) (p:int{p>0/\ p%2=0}): - Lemma ((v @% p) % p == v % p) = () + Lemma ((v @% p) % p == v % p) = if v % p >= p/2 then () else () #pop-options let lemma_div_at_percent (v:int) (p:int{p>0/\ p%2=0 /\ (v/p) < p/2 /\ (v/p) >= -p / 2}): From f77fcb1a7e1f39914193637c3b1a0144e022e4ad Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 19 Sep 2024 14:04:56 +0200 Subject: [PATCH 300/348] fix specs --- libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index dabcb0f5c..2da9b3af4 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -121,6 +121,7 @@ let poly_inv_ntt_step (a:field_element) (b:field_element) (i:nat{i < 128}) = let b = field_mul b_minus_a zetas.[sz i] in (a,b) +#push-options "--z3rlimit 150" let poly_inv_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let len = pow2 l in let k = (256 / len) - 1 in @@ -130,6 +131,7 @@ let poly_inv_ntt_layer (p:polynomial) (l:nat{l > 0 /\ l < 8}) : polynomial = let (idx0, idx1) = if idx < len then (idx, idx+len) else (idx-len,idx) in let (a_ntt, b_ntt) = poly_inv_ntt_step p.[sz idx0] p.[sz idx1] (k - round) in if idx < len then a_ntt else b_ntt) +#pop-options val poly_inv_ntt: polynomial -> polynomial let poly_inv_ntt p = From 09cde639253d41f1d79790d7fd88084cc0fb60a7 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 21 Sep 2024 08:37:45 +0000 Subject: [PATCH 301/348] Update Libcrux_ml_kem.Ind_cpa --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 40 +++++++++++++++++-- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 10 ++++- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 7aff6f7ed..daba9dd3b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -197,7 +197,32 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--z3rlimit 200" +val compress_then_serialize_ring_element_u1 + (v_COMPRESSION_FACTOR v_OUT_LEN: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires True) + (fun _ -> Prims.l_True) + +let compress_then_serialize_ring_element_u1 = admit() + +val compress_then_serialize_u_helper (i v_K v_OUT_LEN v_BLOCK_LEN: usize) : + Lemma (requires (Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v i < v v_K)) + (ensures (v (v_OUT_LEN /! v_K) == v ((i +! sz 1) *! (v_OUT_LEN /! v_K)) - v (i *! (v_OUT_LEN /! v_K)) /\ + v (v_OUT_LEN /! v_K) == v v_BLOCK_LEN /\ + v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN /\ + v i * (v v_OUT_LEN / v v_K) + (v v_OUT_LEN / v v_K) <= v v_OUT_LEN)) + +let compress_then_serialize_u_helper i v_K v_OUT_LEN v_BLOCK_LEN = + assert (v (v_OUT_LEN /! v_K) == v ((i +! sz 1) *! (v_OUT_LEN /! v_K)) - v (i *! (v_OUT_LEN /! v_K))); + assert (v (v_OUT_LEN /! v_K) == v v_BLOCK_LEN); + assert (v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN); + assert (v i * (v v_OUT_LEN / v v_K) + (v v_OUT_LEN / v v_K) <= v v_OUT_LEN) + +#push-options "--max_fuel 1 --max_ifuel 1 --z3rlimit 2000" let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) @@ -208,6 +233,8 @@ let compress_then_serialize_u (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (out: t_Slice u8) = + //assume (forall (i:nat). i < v v_K ==> (forall (j:nat). j < 16 ==> (forall (k:nat). k < 16 ==> + // v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Seq.index input i).f_coefficients.[sz j]) k) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))); let _:Prims.unit = assert ((v Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT * v v_COMPRESSION_FACTOR) / 8 == 320 \/ @@ -219,13 +246,20 @@ let compress_then_serialize_u (fun out i -> let out:t_Slice u8 = out in let i:usize = i in - (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN <: bool) + v i >= 0 /\ v i <= v v_K /\ + v (Core.Slice.impl__len #u8 out <: usize) == v v_OUT_LEN) out (fun out temp_1_ -> let out:t_Slice u8 = out in let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = temp_1_ in + assert (v i >= 0 /\ v i < v v_K); + assert (v (v_OUT_LEN /! v_K) == v v_OUT_LEN / v v_K); + assert (v (i *! (v_OUT_LEN /! v_K <: usize)) == v i * v (v_OUT_LEN /! v_K)); + assert (v (i +! sz 1) == v i + 1); + assert (v ((i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize)) == v (i +! sz 1) * v (v_OUT_LEN /! v_K)); + compress_then_serialize_u_helper i v_K v_OUT_LEN v_BLOCK_LEN; let out:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ @@ -247,7 +281,7 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR + (compress_then_serialize_ring_element_u1 v_COMPRESSION_FACTOR v_BLOCK_LEN #v_Vector re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index edacb43f3..37373dc6b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -50,6 +50,13 @@ val sample_vector_cbd_then_ntt (Seq.slice prf_input 0 32) (sz (v domain_separator))) +let compress_then_serialize_u_helper_f (v_K: usize) (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = + forall (i:nat). i < v v_K ==> (let re = Seq.index input i in forall (j:nat). j < 256 ==> + (let coef:t_Array i16 (sz 16) = Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Seq.index re.f_coefficients (j / 16)) in + v (Seq.index coef (j % 16)) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + /// Call [`compress_then_serialize_ring_element_u`] on each ring element. val compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) @@ -61,7 +68,8 @@ val compress_then_serialize_u (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ Core.Slice.impl__len #u8 out == v_OUT_LEN) + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ Core.Slice.impl__len #u8 out == v_OUT_LEN /\ + compress_then_serialize_u_helper_f v_K #v_Vector input) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in From 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 22 Sep 2024 11:49:02 +0000 Subject: [PATCH 302/348] c code refresh --- libcrux-intrinsics/src/avx2_extract.rs | 3 - libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/eurydice_glue.h | 18 - libcrux-ml-kem/c/internal/libcrux_core.h | 414 +- .../c/internal/libcrux_mlkem_avx2.h | 360 +- .../c/internal/libcrux_mlkem_portable.h | 366 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 20 +- .../c/internal/libcrux_sha3_internal.h | 220 +- libcrux-ml-kem/c/libcrux_core.c | 482 +- libcrux-ml-kem/c/libcrux_core.h | 21 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 255 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 61 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 265 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 61 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 249 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 259 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 12 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 249 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 255 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 59 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6284 +++------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 332 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 6291 +++-------------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 45 +- libcrux-ml-kem/c/libcrux_sha3.h | 36 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 278 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 25 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 1269 +--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 45 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 34 +- libcrux-ml-kem/cg/code_gen.txt | 12 +- libcrux-ml-kem/cg/eurydice_glue.h | 16 +- libcrux-ml-kem/cg/libcrux_core.h | 286 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 12 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 3583 ++-------- .../cg/libcrux_mlkem768_avx2_types.h | 74 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 3592 ++-------- .../cg/libcrux_mlkem768_portable_types.h | 80 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 284 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 1595 +---- 45 files changed, 3102 insertions(+), 24907 deletions(-) diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index a9b5ba350..fa918ef6c 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -214,7 +214,6 @@ pub fn mm_add_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { unimplemented!() } - #[hax_lib::ensures(|result| fstar!("vec128_as_i16x8 $result == Spec.Utils.map2 (-.) (vec128_as_i16x8 $lhs) (vec128_as_i16x8 $rhs)"))] pub fn mm_sub_epi16(lhs: Vec128, rhs: Vec128) -> Vec128 { @@ -255,7 +254,6 @@ pub fn mm256_sub_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { unimplemented!() } - #[hax_lib::fstar::replace( interface, "unfold let ${mm256_mullo_epi16} = BitVec.Intrinsics.mm256_mullo_epi16 @@ -471,7 +469,6 @@ pub fn mm256_blend_epi16(lhs: Vec256, rhs: Vec256) -> Vec256 unimplemented!() } - #[inline(always)] pub fn mm256_blend_epi32(lhs: Vec256, rhs: Vec256) -> Vec256 { debug_assert!(CONTROL >= 0 && CONTROL < 256); diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 60908f570..3f94b9400 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 539638ba0fdf7f97157cccd2ebab181a432d0c80 +Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index ad026b9e1..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,13 +18,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) -#define EURYDICE_ASSERT(test, msg) \ - do { \ - if (!(test)) { \ - fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ - __FILE__, __LINE__); \ - } \ - } while (0) // SLICES, ARRAYS, ETC. @@ -137,10 +130,6 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } -static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { - store32_le(dst, src); -} - static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -148,7 +137,6 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -200,9 +188,6 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } -static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { - return x < y ? x : y; -} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -225,9 +210,6 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next - // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index dac1e8851..f8f5af4ba 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_core_H @@ -70,414 +62,197 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPublicKey)#13} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_07 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_c61( uint8_t value[1568U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( -======= -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( ->>>>>>> main +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_8d1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 -with const generics -- SIZE= 3168 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_721( uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( - uint8_t value[1568U]); - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1568 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1568 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1600 -*/ -void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, - uint8_t ret[1600U]); - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_07 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1184 -*/ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_c60( uint8_t value[1184U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( -======= -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( ->>>>>>> main +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_8d0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -with const generics -- SIZE= 2400 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_88 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_720( uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1088 -*/ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( - uint8_t value[1088U]); - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1184 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1088 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1120 -*/ -void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, - uint8_t ret[1120U]); - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -with const generics -- SIZE= 800 -*/ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_40 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_c6( uint8_t value[800U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( ->>>>>>> main +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_8d( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 -with const generics -- SIZE= 1632 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_72( uint8_t value[1632U]); /** - A reference to the raw byte slice. +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_121( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc1( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -======= -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_fc1( uint8_t value[1088U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( - uint8_t value[768U]); - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 800 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( - libcrux_ml_kem_types_MlKemPublicKey_be *self); - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -======= -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_471( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** Pad the `slice` with `0`s at the end. */ /** ->>>>>>> main A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, - uint8_t ret[33U]); -======= void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, uint8_t ret[1120U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_120( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc0( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_fc0( uint8_t value[768U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_470( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -492,19 +267,15 @@ void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, uint8_t ret[800U]); /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_12( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( libcrux_ml_kem_types_MlKemPublicKey_1f *self); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -520,19 +291,14 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); -======= -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); ->>>>>>> main /** Pad the `slice` with `0`s at the end. @@ -542,37 +308,20 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, - uint8_t ret[34U]); - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -======= void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, uint8_t ret[34U]); /** This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -<<<<<<< HEAD -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -======= -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_fc( uint8_t value[1568U]); ->>>>>>> main /** Pad the `slice` with `0`s at the end. @@ -582,25 +331,19 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, - uint8_t ret[800U]); - -/** -======= void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[33U]); /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** @@ -615,7 +358,6 @@ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, uint8_t ret[1600U]); /** ->>>>>>> main Pad the `slice` with `0`s at the end. */ /** @@ -623,11 +365,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, -======= void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, ->>>>>>> main uint8_t ret[64U]); /** @@ -644,19 +382,14 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); -======= -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -672,19 +405,14 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); -======= -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -700,19 +428,14 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); -======= -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); ->>>>>>> main /** A monomorphic instance of core.result.Result @@ -728,19 +451,14 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); -======= -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); ->>>>>>> main typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index c87be8b5e..f147d9e53 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,13 +33,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -56,36 +41,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key); - -/** - Validate an ML-KEM private key. ->>>>>>> main +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -94,18 +51,10 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -120,33 +69,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -167,43 +90,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( ->>>>>>> main +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -225,21 +116,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e21( -======= -void libcrux_ml_kem_ind_cca_decapsulate_971( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -248,36 +128,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -286,18 +138,10 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -312,33 +156,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -359,43 +177,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( ->>>>>>> main +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -417,21 +203,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e20( -======= -void libcrux_ml_kem_ind_cca_decapsulate_970( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -440,36 +215,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -478,18 +225,10 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -503,39 +242,10 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( - uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]); - -/** -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( uint8_t randomness[64U]); /** ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -554,43 +264,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( ->>>>>>> main +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem @@ -612,11 +290,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e2( -======= -void libcrux_ml_kem_ind_cca_decapsulate_97( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 60718100b..d42bef246 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,13 +38,6 @@ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0; -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -61,37 +46,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); - -/** - Validate an ML-KEM private key. ->>>>>>> main +bool libcrux_ml_kem_ind_cca_validate_public_key_3c1(uint8_t *public_key); - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -100,18 +56,10 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_0f( +bool libcrux_ml_kem_ind_cca_validate_private_key_53( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -126,34 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -174,44 +95,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( ->>>>>>> main +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], @@ -233,21 +121,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_161( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a1( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_551( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -256,37 +133,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key); - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3c0(uint8_t *public_key); -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -295,18 +143,10 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_3d( +bool libcrux_ml_kem_ind_cca_validate_private_key_24( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -321,34 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -369,44 +182,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( ->>>>>>> main +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]], @@ -428,21 +208,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_160( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a0( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_550( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -451,37 +220,8 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3c(uint8_t *public_key); -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( - uint8_t randomness[64U]); -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); - -/** - Validate an ML-KEM private key. ->>>>>>> main - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -490,18 +230,10 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_46( +bool libcrux_ml_kem_ind_cca_validate_private_key_9e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -516,34 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]); - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]); -======= -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]); ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -564,44 +269,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( ->>>>>>> main +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]], @@ -623,11 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_16( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_55( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 8c48ddb47..689e36ba6 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_sha3_avx2_H @@ -39,11 +31,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -void libcrux_sha3_generic_keccak_absorb_final_80( -======= void libcrux_sha3_generic_keccak_absorb_final_7f( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -56,11 +44,7 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( -======= void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index bc019cd89..07b17390c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __internal_libcrux_sha3_internal_H @@ -37,11 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -51,23 +39,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f3(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_40(s, buf); } -/** - Squeeze another block -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks with types uint64_t @@ -76,11 +50,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( -======= libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -88,24 +58,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); ->>>>>>> main } /** @@ -115,8 +76,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); } /** @@ -126,10 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, buf); } #define libcrux_sha3_Sha224 0 @@ -192,11 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -204,46 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_87(s, o4); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o3); libcrux_sha3_generic_keccak_squeeze_next_block_c2(s, o4); ->>>>>>> main } /** @@ -253,11 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); ->>>>>>> main } /** @@ -267,11 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f30(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_400(s, buf); ->>>>>>> main } /** @@ -279,11 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -293,11 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); ->>>>>>> main } /** @@ -307,9 +227,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); } @@ -341,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -375,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -392,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -445,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -462,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -491,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -505,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -523,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -570,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -579,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -733,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -764,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -795,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -829,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -846,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -899,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -916,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -942,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -956,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -974,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -1018,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -1027,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1213,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1241,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -1288,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1325,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1360,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -1407,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1444,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1479,8 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e623c5fce..036632ec8 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_core.h" @@ -92,25 +84,14 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPublicKey)#13} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_07 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_07_a91( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_c61( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -120,24 +101,17 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_40_601( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_64_b11( -======= -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( ->>>>>>> main +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_8d1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -146,25 +120,14 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_8b1( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_e7_f11( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 -with const generics -- SIZE= 3168 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_721( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -176,90 +139,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_88_2d1( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1568 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_15_e91( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1568 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae1( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { - return self->value; -} - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1568 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); -} - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1600 -*/ -void libcrux_ml_kem_utils_into_padded_array_174(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); -} - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -with const generics -- SIZE= 1184 -*/ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_07_a90( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_c60( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -269,24 +156,17 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_40_600( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_64_b10( -======= -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( ->>>>>>> main +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_8d0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -295,25 +175,14 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_8b0( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -with const generics -- SIZE= 2400 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_e7_f10( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_88 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_720( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -325,90 +194,14 @@ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_88_2d0( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_15 -with const generics -- SIZE= 1088 -*/ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_15_e90( - uint8_t value[1088U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 1184 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae0( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { - return self->value; -} - -/** -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1088 -*/ -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); -} - -/** - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 1120 -*/ -void libcrux_ml_kem_utils_into_padded_array_173(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); -} - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -with const generics -- SIZE= 800 -*/ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_07_a9( -======= -libcrux_ml_kem::types::MlKemPublicKey)#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_40 +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( ->>>>>>> main +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_c6( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -418,24 +211,17 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_40_60( return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_64_b1( -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( ->>>>>>> main +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_8d( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -443,25 +229,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_8b( /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -with const generics -- SIZE= 1632 -*/ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_e7_f1( -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_88 +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( ->>>>>>> main +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_72( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -472,77 +247,47 @@ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_88_2d( } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_121( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc1( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -======= -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_15_e9( - uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); -======= -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_fc_361( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_fc1( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main return lit; } /** -<<<<<<< HEAD -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 -with const generics -- SIZE= 800 -*/ -uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( -======= This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_471( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -567,50 +312,28 @@ void libcrux_ml_kem_utils_into_padded_array_425(Eurydice_slice slice, } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_120( ->>>>>>> main +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc0( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } /** -<<<<<<< HEAD - Pad the `slice` with `0`s at the end. -*/ -/** -A monomorphic instance of libcrux_ml_kem.utils.into_padded_array -with const generics -- LEN= 33 -*/ -void libcrux_ml_kem_utils_into_padded_array_172(Eurydice_slice slice, - uint8_t ret[33U]) { - uint8_t out[33U] = {0U}; - uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); - memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); -======= This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_fc0( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -618,19 +341,18 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_fc_360( libcrux_ml_kem_types_MlKemCiphertext_e8 lit; memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; ->>>>>>> main } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_470( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -655,35 +377,27 @@ void libcrux_ml_kem_utils_into_padded_array_424(Eurydice_slice slice, } /** - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_ba_12( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { -======= -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -703,11 +417,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_171(Eurydice_slice slice, -======= void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, ->>>>>>> main uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -719,28 +429,15 @@ void libcrux_ml_kem_utils_into_padded_array_422(Eurydice_slice slice, } /** -<<<<<<< HEAD -This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -======= This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -<<<<<<< HEAD -Eurydice_slice libcrux_ml_kem_types_as_ref_ba_ff( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); -======= -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_fc( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -748,7 +445,6 @@ libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_fc_36( libcrux_ml_kem_types_MlKemCiphertext_1f lit; memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; ->>>>>>> main } /** @@ -759,39 +455,27 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_170(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; -======= void libcrux_ml_kem_utils_into_padded_array_421(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; ->>>>>>> main uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, Eurydice_slice_len(slice, uint8_t), uint8_t), slice, uint8_t); -<<<<<<< HEAD - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); -} - -/** -======= memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } /** This function found in impl {(core::convert::AsRef<@Slice> for -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_fd_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -816,7 +500,6 @@ void libcrux_ml_kem_utils_into_padded_array_420(Eurydice_slice slice, } /** ->>>>>>> main Pad the `slice` with `0`s at the end. */ /** @@ -824,11 +507,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -<<<<<<< HEAD -void libcrux_ml_kem_utils_into_padded_array_17(Eurydice_slice slice, -======= void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, ->>>>>>> main uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -840,19 +519,14 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { -======= -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -865,19 +539,14 @@ void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { -======= -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -890,19 +559,14 @@ void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { -======= -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -915,19 +579,14 @@ void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { -======= -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { ->>>>>>> main if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -940,19 +599,14 @@ void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { -======= -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { ->>>>>>> main if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 129847aa8..38e88f4b5 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_core_H @@ -205,19 +197,14 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); -======= -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); ->>>>>>> main typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 3281d3cff..1e9c333ae 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 44ca164fd..2baeeeeb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -46,77 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -static void decapsulate_010( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e20(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_010(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -static void decapsulate_unpacked_300( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_unpacked_300(private_key, ciphertext, ret); -======= -static void decapsulate_800( +static void decapsulate_1b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_970(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab0(private_key, ciphertext, ret); } /** @@ -129,8 +51,7 @@ static void decapsulate_800( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_800(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_1b0(private_key, ciphertext, ret); } /** @@ -150,22 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_21 encapsulate_d90( -======= -static tuple_21 encapsulate_4d0( ->>>>>>> main +static tuple_21 encapsulate_ac0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_9c0(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); } /** @@ -182,72 +95,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_d90(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_21 encapsulate_unpacked_8b0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_8b0(uu____0, copy_of_randomness); -} - -======= - return encapsulate_4d0(uu____0, copy_of_randomness); + return encapsulate_ac0(uu____0, copy_of_randomness); } -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -259,34 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_500( -======= -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_740( ->>>>>>> main +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_630( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f70(copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_500(copy_of_randomness); -} - -/** - Unpacked API -======= - return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a0(copy_of_randomness); } /** @@ -297,13 +125,9 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_740(copy_of_randomness); + return generate_keypair_630(copy_of_randomness); } -/** - Portable private key validation ->>>>>>> main -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -312,31 +136,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -<<<<<<< HEAD -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_5a0(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( - copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a0(copy_of_randomness); -======= -static KRML_MUSTINLINE bool validate_private_key_2d0( +static KRML_MUSTINLINE bool validate_private_key_550( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d0(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ca0(private_key, ciphertext); } @@ -348,13 +151,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d0( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_2d0(private_key, ciphertext); ->>>>>>> main + return validate_private_key_550(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -363,36 +162,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static bool validate_public_key_ae0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_060(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_060(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_050(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_d30(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_ae0(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_060(public_key->value); ->>>>>>> main + return validate_public_key_d30(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 43b55aa16..f0e9dd8a6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem1024_avx2_H @@ -40,25 +32,9 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** -<<<<<<< HEAD - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 1024 -======= - Encapsulate ML-KEM 1024 - ->>>>>>> main Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,44 +44,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 1024 Key Pair */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -121,7 +65,6 @@ bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 1d5cf6d63..331428cc2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -46,77 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -static void decapsulate_b31( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_161(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_b31(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -static void decapsulate_unpacked_171( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - decapsulate_unpacked_171(private_key, ciphertext, ret); -======= -static void decapsulate_c41( +static void decapsulate_861( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_551(private_key, ciphertext, ret); } /** @@ -129,8 +51,7 @@ static void decapsulate_c41( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_c41(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_861(private_key, ciphertext, ret); } /** @@ -150,22 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_21 encapsulate_cd1( -======= -static tuple_21 encapsulate_591( ->>>>>>> main +static tuple_21 encapsulate_6f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_b11(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_131(uu____0, copy_of_randomness); } /** @@ -182,72 +95,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_cd1(uu____0, copy_of_randomness); -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_21 encapsulate_unpacked_571( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( - uu____0, copy_of_randomness); + return encapsulate_6f1(uu____0, copy_of_randomness); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_571(uu____0, copy_of_randomness); -} - -======= - return encapsulate_591(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -260,17 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_ff1( -======= -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6b1( ->>>>>>> main +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7f1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b21(copy_of_randomness); } /** @@ -281,61 +126,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff1(copy_of_randomness); + return generate_keypair_7f1(copy_of_randomness); } -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_c61(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( - copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c61(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_541(copy_of_randomness); -} - -/** - Generate ML-KEM 1024 Key Pair -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b1(copy_of_randomness); -} - -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -344,12 +137,11 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_7c1( +static KRML_MUSTINLINE bool validate_private_key_1e1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_0f(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_53(private_key, ciphertext); ->>>>>>> main } /** @@ -360,12 +152,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c1( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_7c1(private_key, ciphertext); + return validate_private_key_1e1(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -374,36 +163,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static bool validate_public_key_091(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_821(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_981(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_f91(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3c1(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { - core_option_Option_99 uu____0; - if (validate_public_key_091(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_981(public_key->value); ->>>>>>> main + return validate_public_key_f91(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8421097cc..e525f91c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem1024_portable_H @@ -40,25 +32,9 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); -/** -<<<<<<< HEAD - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); - /** Encapsulate ML-KEM 1024 -======= - Encapsulate ML-KEM 1024 - ->>>>>>> main Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem1024PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,44 +44,12 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ -tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 1024 Key Pair */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_1f public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -121,7 +65,6 @@ bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index abca7cc65..69da40f05 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index eb8d01333..7d6dc8938 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -46,73 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -static void decapsulate_01(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e2(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_01(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -static void decapsulate_unpacked_30( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_30(private_key, ciphertext, ret); -======= -static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_1b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_97(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab(private_key, ciphertext, ret); } /** @@ -125,8 +51,7 @@ static void decapsulate_80(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_80(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_1b(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_ec encapsulate_d9( -======= -static tuple_ec encapsulate_4d( ->>>>>>> main +static tuple_ec encapsulate_ac( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_9c(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_d9(uu____0, copy_of_randomness); + return encapsulate_ac(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_ec encapsulate_unpacked_8b( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_8b(uu____0, copy_of_randomness); -} - -======= - return encapsulate_4d(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -253,17 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_50( -======= -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_74( ->>>>>>> main +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_63( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a(copy_of_randomness); } /** @@ -274,30 +125,9 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_50(copy_of_randomness); + return generate_keypair_63(copy_of_randomness); } -/** - Unpacked API -======= - return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_74(copy_of_randomness); -} - -/** - Portable private key validation ->>>>>>> main -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -306,31 +136,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -<<<<<<< HEAD -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_5a(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( - copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a(copy_of_randomness); -======= -static KRML_MUSTINLINE bool validate_private_key_2d( +static KRML_MUSTINLINE bool validate_private_key_55( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ca(private_key, ciphertext); } @@ -342,13 +151,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_2d(private_key, ciphertext); ->>>>>>> main + return validate_private_key_55(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -357,36 +162,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static bool validate_public_key_ae(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_06(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_05(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_d3(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_ae(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_06(public_key->value); ->>>>>>> main + return validate_public_key_d3(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 77fd6c007..c01cba19e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem512_avx2_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 512 - -======= Encapsulate ML-KEM 512 ->>>>>>> main Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 512 Key Pair */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 364650a08..c6d9cc60a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -46,11 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -static void decapsulate_b30( +static void decapsulate_860( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_160(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_550(private_key, ciphertext, ret); } /** @@ -63,70 +51,7 @@ static void decapsulate_b30( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_b30(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -static void decapsulate_unpacked_170( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_170(private_key, ciphertext, ret); -======= -static void decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a0(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_c40(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_860(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_ec encapsulate_cd0( -======= -static tuple_ec encapsulate_590( ->>>>>>> main +static tuple_ec encapsulate_6f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_b10(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_130(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_cd0(uu____0, copy_of_randomness); + return encapsulate_6f0(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_ec encapsulate_unpacked_570( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_570(uu____0, copy_of_randomness); -} - -======= - return encapsulate_590(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -254,66 +110,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ff0( -======= -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_6b0( ->>>>>>> main - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c0(copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff0(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c60(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( - copy_of_randomness); -} - -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7f0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c60(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b20(copy_of_randomness); } /** @@ -324,12 +126,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b0(copy_of_randomness); + return generate_keypair_7f0(copy_of_randomness); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -338,12 +137,11 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_7c0( +static KRML_MUSTINLINE bool validate_private_key_1e0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3d(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_24(private_key, ciphertext); ->>>>>>> main } /** @@ -354,12 +152,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c0( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_7c0(private_key, ciphertext); + return validate_private_key_1e0(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -368,36 +163,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static bool validate_public_key_090(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_820(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_980(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_f90(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3c0(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key) { - core_option_Option_04 uu____0; - if (validate_public_key_090(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_980(public_key->value); ->>>>>>> main + return validate_public_key_f90(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index f199ea4e8..51eb9d7bf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem512_portable_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 512 - -======= Encapsulate ML-KEM 512 ->>>>>>> main Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 512 Key Pair */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_be public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem512_portable_validate_private_key( */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index ad9864c6b..50ffc92a0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index a6d37295a..15e7950f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -46,73 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static void decapsulate_011( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_e21(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_011(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static void decapsulate_unpacked_301( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_301(private_key, ciphertext, ret); -======= -static void decapsulate_801( +static void decapsulate_1b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_971(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ab1(private_key, ciphertext, ret); } /** @@ -125,8 +51,7 @@ static void decapsulate_801( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_801(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_1b1(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_3c encapsulate_d91( -======= -static tuple_3c encapsulate_4d1( ->>>>>>> main +static tuple_3c encapsulate_ac1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b31(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_9c1(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_c61(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_d91(uu____0, copy_of_randomness); + return encapsulate_ac1(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_3c encapsulate_unpacked_8b1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_8b1(uu____0, copy_of_randomness); -} - -======= - return encapsulate_4d1(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -253,17 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_501( -======= -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_741( ->>>>>>> main +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_631( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f71(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a1(copy_of_randomness); } /** @@ -274,30 +125,9 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_501(copy_of_randomness); + return generate_keypair_631(copy_of_randomness); } -/** - Unpacked API -======= - return libcrux_ml_kem_ind_cca_generate_keypair_511(copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_741(copy_of_randomness); -} - -/** - Portable private key validation ->>>>>>> main -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -306,31 +136,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_5a1(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_5a1(copy_of_randomness); -======= -static KRML_MUSTINLINE bool validate_private_key_2d1( +static KRML_MUSTINLINE bool validate_private_key_551( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_4d1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ca1(private_key, ciphertext); } @@ -342,13 +151,9 @@ static KRML_MUSTINLINE bool validate_private_key_2d1( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_2d1(private_key, ciphertext); ->>>>>>> main + return validate_private_key_551(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -357,36 +162,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static bool validate_public_key_ae1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_061(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_061(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_051(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_d31(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_ae1(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_061(public_key->value); ->>>>>>> main + return validate_public_key_d31(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 72abc0266..d43dc5b54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_avx2_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 768 - -======= Encapsulate ML-KEM 768 ->>>>>>> main Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 515033113..0527bf446 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,28 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -46,11 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static void decapsulate_b3( +static void decapsulate_86( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_16(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_55(private_key, ciphertext, ret); } /** @@ -63,70 +51,7 @@ static void decapsulate_b3( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_b3(private_key, ciphertext, ret); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static void decapsulate_unpacked_17( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_17(private_key, ciphertext, ret); -======= -static void decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6a(private_key, ciphertext, ret); -} - -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c4(private_key, ciphertext, ret); ->>>>>>> main + decapsulate_86(private_key, ciphertext, ret); } /** @@ -146,22 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_3c encapsulate_cd( -======= -static tuple_3c encapsulate_59( ->>>>>>> main +static tuple_3c encapsulate_6f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_b1(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_13(uu____0, copy_of_randomness); } /** @@ -178,70 +95,9 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return encapsulate_cd(uu____0, copy_of_randomness); + return encapsulate_6f(uu____0, copy_of_randomness); } -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static tuple_3c encapsulate_unpacked_57( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_57(uu____0, copy_of_randomness); -} - -======= - return encapsulate_59(uu____0, copy_of_randomness); -} - -/** - Portable generate key pair. -*/ ->>>>>>> main /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -254,62 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_6b( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(copy_of_randomness); -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_c6(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c6(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b2(copy_of_randomness); } /** @@ -320,12 +126,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6b(copy_of_randomness); + return generate_keypair_7f(copy_of_randomness); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -334,12 +137,11 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_7c( +static KRML_MUSTINLINE bool validate_private_key_1e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_46(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_9e(private_key, ciphertext); ->>>>>>> main } /** @@ -350,12 +152,9 @@ static KRML_MUSTINLINE bool validate_private_key_7c( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_7c(private_key, ciphertext); + return validate_private_key_1e(private_key, ciphertext); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -364,36 +163,16 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static bool validate_public_key_09(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); -======= -static KRML_MUSTINLINE bool validate_public_key_98(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); ->>>>>>> main +static KRML_MUSTINLINE bool validate_public_key_f9(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3c(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (validate_public_key_09(public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); - } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); - } - return uu____0; -======= Returns `true` if valid, and `false` otherwise. */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_98(public_key->value); ->>>>>>> main + return validate_public_key_f9(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 991caef3d..c86540cb9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_portable_H @@ -41,24 +33,8 @@ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); /** -<<<<<<< HEAD - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); - -/** - Encapsulate ML-KEM 768 - -======= Encapsulate ML-KEM 768 ->>>>>>> main Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] bytes of `randomness`. @@ -68,42 +44,12 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( uint8_t randomness[32U]); /** -<<<<<<< HEAD - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]); - -/** -======= ->>>>>>> main Generate ML-KEM 768 Key Pair */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); /** -<<<<<<< HEAD - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]); - -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key); -======= Validate a private key. Returns `true` if valid, and `false` otherwise. @@ -119,7 +65,6 @@ bool libcrux_ml_kem_mlkem768_portable_validate_private_key( */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index e54fd7cdc..b3cae06b5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_mlkem_avx2.h" @@ -41,11 +33,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -<<<<<<< HEAD KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) { -======= -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { ->>>>>>> main return mm256_setzero_si256(); } @@ -53,21 +41,12 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) { return libcrux_ml_kem_vector_avx2_vec_zero(); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { -======= -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { ->>>>>>> main return mm256_loadu_si256_i16(array); } @@ -75,7 +54,6 @@ libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); } @@ -88,31 +66,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( int16_t result[16U]; memcpy(result, output, (size_t)16U * sizeof(int16_t)); memcpy(ret, result, (size_t)16U * sizeof(int16_t)); -======= -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, - int16_t ret[16U]) { - int16_t output[16U] = {0U}; - mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), - v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); -======= -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); ->>>>>>> main } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, @@ -124,11 +85,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs) { -======= -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } @@ -141,60 +98,38 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs) { -======= -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = mm256_set1_epi16(constant); return mm256_mullo_epi16(vector, cv); -======= - return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); -======= -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); ->>>>>>> main } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = mm256_set1_epi16(constant); return mm256_and_si256(vector, cv); -======= - return mm256_and_si256(vector, mm256_set1_epi16(constant)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); @@ -216,11 +151,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector) { -======= -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -230,19 +161,11 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { */ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { -<<<<<<< HEAD __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); -======= - __m256i t = mm256_mulhi_epi16( - vector, mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); - __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); ->>>>>>> main __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); return mm256_sub_epi16(vector, quotient_times_field_modulus); @@ -252,39 +175,24 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector) { -======= -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i vec_constant = mm256_set1_epi16(constant); __m256i value_low = mm256_mullo_epi16(vector, vec_constant); -======= - __m256i constant0 = mm256_set1_epi16(constant); - __m256i value_low = mm256_mullo_epi16(vector, constant0); ->>>>>>> main __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); __m256i value_high = mm256_mulhi_epi16(vector, vec_constant); -======= - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(vector, constant0); ->>>>>>> main return mm256_sub_epi16(value_high, k_times_modulus); } @@ -292,11 +200,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); @@ -321,11 +225,7 @@ libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) { -======= -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } @@ -342,28 +242,17 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( -<<<<<<< HEAD __m256i vec, __m256i constants) { __m256i value_low = mm256_mullo_epi16(vec, constants); -======= - __m256i v, __m256i c) { - __m256i value_low = mm256_mullo_epi16(v, c); ->>>>>>> main __m256i k = mm256_mullo_epi16( value_low, mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = mm256_mulhi_epi16(k, modulus); __m256i value_high = mm256_mulhi_epi16(vec, constants); -======= - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(v, c); ->>>>>>> main return mm256_sub_epi16(value_high, k_times_modulus); } @@ -385,11 +274,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, @@ -415,11 +300,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); @@ -427,27 +308,16 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( -<<<<<<< HEAD __m128i vec, __m128i constants) { __m128i value_low = mm_mullo_epi16(vec, constants); -======= - __m128i v, __m128i c) { - __m128i value_low = mm_mullo_epi16(v, c); ->>>>>>> main __m128i k = mm_mullo_epi16( value_low, mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m128i modulus = mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m128i k_times_modulus = mm_mulhi_epi16(k, modulus); __m128i value_high = mm_mulhi_epi16(vec, constants); -======= - __m128i k_times_modulus = mm_mulhi_epi16( - k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = mm_mulhi_epi16(v, c); ->>>>>>> main return mm_sub_epi16(value_high, k_times_modulus); } @@ -469,11 +339,7 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, ->>>>>>> main int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } @@ -503,11 +369,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, @@ -539,11 +401,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, @@ -568,35 +426,21 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, ->>>>>>> main int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_MUSTINLINE __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = mm256_mullo_epi16( vec, -======= -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = mm256_mullo_epi16( - v, ->>>>>>> main mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); __m256i k_times_modulus = mm256_mulhi_epi16( k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); -<<<<<<< HEAD __m256i value_high = mm256_srli_epi32((int32_t)16, vec, __m256i); -======= - __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); ->>>>>>> main __m256i result = mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); return mm256_srai_epi32((int32_t)16, result0, __m256i); @@ -663,11 +507,7 @@ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { @@ -682,26 +522,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = mm_movemask_epi8(msbs); -<<<<<<< HEAD ret[0U] = (uint8_t)bits_packed; ret[1U] = (uint8_t)(bits_packed >> 8U); -======= - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); ->>>>>>> main } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, ->>>>>>> main uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } @@ -739,11 +568,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } @@ -778,11 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, ret0); -======= - core_result_unwrap_26_0e(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -790,11 +611,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, ->>>>>>> main uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } @@ -835,11 +652,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } @@ -881,11 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); -<<<<<<< HEAD core_result_unwrap_41_07(dst, ret0); -======= - core_result_unwrap_26_07(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -893,11 +702,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, ->>>>>>> main uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } @@ -948,11 +753,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } @@ -996,11 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); -<<<<<<< HEAD core_result_unwrap_41_ea(dst, ret0); -======= - core_result_unwrap_26_ea(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1008,11 +805,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, ->>>>>>> main uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } @@ -1047,11 +840,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } @@ -1072,11 +861,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, ->>>>>>> main uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } @@ -1095,11 +880,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } @@ -1143,11 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); -<<<<<<< HEAD core_result_unwrap_41_76(dst, ret0); -======= - core_result_unwrap_26_76(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1155,11 +932,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, ->>>>>>> main uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } @@ -1194,11 +967,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes) { -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1256,37 +1025,21 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -<<<<<<< HEAD inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { -======= -inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { ->>>>>>> main return self[0U]; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_1b(void) { -======= -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { ->>>>>>> main +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1307,12 +1060,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_d6_7d(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1320,50 +1067,29 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_to_reduced_ring_element_55(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_to_reduced_ring_element_1b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_to_reduced_ring_element_ec(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); ->>>>>>> main re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_301( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1375,35 +1101,24 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_55(ring_element); -======= - deserialize_to_reduced_ring_element_1b(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_ec(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_661( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_851( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c4(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_3d1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1414,11 +1129,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -<<<<<<< HEAD -static KRML_MUSTINLINE __m256i shift_right_f5(__m256i vector) { -======= -static KRML_MUSTINLINE __m256i shift_right_84(__m256i vector) { ->>>>>>> main +static KRML_MUSTINLINE __m256i shift_right_d1(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1431,13 +1142,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -<<<<<<< HEAD -static __m256i shift_right_09_22(__m256i vector) { - return shift_right_f5(vector); -======= -static __m256i shift_right_ea_fc(__m256i vector) { - return shift_right_84(vector); ->>>>>>> main +static __m256i shift_right_09_bb(__m256i vector) { + return shift_right_d1(vector); } /** @@ -1446,19 +1152,11 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i to_unsigned_representative_4f(__m256i a) { - __m256i t = shift_right_09_22(a); +static __m256i to_unsigned_representative_b5(__m256i a) { + __m256i t = shift_right_09_bb(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); -======= -static __m256i to_unsigned_representative_c0(__m256i a) { - __m256i t = shift_right_ea_fc(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); ->>>>>>> main } /** @@ -1467,21 +1165,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_5c( -======= -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( ->>>>>>> main +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = to_unsigned_representative_4f(re->coefficients[i0]); -======= - __m256i coefficient = to_unsigned_representative_c0(re->coefficients[i0]); ->>>>>>> main + __m256i coefficient = to_unsigned_representative_b5(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1492,9 +1182,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_53( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1502,11 +1189,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_501( -======= -static KRML_MUSTINLINE void serialize_secret_key_5f1( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_721( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1524,20 +1207,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5f1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_5c(&re, ret0); -======= - serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1546,13 +1222,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c21( +static KRML_MUSTINLINE void serialize_public_key_mut_821( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_5f1(t_as_ntt, ret); + serialize_secret_key_721(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1561,9 +1237,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_c21( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1572,41 +1245,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_511( +static KRML_MUSTINLINE void serialize_public_key_391( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_501(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_821(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_021( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_c21(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1615,25 +1263,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_061(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_301( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_051(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_661( ->>>>>>> main + deserialize_ring_elements_reduced_out_851( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - serialize_public_key_511( -======= - serialize_public_key_021( ->>>>>>> main + serialize_public_key_391( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1655,13 +1293,6 @@ static KRML_MUSTINLINE void H_a9_161(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -1670,7 +1301,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d1( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1698,19 +1329,19 @@ typedef struct IndCpaPrivateKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_f6_191(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); - lit.secret_as_ntt[2U] = ZERO_d6_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[2U] = ZERO_20_7d(); return lit; } @@ -1729,33 +1360,33 @@ typedef struct IndCpaPublicKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_85_801(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[0U][2U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); - lit.A[1U][2U] = ZERO_d6_7d(); - lit.A[2U][0U] = ZERO_d6_7d(); - lit.A[2U][1U] = ZERO_d6_7d(); - lit.A[2U][2U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[0U][2U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); + lit.A[1U][2U] = ZERO_20_7d(); + lit.A[2U][0U] = ZERO_20_7d(); + lit.A[2U][1U] = ZERO_20_7d(); + lit.A[2U][2U] = ZERO_20_7d(); return lit; } @@ -1768,11 +1399,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_a9_ab1(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_a9_671(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1786,13 +1413,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static void closure_ba1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1805,7 +1426,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e11( uint8_t ret0[64U]; G_a9_671(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -1815,11 +1435,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_501(uint8_t input[3U][34U]) { -======= -shake128_init_absorb_2a1(uint8_t input[3U][34U]) { ->>>>>>> main +shake128_init_absorb_final_2a1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1841,19 +1457,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_a9_3f1(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_501(copy_of_input); -======= -shake128_init_absorb_a9_1c1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_1c1(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a1(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_2a1(copy_of_input); } /** @@ -1862,11 +1470,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_001( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c1( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1900,15 +1504,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_941( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_001(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_0c1(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_0c1(self, ret); } /** @@ -1959,11 +1557,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_613( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1975,11 +1569,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -2005,11 +1595,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd1( -======= -static KRML_MUSTINLINE void shake128_squeeze_block_4a1( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_next_block_4a1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2043,15 +1629,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_dd1(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_4a1(self, ret); ->>>>>>> main + shake128_squeeze_next_block_4a1(self, ret); } /** @@ -2102,11 +1682,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_614( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -2118,11 +1694,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -2144,39 +1716,22 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -from_i16_array_20_82(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); -======= -from_i16_array_d6_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); ->>>>>>> main +from_i16_array_20_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2( -======= - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( ->>>>>>> main a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; @@ -2188,15 +1743,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a1( - int16_t s[272U]) { - return from_i16_array_20_82( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2206,11 +1755,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_c11( -======= static KRML_MUSTINLINE void sample_from_xof_671( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2219,43 +1764,25 @@ static KRML_MUSTINLINE void sample_from_xof_671( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - shake128_init_absorb_final_a9_3f1(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_941(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_613( -======= - shake128_init_absorb_a9_1c1(copy_of_seeds); + shake128_init_absorb_final_a9_1c1(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_2e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_2e1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_743( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_a9_bf1(&xof_state, randomness); -======= - shake128_squeeze_block_a9_1d1(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_a9_1d1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_614( -======= done = sample_from_uniform_distribution_next_744( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -2264,11 +1791,7 @@ static KRML_MUSTINLINE void sample_from_xof_671( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_8a1(copy_of_out[i]);); -======= ret0[i] = closure_e41(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2280,18 +1803,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_ff1( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_ba1(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_341( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2306,11 +1820,7 @@ static KRML_MUSTINLINE void sample_matrix_A_341( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; -<<<<<<< HEAD - sample_from_xof_c11(copy_of_seeds, sampled); -======= sample_from_xof_671(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2328,16 +1838,6 @@ static KRML_MUSTINLINE void sample_matrix_A_341( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -======= ->>>>>>> main } /** @@ -2346,11 +1846,7 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef2(uint8_t (*input)[33U], -======= static KRML_MUSTINLINE void PRFxN_082(uint8_t (*input)[33U], ->>>>>>> main uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -2388,66 +1884,11 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_412(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_ef2(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_162(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { PRFxN_082(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2455,11 +1896,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_2_6a(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -2493,11 +1930,7 @@ sample_from_binomial_distribution_2_ea(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_82( -======= - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2508,11 +1941,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_3_5f(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -2545,11 +1974,7 @@ sample_from_binomial_distribution_3_3c(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_82( -======= - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2560,13 +1985,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_8e0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_6a(randomness); -======= -sample_from_binomial_distribution_af(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_ea(randomness); ->>>>>>> main +sample_from_binomial_distribution_73(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_80(randomness); } /** @@ -2575,20 +1995,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_7_ea( -======= -static KRML_MUSTINLINE void ntt_at_layer_7_ab( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_7_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; -<<<<<<< HEAD __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09( -======= - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( ->>>>>>> main re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); @@ -2608,13 +2020,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i montgomery_multiply_fe_25(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_a2(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); -======= -static __m256i montgomery_multiply_fe_aa(__m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); ->>>>>>> main } /** @@ -2624,17 +2031,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -ntt_layer_int_vec_step_0a(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_25(b, zeta_r); +ntt_layer_int_vec_step_5d(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_a2(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); -======= -ntt_layer_int_vec_step_c2(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_aa(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); ->>>>>>> main return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2645,11 +2045,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_4_plus_0d( -======= -static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_4_plus_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2662,15 +2058,9 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - ntt_layer_int_vec_step_0a( + ntt_layer_int_vec_step_5d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - ntt_layer_int_vec_step_c2( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2685,11 +2075,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_3_db( -======= -static KRML_MUSTINLINE void ntt_at_layer_3_5f( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_3_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2705,11 +2091,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_2_10( -======= -static KRML_MUSTINLINE void ntt_at_layer_2_c2( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2727,11 +2109,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_1_6e( -======= -static KRML_MUSTINLINE void ntt_at_layer_1_60( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2747,27 +2125,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_60( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void poly_barrett_reduce_20_85( -======= -static KRML_MUSTINLINE void poly_barrett_reduce_d6_2b( ->>>>>>> main +static KRML_MUSTINLINE void poly_barrett_reduce_20_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2783,37 +2149,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_0d( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_ea(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_6e(&zeta_i, re); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_ab(re); + ntt_at_layer_7_64(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_20_09(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2822,17 +2170,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_e41( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_071( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2844,20 +2184,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_a9_412(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); -======= PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af( + re_as_ntt[i0] = sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); return domain_separator; } @@ -2880,92 +2212,43 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_7f1( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee1(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_071(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - tuple_b00 result; + tuple_b0 result; memcpy( result.fst, copy_of_re_as_ntt, -======= - tuple_b0 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -ntt_multiply_20_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_1b(); -======= -ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2983,33 +2266,16 @@ ntt_multiply_d6_f1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_471( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_b81( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -3029,110 +2295,42 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i to_standard_domain_f5(__m256i v) { +static __m256i to_standard_domain_c1(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -static __m256i to_standard_domain_bd(__m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_standard_error_reduce_20_f6( -======= -static KRML_MUSTINLINE void add_standard_error_reduce_d6_a7( ->>>>>>> main +static KRML_MUSTINLINE void add_standard_error_reduce_20_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD - to_standard_domain_f5(self->coefficients[j]); + to_standard_domain_c1(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, -======= - to_standard_domain_bd(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, ->>>>>>> main &error->coefficients[j])); } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_ef1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_1b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_471(&result0[i1], &product); - } - add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_a21( +static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -3146,7 +2344,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a21( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3159,55 +2357,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b81(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3217,47 +2373,20 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_9b0 generate_keypair_unpacked_471( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_ab1(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_811( +static void generate_keypair_unpacked_4a1( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e11(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_ff1(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_341(uu____1, ret, true); uint8_t prf_input[33U]; @@ -3269,280 +2398,73 @@ static void generate_keypair_unpacked_811( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee1(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_071(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_e41(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator) + .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_ef1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_671(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 +- PRIVATE_KEY_SIZE= 1152 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1b();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_3a_33( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_a0 private_key = default_f6_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_85_801(); + generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); + uint8_t public_key_serialized[1184U]; + serialize_public_key_391( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_721(private_key.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return result; } /** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 +- SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void H_a9_311(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_451( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_471(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1c1(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_33(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_511( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_311(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input, domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a21(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); - uint8_t uu____5[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); - memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_471(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_511( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_501(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_2f1( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); - generate_keypair_unpacked_811(key_generation_seed, &private_key, &public_key); - uint8_t public_key_serialized[1184U]; - serialize_public_key_021( - public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5f1(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - libcrux_ml_kem_utils_extraction_helper_Keypair768 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_eb1( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_281( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -3568,11 +2490,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_a9_311(public_key, ret0); -======= H_a9_161(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3588,14 +2506,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a1( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3610,11 +2520,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f71(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3623,21 +2529,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - generate_keypair_931(ind_cpa_keypair_randomness); -======= - generate_keypair_2f1(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_1c1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - serialize_kem_secret_key_eb1( -======= - serialize_kem_secret_key_0a1( ->>>>>>> main + serialize_kem_secret_key_281( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3646,22 +2544,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_511(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_720(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b10( - uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b0( - uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d0( + uu____2, libcrux_ml_kem_types_from_5a_c60(copy_of_public_key)); } /** @@ -3674,7 +2563,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_7b1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3682,38 +2571,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_961(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3722,19 +2579,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_e71(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_1b();); -======= static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_461(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); ->>>>>>> main + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3746,19 +2595,11 @@ sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_a9_412(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_8e0( -======= PRFxN_a9_162(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( ->>>>>>> main + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3766,15 +2607,9 @@ sample_ring_element_cbd_c61(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - tuple_b00 result; + tuple_b0 result; memcpy( result.fst, copy_of_error_1, -======= - tuple_b0 lit; - memcpy( - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -3785,11 +2620,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_c90(Eurydice_slice input, uint8_t ret[128U]) { -======= static KRML_MUSTINLINE void PRF_d10(Eurydice_slice input, uint8_t ret[128U]) { ->>>>>>> main uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3806,15 +2637,9 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_264(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_c90(input, ret); -======= static KRML_MUSTINLINE void PRF_a9_424(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); ->>>>>>> main } /** @@ -3823,11 +2648,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_1_16( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2b( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_1_f8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3848,11 +2669,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_2_88( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_2_6a( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_2_de( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3871,11 +2688,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_3_f7( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_3_ad( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_3_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -3892,19 +2705,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_cb(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_25(a_minus_b, zeta_r); -======= -inv_ntt_layer_int_vec_step_reduce_63(__m256i a, __m256i b, int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_aa(a_minus_b, zeta_r); ->>>>>>> main + b = montgomery_multiply_fe_a2(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -3915,11 +2720,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_84( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3934,15 +2735,9 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - inv_ntt_layer_int_vec_step_reduce_e0( + inv_ntt_layer_int_vec_step_reduce_cb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - inv_ntt_layer_int_vec_step_reduce_63( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -3957,69 +2752,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_971( +static KRML_MUSTINLINE void invert_ntt_montgomery_4a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_88(&zeta_i, re); - invert_ntt_at_layer_3_f7(&zeta_i, re); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_191( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + invert_ntt_at_layer_1_f8(&zeta_i, re); + invert_ntt_at_layer_2_de(&zeta_i, re); + invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_09(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_error_reduce_20_1f( -======= -static KRML_MUSTINLINE void add_error_reduce_d6_89( ->>>>>>> main +static KRML_MUSTINLINE void add_error_reduce_20_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4027,31 +2791,20 @@ static KRML_MUSTINLINE void add_error_reduce_d6_89( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_e31( -======= -static KRML_MUSTINLINE void compute_vector_u_ba1( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1b();); -======= - result[i] = ZERO_d6_7d();); ->>>>>>> main + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4071,19 +2824,11 @@ static KRML_MUSTINLINE void compute_vector_u_ba1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_20_471(&result0[i1], &product); - } - invert_ntt_montgomery_971(&result0[i1]); - add_error_reduce_20_1f(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b81(&result[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_311(&result0[i1], &product); } - invert_ntt_montgomery_191(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_4a1(&result0[i1]); + add_error_reduce_20_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -4100,19 +2845,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static __m256i decompress_1_34(__m256i vec) { +static __m256i decompress_1_14(__m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, (int16_t)1665); -======= -static __m256i decompress_1_f2(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); ->>>>>>> main } /** @@ -4122,9 +2859,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); +deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -4132,46 +2868,22 @@ deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_34(coefficient_compressed);); -======= -deserialize_then_decompress_message_ef(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, - uint8_t)); - re.coefficients[i0] = decompress_1_f2(coefficient_compressed);); ->>>>>>> main + re.coefficients[i0] = decompress_1_14(coefficient_compressed);); return re; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -add_message_error_reduce_20_69( -======= -add_message_error_reduce_d6_df( ->>>>>>> main +add_message_error_reduce_20_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -4179,30 +2891,18 @@ add_message_error_reduce_d6_df( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0], &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); ->>>>>>> main result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); } return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4210,32 +2910,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_ring_element_v_e71( -======= -compute_ring_element_v_9f1( ->>>>>>> main +compute_ring_element_v_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_471(&result, &product);); - invert_ntt_montgomery_971(&result); - result = add_message_error_reduce_20_69(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b81(&result, &product);); - invert_ntt_montgomery_191(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); ->>>>>>> main + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_311(&result, &product);); + invert_ntt_montgomery_4a1(&result); + result = add_message_error_reduce_20_b0(error_2, message, result); return result; } @@ -4246,11 +2932,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd(__m256i vector) { -======= -compress_ciphertext_coefficient_43(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_57(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4297,13 +2979,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -<<<<<<< HEAD -static __m256i compress_09_76(__m256i vector) { - return compress_ciphertext_coefficient_fd(vector); -======= -static __m256i compress_ea_ab(__m256i vector) { - return compress_ciphertext_coefficient_43(vector); ->>>>>>> main +static __m256i compress_09_a1(__m256i vector) { + return compress_ciphertext_coefficient_57(vector); } /** @@ -4312,22 +2989,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_10_bf( -======= -static KRML_MUSTINLINE void compress_then_serialize_10_190( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_10_0a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - compress_09_76(to_unsigned_representative_4f(re->coefficients[i0])); -======= - compress_ea_ab(to_unsigned_representative_c0(re->coefficients[i0])); ->>>>>>> main + compress_09_a1(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4345,11 +3014,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd0(__m256i vector) { -======= -compress_ciphertext_coefficient_430(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_570(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4396,13 +3061,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -<<<<<<< HEAD -static __m256i compress_09_760(__m256i vector) { - return compress_ciphertext_coefficient_fd0(vector); -======= -static __m256i compress_ea_ab0(__m256i vector) { - return compress_ciphertext_coefficient_430(vector); ->>>>>>> main +static __m256i compress_09_a10(__m256i vector) { + return compress_ciphertext_coefficient_570(vector); } /** @@ -4412,23 +3072,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_bf(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_880( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_130( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_190(re, uu____0); ->>>>>>> main + compress_then_serialize_10_0a0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4438,11 +3088,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_9f1( -======= -static void compress_then_serialize_u_0b1( ->>>>>>> main +static void compress_then_serialize_u_491( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4458,11 +3104,7 @@ static void compress_then_serialize_u_0b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_81(&re, ret); -======= - compress_then_serialize_ring_element_u_880(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_130(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -4475,11 +3117,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd1(__m256i vector) { -======= -compress_ciphertext_coefficient_431(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_571(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4526,13 +3164,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -<<<<<<< HEAD -static __m256i compress_09_761(__m256i vector) { - return compress_ciphertext_coefficient_fd1(vector); -======= -static __m256i compress_ea_ab1(__m256i vector) { - return compress_ciphertext_coefficient_431(vector); ->>>>>>> main +static __m256i compress_09_a11(__m256i vector) { + return compress_ciphertext_coefficient_571(vector); } /** @@ -4541,11 +3174,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_4_c0( -======= -static KRML_MUSTINLINE void compress_then_serialize_4_f5( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_4_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4554,15 +3183,9 @@ static KRML_MUSTINLINE void compress_then_serialize_4_f5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - compress_09_761(to_unsigned_representative_4f(re.coefficients[i0])); + compress_09_a11(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); -======= - compress_ea_ab1(to_unsigned_representative_c0(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), @@ -4577,11 +3200,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -compress_ciphertext_coefficient_fd2(__m256i vector) { -======= -compress_ciphertext_coefficient_432(__m256i vector) { ->>>>>>> main +compress_ciphertext_coefficient_572(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -4628,13 +3247,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -<<<<<<< HEAD -static __m256i compress_09_762(__m256i vector) { - return compress_ciphertext_coefficient_fd2(vector); -======= -static __m256i compress_ea_ab2(__m256i vector) { - return compress_ciphertext_coefficient_432(vector); ->>>>>>> main +static __m256i compress_09_a12(__m256i vector) { + return compress_ciphertext_coefficient_572(vector); } /** @@ -4643,11 +3257,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_5_2c( -======= -static KRML_MUSTINLINE void compress_then_serialize_5_a4( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_5_10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -4656,15 +3266,9 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = -<<<<<<< HEAD - compress_09_762(to_unsigned_representative_4f(re.coefficients[i0])); + compress_09_a12(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); -======= - compress_ea_ab2(to_unsigned_representative_c0(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t), @@ -4679,58 +3283,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_c0(re, out); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f30( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_460( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_f5(re, out); ->>>>>>> main + compress_then_serialize_4_22(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4748,18 +3305,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_061( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_e41(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_671(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -4768,8 +3314,7 @@ static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_7f1(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -4778,13 +3323,8 @@ static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b00 uu____3 = - sample_ring_element_cbd_e71(copy_of_prf_input, domain_separator0); -======= tuple_b0 uu____3 = - sample_ring_element_cbd_c61(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_461(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4792,373 +3332,164 @@ static void encrypt_unpacked_be1(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_a9_264(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_e31(public_key->A, r_as_ntt, error_1, u); -======= PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_ba1(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_a91(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_e3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e71(public_key->t_as_ntt, r_as_ntt, &error_2, -======= - deserialize_then_decompress_message_ef(copy_of_message); + deserialize_then_decompress_message_a6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f1(public_key->t_as_ntt, r_as_ntt, &error_2, ->>>>>>> main + compute_ring_element_v_e61(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - compress_then_serialize_u_9f1( + compress_then_serialize_u_491( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_0c( -======= - compress_then_serialize_u_0b1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f30( ->>>>>>> main + compress_then_serialize_ring_element_v_460( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_601(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_85_801(); + deserialize_ring_elements_reduced_3d1( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_341(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1088U]; + encrypt_unpacked_671(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_d8_5a1(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 - PUBLIC_KEY_SIZE= 1184 - T_AS_NTT_ENCODED_SIZE= 1152 - C1_SIZE= 960 - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_BLOCK_SIZE= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_251( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_d8_7b1( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + uint8_t ret[32U]; + H_a9_161(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_061(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); + encrypt_601(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_fc1(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_d8_5a1(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_151(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_501(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_301( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_ff1(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - encrypt_unpacked_061(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static void encrypt_a41(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); - deserialize_ring_elements_reduced_8c1( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[3U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_341(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_be1(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_6e1(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_e91(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b31( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_151( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9c1( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_961( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; -<<<<<<< HEAD - H_a9_311(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), -======= - H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), ->>>>>>> main - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; -<<<<<<< HEAD - encrypt_501(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_a41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_6e1(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_e91(shared_secret, shared_secret_array); ->>>>>>> main - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -5168,33 +3499,30 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_71(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); +deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); } return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_c51( +static KRML_MUSTINLINE void deserialize_secret_key_941( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5206,11 +3534,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_c51( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + deserialize_to_uncompressed_ring_element_d1(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, secret_as_ntt, + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -5221,11 +3553,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d(__m256i vector) { -======= -decompress_ciphertext_coefficient_87(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c7(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5269,13 +3597,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac(__m256i vector) { - return decompress_ciphertext_coefficient_2d(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e(__m256i vector) { - return decompress_ciphertext_coefficient_87(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_79(__m256i vector) { + return decompress_ciphertext_coefficient_c7(vector); } /** @@ -5285,30 +3608,20 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_10_56(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); +deserialize_then_decompress_10_2d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), __m256i), size_t, void *); -======= -deserialize_then_decompress_10_5f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac(coefficient); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e(coefficient); ->>>>>>> main + re.coefficients[i0] = decompress_ciphertext_coefficient_09_79(coefficient); } return re; } @@ -5320,11 +3633,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d0(__m256i vector) { -======= -decompress_ciphertext_coefficient_870(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c70(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5368,13 +3677,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac0(__m256i vector) { - return decompress_ciphertext_coefficient_2d0(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e0(__m256i vector) { - return decompress_ciphertext_coefficient_870(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_790(__m256i vector) { + return decompress_ciphertext_coefficient_c70(vector); } /** @@ -5384,25 +3688,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_11_42(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_then_decompress_11_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_then_decompress_11_57(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac0(coefficient); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e0(coefficient); ->>>>>>> main + re.coefficients[i0] = decompress_ciphertext_coefficient_09_790(coefficient); } return re; } @@ -5414,13 +3708,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_d5(Eurydice_slice serialized) { - return deserialize_then_decompress_10_56(serialized); -======= -deserialize_then_decompress_ring_element_u_f90(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5f(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_cc0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_2d(serialized); } /** @@ -5429,37 +3718,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_27( +static KRML_MUSTINLINE void ntt_vector_u_600( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_6e(&zeta_i, re); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_20_09(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5468,20 +3739,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_4a1( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_841( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1b();); -======= - u_as_ntt[i] = ZERO_d6_7d();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -5499,13 +3762,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); - ntt_vector_u_27(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); - ntt_vector_u_9b0(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc0(u_bytes); + ntt_vector_u_600(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5519,11 +3777,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d1(__m256i vector) { -======= -decompress_ciphertext_coefficient_871(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c71(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5567,13 +3821,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac1(__m256i vector) { - return decompress_ciphertext_coefficient_2d1(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e1(__m256i vector) { - return decompress_ciphertext_coefficient_871(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_791(__m256i vector) { + return decompress_ciphertext_coefficient_c71(vector); } /** @@ -5583,25 +3832,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_4_44(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_then_decompress_4_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_then_decompress_4_39(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_ac1(coefficient); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_2e1(coefficient); ->>>>>>> main + re.coefficients[i0] = decompress_ciphertext_coefficient_09_791(coefficient); } return re; } @@ -5613,11 +3852,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -decompress_ciphertext_coefficient_2d2(__m256i vector) { -======= -decompress_ciphertext_coefficient_872(__m256i vector) { ->>>>>>> main +decompress_ciphertext_coefficient_c72(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -5661,13 +3896,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -<<<<<<< HEAD -static __m256i decompress_ciphertext_coefficient_09_ac2(__m256i vector) { - return decompress_ciphertext_coefficient_2d2(vector); -======= -static __m256i decompress_ciphertext_coefficient_ea_2e2(__m256i vector) { - return decompress_ciphertext_coefficient_872(vector); ->>>>>>> main +static __m256i decompress_ciphertext_coefficient_09_792(__m256i vector) { + return decompress_ciphertext_coefficient_c72(vector); } /** @@ -5677,27 +3907,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_5_f0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); -======= -deserialize_then_decompress_5_c1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_d6_7d(); ->>>>>>> main +deserialize_then_decompress_5_7b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); -<<<<<<< HEAD re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_ac2(re.coefficients[i0]); -======= - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_2e2(re.coefficients[i0]); ->>>>>>> main + decompress_ciphertext_coefficient_09_792(re.coefficients[i0]); } return re; } @@ -5709,49 +3928,28 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_08(Eurydice_slice serialized) { - return deserialize_then_decompress_4_44(serialized); -======= -deserialize_then_decompress_ring_element_v_590(Eurydice_slice serialized) { - return deserialize_then_decompress_4_8d(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { + return deserialize_then_decompress_4_39(serialized); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -subtract_reduce_20_8c(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, -======= -subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, ->>>>>>> main +subtract_reduce_20_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0], @@ -5760,12 +3958,6 @@ subtract_reduce_d6_4a(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5773,31 +3965,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_message_3f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_471(&result, &product);); - invert_ntt_montgomery_971(&result); - result = subtract_reduce_20_8c(v, result); -======= -compute_message_6a1( +compute_message_781( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b81(&result, &product);); - invert_ntt_montgomery_191(&result); - result = subtract_reduce_d6_4a(v, result); ->>>>>>> main + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_311(&result, &product);); + invert_ntt_montgomery_4a1(&result); + result = subtract_reduce_20_79(v, result); return result; } @@ -5807,24 +3985,14 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_message_2d( -======= -static KRML_MUSTINLINE void compress_then_serialize_message_53( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_message_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = to_unsigned_representative_4f(re.coefficients[i0]); + __m256i coefficient = to_unsigned_representative_b5(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); -======= - __m256i coefficient = to_unsigned_representative_c0(re.coefficients[i0]); - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); ->>>>>>> main uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5835,30 +4003,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_53( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5869,33 +4013,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_4c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_4a1(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_08( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3f1(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); -======= -static void decrypt_unpacked_671(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_cb1(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_9d1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_841(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_590( + deserialize_then_decompress_ring_element_v_800( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_781(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5909,10 +4038,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b81(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_c51(secret_key, secret_as_ntt); + deserialize_secret_key_941(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -5922,10 +4051,9 @@ static void decrypt_3d1(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_671(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_cb1(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5933,11 +4061,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_c9(Eurydice_slice input, uint8_t ret[32U]) { -======= static KRML_MUSTINLINE void PRF_d1(Eurydice_slice input, uint8_t ret[32U]) { ->>>>>>> main uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5954,15 +4078,15 @@ with const generics - K= 3 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_263(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); +static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { + PRF_d1(input, ret); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem +with const generics - K= 3 - SECRET_KEY_SIZE= 2400 - CPA_SECRET_KEY_SIZE= 1152 @@ -5980,309 +4104,84 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d61( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, +void libcrux_ml_kem_ind_cca_decapsulate_ab1( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_unpacked_4c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); + decrypt_b81(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_471(ciphertext), uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_061(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, + encrypt_601(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_d8_5a1(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); + uint8_t shared_secret1[32U]; + kdf_d8_5a1(shared_secret0, shared_secret1); + uint8_t shared_secret[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_471(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + shared_secret); + memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); } /** A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - +- K= 4 */ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_ae(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_1b(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_881( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_ae(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_d21(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_881(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_4c1(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e21( -======= -void libcrux_ml_kem_ind_cca_decapsulate_971( ->>>>>>> main - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_d21(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_3d1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_263(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), -======= - libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), ->>>>>>> main - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - encrypt_501(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6e1(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret1[32U]; - kdf_af_6e1(shared_secret0, shared_secret1); - uint8_t shared_secret[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - shared_secret); - memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_a41(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e91(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_e91(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_300( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6294,43 +4193,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_55(ring_element); -======= - deserialize_to_reduced_ring_element_1b(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_ec(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_660( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_850( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c3(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_3d(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6338,11 +4223,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_500( -======= -static KRML_MUSTINLINE void serialize_secret_key_5f( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_72( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -6360,20 +4241,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5f( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_5c(&re, ret0); -======= - serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6382,13 +4256,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c2( +static KRML_MUSTINLINE void serialize_public_key_mut_82( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_5f(t_as_ntt, ret); + serialize_secret_key_72(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6397,9 +4271,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_c2( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6408,41 +4279,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_510( +static KRML_MUSTINLINE void serialize_public_key_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_500(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_82(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_02( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_c2(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6451,25 +4297,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_060(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_300( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_050(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_660( ->>>>>>> main + deserialize_ring_elements_reduced_out_850( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; -<<<<<<< HEAD - serialize_public_key_510( -======= - serialize_public_key_02( ->>>>>>> main + serialize_public_key_39( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -6491,13 +4327,6 @@ static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -6506,7 +4335,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d0( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -6534,20 +4363,20 @@ typedef struct IndCpaPrivateKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_f6_19(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); - lit.secret_as_ntt[2U] = ZERO_d6_7d(); - lit.secret_as_ntt[3U] = ZERO_d6_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[2U] = ZERO_20_7d(); + lit.secret_as_ntt[3U] = ZERO_20_7d(); return lit; } @@ -6566,40 +4395,40 @@ typedef struct IndCpaPublicKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { +static IndCpaPublicKeyUnpacked_01 default_85_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[0U][2U] = ZERO_d6_7d(); - lit.A[0U][3U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); - lit.A[1U][2U] = ZERO_d6_7d(); - lit.A[1U][3U] = ZERO_d6_7d(); - lit.A[2U][0U] = ZERO_d6_7d(); - lit.A[2U][1U] = ZERO_d6_7d(); - lit.A[2U][2U] = ZERO_d6_7d(); - lit.A[2U][3U] = ZERO_d6_7d(); - lit.A[3U][0U] = ZERO_d6_7d(); - lit.A[3U][1U] = ZERO_d6_7d(); - lit.A[3U][2U] = ZERO_d6_7d(); - lit.A[3U][3U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[0U][2U] = ZERO_20_7d(); + lit.A[0U][3U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); + lit.A[1U][2U] = ZERO_20_7d(); + lit.A[1U][3U] = ZERO_20_7d(); + lit.A[2U][0U] = ZERO_20_7d(); + lit.A[2U][1U] = ZERO_20_7d(); + lit.A[2U][2U] = ZERO_20_7d(); + lit.A[2U][3U] = ZERO_20_7d(); + lit.A[3U][0U] = ZERO_20_7d(); + lit.A[3U][1U] = ZERO_20_7d(); + lit.A[3U][2U] = ZERO_20_7d(); + lit.A[3U][3U] = ZERO_20_7d(); return lit; } @@ -6612,11 +4441,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_a9_ab0(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6630,13 +4455,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static void closure_ba0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6649,7 +4468,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e1( uint8_t ret0[64U]; G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6659,11 +4477,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_500(uint8_t input[4U][34U]) { -======= -shake128_init_absorb_2a(uint8_t input[4U][34U]) { ->>>>>>> main +shake128_init_absorb_final_2a(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6685,19 +4499,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_a9_3f0(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_500(copy_of_input); -======= -shake128_init_absorb_a9_1c(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_1c(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_2a(copy_of_input); } /** @@ -6706,11 +4512,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_000( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6747,15 +4549,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_940( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_000(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_0c(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_0c(self, ret); } /** @@ -6806,11 +4602,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_611( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( ->>>>>>> main uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -6822,11 +4614,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -6852,11 +4640,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd0( -======= -static KRML_MUSTINLINE void shake128_squeeze_block_4a( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_next_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6893,15 +4677,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_dd0(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_4a(self, ret); ->>>>>>> main + shake128_squeeze_next_block_4a(self, ret); } /** @@ -6952,11 +4730,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_612( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( ->>>>>>> main uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -6968,11 +4742,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -6998,15 +4768,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a0( - int16_t s[272U]) { - return from_i16_array_20_82( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7016,11 +4780,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_c10( -======= static KRML_MUSTINLINE void sample_from_xof_67( ->>>>>>> main uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -7029,43 +4789,25 @@ static KRML_MUSTINLINE void sample_from_xof_67( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - shake128_init_absorb_final_a9_3f0(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_940(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_611( -======= - shake128_init_absorb_a9_1c(copy_of_seeds); + shake128_init_absorb_final_a9_1c(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_2e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_2e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_74( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_a9_bf0(&xof_state, randomness); -======= - shake128_squeeze_block_a9_1d(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_a9_1d(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_612( -======= done = sample_from_uniform_distribution_next_740( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -7074,11 +4816,7 @@ static KRML_MUSTINLINE void sample_from_xof_67( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_8a0(copy_of_out[i]);); -======= ret0[i] = closure_e4(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7090,18 +4828,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_ff0( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_ba0(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -7116,11 +4845,7 @@ static KRML_MUSTINLINE void sample_matrix_A_34( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; -<<<<<<< HEAD - sample_from_xof_c10(copy_of_seeds, sampled); -======= sample_from_xof_67(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7138,16 +4863,6 @@ static KRML_MUSTINLINE void sample_matrix_A_34( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U][4U]; - memcpy(result, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ret, result, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -======= ->>>>>>> main } /** @@ -7156,13 +4871,8 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { -======= static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { ->>>>>>> main uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; uint8_t out1[128U] = {0U}; @@ -7202,21 +4912,11 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_411(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_ef1(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { PRFxN_08(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7225,17 +4925,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_e40( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7247,20 +4939,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_a9_411(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); -======= PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af( + re_as_ntt[i0] = sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); return domain_separator; } @@ -7283,17 +4967,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_07(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -7301,44 +4984,23 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_7f( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_470( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_b8( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -7352,59 +5014,14 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_b8( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_ef0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_1b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_470(&result0[i1], &product); - } - add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_a2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, +static KRML_MUSTINLINE void compute_As_plus_e_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt) { @@ -7417,7 +5034,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a2( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7430,55 +5047,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b8(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7488,47 +5063,20 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_54 generate_keypair_unpacked_470( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_ab0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_81( +static void generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[4U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_ff0(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; @@ -7540,180 +5088,23 @@ static void generate_keypair_unpacked_81( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_07(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_e40(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_ef0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_1c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1b();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_310(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_450( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_54 uu____0 = generate_keypair_unpacked_470(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1c0(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_33(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_510( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_310(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a2(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_67(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7728,32 +5119,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_470(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_510( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_500(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); - generate_keypair_unpacked_81(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_01 private_key = default_f6_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_85_80(); + generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_02( + serialize_public_key_39( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5f(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -7762,26 +5139,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_2f0( uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1568U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7789,11 +5154,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_eb0( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_280( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -7819,11 +5180,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_a9_310(public_key, ret0); -======= H_a9_16(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7839,14 +5196,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a0( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7861,11 +5210,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f70(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7874,21 +5219,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = -<<<<<<< HEAD - generate_keypair_930(ind_cpa_keypair_randomness); -======= - generate_keypair_2f0(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_1c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; -<<<<<<< HEAD - serialize_kem_secret_key_eb0( -======= - serialize_kem_secret_key_0a0( ->>>>>>> main + serialize_kem_secret_key_280( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7897,22 +5234,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_721(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b11( - uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b1( - uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d1( + uu____2, libcrux_ml_kem_types_from_5a_c61(copy_of_public_key)); } /** @@ -7925,7 +5253,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_7b0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7933,38 +5261,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_960(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7974,17 +5270,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -<<<<<<< HEAD -sample_ring_element_cbd_e70(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_46(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_1b();); -======= -sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); ->>>>>>> main + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7996,19 +5285,11 @@ sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_a9_411(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_8e0( -======= PRFxN_a9_16(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( ->>>>>>> main + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8018,11 +5299,7 @@ sample_ring_element_cbd_c6(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -8038,15 +5315,9 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_262(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_c90(input, ret); -======= static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); ->>>>>>> main } /** @@ -8055,60 +5326,34 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_88(&zeta_i, re); - invert_ntt_at_layer_3_f7(&zeta_i, re); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_19( +static KRML_MUSTINLINE void invert_ntt_montgomery_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + invert_ntt_at_layer_1_f8(&zeta_i, re); + invert_ntt_at_layer_2_de(&zeta_i, re); + invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_09(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_e30( -======= -static KRML_MUSTINLINE void compute_vector_u_ba( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1b();); -======= - result[i] = ZERO_d6_7d();); ->>>>>>> main + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8128,19 +5373,11 @@ static KRML_MUSTINLINE void compute_vector_u_ba( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_20_470(&result0[i1], &product); - } - invert_ntt_montgomery_970(&result0[i1]); - add_error_reduce_20_1f(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b8(&result[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_31(&result0[i1], &product); } - invert_ntt_montgomery_19(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_4a(&result0[i1]); + add_error_reduce_20_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -8151,9 +5388,6 @@ static KRML_MUSTINLINE void compute_vector_u_ba( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8161,32 +5395,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_ring_element_v_e70( -======= -compute_ring_element_v_9f( ->>>>>>> main +compute_ring_element_v_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_470(&result, &product);); - invert_ntt_montgomery_970(&result); - result = add_message_error_reduce_20_69(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b8(&result, &product);); - invert_ntt_montgomery_19(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); ->>>>>>> main + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_31(&result, &product);); + invert_ntt_montgomery_4a(&result); + result = add_message_error_reduce_20_b0(error_2, message, result); return result; } @@ -8196,22 +5416,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_11_770( -======= -static KRML_MUSTINLINE void compress_then_serialize_11_88( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_11_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - compress_09_760(to_unsigned_representative_4f(re->coefficients[i0])); -======= - compress_ea_ab0(to_unsigned_representative_c0(re->coefficients[i0])); ->>>>>>> main + compress_09_a10(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -8229,23 +5441,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_810( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_770(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_88( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_88(re, uu____0); ->>>>>>> main + compress_then_serialize_11_78(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8255,11 +5457,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -<<<<<<< HEAD -static void compress_then_serialize_u_9f0( -======= -static void compress_then_serialize_u_0b( ->>>>>>> main +static void compress_then_serialize_u_49( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8275,11 +5473,7 @@ static void compress_then_serialize_u_0b( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_810(&re, ret); -======= - compress_then_serialize_ring_element_u_88(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_13(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -8292,58 +5486,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_0c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_2c(re, out); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_a4(re, out); ->>>>>>> main + compress_then_serialize_5_10(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8361,18 +5508,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_060( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_e40(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_67(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -8380,8 +5516,7 @@ static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_7f(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -8391,11 +5526,7 @@ static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_e70(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_c6(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_46(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -8403,265 +5534,96 @@ static void encrypt_unpacked_be(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_a9_262(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_e30(public_key->A, r_as_ntt, error_1, u); -======= PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_ba(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_a9(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_e3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e70(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_ef(copy_of_message); + deserialize_then_decompress_message_a6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e6(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - compress_then_serialize_u_9f0( + compress_then_serialize_u_49( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_0c0( -======= - compress_then_serialize_u_0b( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f3( ->>>>>>> main + compress_then_serialize_ring_element_v_46( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 - T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_250( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_060(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); +static void encrypt_600(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_85_80(); + deserialize_ring_elements_reduced_3d( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_34(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_67(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 +- CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void entropy_preprocess_af_150(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); +static KRML_MUSTINLINE void kdf_d8_5a0(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } /** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_500(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_300( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_ff0(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1568U]; - encrypt_unpacked_060(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static void encrypt_a40(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); - deserialize_ring_elements_reduced_8c( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____0)[4U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_34(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_be(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_6e0(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_e90(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_variant_MlKem with const generics @@ -8679,49 +5641,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b30( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_150( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_960( + entropy_preprocess_d8_7b0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_a9_310(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= H_a9_16(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8729,69 +5669,43 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9c0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); -======= - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); ->>>>>>> main + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; -<<<<<<< HEAD - encrypt_500(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_6e0(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; -======= - encrypt_a40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_600(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_e90(shared_secret, shared_secret_array); + kdf_d8_5a0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_21 result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_c50( +static KRML_MUSTINLINE void deserialize_secret_key_940( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8803,11 +5717,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_c50( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + deserialize_to_uncompressed_ring_element_d1(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + memcpy( + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -8818,13 +5736,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_d50(Eurydice_slice serialized) { - return deserialize_then_decompress_11_42(serialized); -======= -deserialize_then_decompress_ring_element_u_f9(Eurydice_slice serialized) { - return deserialize_then_decompress_11_9a(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_cc(Eurydice_slice serialized) { + return deserialize_then_decompress_11_57(serialized); } /** @@ -8833,37 +5746,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_270( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_db(&zeta_i, re); - ntt_at_layer_2_10(&zeta_i, re); - ntt_at_layer_1_6e(&zeta_i, re); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_9b( +static KRML_MUSTINLINE void ntt_vector_u_60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_5f(&zeta_i, re); - ntt_at_layer_2_c2(&zeta_i, re); - ntt_at_layer_1_60(&zeta_i, re); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ae(&zeta_i, re); + ntt_at_layer_2_53(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_20_09(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8872,20 +5767,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_4a0( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_84( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1b();); -======= - u_as_ntt[i] = ZERO_d6_7d();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -8903,13 +5790,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d50(u_bytes); - ntt_vector_u_270(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f9(u_bytes); - ntt_vector_u_9b(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc(u_bytes); + ntt_vector_u_60(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8923,21 +5805,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_080(Eurydice_slice serialized) { - return deserialize_then_decompress_5_f0(serialized); -======= -deserialize_then_decompress_ring_element_v_59(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c1(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_80(Eurydice_slice serialized) { + return deserialize_then_decompress_5_7b(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8945,58 +5816,20 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_message_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_470(&result, &product);); - invert_ntt_montgomery_970(&result); - result = subtract_reduce_20_8c(v, result); -======= -compute_message_6a( +compute_message_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b8(&result, &product);); - invert_ntt_montgomery_19(&result); - result = subtract_reduce_d6_4a(v, result); ->>>>>>> main + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_31(&result, &product);); + invert_ntt_montgomery_4a(&result); + result = subtract_reduce_20_79(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9007,33 +5840,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -<<<<<<< HEAD -static void decrypt_unpacked_4c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_4a0(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_080( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3f0(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); -======= -static void decrypt_unpacked_67(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_cb(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); + deserialize_then_decompress_u_84(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_59( + deserialize_then_decompress_ring_element_v_80( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_78(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9047,10 +5865,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_c50(secret_key, secret_as_ntt); + deserialize_secret_key_940(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -9060,10 +5878,9 @@ static void decrypt_3d0(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_67(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_cb(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -9076,158 +5893,8 @@ with const generics - K= 4 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_261(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d60( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_4c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_060(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_880( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_ae(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_d20(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_880(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_4c0(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); ->>>>>>> main } /** @@ -9252,16 +5919,9 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e20( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { -======= -void libcrux_ml_kem_ind_cca_decapsulate_970( +void libcrux_ml_kem_ind_cca_decapsulate_ab0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9277,15 +5937,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_d20(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_3d0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -9293,11 +5947,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9305,92 +5955,48 @@ void libcrux_ml_kem_ind_cca_decapsulate_970( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_261(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); ->>>>>>> main Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; -<<<<<<< HEAD - encrypt_500(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_600(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6e0(Eurydice_array_to_slice( + kdf_d8_5a0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_6e0(shared_secret0, shared_secret1); + kdf_d8_5a0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_a40(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e90(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_e90(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_30( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9402,43 +6008,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_55(ring_element); -======= - deserialize_to_reduced_ring_element_1b(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_ec(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_66( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_85( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_7d();); - deserialize_ring_elements_reduced_8c2(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_3d0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9446,11 +6038,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_50( -======= -static KRML_MUSTINLINE void serialize_secret_key_5f0( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_720( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -9468,20 +6056,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5f0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_5c(&re, ret0); -======= - serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9490,13 +6071,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_c20( +static KRML_MUSTINLINE void serialize_public_key_mut_820( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_5f0(t_as_ntt, ret); + serialize_secret_key_720(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -9505,9 +6086,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_c20( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9516,41 +6094,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_51( +static KRML_MUSTINLINE void serialize_public_key_390( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_50(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_820(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_020( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_c20(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -9559,25 +6112,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_06(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_30( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_05(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_66( ->>>>>>> main + deserialize_ring_elements_reduced_out_85( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; -<<<<<<< HEAD - serialize_public_key_51( -======= - serialize_public_key_020( ->>>>>>> main + serialize_public_key_390( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -9599,13 +6142,6 @@ static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -9614,7 +6150,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_4d( +bool libcrux_ml_kem_ind_cca_validate_private_key_ca( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -9642,18 +6178,18 @@ typedef struct IndCpaPrivateKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_f6_190(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_d6_7d(); - lit.secret_as_ntt[1U] = ZERO_d6_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); return lit; } @@ -9672,28 +6208,28 @@ typedef struct IndCpaPublicKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_85_800(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_d6_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_7d(); - lit.A[0U][1U] = ZERO_d6_7d(); - lit.A[1U][0U] = ZERO_d6_7d(); - lit.A[1U][1U] = ZERO_d6_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); return lit; } @@ -9706,11 +6242,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_a9_ab(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -9724,13 +6256,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static void closure_ba( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -9743,7 +6269,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_e10( uint8_t ret0[64U]; G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -9753,11 +6278,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_50(uint8_t input[2U][34U]) { -======= -shake128_init_absorb_2a0(uint8_t input[2U][34U]) { ->>>>>>> main +shake128_init_absorb_final_2a0(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -9779,19 +6300,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -shake128_init_absorb_final_a9_3f(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_50(copy_of_input); -======= -shake128_init_absorb_a9_1c0(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_1c0(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_2a0(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_2a0(copy_of_input); } /** @@ -9800,11 +6313,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_00( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_0c0( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -9835,15 +6344,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_94( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_00(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_2e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_0c0(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_0c0(self, ret); } /** @@ -9894,11 +6397,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_61( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( ->>>>>>> main uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -9910,11 +6409,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -9940,11 +6435,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_dd( -======= -static KRML_MUSTINLINE void shake128_squeeze_block_4a0( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_next_block_4a0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -9975,15 +6466,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_bf( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_dd(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_a9_1d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_4a0(self, ret); ->>>>>>> main + shake128_squeeze_next_block_4a0(self, ret); } /** @@ -10034,11 +6519,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_610( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( ->>>>>>> main uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -10050,11 +6531,7 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -10080,15 +6557,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_8a( - int16_t s[272U]) { - return from_i16_array_20_82( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_d6_14( ->>>>>>> main + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -10098,11 +6569,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_c1( -======= static KRML_MUSTINLINE void sample_from_xof_670( ->>>>>>> main uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -10111,43 +6578,25 @@ static KRML_MUSTINLINE void sample_from_xof_670( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - shake128_init_absorb_final_a9_3f(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_94(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_61( -======= - shake128_init_absorb_a9_1c0(copy_of_seeds); + shake128_init_absorb_final_a9_1c0(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_2e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_2e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_741( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_a9_bf(&xof_state, randomness); -======= - shake128_squeeze_block_a9_1d0(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_a9_1d0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_610( -======= done = sample_from_uniform_distribution_next_742( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -10156,11 +6605,7 @@ static KRML_MUSTINLINE void sample_from_xof_670( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_8a(copy_of_out[i]);); -======= ret0[i] = closure_e40(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -10172,18 +6617,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_ff( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_ba(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_340( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -10198,11 +6634,7 @@ static KRML_MUSTINLINE void sample_matrix_A_340( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; -<<<<<<< HEAD - sample_from_xof_c1(copy_of_seeds, sampled); -======= sample_from_xof_670(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -10220,16 +6652,6 @@ static KRML_MUSTINLINE void sample_matrix_A_340( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U][2U]; - memcpy(result, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ret, result, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -======= ->>>>>>> main } /** @@ -10238,13 +6660,8 @@ with const generics - K= 2 - LEN= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { -======= static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { ->>>>>>> main uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; uint8_t out1[192U] = {0U}; @@ -10278,15 +6695,9 @@ with const generics - K= 2 - LEN= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_41(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_ef(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { PRFxN_080(input, ret); ->>>>>>> main } /** @@ -10296,19 +6707,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -sample_from_binomial_distribution_8e(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_5f(randomness); -======= -sample_from_binomial_distribution_af0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_3c(randomness); ->>>>>>> main +sample_from_binomial_distribution_730(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_05(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -10317,17 +6719,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_e4( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1b();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_070( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -10339,20 +6733,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_ee0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; -<<<<<<< HEAD - PRFxN_a9_41(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_8e( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]);); -======= PRFxN_a9_160(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_af0( + re_as_ntt[i0] = sample_from_binomial_distribution_730( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); return domain_separator; } @@ -10375,17 +6761,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_ee0(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_070(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -10393,44 +6778,23 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_7f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_47( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_b80( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -10444,58 +6808,13 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_b80( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_ef( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_1b();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_47(&result0[i1], &product); - } - add_standard_error_reduce_20_f6(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_a20( +static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -10509,7 +6828,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_a20( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -10522,55 +6841,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_b80(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_a7(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -10580,47 +6857,20 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static tuple_4c generate_keypair_unpacked_47( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_ab(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_810( +static void generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_e10(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[2U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_ff(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_340(uu____1, ret, true); uint8_t prf_input[33U]; @@ -10632,180 +6882,23 @@ static void generate_keypair_unpacked_810( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_ee0(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_070(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_e4(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_ef(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_1c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1b();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_31(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_45( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c uu____0 = generate_keypair_unpacked_47(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1c(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_3a_33(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_51( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_31(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_a20(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_670(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -10820,32 +6913,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_47(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_51( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_50(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); - generate_keypair_unpacked_810(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_d6 private_key = default_f6_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_85_800(); + generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_020( + serialize_public_key_390( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_5f0(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_720(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -10854,26 +6933,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_2f( uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair512 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)768U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)800U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -10881,11 +6948,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_eb( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_0a( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_28( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -10911,11 +6974,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_a9_31(public_key, ret0); -======= H_a9_160(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -10931,14 +6990,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_0a( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -10952,11 +7003,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_f7( -======= -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( ->>>>>>> main +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -10966,21 +7013,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = -<<<<<<< HEAD - generate_keypair_93(ind_cpa_keypair_randomness); -======= - generate_keypair_2f(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_1c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; -<<<<<<< HEAD - serialize_kem_secret_key_eb( -======= - serialize_kem_secret_key_0a( ->>>>>>> main + serialize_kem_secret_key_28( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -10989,21 +7028,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_51( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -11016,7 +7047,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_7b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -11024,47 +7055,13 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_96(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8c0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_1b(ring_element); - deserialized_pk[i0] = uu____0; - } ->>>>>>> main -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_ef0(uint8_t (*input)[33U], -======= static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], ->>>>>>> main uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -11099,20 +7096,11 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_a9_410(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_ef0(input, ret); -======= static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { PRFxN_081(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -11122,17 +7110,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -<<<<<<< HEAD -sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_1b();); -======= -sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_460(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_d6_7d();); ->>>>>>> main + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -11144,19 +7125,11 @@ sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; -<<<<<<< HEAD - PRFxN_a9_410(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_8e0( -======= PRFxN_a9_161(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_af( ->>>>>>> main + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -11166,11 +7139,7 @@ sample_ring_element_cbd_c60(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -11186,15 +7155,9 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_260(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_c90(input, ret); -======= static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, uint8_t ret[128U]) { PRF_d10(input, ret); ->>>>>>> main } /** @@ -11203,60 +7166,34 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_97( +static KRML_MUSTINLINE void invert_ntt_montgomery_4a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_16(&zeta_i, re); - invert_ntt_at_layer_2_88(&zeta_i, re); - invert_ntt_at_layer_3_f7(&zeta_i, re); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_84(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_190( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2b(&zeta_i, re); - invert_ntt_at_layer_2_6a(&zeta_i, re); - invert_ntt_at_layer_3_ad(&zeta_i, re); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_2b(re); ->>>>>>> main + invert_ntt_at_layer_1_f8(&zeta_i, re); + invert_ntt_at_layer_2_de(&zeta_i, re); + invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_09(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_e3( -======= -static KRML_MUSTINLINE void compute_vector_u_ba0( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1b();); -======= - result[i] = ZERO_d6_7d();); ->>>>>>> main + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -11276,19 +7213,11 @@ static KRML_MUSTINLINE void compute_vector_u_ba0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_20_47(&result0[i1], &product); - } - invert_ntt_montgomery_97(&result0[i1]); - add_error_reduce_20_1f(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_b80(&result[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_310(&result0[i1], &product); } - invert_ntt_montgomery_190(&result[i1]); - add_error_reduce_d6_89(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_4a0(&result0[i1]); + add_error_reduce_20_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -11299,9 +7228,6 @@ static KRML_MUSTINLINE void compute_vector_u_ba0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11309,38 +7235,21 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_ring_element_v_e7( -======= -compute_ring_element_v_9f0( ->>>>>>> main +compute_ring_element_v_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_47(&result, &product);); - invert_ntt_montgomery_97(&result); - result = add_message_error_reduce_20_69(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_b80(&result, &product);); - invert_ntt_montgomery_190(&result); - result = add_message_error_reduce_d6_df(error_2, message, result); ->>>>>>> main + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_310(&result, &product);); + invert_ntt_montgomery_4a0(&result); + result = add_message_error_reduce_20_b0(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11350,11 +7259,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_9f( -======= -static void compress_then_serialize_u_0b0( ->>>>>>> main +static void compress_then_serialize_u_490( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -11370,57 +7275,12 @@ static void compress_then_serialize_u_0b0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_81(&re, ret); -======= - compress_then_serialize_ring_element_u_880(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_130(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -11438,18 +7298,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_06( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_e4(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_670(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -11457,8 +7306,7 @@ static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_7f0(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -11468,11 +7316,7 @@ static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_e7(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_c60(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_460(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -11480,148 +7324,37 @@ static void encrypt_unpacked_be0(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_a9_260(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_8e0( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_e3(public_key->A, r_as_ntt, error_1, u); -======= PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_af( + sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_ba0(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_a90(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_e3(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e7(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_ef(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_a6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_9f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_e60(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - compress_then_serialize_u_9f( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_0c( -======= - compress_then_serialize_u_0b0( + compress_then_serialize_u_490( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_f30( ->>>>>>> main + compress_then_serialize_ring_element_v_460( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_25( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_06(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_15(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics @@ -11638,59 +7371,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_50(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_30( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_ff(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[768U]; - encrypt_unpacked_06(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -======= -static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_60(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); - deserialize_ring_elements_reduced_8c0( + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_85_800(); + deserialize_ring_elements_reduced_3d0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -11704,10 +7388,9 @@ static void encrypt_a4(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_be0(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[768U]; + encrypt_unpacked_670(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -11721,20 +7404,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_6e(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_e9(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_5a(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -11756,49 +7431,27 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b3( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_15( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_96( + entropy_preprocess_d8_7b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_a9_31(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= H_a9_160(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -11806,67 +7459,43 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9c( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); ->>>>>>> main + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; -<<<<<<< HEAD - encrypt_50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_a4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main + encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_6e(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_e9(shared_secret, shared_secret_array); ->>>>>>> main + kdf_d8_5a(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_ec result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_c5( +static KRML_MUSTINLINE void deserialize_secret_key_94( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -11878,18 +7507,18 @@ static KRML_MUSTINLINE void deserialize_secret_key_c5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_71(secret_bytes); + deserialize_to_uncompressed_ring_element_d1(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11898,20 +7527,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_4a( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_840( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1b();); -======= - u_as_ntt[i] = ZERO_d6_7d();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -11929,25 +7550,14 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_9d0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d5(u_bytes); - ntt_vector_u_27(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_f90(u_bytes); - ntt_vector_u_9b0(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc0(u_bytes); + ntt_vector_u_600(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -11955,58 +7565,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -compute_message_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_1b(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_47(&result, &product);); - invert_ntt_montgomery_97(&result); - result = subtract_reduce_20_8c(v, result); -======= -compute_message_6a0( +compute_message_780( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_d6_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_d6_f1(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_b80(&result, &product);); - invert_ntt_montgomery_190(&result); - result = subtract_reduce_d6_4a(v, result); ->>>>>>> main + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_310(&result, &product);); + invert_ntt_montgomery_4a0(&result); + result = subtract_reduce_20_79(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -12017,33 +7589,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_4c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_4a(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_08( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_3f(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2d(message, ret0); -======= -static void decrypt_unpacked_670(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_cb0(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_9d0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_840(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_590( + deserialize_then_decompress_ring_element_v_800( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_6a0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_780(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_53(message, ret0); + compress_then_serialize_message_e4(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -12057,10 +7614,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_b8(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_c5(secret_key, secret_as_ntt); + deserialize_secret_key_94(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -12070,10 +7627,9 @@ static void decrypt_3d(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_670(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_cb0(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -12086,157 +7642,8 @@ with const generics - K= 2 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_a9_26(Eurydice_slice input, uint8_t ret[32U]) { - PRF_c9(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_d6( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_4c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_06(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_88( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1b();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_ae(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_d2(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_88(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t result[32U]; - decrypt_unpacked_4c(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { PRF_d1(input, ret); ->>>>>>> main } /** @@ -12261,11 +7668,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_e2( -======= -void libcrux_ml_kem_ind_cca_decapsulate_97( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_ab( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -12283,15 +7686,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_d2(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_3d(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_b8(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -12299,11 +7696,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_a9_ab(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -12311,65 +7704,34 @@ void libcrux_ml_kem_ind_cca_decapsulate_97( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_26(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_470(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); ->>>>>>> main Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; -<<<<<<< HEAD - encrypt_50(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6e(Eurydice_array_to_slice((size_t)32U, + kdf_d8_5a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_6e(shared_secret0, shared_secret1); + kdf_d8_5a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), + libcrux_ml_kem_types_as_ref_00_470(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_a4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_e9(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_e9(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 6d0df9ee1..c59cb8009 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem_avx2_H @@ -38,49 +30,29 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_vec_zero(void); -======= -__m256i libcrux_ml_kem_vector_avx2_zero(void); ->>>>>>> main /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void); __m256i libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array); -======= -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); ->>>>>>> main /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice array); void libcrux_ml_kem_vector_avx2_vec_to_i16_array(__m256i v, int16_t ret[16U]); -======= -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); ->>>>>>> main /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_to_i16_array_09(__m256i x, int16_t ret[16U]); -======= -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); @@ -88,11 +60,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, __m256i *rhs); -======= -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); @@ -100,11 +68,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, __m256i *rhs); -======= -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( __m256i vector, int16_t constant); @@ -113,11 +77,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09(__m256i vec, -======= -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, ->>>>>>> main int16_t c); __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( @@ -127,11 +87,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( ->>>>>>> main __m256i vector, int16_t constant); __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( @@ -141,11 +97,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(__m256i vector); -======= -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); ->>>>>>> main #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) @@ -160,11 +112,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09(__m256i vector); -======= -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant); @@ -173,11 +121,7 @@ __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main __m256i vector, int16_t constant); __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( @@ -187,21 +131,13 @@ __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector); -======= -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, __m256i rhs); __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( -<<<<<<< HEAD __m256i vec, __m256i constants); -======= - __m256i v, __m256i c); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); @@ -210,11 +146,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, @@ -225,21 +157,13 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1); __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( -<<<<<<< HEAD __m128i vec, __m128i constants); -======= - __m128i v, __m128i c); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta); @@ -248,11 +172,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, ->>>>>>> main int16_t zeta); __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( @@ -262,11 +182,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, @@ -277,11 +193,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09(__m256i vector, -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, ->>>>>>> main int16_t zeta0, int16_t zeta1); @@ -292,18 +204,11 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09(__m256i vector, int16_t zeta); __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( __m256i vec); -======= -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, int16_t zeta0, @@ -315,11 +220,7 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09(__m256i *lhs, __m256i *rhs, -======= -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, ->>>>>>> main int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); @@ -331,11 +232,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]); -======= -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); @@ -344,11 +241,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, uint8_t ret[8U]); @@ -357,11 +250,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]); -======= -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); ->>>>>>> main __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); @@ -370,11 +259,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, uint8_t ret[10U]); @@ -383,11 +268,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, ->>>>>>> main uint8_t ret[10U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( @@ -397,11 +278,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, uint8_t ret[20U]); @@ -410,11 +287,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, ->>>>>>> main uint8_t ret[20U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( @@ -424,11 +297,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, uint8_t ret[22U]); @@ -437,11 +306,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_11_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, ->>>>>>> main uint8_t ret[22U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( @@ -451,11 +316,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); ->>>>>>> main void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, uint8_t ret[24U]); @@ -464,11 +325,7 @@ void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, -======= -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, ->>>>>>> main uint8_t ret[24U]); __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( @@ -478,11 +335,7 @@ __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09(Eurydice_slice bytes); -======= -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); ->>>>>>> main size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -498,189 +351,8 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_09(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -<<<<<<< HEAD __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self); -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; -======= -__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); ->>>>>>> main - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4abcc363c..f41d3f0c9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_mlkem_portable.h" @@ -87,11 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); -<<<<<<< HEAD core_result_unwrap_41_30(dst, ret); -======= - core_result_unwrap_26_30(dst, ret); ->>>>>>> main memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -187,7 +175,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_10.fst; ret[1U] = r0_10.snd; ret[2U] = r0_10.thd; @@ -210,32 +197,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[19U] = r11_21.f8; ret[20U] = r11_21.f9; ret[21U] = r11_21.f10; -======= - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -318,7 +279,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -337,27 +297,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -1026,7 +965,6 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -1034,27 +972,6 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - core_option_Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, core_option_Option_b3); - if (uu____0.tag == core_option_None) { - return v; - } else { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } ->>>>>>> main } } return vec; @@ -1081,13 +998,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -<<<<<<< HEAD Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS -======= - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1132,19 +1045,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: -<<<<<<< HEAD `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 -======= - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1506,28 +1412,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1635,7 +1519,6 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { -<<<<<<< HEAD int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *) & 1U); @@ -1716,25 +1599,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { lit.elements[14U] = result14; lit.elements[15U] = result15; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - KRML_MAYBE_FOR8( - i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; ->>>>>>> main } /** @@ -1783,7 +1647,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = result0_3.fst; ret[1U] = result0_3.snd; ret[2U] = result0_3.thd; @@ -1792,18 +1655,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[5U] = result4_7.snd; ret[6U] = result4_7.thd; ret[7U] = result4_7.f3; -======= - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -1863,7 +1714,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -1882,27 +1732,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -1947,7 +1776,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -1958,20 +1786,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[7U] = r5_9.thd; ret[8U] = r5_9.f3; ret[9U] = r5_9.f4; -======= - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2042,7 +1856,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2061,27 +1874,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2142,7 +1934,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -2163,30 +1954,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[17U] = r15_19.thd; ret[18U] = r15_19.f3; ret[19U] = r15_19.f4; -======= - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2265,7 +2032,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2284,27 +2050,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2355,7 +2100,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_2.fst; ret[1U] = r0_2.snd; ret[2U] = r0_2.thd; @@ -2380,34 +2124,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[21U] = r21_23.fst; ret[22U] = r21_23.snd; ret[23U] = r21_23.thd; -======= - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2455,7 +2171,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_1.fst; lit.elements[1U] = v0_1.snd; @@ -2474,27 +2189,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { lit.elements[14U] = v14_15.fst; lit.elements[15U] = v14_15.snd; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; ->>>>>>> main } /** @@ -2587,27 +2281,15 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_1c(void) { -======= -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { ->>>>>>> main +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2628,12 +2310,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_d6_19(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2641,13 +2317,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_to_reduced_ring_element_62(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_to_reduced_ring_element_d3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2662,27 +2333,15 @@ deserialize_to_reduced_ring_element_f6(Eurydice_slice serialized) { return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_071( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2694,35 +2353,24 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b4( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_62(ring_element); -======= - deserialize_to_reduced_ring_element_f6(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_d3(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_581( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b4(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_8b(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2734,11 +2382,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -shift_right_58(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { -======= -shift_right_7d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2757,13 +2401,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -shift_right_0d_f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_58(v); -======= -shift_right_0d_46(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_7d(v); ->>>>>>> main +shift_right_0d_64(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_95(v); } /** @@ -2773,17 +2412,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -to_unsigned_representative_87( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_f1(a); -======= -to_unsigned_representative_08( +to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_46(a); ->>>>>>> main + shift_right_0d_64(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2796,22 +2428,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_64( -======= -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( ->>>>>>> main +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - to_unsigned_representative_87(re->coefficients[i0]); -======= - to_unsigned_representative_08(re->coefficients[i0]); ->>>>>>> main + to_unsigned_representative_9f(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2822,9 +2446,6 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_16( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2832,11 +2453,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_cd1( -======= -static KRML_MUSTINLINE void serialize_secret_key_8c( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2854,20 +2471,13 @@ static KRML_MUSTINLINE void serialize_secret_key_8c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_64(&re, ret0); -======= - serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2876,13 +2486,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_46( +static KRML_MUSTINLINE void serialize_public_key_mut_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_8c(t_as_ntt, ret); + serialize_secret_key_80(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2891,9 +2501,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_46( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2902,41 +2509,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_771( +static KRML_MUSTINLINE void serialize_public_key_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); - uint8_t ret0[1536U]; - serialize_secret_key_cd1(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_1d(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_eb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_46(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2945,25 +2527,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_821(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3c1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_071( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_6b1( ->>>>>>> main + deserialize_ring_elements_reduced_out_581( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; -<<<<<<< HEAD - serialize_public_key_771( -======= - serialize_public_key_eb( ->>>>>>> main + serialize_public_key_96( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2985,13 +2557,6 @@ static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3000,7 +2565,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_0f( +bool libcrux_ml_kem_ind_cca_validate_private_key_53( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -3028,20 +2593,20 @@ typedef struct IndCpaPrivateKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_f6_a3(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); - lit.secret_as_ntt[2U] = ZERO_d6_19(); - lit.secret_as_ntt[3U] = ZERO_d6_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[2U] = ZERO_20_19(); + lit.secret_as_ntt[3U] = ZERO_20_19(); return lit; } @@ -3060,40 +2625,40 @@ typedef struct IndCpaPublicKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_85_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[0U][2U] = ZERO_d6_19(); - lit.A[0U][3U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); - lit.A[1U][2U] = ZERO_d6_19(); - lit.A[1U][3U] = ZERO_d6_19(); - lit.A[2U][0U] = ZERO_d6_19(); - lit.A[2U][1U] = ZERO_d6_19(); - lit.A[2U][2U] = ZERO_d6_19(); - lit.A[2U][3U] = ZERO_d6_19(); - lit.A[3U][0U] = ZERO_d6_19(); - lit.A[3U][1U] = ZERO_d6_19(); - lit.A[3U][2U] = ZERO_d6_19(); - lit.A[3U][3U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[0U][2U] = ZERO_20_19(); + lit.A[0U][3U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); + lit.A[1U][2U] = ZERO_20_19(); + lit.A[1U][3U] = ZERO_20_19(); + lit.A[2U][0U] = ZERO_20_19(); + lit.A[2U][1U] = ZERO_20_19(); + lit.A[2U][2U] = ZERO_20_19(); + lit.A[2U][3U] = ZERO_20_19(); + lit.A[3U][0U] = ZERO_20_19(); + lit.A[3U][1U] = ZERO_20_19(); + lit.A[3U][2U] = ZERO_20_19(); + lit.A[3U][3U] = ZERO_20_19(); return lit; } @@ -3106,11 +2671,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_f1_d01(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3124,13 +2685,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static void closure_a31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_61( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -3143,7 +2698,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_b7( uint8_t ret0[64U]; G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -3162,11 +2716,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -<<<<<<< HEAD -shake128_init_absorb_final_401(uint8_t input[4U][34U]) { -======= -shake128_init_absorb_37(uint8_t input[4U][34U]) { ->>>>>>> main +shake128_init_absorb_final_37(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -3197,19 +2747,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -<<<<<<< HEAD -shake128_init_absorb_final_f1_831(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_17(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_401(copy_of_input); -======= -shake128_init_absorb_f1_17(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_37(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_37(copy_of_input); } /** @@ -3218,11 +2760,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a1( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_72( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_72( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -3243,15 +2781,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_201( - PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_9a1(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_75( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_75( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_72(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_72(self, ret); } /** @@ -3302,11 +2834,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_893( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb( ->>>>>>> main uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -3344,13 +2872,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_e6( PortableHash_d1 *st, uint8_t ret[4U][168U]) { -======= -static KRML_MUSTINLINE void shake128_squeeze_block_e6(PortableHash_d1 *st, - uint8_t ret[4U][168U]) { ->>>>>>> main uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3370,15 +2893,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_041( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_48( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_ea1(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_f1_48( - PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_e6(self, ret); ->>>>>>> main + shake128_squeeze_next_block_e6(self, ret); } /** @@ -3429,11 +2946,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_894( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( ->>>>>>> main uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -3467,30 +2980,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -from_i16_array_20_d3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); -======= -from_i16_array_d6_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); ->>>>>>> main +from_i16_array_20_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3510,15 +3010,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c1( - int16_t s[272U]) { - return from_i16_array_20_d3( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3529,11 +3023,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_1b1( -======= static KRML_MUSTINLINE void sample_from_xof_49( ->>>>>>> main uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -3541,43 +3031,25 @@ static KRML_MUSTINLINE void sample_from_xof_49( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_831(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_201(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_893( -======= - PortableHash_d1 xof_state = shake128_init_absorb_f1_17(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_17(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_75(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_75(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_fb( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_f1_041(&xof_state, randomness); -======= - shake128_squeeze_block_f1_48(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_f1_48(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_894( -======= done = sample_from_uniform_distribution_next_fb0( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -3586,11 +3058,7 @@ static KRML_MUSTINLINE void sample_from_xof_49( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_2c1(copy_of_out[i]);); -======= ret0[i] = closure_ba(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -3603,18 +3071,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_0b1( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_a31(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -3629,11 +3088,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; -<<<<<<< HEAD - sample_from_xof_1b1(copy_of_seeds, sampled); -======= sample_from_xof_49(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3651,16 +3106,6 @@ static KRML_MUSTINLINE void sample_matrix_A_ae( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U][4U]; - memcpy(result, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - memcpy(ret, result, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); -======= ->>>>>>> main } /** @@ -3669,13 +3114,8 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_d32(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { -======= static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { ->>>>>>> main uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3695,66 +3135,11 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_f1_bf2(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_d32(input, ret); -======= static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { PRFxN_d5(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3762,11 +3147,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -sample_from_binomial_distribution_2_d9(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3800,11 +3181,7 @@ sample_from_binomial_distribution_2_d1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_d3( -======= - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3815,11 +3192,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -sample_from_binomial_distribution_3_af(Eurydice_slice randomness) { -======= -sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { ->>>>>>> main +sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3852,11 +3225,7 @@ sample_from_binomial_distribution_3_a6(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return from_i16_array_20_d3( -======= - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3867,13 +3236,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -sample_from_binomial_distribution_d8(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_d9(randomness); -======= -sample_from_binomial_distribution_dd(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_d1(randomness); ->>>>>>> main +sample_from_binomial_distribution_ce(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_1b(randomness); } /** @@ -3882,11 +3246,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_7_99( -======= -static KRML_MUSTINLINE void ntt_at_layer_7_98( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_7_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3914,11 +3274,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -montgomery_multiply_fe_77( -======= -montgomery_multiply_fe_2c( ->>>>>>> main +montgomery_multiply_fe_5e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3932,20 +3288,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - ntt_layer_int_vec_step_67( -======= - ntt_layer_int_vec_step_02( ->>>>>>> main + ntt_layer_int_vec_step_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = -<<<<<<< HEAD - montgomery_multiply_fe_77(b, zeta_r); -======= - montgomery_multiply_fe_2c(b, zeta_r); ->>>>>>> main + montgomery_multiply_fe_5e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3959,11 +3307,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_4_plus_06( -======= -static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3976,11 +3320,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_35( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - ntt_layer_int_vec_step_67( -======= - ntt_layer_int_vec_step_02( ->>>>>>> main + ntt_layer_int_vec_step_d1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3997,11 +3337,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_3_82( -======= -static KRML_MUSTINLINE void ntt_at_layer_3_e9( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_3_1b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4019,11 +3355,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_at_layer_2_8a( -======= -static KRML_MUSTINLINE void ntt_at_layer_2_34( ->>>>>>> main +static KRML_MUSTINLINE void ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4031,14 +3363,8 @@ static KRML_MUSTINLINE void ntt_at_layer_2_34( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } @@ -4048,7 +3374,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_bd( +static KRML_MUSTINLINE void ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4056,46 +3382,24 @@ static KRML_MUSTINLINE void ntt_at_layer_1_bd( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void poly_barrett_reduce_20_6b( -======= -static KRML_MUSTINLINE void poly_barrett_reduce_d6_a9( ->>>>>>> main +static KRML_MUSTINLINE void poly_barrett_reduce_20_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4113,37 +3417,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_a0( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_99(re); + ntt_at_layer_7_73(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_82(&zeta_i, re); - ntt_at_layer_2_8a(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_fb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_98(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1b(&zeta_i, re); + ntt_at_layer_2_ea(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_20_0a(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4153,17 +3439,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_061( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4175,20 +3453,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_83( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf2(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); -======= PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd( + re_as_ntt[i0] = sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); return domain_separator; } @@ -4212,17 +3482,16 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_83(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_3c(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -4230,72 +3499,26 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_86( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -ntt_multiply_20_23(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_1c(); -======= -ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4315,33 +3538,16 @@ ntt_multiply_d6_27(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_fc1( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_5d( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -4366,11 +3572,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -to_standard_domain_22( -======= -to_standard_domain_bd0( ->>>>>>> main +to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4378,38 +3580,22 @@ to_standard_domain_bd0( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_standard_error_reduce_20_39( -======= -static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( ->>>>>>> main +static KRML_MUSTINLINE void add_standard_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD - coefficient_normal_form = to_standard_domain_22(self->coefficients[j]); -======= - coefficient_normal_form = to_standard_domain_bd0(self->coefficients[j]); ->>>>>>> main + coefficient_normal_form = to_standard_domain_73(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -4418,58 +3604,13 @@ static KRML_MUSTINLINE void add_standard_error_reduce_d6_aa( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_3c1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_1c();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fc1(&result0[i1], &product); - } - add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_00( +static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -4483,7 +3624,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4496,55 +3637,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4554,47 +3653,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_540 generate_keypair_unpacked_831( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_f1_d01(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_74( +static void generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_b7(key_generation_seed, hashed); + cpa_keygen_seed_d8_61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[4U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_0b1(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; @@ -4606,285 +3678,73 @@ static void generate_keypair_unpacked_74( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_83(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_3c(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_061(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator) + .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_3c1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; + compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A, + private_key->secret_as_ntt, error_as_ntt); + uint8_t uu____5[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); + Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_33(dst, uu____5); + memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 +- PRIVATE_KEY_SIZE= 1536 - PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_d61( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_20_1c();); +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ea1( + Eurydice_slice key_generation_seed) { + IndCpaPrivateKeyUnpacked_42 private_key = default_f6_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_85_6b(); + generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); + uint8_t public_key_serialized[1568U]; + serialize_public_key_96( + public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; + memcpy(result.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(result.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + return result; } /** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_3a_d9( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_f1_fd1(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b21( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_540 uu____0 = generate_keypair_unpacked_831(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_d61(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_d9(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_771( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_fd1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_86(copy_of_prf_input, domain_separator) - .fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_00(public_key->t_as_ntt, public_key->A, - private_key->secret_as_ntt, error_as_ntt); - uint8_t uu____5[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); - memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_fc1( - Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_831(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_771( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_cd1(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_521( - Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); - generate_keypair_unpacked_74(key_generation_seed, &private_key, &public_key); - uint8_t public_key_serialized[1568U]; - serialize_public_key_eb( - public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_8c(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD - libcrux_ml_kem_utils_extraction_helper_Keypair1024 result; - memcpy(result.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(result.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; ->>>>>>> main -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_d5( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_82( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_bb( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -4910,11 +3770,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_82( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_f1_fd1(public_key, ret0); -======= H_f1_c6(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -4930,14 +3786,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_82( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4952,11 +3800,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c1(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4965,21 +3809,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = -<<<<<<< HEAD - generate_keypair_fc1(ind_cpa_keypair_randomness); -======= - generate_keypair_521(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_ea1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; -<<<<<<< HEAD - serialize_kem_secret_key_d5( -======= - serialize_kem_secret_key_82( ->>>>>>> main + serialize_kem_secret_key_bb( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4988,22 +3824,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_541(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f11(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d1(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_721(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b11( - uu____2, libcrux_ml_kem_types_from_07_a91(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b1( - uu____2, libcrux_ml_kem_types_from_40_601(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d1( + uu____2, libcrux_ml_kem_types_from_5a_c61(copy_of_public_key)); } /** @@ -5016,7 +3843,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_f3(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5024,38 +3851,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_cd(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5066,17 +3861,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -<<<<<<< HEAD -sample_ring_element_cbd_a21(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_1c();); -======= -sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_72(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_d6_19();); ->>>>>>> main + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5088,19 +3876,11 @@ sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf2(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_d8( -======= PRFxN_f1_9f(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( ->>>>>>> main + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5110,11 +3890,7 @@ sample_ring_element_cbd_af(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5125,11 +3901,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_030(Eurydice_slice input, uint8_t ret[128U]) { -======= static KRML_MUSTINLINE void PRF_440(Eurydice_slice input, uint8_t ret[128U]) { ->>>>>>> main uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -5146,15 +3918,9 @@ with const generics - K= 4 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c84(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_030(input, ret); -======= static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); ->>>>>>> main } /** @@ -5163,11 +3929,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_1_e7( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -5175,20 +3937,10 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_0d( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } @@ -5198,11 +3950,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_2_e9( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_2_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -5210,14 +3958,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_4a( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } @@ -5227,11 +3969,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_3_2b( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_3_a9( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_3_0c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -5251,11 +3989,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - inv_ntt_layer_int_vec_step_reduce_42( -======= - inv_ntt_layer_int_vec_step_reduce_f1( ->>>>>>> main + inv_ntt_layer_int_vec_step_reduce_1b( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -5263,11 +3997,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); -<<<<<<< HEAD - b = montgomery_multiply_fe_77(a_minus_b, zeta_r); -======= - b = montgomery_multiply_fe_2c(a_minus_b, zeta_r); ->>>>>>> main + b = montgomery_multiply_fe_5e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -5279,11 +4009,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_5a( -======= -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( ->>>>>>> main +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -5298,11 +4024,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_f5( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - inv_ntt_layer_int_vec_step_reduce_42( -======= - inv_ntt_layer_int_vec_step_reduce_f1( ->>>>>>> main + inv_ntt_layer_int_vec_step_reduce_1b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -5319,58 +4041,31 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_311( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_e7(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_5f( +static KRML_MUSTINLINE void invert_ntt_montgomery_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + invert_ntt_at_layer_1_2e(&zeta_i, re); + invert_ntt_at_layer_2_42(&zeta_i, re); + invert_ntt_at_layer_3_0c(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_error_reduce_20_06( -======= -static KRML_MUSTINLINE void add_error_reduce_d6_a3( ->>>>>>> main +static KRML_MUSTINLINE void add_error_reduce_20_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5388,31 +4083,20 @@ static KRML_MUSTINLINE void add_error_reduce_d6_a3( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_4b1( -======= -static KRML_MUSTINLINE void compute_vector_u_51( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1c();); -======= - result[i] = ZERO_d6_19();); ->>>>>>> main + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5432,19 +4116,11 @@ static KRML_MUSTINLINE void compute_vector_u_51( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - ntt_multiply_20_23(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fc1(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a(&result0[i1], &product); } - invert_ntt_montgomery_311(&result0[i1]); - add_error_reduce_20_06(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d(&result[i1], &product); - } - invert_ntt_montgomery_5f(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_04(&result0[i1]); + add_error_reduce_20_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -5462,13 +4138,8 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_1_4c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +decompress_1_a4(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = -======= -decompress_1_7e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = ->>>>>>> main libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = libcrux_ml_kem_vector_portable_sub_0d(z, &vec); @@ -5485,13 +4156,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_message_52(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_message_40(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5501,39 +4167,23 @@ deserialize_then_decompress_message_40(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_1_4c(coefficient_compressed); -======= - decompress_1_7e(coefficient_compressed); ->>>>>>> main + decompress_1_a4(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -add_message_error_reduce_20_8c( -======= -add_message_error_reduce_d6_4d( ->>>>>>> main +add_message_error_reduce_20_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -5556,9 +4206,6 @@ add_message_error_reduce_d6_4d( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5566,32 +4213,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_ring_element_v_661( -======= -compute_ring_element_v_16( ->>>>>>> main +compute_ring_element_v_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fc1(&result, &product);); - invert_ntt_montgomery_311(&result); - result = add_message_error_reduce_20_8c(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d(&result, &product);); - invert_ntt_montgomery_5f(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); ->>>>>>> main + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a(&result, &product);); + invert_ntt_montgomery_04(&result); + result = add_message_error_reduce_20_f0(error_2, message, result); return result; } @@ -5601,11 +4234,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_20(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5626,15 +4255,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -<<<<<<< HEAD -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9a( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c(v); -======= -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_0c( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_20( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_20(v); ->>>>>>> main + return compress_6c(v); } /** @@ -5643,11 +4266,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5669,13 +4288,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0d_9a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c0(v); -======= -compress_0d_0c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_200(v); ->>>>>>> main +compress_0d_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_6c0(v); } /** @@ -5684,22 +4298,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_11_e20( -======= -static KRML_MUSTINLINE void compress_then_serialize_11_9b( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_11_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - compress_0d_9a0(to_unsigned_representative_87(re->coefficients[i0])); -======= - compress_0d_0c0(to_unsigned_representative_08(re->coefficients[i0])); ->>>>>>> main + compress_0d_200(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5717,23 +4323,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_310( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_e20(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_08( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_9b(re, uu____0); ->>>>>>> main + compress_then_serialize_11_ba(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5743,11 +4339,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -<<<<<<< HEAD -static void compress_then_serialize_u_ed1( -======= -static void compress_then_serialize_u_2b( ->>>>>>> main +static void compress_then_serialize_u_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5763,11 +4355,7 @@ static void compress_then_serialize_u_2b( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_310(&re, ret); -======= - compress_then_serialize_ring_element_u_08(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_ed(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5779,11 +4367,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5805,13 +4389,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0d_9a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c1(v); -======= -compress_0d_0c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_201(v); ->>>>>>> main +compress_0d_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_6c1(v); } /** @@ -5820,11 +4399,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_4_55( -======= -static KRML_MUSTINLINE void compress_then_serialize_4_d4( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_4_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5833,11 +4408,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_d4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - compress_0d_9a1(to_unsigned_representative_87(re.coefficients[i0])); -======= - compress_0d_0c1(to_unsigned_representative_08(re.coefficients[i0])); ->>>>>>> main + compress_0d_201(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -5853,11 +4424,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { -======= -compress_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main +compress_6c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -5879,13 +4446,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -compress_0d_9a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_0c2(v); -======= -compress_0d_0c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_202(v); ->>>>>>> main +compress_0d_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_6c2(v); } /** @@ -5894,7 +4456,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_61( +static KRML_MUSTINLINE void compress_then_serialize_5_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5903,11 +4465,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_61( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = -<<<<<<< HEAD - compress_0d_9a2(to_unsigned_representative_87(re.coefficients[i0])); -======= - compress_0d_0c2(to_unsigned_representative_08(re.coefficients[i0])); ->>>>>>> main + compress_0d_202(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -5924,56 +4482,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d0( -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b9( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_de( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_61(re, out); + compress_then_serialize_5_96(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5992,18 +4505,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_d71( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_061(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_0d(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6011,8 +4513,7 @@ static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_86(copy_of_prf_input0, 0U); ->>>>>>> main + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -6022,11 +4523,7 @@ static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_a21(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_af(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_72(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6034,380 +4531,165 @@ static void encrypt_unpacked_e7(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_f1_c84(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_4b1(public_key->A, r_as_ntt, error_1, u); -======= PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_51(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_02(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_52(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_661(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_40(copy_of_message); + deserialize_then_decompress_message_c9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_16(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c7(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - compress_then_serialize_u_ed1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2d0( -======= - compress_then_serialize_u_2b( + compress_then_serialize_u_bf( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b9( ->>>>>>> main + compress_then_serialize_ring_element_v_de( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_5f1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_85_6b(); + deserialize_ring_elements_reduced_8b( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + unpacked_public_key.t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = + unpacked_public_key.A; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); + sample_matrix_A_ae(uu____0, ret0, false); + IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t result[1568U]; + encrypt_unpacked_0d(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::variant::Variant for +libcrux_ml_kem::variant::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 +with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_d8_cf(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 - PUBLIC_KEY_SIZE= 1568 - T_AS_NTT_ENCODED_SIZE= 1536 - C1_SIZE= 1408 - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 +- C1_BLOCK_SIZE= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_d8_f3( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_42( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + uint8_t ret[32U]; + H_f1_c6(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), + uint8_t), + ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = - &public_key->ind_cpa_public_key; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_d71(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); + encrypt_5f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); + libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = + libcrux_ml_kem_types_from_01_fc(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_d8_cf(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_da(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_951(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_071( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_0b1(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1568U]; - encrypt_unpacked_d71(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); -======= -static void encrypt_ec1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); - deserialize_ring_elements_reduced_1b( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), - unpacked_public_key.t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____0)[4U] = - unpacked_public_key.A; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae(uu____0, ret0, false); - IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_e7(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -This function found in impl {(libcrux_ml_kem::variant::Variant for -libcrux_ml_kem::variant::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.variant.kdf_d8 -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_3b(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_89(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_931( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_da( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_b11( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_d8_cd( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - uint8_t ret[32U]; -<<<<<<< HEAD - H_f1_fd1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= - H_f1_c6(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1568U, libcrux_ml_kem_types_as_slice_f6_ae1(public_key), uint8_t); -======= - (size_t)1568U, libcrux_ml_kem_types_as_slice_ba_12(public_key), uint8_t); ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; -<<<<<<< HEAD - encrypt_951(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_15_e91(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_3b(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; -======= - encrypt_ec1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_fc_36(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_89(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; ->>>>>>> main - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_21 result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -6417,8 +4699,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); +deserialize_to_uncompressed_ring_element_0b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -6431,21 +4713,18 @@ deserialize_to_uncompressed_ring_element_7f(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a21( +static KRML_MUSTINLINE void deserialize_secret_key_e71( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6457,11 +4736,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_a21( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + deserialize_to_uncompressed_ring_element_0b(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; + memcpy( + result, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6472,11 +4755,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df( -======= -decompress_ciphertext_coefficient_1b( ->>>>>>> main +decompress_ciphertext_coefficient_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6501,15 +4780,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df(v); -======= -decompress_ciphertext_coefficient_0d_7e( +decompress_ciphertext_coefficient_0d_4f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be(v); } /** @@ -6519,9 +4792,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_10_0e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); +deserialize_then_decompress_10_c9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -6529,10 +4801,6 @@ deserialize_then_decompress_10_0e(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector), size_t, void *); -======= -deserialize_then_decompress_10_cb(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -6541,11 +4809,7 @@ deserialize_then_decompress_10_cb(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f(coefficient); -======= - decompress_ciphertext_coefficient_0d_7e(coefficient); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -6558,11 +4822,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df0( -======= -decompress_ciphertext_coefficient_1b0( ->>>>>>> main +decompress_ciphertext_coefficient_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6587,15 +4847,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f0( +decompress_ciphertext_coefficient_0d_4f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df0(v); -======= -decompress_ciphertext_coefficient_0d_7e0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b0(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be0(v); } /** @@ -6605,13 +4859,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_11_73(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_11_b0(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_11_fe(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -6620,11 +4869,7 @@ deserialize_then_decompress_11_b0(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f0(coefficient); -======= - decompress_ciphertext_coefficient_0d_7e0(coefficient); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -6637,13 +4882,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_990(Eurydice_slice serialized) { - return deserialize_then_decompress_11_73(serialized); -======= -deserialize_then_decompress_ring_element_u_05(Eurydice_slice serialized) { - return deserialize_then_decompress_11_b0(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { + return deserialize_then_decompress_11_fe(serialized); } /** @@ -6652,37 +4892,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_740( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_82(&zeta_i, re); - ntt_at_layer_2_8a(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_58( +static KRML_MUSTINLINE void ntt_vector_u_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1b(&zeta_i, re); + ntt_at_layer_2_ea(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_20_0a(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6691,20 +4913,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_b81( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_7c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1c();); -======= - u_as_ntt[i] = ZERO_d6_19();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -6722,13 +4936,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_990(u_bytes); - ntt_vector_u_740(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_05(u_bytes); - ntt_vector_u_58(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); + ntt_vector_u_2a(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6742,11 +4951,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df1( -======= -decompress_ciphertext_coefficient_1b1( ->>>>>>> main +decompress_ciphertext_coefficient_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6771,15 +4976,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df1(v); -======= -decompress_ciphertext_coefficient_0d_7e1( +decompress_ciphertext_coefficient_0d_4f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b1(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be1(v); } /** @@ -6789,13 +4988,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_4_33(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_4_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_4_c2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -6804,11 +4998,7 @@ deserialize_then_decompress_4_ad(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f1(coefficient); -======= - decompress_ciphertext_coefficient_0d_7e1(coefficient); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -6821,11 +5011,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_df2( -======= -decompress_ciphertext_coefficient_1b2( ->>>>>>> main +decompress_ciphertext_coefficient_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6850,15 +5036,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -decompress_ciphertext_coefficient_0d_8f2( +decompress_ciphertext_coefficient_0d_4f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_df2(v); -======= -decompress_ciphertext_coefficient_0d_7e2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_1b2(v); ->>>>>>> main + return decompress_ciphertext_coefficient_be2(v); } /** @@ -6868,13 +5048,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_5_df(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); -======= -deserialize_then_decompress_5_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_d6_19(); ->>>>>>> main +deserialize_then_decompress_5_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -6883,11 +5058,7 @@ deserialize_then_decompress_5_60(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = -<<<<<<< HEAD - decompress_ciphertext_coefficient_0d_8f2(re.coefficients[i0]); -======= - decompress_ciphertext_coefficient_0d_7e2(re.coefficients[i0]); ->>>>>>> main + decompress_ciphertext_coefficient_0d_4f2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -6900,39 +5071,22 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_bf0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_df(serialized); -======= -deserialize_then_decompress_ring_element_v_03(Eurydice_slice serialized) { - return deserialize_then_decompress_5_60(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_41(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a7(serialized); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -subtract_reduce_20_78(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, -======= -subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, ->>>>>>> main +subtract_reduce_20_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -6950,12 +5104,6 @@ subtract_reduce_d6_81(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6963,31 +5111,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_message_3b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fc1(&result, &product);); - invert_ntt_montgomery_311(&result); - result = subtract_reduce_20_78(v, result); -======= -compute_message_15( +compute_message_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d(&result, &product);); - invert_ntt_montgomery_5f(&result); - result = subtract_reduce_d6_81(v, result); ->>>>>>> main + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a(&result, &product);); + invert_ntt_montgomery_04(&result); + result = subtract_reduce_20_1e(v, result); return result; } @@ -6997,21 +5131,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD static KRML_MUSTINLINE void compress_then_serialize_message_2c( -======= -static KRML_MUSTINLINE void compress_then_serialize_message_f9( ->>>>>>> main libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - to_unsigned_representative_87(re.coefficients[i0]); -======= - to_unsigned_representative_08(re.coefficients[i0]); ->>>>>>> main + to_unsigned_representative_9f(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -7025,30 +5151,6 @@ static KRML_MUSTINLINE void compress_then_serialize_message_f9( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7059,33 +5161,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -<<<<<<< HEAD -static void decrypt_unpacked_871( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b81(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_bf0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); -======= -static void decrypt_unpacked_76(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_ed(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_4d(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_03( + deserialize_then_decompress_ring_element_v_41( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_15(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_b7(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7099,10 +5186,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1f1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_a21(secret_key, secret_as_ntt); + deserialize_secret_key_e71(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -7112,10 +5199,9 @@ static void decrypt_031(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_76(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_ed(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -7123,11 +5209,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_03(Eurydice_slice input, uint8_t ret[32U]) { -======= static KRML_MUSTINLINE void PRF_44(Eurydice_slice input, uint8_t ret[32U]) { ->>>>>>> main uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -7144,16 +5226,15 @@ with const generics - K= 4 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c83(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); +static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { + PRF_44(input, ret); } /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const -generics +libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], +libcrux_ml_kem_variant_MlKem with const generics - K= 4 - SECRET_KEY_SIZE= 3168 - CPA_SECRET_KEY_SIZE= 1536 @@ -7171,316 +5252,84 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { +void libcrux_ml_kem_ind_cca_decapsulate_551( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_unpacked_871(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); + decrypt_1f1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( + libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_174( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_d71(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_7b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_1c(); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_751( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1c();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7b(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - memcpy( - result, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_c31(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_751(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t result[32U]; - decrypt_unpacked_871(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); ->>>>>>> main -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]], -libcrux_ml_kem_variant_MlKem with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_161( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a1( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_c31(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_031(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); - uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d01(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_174(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c83(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= - libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); ->>>>>>> main - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; -<<<<<<< HEAD - encrypt_951(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_3b(Eurydice_array_to_slice((size_t)32U, + kdf_d8_cf(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_3b(shared_secret0, shared_secret1); + kdf_d8_cf(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff1(ciphertext), + libcrux_ml_kem_types_as_ref_00_47(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_ec1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_89(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_89(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_070( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7492,43 +5341,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b3( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_62(ring_element); -======= - deserialize_to_reduced_ring_element_f6(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_d3(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_580( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b3(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_8b0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7536,11 +5371,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_cd0( -======= -static KRML_MUSTINLINE void serialize_secret_key_8c0( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -7558,20 +5389,13 @@ static KRML_MUSTINLINE void serialize_secret_key_8c0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_64(&re, ret0); -======= - serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7580,13 +5404,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_460( +static KRML_MUSTINLINE void serialize_public_key_mut_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_8c0(t_as_ntt, ret); + serialize_secret_key_800(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7595,9 +5419,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_460( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7606,41 +5427,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_770( +static KRML_MUSTINLINE void serialize_public_key_960( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); - uint8_t ret0[768U]; - serialize_secret_key_cd0(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_1d0(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_eb0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_460(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7649,25 +5445,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_820(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_070( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3c0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_6b0( ->>>>>>> main + deserialize_ring_elements_reduced_out_580( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; -<<<<<<< HEAD - serialize_public_key_770( -======= - serialize_public_key_eb0( ->>>>>>> main + serialize_public_key_960( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -7689,13 +5475,6 @@ static KRML_MUSTINLINE void H_f1_c60(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -7704,7 +5483,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_3d( +bool libcrux_ml_kem_ind_cca_validate_private_key_24( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -7732,18 +5511,18 @@ typedef struct IndCpaPrivateKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_f6_a30(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); return lit; } @@ -7762,28 +5541,28 @@ typedef struct IndCpaPublicKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_85_6b0(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); return lit; } @@ -7796,11 +5575,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_f1_d00(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_f1_070(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7814,13 +5589,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static void closure_a30( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_c9( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7833,7 +5602,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_07( uint8_t ret0[64U]; G_f1_070(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7852,11 +5620,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -<<<<<<< HEAD -shake128_init_absorb_final_400(uint8_t input[2U][34U]) { -======= -shake128_init_absorb_370(uint8_t input[2U][34U]) { ->>>>>>> main +shake128_init_absorb_final_370(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -7887,19 +5651,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -<<<<<<< HEAD -shake128_init_absorb_final_f1_830(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_400(copy_of_input); -======= -shake128_init_absorb_f1_170(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_170(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_370(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_370(copy_of_input); } /** @@ -7908,11 +5664,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a0( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_720( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_720( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -7933,15 +5685,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_200( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_750( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_9a0(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_750( - PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_720(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_720(self, ret); } /** @@ -7992,11 +5738,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_891( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb1( ->>>>>>> main uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -8034,13 +5776,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_e60( PortableHash_8b *st, uint8_t ret[2U][168U]) { -======= -static KRML_MUSTINLINE void shake128_squeeze_block_e60(PortableHash_8b *st, - uint8_t ret[2U][168U]) { ->>>>>>> main uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -8060,15 +5797,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_040( - PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_ea0(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_f1_480( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_480( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_e60(self, ret); ->>>>>>> main + shake128_squeeze_next_block_e60(self, ret); } /** @@ -8119,11 +5850,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_892( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb2( ->>>>>>> main uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -8162,15 +5889,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c0( - int16_t s[272U]) { - return from_i16_array_20_d3( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -8181,11 +5902,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_1b0( -======= static KRML_MUSTINLINE void sample_from_xof_490( ->>>>>>> main uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -8193,43 +5910,25 @@ static KRML_MUSTINLINE void sample_from_xof_490( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - PortableHash_8b xof_state = shake128_init_absorb_final_f1_830(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_200(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_891( -======= - PortableHash_8b xof_state = shake128_init_absorb_f1_170(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_170(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_750(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_750(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_fb1( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_f1_040(&xof_state, randomness); -======= - shake128_squeeze_block_f1_480(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_f1_480(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_892( -======= done = sample_from_uniform_distribution_next_fb2( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -8238,11 +5937,7 @@ static KRML_MUSTINLINE void sample_from_xof_490( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_2c0(copy_of_out[i]);); -======= ret0[i] = closure_ba0(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8255,18 +5950,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_0b0( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_a30(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_ae0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8281,11 +5967,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae0( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; -<<<<<<< HEAD - sample_from_xof_1b0(copy_of_seeds, sampled); -======= sample_from_xof_490(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8303,15 +5985,6 @@ static KRML_MUSTINLINE void sample_matrix_A_ae0( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U][2U]; - memcpy(result, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - memcpy(ret, result, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); -======= } /** @@ -8353,14 +6026,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_dd0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_a6(randomness); +sample_from_binomial_distribution_ce0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_ee(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8370,7 +6039,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -8387,11 +6056,10 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_830( PRFxN_f1_9f0(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd0( + re_as_ntt[i0] = sample_from_binomial_distribution_ce0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); return domain_separator; ->>>>>>> main } /** @@ -8406,54 +6074,7 @@ typedef struct tuple_740_s { } tuple_740; /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_d30(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN_f1 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_f1_bf0(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_d30(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_d80(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_af(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -======= A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt_out ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics @@ -8461,41 +6082,16 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_060( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1c();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_f1_bf0(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d80( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); -======= -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = - sample_vector_cbd_then_ntt_830(uu____0, uu____1, domain_separator); ->>>>>>> main + re_as_ntt[i] = ZERO_20_19();); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + domain_separator = + sample_vector_cbd_then_ntt_3c0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -8503,44 +6099,23 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_860( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_fc0( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8558,58 +6133,13 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_5d0( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_3c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_1c();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fc0(&result0[i1], &product); - } - add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_000( +static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -8623,7 +6153,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_000( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -8636,55 +6166,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_000( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d0(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8694,47 +6182,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static tuple_4c0 generate_keypair_unpacked_830( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_f1_d00(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_740( +static void generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_07(key_generation_seed, hashed); + cpa_keygen_seed_d8_c9(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[2U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_0b0(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_ae0(uu____1, ret, true); uint8_t prf_input[33U]; @@ -8746,182 +6207,23 @@ static void generate_keypair_unpacked_740( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_830(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_3c0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_060(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_3c0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_d60( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_20_1c();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_f1_fd0(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b20( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_830(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_d60(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_d9(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_770( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_fd0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_860(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_000(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -8936,32 +6238,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_fc0( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_830(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_770( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_cd0(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ea0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); - generate_keypair_unpacked_740(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_ae private_key = default_f6_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_85_6b0(); + generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_960( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_8c0(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_800(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8970,26 +6258,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_520( uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair512 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)768U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)800U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -8997,11 +6273,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_9d( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_83( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_ad( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -9027,11 +6299,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_83( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_f1_fd0(public_key, ret0); -======= H_f1_c60(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -9047,14 +6315,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_83( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9069,11 +6329,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c0(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -9082,21 +6338,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = -<<<<<<< HEAD - generate_keypair_fc0(ind_cpa_keypair_randomness); -======= - generate_keypair_520(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_ea0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; -<<<<<<< HEAD - serialize_kem_secret_key_9d( -======= - serialize_kem_secret_key_83( ->>>>>>> main + serialize_kem_secret_key_ad( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -9105,21 +6353,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -9132,7 +6372,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9140,47 +6380,13 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_3b(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); - deserialized_pk[i0] = uu____0; - } ->>>>>>> main -} - /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_d31(uint8_t (*input)[33U], -======= static KRML_MUSTINLINE void PRFxN_d51(uint8_t (*input)[33U], ->>>>>>> main uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -9201,20 +6407,11 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_f1_bf1(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_d31(input, ret); -======= static KRML_MUSTINLINE void PRFxN_f1_9f1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { PRFxN_d51(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9225,17 +6422,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -<<<<<<< HEAD -sample_ring_element_cbd_a20(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_1c();); -======= -sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_720(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_d6_19();); ->>>>>>> main + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -9247,19 +6437,11 @@ sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf1(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_d8( -======= PRFxN_f1_9f1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( ->>>>>>> main + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -9269,11 +6451,7 @@ sample_ring_element_cbd_af0(uint8_t prf_input[33U], uint8_t domain_separator) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -9289,15 +6467,9 @@ with const generics - K= 2 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c82(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_030(input, ret); -======= static KRML_MUSTINLINE void PRF_f1_9d2(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); ->>>>>>> main } /** @@ -9306,60 +6478,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_310( +static KRML_MUSTINLINE void invert_ntt_montgomery_040( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_e7(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_5f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + invert_ntt_at_layer_1_2e(&zeta_i, re); + invert_ntt_at_layer_2_42(&zeta_i, re); + invert_ntt_at_layer_3_0c(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_4b0( -======= -static KRML_MUSTINLINE void compute_vector_u_510( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1c();); -======= - result[i] = ZERO_d6_19();); ->>>>>>> main + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -9379,19 +6525,11 @@ static KRML_MUSTINLINE void compute_vector_u_510( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - ntt_multiply_20_23(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fc0(&result0[i1], &product); - } - invert_ntt_montgomery_310(&result0[i1]); - add_error_reduce_20_06(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d0(&result[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a0(&result0[i1], &product); } - invert_ntt_montgomery_5f0(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_040(&result0[i1]); + add_error_reduce_20_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -9402,9 +6540,6 @@ static KRML_MUSTINLINE void compute_vector_u_510( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9412,32 +6547,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_ring_element_v_660( -======= -compute_ring_element_v_160( ->>>>>>> main +compute_ring_element_v_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fc0(&result, &product);); - invert_ntt_montgomery_310(&result); - result = add_message_error_reduce_20_8c(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d0(&result, &product);); - invert_ntt_montgomery_5f0(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); ->>>>>>> main + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a0(&result, &product);); + invert_ntt_montgomery_040(&result); + result = add_message_error_reduce_20_f0(error_2, message, result); return result; } @@ -9447,22 +6568,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_10_a9( -======= -static KRML_MUSTINLINE void compress_then_serialize_10_470( ->>>>>>> main +static KRML_MUSTINLINE void compress_then_serialize_10_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - compress_0d_9a(to_unsigned_representative_87(re->coefficients[i0])); -======= - compress_0d_0c(to_unsigned_representative_08(re->coefficients[i0])); ->>>>>>> main + compress_0d_20(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -9480,23 +6593,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_a9(re, uu____0); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_080( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_470(re, uu____0); ->>>>>>> main + compress_then_serialize_10_7e0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9506,11 +6609,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_ed0( -======= -static void compress_then_serialize_u_2b0( ->>>>>>> main +static void compress_then_serialize_u_bf0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9526,11 +6625,7 @@ static void compress_then_serialize_u_2b0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_31(&re, ret); -======= - compress_then_serialize_ring_element_u_080(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_ed0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -9543,58 +6638,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_2d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_de0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_55(re, out); -======= -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_b90( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_d4(re, out); ->>>>>>> main + compress_then_serialize_4_b7(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9613,18 +6661,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_d70( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_060(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_0d0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -9633,8 +6670,7 @@ static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_860(copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -9644,11 +6680,7 @@ static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = -<<<<<<< HEAD - sample_ring_element_cbd_a20(copy_of_prf_input, domain_separator0); -======= - sample_ring_element_cbd_af0(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_720(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -9656,218 +6688,58 @@ static void encrypt_unpacked_e70(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_f1_c82(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_4b0(public_key->A, r_as_ntt, error_1, u); -======= PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_510(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_020(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_c9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_660(public_key->t_as_ntt, r_as_ntt, &error_2, -======= - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_160(public_key->t_as_ntt, r_as_ntt, &error_2, ->>>>>>> main + compute_ring_element_v_c70(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - compress_then_serialize_u_ed0( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2d( -======= - compress_then_serialize_u_2b0( + compress_then_serialize_u_bf0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b90( ->>>>>>> main + compress_then_serialize_ring_element_v_de0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 - CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 - T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_d70(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e3(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -<<<<<<< HEAD -static void encrypt_950(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_070( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_0b0(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[768U]; - encrypt_unpacked_d70(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); -======= -static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); - deserialize_ring_elements_reduced_1b0( + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_85_6b0(); + deserialize_ring_elements_reduced_8b0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -9881,10 +6753,9 @@ static void encrypt_ec0(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_e70(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[768U]; + encrypt_unpacked_0d0(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -9898,20 +6769,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_56(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_4d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -9933,47 +6796,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_930( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e3( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_3b( + entropy_preprocess_d8_64( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_f1_fd0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), ->>>>>>> main + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -9981,67 +6824,43 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_b10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)800U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)800U, libcrux_ml_kem_types_as_slice_ba_120(public_key), uint8_t); ->>>>>>> main + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; -<<<<<<< HEAD - encrypt_950(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_ec0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main + encrypt_5f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_56(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_360(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_d8_4d(shared_secret, shared_secret_array); ->>>>>>> main + kdf_d8_c2(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_ec result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a20( +static KRML_MUSTINLINE void deserialize_secret_key_e70( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -10053,11 +6872,15 @@ static KRML_MUSTINLINE void deserialize_secret_key_a20( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + deserialize_to_uncompressed_ring_element_0b(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -10068,13 +6891,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_u_99(Eurydice_slice serialized) { - return deserialize_then_decompress_10_0e(serialized); -======= -deserialize_then_decompress_ring_element_u_050(Eurydice_slice serialized) { - return deserialize_then_decompress_10_cb(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { + return deserialize_then_decompress_10_c9(serialized); } /** @@ -10083,37 +6901,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void ntt_vector_u_74( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_82(&zeta_i, re); - ntt_at_layer_2_8a(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void ntt_vector_u_580( +static KRML_MUSTINLINE void ntt_vector_u_2a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_e9(&zeta_i, re); - ntt_at_layer_2_34(&zeta_i, re); - ntt_at_layer_1_bd(&zeta_i, re); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_1b(&zeta_i, re); + ntt_at_layer_2_ea(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_20_0a(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10122,20 +6922,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_b80( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_7c0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1c();); -======= - u_as_ntt[i] = ZERO_d6_19();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -10153,13 +6945,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); - ntt_vector_u_74(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); - ntt_vector_u_580(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); + ntt_vector_u_2a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -10173,21 +6960,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -deserialize_then_decompress_ring_element_v_bf(Eurydice_slice serialized) { - return deserialize_then_decompress_4_33(serialized); -======= -deserialize_then_decompress_ring_element_v_030(Eurydice_slice serialized) { - return deserialize_then_decompress_4_ad(serialized); ->>>>>>> main +deserialize_then_decompress_ring_element_v_410(Eurydice_slice serialized) { + return deserialize_then_decompress_4_c2(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10195,58 +6971,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_message_3b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fc0(&result, &product);); - invert_ntt_montgomery_310(&result); - result = subtract_reduce_20_78(v, result); -======= -compute_message_150( +compute_message_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d0(&result, &product);); - invert_ntt_montgomery_5f0(&result); - result = subtract_reduce_d6_81(v, result); ->>>>>>> main + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a0(&result, &product);); + invert_ntt_montgomery_040(&result); + result = subtract_reduce_20_1e(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10257,33 +6995,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_870( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b80(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_bf( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); -======= -static void decrypt_unpacked_760(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_ed0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_4d0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7c0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_030( + deserialize_then_decompress_ring_element_v_410( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_150(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_b70(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10297,10 +7020,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1f0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_a20(secret_key, secret_as_ntt); + deserialize_secret_key_e70(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -10310,10 +7033,9 @@ static void decrypt_030(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_760(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_ed0(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -10326,158 +7048,8 @@ with const generics - K= 2 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c81(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const -generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_870(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_d70(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_750( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1c();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7b(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - memcpy( - result, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_c30(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_750(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t result[32U]; - decrypt_unpacked_870(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_f1_9d1(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); ->>>>>>> main } /** @@ -10502,11 +7074,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_160( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a0( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_550( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -10524,15 +7092,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_c30(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_030(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1f0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -10540,11 +7102,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d00(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -10552,91 +7110,48 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c81(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), -======= libcrux_ml_kem_utils_into_padded_array_424(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_470(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), ->>>>>>> main implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; -<<<<<<< HEAD - encrypt_950(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_5f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_56(Eurydice_array_to_slice((size_t)32U, + kdf_d8_c2(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_56(shared_secret0, shared_secret1); + kdf_d8_c2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff(ciphertext), + libcrux_ml_kem_types_as_ref_00_470(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_ec0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_4d(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_4d(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed0(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_07( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -10648,43 +7163,29 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - deserialize_to_reduced_ring_element_62(ring_element); -======= - deserialize_to_reduced_ring_element_f6(ring_element); ->>>>>>> main + deserialize_to_reduced_ring_element_d3(ring_element); deserialized_pk[i0] = uu____0; } } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_6b( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_58( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_d6_19();); - deserialize_ring_elements_reduced_1b2(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_8b1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10692,11 +7193,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_secret_key_cd( -======= -static KRML_MUSTINLINE void serialize_secret_key_8c1( ->>>>>>> main +static KRML_MUSTINLINE void serialize_secret_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -10714,20 +7211,13 @@ static KRML_MUSTINLINE void serialize_secret_key_8c1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - serialize_uncompressed_ring_element_64(&re, ret0); -======= - serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10736,13 +7226,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_461( +static KRML_MUSTINLINE void serialize_public_key_mut_1d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_8c1(t_as_ntt, ret); + serialize_secret_key_801(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -10751,9 +7241,6 @@ static KRML_MUSTINLINE void serialize_public_key_mut_461( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10762,41 +7249,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_public_key_77( +static KRML_MUSTINLINE void serialize_public_key_961( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - serialize_secret_key_cd(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + serialize_public_key_mut_1d1(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void serialize_public_key_eb1( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_461(t_as_ntt, seed_for_a, public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -10805,25 +7267,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -bool libcrux_ml_kem_ind_cca_validate_public_key_82(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_07( -======= -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3c(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_6b( ->>>>>>> main + deserialize_ring_elements_reduced_out_58( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - serialize_public_key_77( -======= - serialize_public_key_eb1( ->>>>>>> main + serialize_public_key_961( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -10845,13 +7297,6 @@ static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -10860,7 +7305,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_46( +bool libcrux_ml_kem_ind_cca_validate_private_key_9e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -10888,19 +7333,19 @@ typedef struct IndCpaPrivateKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_f6_a31(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_d6_19(); - lit.secret_as_ntt[1U] = ZERO_d6_19(); - lit.secret_as_ntt[2U] = ZERO_d6_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[2U] = ZERO_20_19(); return lit; } @@ -10919,33 +7364,33 @@ typedef struct IndCpaPublicKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_85_6b1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_d6_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_d6_19(); - lit.A[0U][1U] = ZERO_d6_19(); - lit.A[0U][2U] = ZERO_d6_19(); - lit.A[1U][0U] = ZERO_d6_19(); - lit.A[1U][1U] = ZERO_d6_19(); - lit.A[1U][2U] = ZERO_d6_19(); - lit.A[2U][0U] = ZERO_d6_19(); - lit.A[2U][1U] = ZERO_d6_19(); - lit.A[2U][2U] = ZERO_d6_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[0U][2U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); + lit.A[1U][2U] = ZERO_20_19(); + lit.A[2U][0U] = ZERO_20_19(); + lit.A[2U][1U] = ZERO_20_19(); + lit.A[2U][2U] = ZERO_20_19(); return lit; } @@ -10958,11 +7403,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void G_f1_d0(Eurydice_slice input, uint8_t ret[64U]) { -======= static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { ->>>>>>> main libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -10976,13 +7417,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static void closure_a3( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_26( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -10995,7 +7430,6 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_3b( uint8_t ret0[64U]; G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -11014,11 +7448,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -<<<<<<< HEAD -shake128_init_absorb_final_40(uint8_t input[3U][34U]) { -======= -shake128_init_absorb_371(uint8_t input[3U][34U]) { ->>>>>>> main +shake128_init_absorb_final_371(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -11049,19 +7479,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -<<<<<<< HEAD -shake128_init_absorb_final_f1_83(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_40(copy_of_input); -======= -shake128_init_absorb_f1_171(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_171(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_371(copy_of_input); ->>>>>>> main + return shake128_init_absorb_final_371(copy_of_input); } /** @@ -11070,11 +7492,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_9a( -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_721( ->>>>>>> main +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_721( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -11095,15 +7513,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_20( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_751( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_9a(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_751( - PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_721(self, ret); ->>>>>>> main + shake128_squeeze_first_three_blocks_721(self, ret); } /** @@ -11154,11 +7566,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_89( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb3( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -11196,13 +7604,8 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_ea( +static KRML_MUSTINLINE void shake128_squeeze_next_block_e61( PortableHash_58 *st, uint8_t ret[3U][168U]) { -======= -static KRML_MUSTINLINE void shake128_squeeze_block_e61(PortableHash_58 *st, - uint8_t ret[3U][168U]) { ->>>>>>> main uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -11222,15 +7625,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_04( - PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_ea(self, ret); -======= -static KRML_MUSTINLINE void shake128_squeeze_block_f1_481( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_481( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_e61(self, ret); ->>>>>>> main + shake128_squeeze_next_block_e61(self, ret); } /** @@ -11281,11 +7678,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_890( -======= static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb4( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -11324,15 +7717,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2c( - int16_t s[272U]) { - return from_i16_array_20_d3( -======= static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_d6_bb( ->>>>>>> main + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -11343,11 +7730,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_from_xof_1b( -======= static KRML_MUSTINLINE void sample_from_xof_491( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -11355,43 +7738,25 @@ static KRML_MUSTINLINE void sample_from_xof_491( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - PortableHash_58 xof_state = shake128_init_absorb_final_f1_83(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_20(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_89( -======= - PortableHash_58 xof_state = shake128_init_absorb_f1_171(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_171(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_751(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_751(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_fb3( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - shake128_squeeze_next_block_f1_04(&xof_state, randomness); -======= - shake128_squeeze_block_f1_481(&xof_state, randomness); ->>>>>>> main + shake128_squeeze_next_block_f1_481(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = sample_from_uniform_distribution_next_890( -======= done = sample_from_uniform_distribution_next_fb4( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -11400,11 +7765,7 @@ static KRML_MUSTINLINE void sample_from_xof_491( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - ret0[i] = closure_2c(copy_of_out[i]);); -======= ret0[i] = closure_ba1(copy_of_out[i]);); ->>>>>>> main memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -11417,18 +7778,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void sample_matrix_A_0b( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_a3(A_transpose[i]);); -======= static KRML_MUSTINLINE void sample_matrix_A_ae1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -11443,11 +7795,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; -<<<<<<< HEAD - sample_from_xof_1b(copy_of_seeds, sampled); -======= sample_from_xof_491(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -11465,16 +7813,6 @@ static KRML_MUSTINLINE void sample_matrix_A_ae1( } ); -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); -======= ->>>>>>> main } /** @@ -11483,13 +7821,8 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_d3(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { -======= static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { ->>>>>>> main uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -11509,21 +7842,11 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRFxN_f1_bf(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_d3(input, ret); -======= static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { PRFxN_d52(input, ret); ->>>>>>> main } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11533,17 +7856,9 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_06( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_1c();); -======= -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -11555,20 +7870,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_831( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]);); -======= PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_dd( + re_as_ntt[i0] = sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); return domain_separator; } @@ -11592,64 +7899,40 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_861( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_d6_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_831(uu____0, uu____1, domain_separator); ->>>>>>> main + sample_vector_cbd_then_ntt_3c1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - tuple_b0 result; + tuple_b00 result; memcpy( result.fst, copy_of_re_as_ntt, -======= - tuple_b00 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void add_to_ring_element_20_fc( -======= -static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( ->>>>>>> main +static KRML_MUSTINLINE void add_to_ring_element_20_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -11667,58 +7950,13 @@ static KRML_MUSTINLINE void add_to_ring_element_d6_5d1( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_As_plus_e_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_1c();); - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_fc(&result0[i1], &product); - } - add_standard_error_reduce_20_39(&result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void compute_As_plus_e_001( +static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -11732,7 +7970,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_001( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -11745,55 +7983,13 @@ static KRML_MUSTINLINE void compute_As_plus_e_001( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(matrix_element, &s_as_ntt[j]); - add_to_ring_element_d6_5d1(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_d6_aa(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -11803,47 +7999,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static tuple_9b generate_keypair_unpacked_83( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_f1_d0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static void generate_keypair_unpacked_741( +static void generate_keypair_unpacked_861( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_3b(key_generation_seed, hashed); + cpa_keygen_seed_d8_26(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - sample_matrix_A_0b(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); sample_matrix_A_ae1(uu____1, ret, true); uint8_t prf_input[33U]; @@ -11855,182 +8024,23 @@ static void generate_keypair_unpacked_741( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_831(uu____2, copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_3c1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - sample_vector_cbd_then_ntt_06(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_3c(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_d6( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_20_1c();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::portable::PortableHash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_f1_fd(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_b2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = generate_keypair_unpacked_83(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_d6(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_3a_d9(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_77( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - H_f1_fd(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - core_result_unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -======= - sample_vector_cbd_then_ntt_out_861(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_001(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -12045,32 +8055,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_fc( - Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_83(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_77( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_cd(sk.secret_as_ntt, secret_key_serialized); -======= -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ea( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); - generate_keypair_unpacked_741(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_f8 private_key = default_f6_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_85_6b1(); + generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_eb1( + serialize_public_key_961( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_8c1(private_key.secret_as_ntt, secret_key_serialized); ->>>>>>> main + serialize_secret_key_801(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -12079,26 +8075,14 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_52( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair768 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -12106,11 +8090,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void serialize_kem_secret_key_d7( -======= -static KRML_MUSTINLINE void serialize_kem_secret_key_61( ->>>>>>> main +static KRML_MUSTINLINE void serialize_kem_secret_key_59( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -12136,11 +8116,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_61( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - H_f1_fd(public_key, ret0); -======= H_f1_c61(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -12156,14 +8132,6 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_61( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -12178,11 +8146,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -12191,21 +8155,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - generate_keypair_fc(ind_cpa_keypair_randomness); -======= - generate_keypair_52(ind_cpa_keypair_randomness); ->>>>>>> main + generate_keypair_ea(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - serialize_kem_secret_key_d7( -======= - serialize_kem_secret_key_61( ->>>>>>> main + serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -12214,22 +8170,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f10(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d0(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_720(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b10( - uu____2, libcrux_ml_kem_types_from_07_a90(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b0( - uu____2, libcrux_ml_kem_types_from_40_600(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d0( + uu____2, libcrux_ml_kem_types_from_5a_c60(copy_of_public_key)); } /** @@ -12242,7 +8189,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_b7(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -12250,38 +8197,6 @@ static KRML_MUSTINLINE void entropy_preprocess_d8_b0(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1b1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_f6(ring_element); - deserialized_pk[i0] = uu____0; - } -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -12291,19 +8206,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_a2(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_1c();); -======= static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_721(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_d6_19();); ->>>>>>> main + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -12315,19 +8222,11 @@ sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - PRFxN_f1_bf(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_d8( -======= PRFxN_f1_9f2(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_dd( ->>>>>>> main + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -12335,15 +8234,9 @@ sample_ring_element_cbd_af1(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - tuple_b0 result; + tuple_b00 result; memcpy( result.fst, copy_of_error_1, -======= - tuple_b00 lit; - memcpy( - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -12359,15 +8252,9 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c80(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_030(input, ret); -======= static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, uint8_t ret[128U]) { PRF_440(input, ret); ->>>>>>> main } /** @@ -12376,60 +8263,34 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void invert_ntt_montgomery_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_e7(&zeta_i, re); - invert_ntt_at_layer_2_e9(&zeta_i, re); - invert_ntt_at_layer_3_2b(&zeta_i, re); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void invert_ntt_montgomery_5f1( +static KRML_MUSTINLINE void invert_ntt_montgomery_041( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_0d(&zeta_i, re); - invert_ntt_at_layer_2_4a(&zeta_i, re); - invert_ntt_at_layer_3_a9(&zeta_i, re); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_f5(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_d6_a9(re); ->>>>>>> main + invert_ntt_at_layer_1_2e(&zeta_i, re); + invert_ntt_at_layer_2_42(&zeta_i, re); + invert_ntt_at_layer_3_0c(&zeta_i, re); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void compute_vector_u_4b( -======= -static KRML_MUSTINLINE void compute_vector_u_511( ->>>>>>> main +static KRML_MUSTINLINE void compute_vector_u_021( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - result0[i] = ZERO_20_1c();); -======= - result[i] = ZERO_d6_19();); ->>>>>>> main + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -12449,19 +8310,11 @@ static KRML_MUSTINLINE void compute_vector_u_511( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - ntt_multiply_20_23(a_element, &r_as_ntt[j]); - add_to_ring_element_20_fc(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a1(&result0[i1], &product); } - invert_ntt_montgomery_31(&result0[i1]); - add_error_reduce_20_06(&result0[i1], &error_1[i1]); -======= - ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - add_to_ring_element_d6_5d1(&result[i1], &product); - } - invert_ntt_montgomery_5f1(&result[i1]); - add_error_reduce_d6_a3(&result[i1], &error_1[i1]); ->>>>>>> main + invert_ntt_montgomery_041(&result0[i1]); + add_error_reduce_20_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -12472,9 +8325,6 @@ static KRML_MUSTINLINE void compute_vector_u_511( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -12482,38 +8332,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_ring_element_v_66( -======= -compute_ring_element_v_161( ->>>>>>> main +compute_ring_element_v_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_fc(&result, &product);); - invert_ntt_montgomery_31(&result); - result = add_message_error_reduce_20_8c(error_2, message, result); -======= - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_d6_5d1(&result, &product);); - invert_ntt_montgomery_5f1(&result); - result = add_message_error_reduce_d6_4d(error_2, message, result); ->>>>>>> main + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a1(&result, &product);); + invert_ntt_montgomery_041(&result); + result = add_message_error_reduce_20_f0(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -12523,11 +8356,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static void compress_then_serialize_u_ed( -======= -static void compress_then_serialize_u_2b1( ->>>>>>> main +static void compress_then_serialize_u_bf1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -12543,57 +8372,12 @@ static void compress_then_serialize_u_2b1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - compress_then_serialize_ring_element_u_31(&re, ret); -======= - compress_then_serialize_ring_element_u_080(&re, ret); ->>>>>>> main + compress_then_serialize_ring_element_u_ed0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -12612,18 +8396,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_unpacked_d7( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_06(copy_of_prf_input0, 0U); -======= -static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_0d1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -12633,8 +8406,7 @@ static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_861(copy_of_prf_input0, 0U); ->>>>>>> main + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -12643,13 +8415,8 @@ static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b0 uu____3 = - sample_ring_element_cbd_a2(copy_of_prf_input, domain_separator0); -======= tuple_b00 uu____3 = - sample_ring_element_cbd_af1(copy_of_prf_input, domain_separator0); ->>>>>>> main + sample_ring_element_cbd_721(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -12657,149 +8424,37 @@ static void encrypt_unpacked_e71(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - PRF_f1_c80(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_4b(public_key->A, r_as_ntt, error_1, u); -======= PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_dd( + sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_511(public_key->A, r_as_ntt, error_1, u); ->>>>>>> main + compute_vector_u_021(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_c9(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_66(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); -======= - deserialize_then_decompress_message_40(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_161(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c71(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); ->>>>>>> main uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - compress_then_serialize_u_ed( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_2d( -======= - compress_then_serialize_u_2b1( + compress_then_serialize_u_bf1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_b90( ->>>>>>> main + compress_then_serialize_ring_element_v_de0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_6f( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_d7(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_a0(Eurydice_slice randomness, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -} - -/** -======= ->>>>>>> main A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const @@ -12817,59 +8472,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static void encrypt_95(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_5f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_07( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - sample_matrix_A_0b(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - encrypt_unpacked_d7(uu____3, copy_of_message, randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); - deserialize_ring_elements_reduced_1b1( + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_85_6b1(); + deserialize_ring_elements_reduced_8b1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -12883,10 +8489,9 @@ static void encrypt_ec(Eurydice_slice public_key, uint8_t message[32U], /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_e71(uu____1, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[1088U]; + encrypt_unpacked_0d1(uu____1, copy_of_message, randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -12900,20 +8505,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void kdf_af_a2(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void kdf_d8_a7(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_1a(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -12935,49 +8532,27 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_a0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_b0( + entropy_preprocess_d8_b7( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - H_f1_fd(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), - uint8_t), - ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); - uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); -======= H_f1_c61(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -12985,67 +8560,43 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae0(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_121(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - encrypt_95(uu____2, copy_of_randomness, pseudorandomness, ciphertext); -======= - encrypt_ec(uu____2, copy_of_randomness, pseudorandomness, ciphertext); ->>>>>>> main + encrypt_5f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e90(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_a2(shared_secret, shared_secret_array); -======= - libcrux_ml_kem_types_from_fc_361(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_fc1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_a7(shared_secret, shared_secret_array); ->>>>>>> main + kdf_d8_1a(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a2( +static KRML_MUSTINLINE void deserialize_secret_key_e7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_d6_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -13057,18 +8608,18 @@ static KRML_MUSTINLINE void deserialize_secret_key_a2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7f(secret_bytes); + deserialize_to_uncompressed_ring_element_0b(secret_bytes); secret_as_ntt[i0] = uu____0; } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, secret_as_ntt, + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -13077,20 +8628,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void deserialize_then_decompress_u_b8( -======= -static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( ->>>>>>> main +static KRML_MUSTINLINE void deserialize_then_decompress_u_7c1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, -<<<<<<< HEAD - u_as_ntt[i] = ZERO_20_1c();); -======= - u_as_ntt[i] = ZERO_d6_19();); ->>>>>>> main + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -13108,25 +8651,14 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_4d1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); -<<<<<<< HEAD - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_99(u_bytes); - ntt_vector_u_74(&u_as_ntt[i0]); -======= - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_050(u_bytes); - ntt_vector_u_580(&u_as_ntt[i0]); ->>>>>>> main + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); + ntt_vector_u_2a0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -13134,58 +8666,20 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -compute_message_3b( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_1c(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_23(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_fc(&result, &product);); - invert_ntt_montgomery_31(&result); - result = subtract_reduce_20_78(v, result); -======= -compute_message_151( +compute_message_b71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_d6_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_d6_27(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_d6_5d1(&result, &product);); - invert_ntt_montgomery_5f1(&result); - result = subtract_reduce_d6_81(v, result); ->>>>>>> main + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a1(&result, &product);); + invert_ntt_montgomery_041(&result); + result = subtract_reduce_20_1e(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -13196,33 +8690,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static void decrypt_unpacked_87( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b8(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_bf( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); -======= -static void decrypt_unpacked_761(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_ed1(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_4d1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7c1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_030( + deserialize_then_decompress_ring_element_v_410( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_151(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_b71(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_f9(message, ret0); + compress_then_serialize_message_2c(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -13236,10 +8715,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_1f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_a2(secret_key, secret_as_ntt); + deserialize_secret_key_e7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -13249,10 +8728,9 @@ static void decrypt_03(Eurydice_slice secret_key, uint8_t *ciphertext, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t ret0[32U]; - decrypt_unpacked_761(&secret_key_unpacked, ciphertext, ret0); ->>>>>>> main - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + decrypt_unpacked_ed1(&secret_key_unpacked, ciphertext, result); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -13265,158 +8743,8 @@ with const generics - K= 3 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void PRF_f1_c8(Eurydice_slice input, uint8_t ret[32U]) { - PRF_03(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_f2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_87(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_173( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_d7(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_75( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_1c();); - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7b(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_c3(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_75(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t result[32U]; - decrypt_unpacked_87(&secret_key_unpacked, ciphertext, result); - memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { PRF_44(input, ret); ->>>>>>> main } /** @@ -13441,11 +8769,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -void libcrux_ml_kem_ind_cca_decapsulate_16( -======= -void libcrux_ml_kem_ind_cca_decapsulate_6a( ->>>>>>> main +void libcrux_ml_kem_ind_cca_decapsulate_55( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -13463,15 +8787,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - decrypt_c3(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - decrypt_03(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_1f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -13479,11 +8797,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - G_f1_d0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); -======= G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); ->>>>>>> main Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -13491,65 +8805,34 @@ void libcrux_ml_kem_ind_cca_decapsulate_6a( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_173(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_c8(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); -======= libcrux_ml_kem_utils_into_padded_array_425(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_471(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); ->>>>>>> main Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - encrypt_95(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_5f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_a2(Eurydice_array_to_slice((size_t)32U, + kdf_d8_1a(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_af_a2(shared_secret0, shared_secret1); + kdf_d8_1a(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_ff0(ciphertext), + libcrux_ml_kem_types_as_ref_00_471(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - encrypt_ec(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_a7(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_d8_a7(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b787b4792..6fff48a70 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem_portable_H @@ -223,13 +215,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -<<<<<<< HEAD Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS -======= - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -261,19 +249,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: -<<<<<<< HEAD `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 -======= - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. ->>>>>>> main */ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); @@ -437,28 +418,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 6de959095..7163ceade 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_H @@ -37,11 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_97(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e4(buf0, buf); ->>>>>>> main } /** @@ -51,11 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_970(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e40(buf0, buf); ->>>>>>> main } /** @@ -65,11 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_971(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e41(buf0, buf); ->>>>>>> main } /** @@ -79,11 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_972(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e42(buf0, buf); ->>>>>>> main } /** @@ -93,11 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_973(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e43(buf0, buf); ->>>>>>> main } /** @@ -186,11 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_974(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e44(buf0, buf); ->>>>>>> main } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index f5813a4be..5db24bab4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "internal/libcrux_sha3_avx2.h" @@ -172,30 +164,19 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -<<<<<<< HEAD -new_1e_fa(void) { -======= -new_89_71(void) { ->>>>>>> main +new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -350,11 +331,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void load_block_ef_16(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void load_block_ef_d4(__m256i (*a)[5U], ->>>>>>> main Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1222,11 +1199,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void theta_rho_3f( -======= static KRML_MUSTINLINE void theta_rho_1b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], s->st[4U][0U]), @@ -1288,11 +1261,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void pi_d8( -======= static KRML_MUSTINLINE void pi_70( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1328,11 +1297,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void chi_95( -======= static KRML_MUSTINLINE void chi_12( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1350,11 +1315,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void iota_c9( -======= static KRML_MUSTINLINE void iota_fe( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1366,16 +1327,6 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void keccakf1600_4e( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_3f(s); - pi_d8(s); - chi_95(s); - iota_c9(s, i0); -======= static KRML_MUSTINLINE void keccakf1600_cd( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1384,7 +1335,6 @@ static KRML_MUSTINLINE void keccakf1600_cd( pi_70(s); chi_12(s); iota_fe(s, i0); ->>>>>>> main } } @@ -1395,22 +1345,13 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void absorb_block_26( -======= static KRML_MUSTINLINE void absorb_block_32( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - load_block_ef_16(uu____0, uu____1); - keccakf1600_4e(s); -======= load_block_ef_d4(uu____0, uu____1); keccakf1600_cd(s); ->>>>>>> main } /** @@ -1437,11 +1378,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void load_block_full_ef_40(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void load_block_full_ef_e6(__m256i (*a)[5U], ->>>>>>> main uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1458,11 +1395,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( -======= KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1478,13 +1411,8 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - load_block_full_ef_40(uu____3, uu____4); - keccakf1600_4e(s); -======= load_block_full_ef_e6(uu____3, uu____4); keccakf1600_cd(s); ->>>>>>> main } /** @@ -1652,11 +1580,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void store_block_full_ef_83(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void store_block_full_ef_d1(__m256i (*a)[5U], ->>>>>>> main uint8_t ret[4U][200U]) { store_block_full_61(a, ret); } @@ -1668,17 +1592,10 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_and_last_ac( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_83(s->st, b); -======= static KRML_MUSTINLINE void squeeze_first_and_last_a8( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; store_block_full_ef_d1(s->st, b); ->>>>>>> main KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1699,11 +1616,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void store_block_ef_aa(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void store_block_ef_e3(__m256i (*a)[5U], ->>>>>>> main Eurydice_slice b[4U]) { store_block_78(a, b); } @@ -1715,15 +1628,9 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_block_b7( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void squeeze_first_block_ca( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -1733,17 +1640,10 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_next_block_ff( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_4e(s); - store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void squeeze_next_block_66( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { keccakf1600_cd(s); store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -1753,19 +1653,11 @@ with const generics - N= 4 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_last_0a( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_4e(&s); - uint8_t b[4U][200U]; - store_block_full_ef_83(s.st, b); -======= static KRML_MUSTINLINE void squeeze_last_fe( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { keccakf1600_cd(&s); uint8_t b[4U][200U]; store_block_full_ef_d1(s.st, b); ->>>>>>> main KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; @@ -1785,15 +1677,9 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void keccak_9b(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_fa(); -======= static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); ->>>>>>> main + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1803,11 +1689,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - absorb_block_26(uu____0, ret); -======= absorb_block_32(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -1817,20 +1699,12 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice ret[4U]; slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - squeeze_first_and_last_ac(&s, out); -======= squeeze_first_and_last_a8(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1838,18 +1712,14 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_first_block_b7(&s, o0); -======= squeeze_first_block_ca(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1860,20 +1730,12 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff(&s, o); -======= squeeze_next_block_66(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - squeeze_last_0a(s, o1); -======= squeeze_last_fe(s, o1); ->>>>>>> main } } } @@ -1887,11 +1749,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - keccak_9b(buf0, buf); -======= keccak_b9(buf0, buf); ->>>>>>> main } /** @@ -1899,11 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { -<<<<<<< HEAD - return new_1e_fa(); -======= - return new_89_71(); ->>>>>>> main + return new_1e_71(); } /** @@ -2046,11 +1900,7 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void load_block_full_ef_400(__m256i (*a)[5U], -======= static KRML_MUSTINLINE void load_block_full_ef_e60(__m256i (*a)[5U], ->>>>>>> main uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -2067,11 +1917,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void absorb_final_800( -======= static KRML_MUSTINLINE void absorb_final_7f0( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2087,13 +1933,8 @@ static KRML_MUSTINLINE void absorb_final_7f0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - load_block_full_ef_400(uu____3, uu____4); - keccakf1600_4e(s); -======= load_block_full_ef_e60(uu____3, uu____4); keccakf1600_cd(s); ->>>>>>> main } /** @@ -2103,11 +1944,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - absorb_final_800(s, buf); -======= absorb_final_7f0(s, buf); ->>>>>>> main } /** @@ -2241,40 +2078,11 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void store_block_ef_aa0(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_780(a, b); -======= static KRML_MUSTINLINE void store_block_ef_e30(__m256i (*a)[5U], Eurydice_slice b[4U]) { store_block_780(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_660( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_cd(s); - store_block_ef_e30(s->st, out); -} - -/** - Squeeze another block -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_660(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types core_core_arch_x86___m256i @@ -2282,10 +2090,9 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_block_b70( +static KRML_MUSTINLINE void squeeze_first_block_ca0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_aa0(s->st, out); + store_block_ef_e30(s->st, out); } /** @@ -2295,15 +2102,10 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_ff0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_4e(s); - store_block_ef_aa0(s->st, out); -======= -static KRML_MUSTINLINE void squeeze_first_block_ca0( +static KRML_MUSTINLINE void squeeze_next_block_660( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_cd(s); store_block_ef_e30(s->st, out); ->>>>>>> main } /** @@ -2313,11 +2115,7 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( -======= KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2325,24 +2123,15 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_first_block_b70(s, o0); -======= squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o1); - squeeze_next_block_ff0(s, o2); -======= squeeze_next_block_660(s, o1); squeeze_next_block_660(s, o2); ->>>>>>> main } /** @@ -2352,8 +2141,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); } /** @@ -2363,10 +2151,7 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_ff0(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); ->>>>>>> main + squeeze_next_block_660(s, buf); } /** @@ -2376,11 +2161,7 @@ with const generics - N= 4 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void squeeze_first_five_blocks_58( -======= static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2388,46 +2169,29 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_0b( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_first_block_b70(s, o0); -======= squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o1); -======= squeeze_next_block_660(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o2); -======= squeeze_next_block_660(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - squeeze_next_block_ff0(s, o3); - squeeze_next_block_ff0(s, o4); -======= squeeze_next_block_660(s, o3); squeeze_next_block_660(s, o4); ->>>>>>> main } /** @@ -2438,11 +2202,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - squeeze_first_five_blocks_58(s, buf); -======= squeeze_first_five_blocks_0b(s, buf); ->>>>>>> main } /** @@ -2452,11 +2212,7 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); ->>>>>>> main } /** @@ -2467,11 +2223,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - squeeze_first_block_b7(s, buf); -======= squeeze_first_block_ca(s, buf); ->>>>>>> main } /** @@ -2482,9 +2234,5 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - squeeze_next_block_ff(s, buf); -======= squeeze_next_block_66(s, buf); ->>>>>>> main } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index a5e92ad89..6530e87bc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_avx2_H @@ -63,16 +55,6 @@ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** -<<<<<<< HEAD -======= - Squeeze another block -*/ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); - -/** ->>>>>>> main Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -80,7 +62,6 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** -<<<<<<< HEAD Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -88,8 +69,6 @@ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** -======= ->>>>>>> main Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index fe0a603bb..0eadd5bb5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_internal_H @@ -87,22 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; -<<<<<<< HEAD - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); -======= return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); ->>>>>>> main } /** @@ -205,30 +189,19 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -<<<<<<< HEAD -libcrux_sha3_generic_keccak_new_1e_ba(void) { -======= -libcrux_sha3_generic_keccak_new_89_cf(void) { ->>>>>>> main +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -263,11 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -278,11 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -295,19 +260,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_28(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_65(s, buf); ->>>>>>> main } /** @@ -319,21 +276,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); ->>>>>>> main } /** @@ -343,11 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -358,15 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d60(ab); ->>>>>>> main } /** @@ -380,13 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); ->>>>>>> main } /** @@ -396,11 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -411,15 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d61(ab); ->>>>>>> main } /** @@ -433,13 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); ->>>>>>> main } /** @@ -449,11 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -464,15 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d62(ab); ->>>>>>> main } /** @@ -486,13 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); ->>>>>>> main } /** @@ -502,11 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -517,15 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d63(ab); ->>>>>>> main } /** @@ -539,13 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); ->>>>>>> main } /** @@ -555,15 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d6(ab); ->>>>>>> main } /** @@ -577,13 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); ->>>>>>> main } /** @@ -593,11 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -608,15 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d64(ab); ->>>>>>> main } /** @@ -630,13 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); ->>>>>>> main } /** @@ -646,11 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -661,15 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d65(ab); ->>>>>>> main } /** @@ -683,13 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); ->>>>>>> main } /** @@ -699,11 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -714,15 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d66(ab); ->>>>>>> main } /** @@ -736,13 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); ->>>>>>> main } /** @@ -752,11 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -767,15 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d67(ab); ->>>>>>> main } /** @@ -789,13 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); ->>>>>>> main } /** @@ -805,11 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -820,15 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d68(ab); ->>>>>>> main } /** @@ -842,13 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); ->>>>>>> main } /** @@ -858,11 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -873,15 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d69(ab); ->>>>>>> main } /** @@ -895,13 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); ->>>>>>> main } /** @@ -911,11 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -926,15 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d610(ab); ->>>>>>> main } /** @@ -948,13 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); ->>>>>>> main } /** @@ -964,11 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -979,15 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d611(ab); ->>>>>>> main } /** @@ -1001,13 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); ->>>>>>> main } /** @@ -1017,11 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -1032,15 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d612(ab); ->>>>>>> main } /** @@ -1054,13 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); ->>>>>>> main } /** @@ -1070,11 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -1085,15 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d613(ab); ->>>>>>> main } /** @@ -1107,13 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); ->>>>>>> main } /** @@ -1123,11 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -1138,15 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d614(ab); ->>>>>>> main } /** @@ -1160,13 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); ->>>>>>> main } /** @@ -1176,11 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -1191,15 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d615(ab); ->>>>>>> main } /** @@ -1213,13 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); ->>>>>>> main } /** @@ -1229,11 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -1244,15 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d616(ab); ->>>>>>> main } /** @@ -1266,13 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); ->>>>>>> main } /** @@ -1282,11 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -1297,15 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d617(ab); ->>>>>>> main } /** @@ -1319,13 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); ->>>>>>> main } /** @@ -1335,11 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1350,15 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d618(ab); ->>>>>>> main } /** @@ -1372,13 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); ->>>>>>> main } /** @@ -1388,11 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1403,15 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d619(ab); ->>>>>>> main } /** @@ -1425,13 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); ->>>>>>> main } /** @@ -1441,11 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1456,15 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d620(ab); ->>>>>>> main } /** @@ -1478,13 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); ->>>>>>> main } /** @@ -1494,11 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1509,15 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d621(ab); ->>>>>>> main } /** @@ -1531,13 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); ->>>>>>> main } /** @@ -1547,11 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1562,15 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d622(ab); ->>>>>>> main } /** @@ -1584,13 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); ->>>>>>> main } /** @@ -1599,11 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1639,55 +1228,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = -<<<<<<< HEAD - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); - uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); @@ -1735,7 +1275,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); ->>>>>>> main s->st[4U][4U] = uu____27; } @@ -1745,11 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1785,11 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1807,11 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1823,16 +1350,6 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_0d(s); - libcrux_sha3_generic_keccak_pi_f0(s); - libcrux_sha3_generic_keccak_chi_e2(s); - libcrux_sha3_generic_keccak_iota_ae(s, i0); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1841,7 +1358,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_pi_d5(s); libcrux_sha3_generic_keccak_chi_3e(s); libcrux_sha3_generic_keccak_iota_00(s, i0); ->>>>>>> main } } @@ -1853,11 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1876,13 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -1890,11 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1916,30 +1419,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t @@ -1947,10 +1431,9 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); } /** @@ -1960,15 +1443,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); -======= -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main } /** @@ -1976,11 +1454,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1991,11 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2008,19 +1478,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_280(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_650(s, buf); ->>>>>>> main } /** @@ -2032,21 +1494,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2057,11 +1511,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2080,13 +1530,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2094,11 +1539,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -2120,15 +1561,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d0(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b0(a, b); ->>>>>>> main } /** @@ -2138,15 +1573,9 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2156,17 +1585,10 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2178,19 +1600,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); } @@ -2210,7 +1625,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2220,22 +1634,13 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2243,20 +1648,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2273,15 +1670,9 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_853(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); ->>>>>>> main } /** @@ -2292,17 +1683,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2325,19 +1709,11 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2361,17 +1737,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -2382,11 +1751,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2396,20 +1761,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2417,18 +1774,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2439,20 +1792,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); ->>>>>>> main } } } @@ -2463,20 +1808,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); ->>>>>>> main } /** @@ -2484,11 +1821,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2499,11 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2520,21 +1849,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2544,22 +1865,13 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2567,19 +1879,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_283(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_653(s, buf); ->>>>>>> main } /** @@ -2591,21 +1895,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2616,11 +1912,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2639,13 +1931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2653,11 +1940,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2675,20 +1958,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d3(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b3(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2705,15 +1980,9 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_852(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); ->>>>>>> main } /** @@ -2724,17 +1993,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2759,15 +2021,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d3(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b3(a, b); ->>>>>>> main } /** @@ -2777,15 +2033,9 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -2795,17 +2045,10 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -2815,19 +2058,11 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2851,17 +2086,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2872,11 +2100,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2886,20 +2110,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2907,18 +2123,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2929,20 +2141,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); ->>>>>>> main } } } @@ -2953,20 +2157,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); ->>>>>>> main } /** @@ -2974,11 +2170,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2989,11 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3010,21 +2198,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3034,22 +2214,13 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3057,19 +2228,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_282(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_652(s, buf); ->>>>>>> main } /** @@ -3081,21 +2244,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3106,11 +2261,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3129,13 +2280,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3143,11 +2289,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -3165,20 +2307,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d2(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b2(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3195,15 +2329,9 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_851(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); ->>>>>>> main } /** @@ -3214,17 +2342,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3249,15 +2370,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d2(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b2(a, b); ->>>>>>> main } /** @@ -3267,15 +2382,9 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3285,17 +2394,10 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3305,19 +2407,11 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3341,17 +2435,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -3362,11 +2449,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3376,20 +2459,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -3397,18 +2472,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3419,20 +2490,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); ->>>>>>> main } } } @@ -3443,38 +2506,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); -======= libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); ->>>>>>> main } /** @@ -3484,22 +2521,13 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3507,20 +2535,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d0(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b0(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3537,15 +2557,9 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_850(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); ->>>>>>> main } /** @@ -3556,17 +2570,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3589,19 +2596,11 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3625,17 +2624,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -3646,11 +2638,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3660,20 +2648,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -3681,18 +2661,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3703,20 +2679,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -3727,20 +2695,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); ->>>>>>> main } /** @@ -3751,11 +2711,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3774,13 +2730,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3791,17 +2742,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -3812,11 +2756,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3826,20 +2766,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -3847,18 +2779,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -3869,20 +2797,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -3893,20 +2813,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); ->>>>>>> main } /** @@ -3914,11 +2826,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -3929,11 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD core_result_unwrap_41_0e(dst, uu____0); -======= - core_result_unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3950,21 +2854,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3974,22 +2870,13 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3997,19 +2884,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_281(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_651(s, buf); ->>>>>>> main } /** @@ -4021,21 +2900,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); ->>>>>>> main } /** @@ -4046,11 +2917,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -4069,13 +2936,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -4083,11 +2945,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -4105,20 +2963,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d1(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b1(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -4134,15 +2984,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_85(a, ret); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); ->>>>>>> main } /** @@ -4153,17 +2997,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -4188,15 +3025,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d1(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b1(a, b); ->>>>>>> main } /** @@ -4206,15 +3037,9 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); ->>>>>>> main } /** @@ -4224,17 +3049,10 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); ->>>>>>> main } /** @@ -4244,19 +3062,11 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); ->>>>>>> main { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -4280,17 +3090,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -4301,11 +3104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -4315,20 +3114,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -4336,18 +3127,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -4358,20 +3145,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); ->>>>>>> main } } } @@ -4382,20 +3161,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); ->>>>>>> main } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e73f42895..2841710c3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,34 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #include "libcrux_sha3_neon.h" /** -<<<<<<< HEAD - A portable SHA3 512 implementation. -*/ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { -======= A portable SHA3 224 implementation. */ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); @@ -40,20 +26,14 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, /** A portable SHA3 256 implementation. */ -<<<<<<< HEAD -void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { -======= KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } /** -<<<<<<< HEAD -======= A portable SHA3 384 implementation. */ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, @@ -74,7 +54,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, } /** ->>>>>>> main Run SHAKE256 on both inputs in parallel. Writes the two results into `out0` and `out1` @@ -130,31 +109,12 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { -<<<<<<< HEAD - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 224 implementation. -*/ -KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, - Eurydice_slice data) { -======= ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } /** -<<<<<<< HEAD - A portable SHA3 384 implementation. -*/ -KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, - Eurydice_slice data) { -======= Squeeze five blocks */ KRML_MUSTINLINE void @@ -196,7 +156,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { ->>>>>>> main KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index dbd230829..6b269f09b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 97f7cefe14dabf275e4671ffea87e032d7779b71 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_neon_H @@ -31,15 +23,9 @@ extern "C" { #include "libcrux_sha3_internal.h" /** -<<<<<<< HEAD - A portable SHA3 512 implementation. -*/ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -======= A portable SHA3 224 implementation. */ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); ->>>>>>> main /** A portable SHA3 256 implementation. @@ -47,8 +33,6 @@ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); /** -<<<<<<< HEAD -======= A portable SHA3 384 implementation. */ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); @@ -59,7 +43,6 @@ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); /** ->>>>>>> main Run SHAKE256 on both inputs in parallel. Writes the two results into `out0` and `out1` @@ -99,18 +82,6 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -<<<<<<< HEAD - -/** - A portable SHA3 224 implementation. -*/ -void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); - -/** - A portable SHA3 384 implementation. -*/ -void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); -======= /** Squeeze five blocks @@ -139,7 +110,6 @@ void libcrux_sha3_neon_x2_incremental_shake256_squeeze_first_block( void libcrux_sha3_neon_x2_incremental_shake256_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); ->>>>>>> main #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 01ad47af7..3f94b9400 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,14 +1,6 @@ This code was generated with the following revisions: -<<<<<<< HEAD Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb -Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main +F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd +Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 431c4ad59..6aeb59968 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -104,7 +104,7 @@ typedef struct { ======= #define Eurydice_array_eq(sz, a1, a2, t, _) \ >>>>>>> main - (memcmp(a1, a2, sz * sizeof(t)) == 0) + (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) @@ -129,8 +129,10 @@ typedef struct { Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) -static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, - Eurydice_slice src, size_t sz) { + static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, + char *dst_ok, + Eurydice_slice src, + size_t sz) { *dst_tag = 0; memcpy(dst_ok, src.ptr, sz); } @@ -192,15 +194,15 @@ static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next + Eurydice_range_iter_next -// See note in karamel/lib/Inlining.ml if you change this + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ - Eurydice_into_iter + Eurydice_into_iter #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) #if defined(__cplusplus) -} + } #endif diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index af834b8c1..e29636144 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_core_H @@ -38,11 +30,6 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; -<<<<<<< HEAD -#define None 0 -#define Some 1 - -======= #define Ok 0 #define Err 1 @@ -51,7 +38,6 @@ typedef uint8_t Result_86_tags; #define None 0 #define Some 1 ->>>>>>> main typedef uint8_t Option_ef_tags; /** @@ -97,25 +83,13 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -<<<<<<< HEAD -#define Ok 0 -#define Err 1 - -typedef uint8_t Result_6f_tags; - -======= ->>>>>>> main /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct Result_6f_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[24U]; TryFromSliceError case_Err; @@ -123,19 +97,14 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { -======= -static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -153,11 +122,7 @@ with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct Result_7a_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[20U]; TryFromSliceError case_Err; @@ -165,19 +130,14 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { -======= -static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -195,11 +155,7 @@ with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct Result_cd_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[10U]; TryFromSliceError case_Err; @@ -207,19 +163,14 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { -======= -static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -260,17 +211,14 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; /** - A reference to the raw byte slice. +This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ /** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#7} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_07 +A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_07_4f( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_4c( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -285,55 +233,16 @@ typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { } libcrux_ml_kem_types_MlKemPublicKey_15; /** -<<<<<<< HEAD -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct Option_92_s { - Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} Option_92; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - -/** -This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#5} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_a8 -with const generics -- SIZE= 1088 -*/ -static inline uint8_t *libcrux_ml_kem_types_as_slice_a8_44( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return self->value; -} - -/** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#13} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_07 -======= This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#17} +libcrux_ml_kem::types::MlKemPublicKey)#16} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_40 ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -<<<<<<< HEAD -libcrux_ml_kem_types_from_07_a9(uint8_t value[1184U]) { -======= -libcrux_ml_kem_types_from_40_60(uint8_t value[1184U]) { ->>>>>>> main +libcrux_ml_kem_types_from_5a_c6(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -356,25 +265,18 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl -{libcrux_ml_kem::types::MlKemKeyPair#18} +{libcrux_ml_kem::types::MlKemKeyPair#21} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_64 +A monomorphic instance of libcrux_ml_kem.types.from_3a with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_types_from_64_b1(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, -======= -libcrux_ml_kem_types_from_17_8b(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, ->>>>>>> main +libcrux_ml_kem_types_from_3a_8d(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -382,26 +284,15 @@ libcrux_ml_kem_types_from_17_8b(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemPrivateKey)#7} +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_e7 -======= -libcrux_ml_kem::types::MlKemPrivateKey)#10} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_88 ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -<<<<<<< HEAD -libcrux_ml_kem_types_from_e7_f1(uint8_t value[2400U]) { -======= -libcrux_ml_kem_types_from_88_2d(uint8_t value[2400U]) { ->>>>>>> main +libcrux_ml_kem_types_from_7f_72(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -424,15 +315,14 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -457,26 +347,15 @@ typedef struct tuple_3c_s { /** This function found in impl {(core::convert::From<@Array> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.from_15 -======= -libcrux_ml_kem::types::MlKemCiphertext)#3} +libcrux_ml_kem::types::MlKemCiphertext)#2} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_fc ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -<<<<<<< HEAD -libcrux_ml_kem_types_from_15_e9(uint8_t value[1088U]) { -======= -libcrux_ml_kem_types_from_fc_cd(uint8_t value[1088U]) { ->>>>>>> main +libcrux_ml_kem_types_from_01_c4(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -486,28 +365,14 @@ libcrux_ml_kem_types_from_fc_cd(uint8_t value[1088U]) { } /** -<<<<<<< HEAD -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#17} +This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#20} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_slice_f6 +A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_f6_ae( -======= - A reference to the raw byte slice. -*/ -/** -This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#21} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_slice_ba -with const generics -- SIZE= 1184 -*/ -static inline uint8_t *libcrux_ml_kem_types_as_slice_ba_91( ->>>>>>> main +static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_e0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -520,11 +385,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_172( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_422( ->>>>>>> main Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -535,40 +396,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_422( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ -<<<<<<< HEAD -typedef struct Result_00_s { - Result_6f_tags tag; - union { - uint8_t case_Ok[32U]; - TryFromSliceError case_Err; - } val; -} Result_00; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { - if (self.tag == Ok) { - uint8_t f0[32U]; - memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -======= ->>>>>>> main /** Pad the `slice` with `0`s at the end. */ @@ -577,11 +404,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_171( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( ->>>>>>> main Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -594,25 +417,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_421( /** This function found in impl {(core::convert::AsRef<@Slice> for -<<<<<<< HEAD -libcrux_ml_kem::types::MlKemCiphertext)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.types.as_ref_ba -with const generics -- SIZE= 1088 -*/ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_ba_27( -======= -libcrux_ml_kem::types::MlKemCiphertext)#2} +libcrux_ml_kem::types::MlKemCiphertext)#1} */ /** -A monomorphic instance of libcrux_ml_kem.types.as_ref_fd +A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_fd_7b( ->>>>>>> main +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_d9( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -625,11 +437,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_170( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_420( ->>>>>>> main Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; @@ -648,11 +456,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_17( -======= static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -669,11 +473,7 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct Result_c0_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { int16_t case_Ok[16U]; TryFromSliceError case_Err; @@ -681,19 +481,14 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { -======= -static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { ->>>>>>> main if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -711,11 +506,7 @@ with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct Result_56_s { -<<<<<<< HEAD - Result_6f_tags tag; -======= Result_86_tags tag; ->>>>>>> main union { uint8_t case_Ok[8U]; TryFromSliceError case_Err; @@ -723,19 +514,14 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -<<<<<<< HEAD static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { -======= -static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { ->>>>>>> main if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8b85052c3..304d4f8d0 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d35da9d9e..c108a5889 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_avx2_H @@ -54,15 +46,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -<<<<<<< HEAD -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; - KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_vec_zero(void) { -======= -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { ->>>>>>> main return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -71,22 +56,13 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ZERO_09(void) { return libcrux_ml_kem_vector_avx2_vec_zero(); -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); ->>>>>>> main } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_vec_from_i16_array(Eurydice_slice array) { -======= -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { ->>>>>>> main return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -95,7 +71,6 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_vec_from_i16_array(array); @@ -103,26 +78,13 @@ static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_vec_to_i16_array( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( ->>>>>>> main __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t), v); -<<<<<<< HEAD int16_t result[16U]; memcpy(result, output, (size_t)16U * sizeof(int16_t)); memcpy(ret, result, (size_t)16U * sizeof(int16_t)); -======= - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); ->>>>>>> main } /** @@ -130,15 +92,9 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_to_i16_array_09( __m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_vec_to_i16_array(x, ret); -======= -static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - __m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); ->>>>>>> main } KRML_ATTRIBUTE_TARGET("avx2") @@ -152,11 +108,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_add_09(__m256i lhs, -======= -static inline __m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, ->>>>>>> main __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } @@ -172,11 +124,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_sub_09(__m256i lhs, -======= -static inline __m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, ->>>>>>> main __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } @@ -185,13 +133,8 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); return libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, cv); -======= - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); ->>>>>>> main } /** @@ -199,28 +142,17 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_09( __m256i vec, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(vec, c); -======= -static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - __m256i v, int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); ->>>>>>> main } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i cv = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); return libcrux_intrinsics_avx2_mm256_and_si256(vector, cv); -======= - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); ->>>>>>> main } /** @@ -228,11 +160,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); @@ -258,11 +186,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( ->>>>>>> main __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } @@ -277,7 +201,6 @@ static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { -<<<<<<< HEAD __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); @@ -285,15 +208,6 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); __m256i quotient = libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); -======= - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); ->>>>>>> main __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( @@ -307,11 +221,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( ->>>>>>> main __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } @@ -320,34 +230,20 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { -<<<<<<< HEAD __m256i vec_constant = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, vec_constant); -======= - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); ->>>>>>> main __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, vec_constant); -======= - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); ->>>>>>> main return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -357,11 +253,7 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); @@ -393,11 +285,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_09(__m256i vector) { -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { ->>>>>>> main return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } @@ -418,31 +306,19 @@ libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( -<<<<<<< HEAD __m256i vec, __m256i constants) { __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vec, constants); -======= - __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); ->>>>>>> main __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m256i modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16(k, modulus); __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vec, constants); -======= - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); ->>>>>>> main return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -468,11 +344,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, @@ -500,11 +372,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } @@ -512,29 +380,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( -<<<<<<< HEAD __m128i vec, __m128i constants) { __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(vec, constants); -======= - __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); ->>>>>>> main __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); -<<<<<<< HEAD __m128i modulus = libcrux_intrinsics_avx2_mm_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16(k, modulus); __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(vec, constants); -======= - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); ->>>>>>> main return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } @@ -560,11 +416,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( ->>>>>>> main __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } @@ -603,11 +455,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( @@ -645,11 +493,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( ->>>>>>> main __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); @@ -678,26 +522,16 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( ->>>>>>> main __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i vec) { __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( vec, -======= -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, ->>>>>>> main libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); @@ -705,11 +539,7 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { k, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); __m256i value_high = -<<<<<<< HEAD libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, vec, __m256i); -======= - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); ->>>>>>> main __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); __m256i result0 = @@ -789,11 +619,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( ->>>>>>> main __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, @@ -819,11 +645,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, ->>>>>>> main uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } @@ -864,11 +686,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } @@ -905,11 +723,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, ret0); -======= - unwrap_26_0e(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -918,11 +732,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, ->>>>>>> main uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } @@ -966,11 +776,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } @@ -1017,11 +823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); -<<<<<<< HEAD unwrap_41_07(dst, ret0); -======= - unwrap_26_07(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -1030,11 +832,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, ->>>>>>> main uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } @@ -1089,11 +887,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } @@ -1142,11 +936,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); -<<<<<<< HEAD unwrap_41_ea(dst, ret0); -======= - unwrap_26_ea(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1155,11 +945,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( ->>>>>>> main __m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } @@ -1202,11 +988,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } @@ -1230,11 +1012,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_11_09( -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( ->>>>>>> main __m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } @@ -1255,11 +1033,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } @@ -1307,11 +1081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); -<<<<<<< HEAD unwrap_41_76(dst, ret0); -======= - unwrap_26_76(dst, ret0); ->>>>>>> main memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1320,11 +1090,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( -======= -static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( ->>>>>>> main __m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } @@ -1367,11 +1133,7 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_09( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( ->>>>>>> main Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1432,41 +1194,19 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); } -/** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ZERO_20_1b(void) { -======= -libcrux_ml_kem_polynomial_ZERO_d6_7d(void) { ->>>>>>> main +libcrux_ml_kem_polynomial_ZERO_20_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1495,13 +1235,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ac(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_03(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -1512,34 +1247,20 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); -======= - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); ->>>>>>> main } return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1547,20 +1268,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_14( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_06( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1573,11 +1286,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_14( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_62( -======= - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_31( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1600,13 +1309,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_85(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_56(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -1617,11 +1321,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_88( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1673,15 +1373,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e6( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_85( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b0( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_88( vector); } @@ -1693,36 +1387,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), __m256i), size_t, void *); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_10_08( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_44( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_61( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e6( coefficient); } return re; @@ -1736,11 +1417,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_880( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1792,15 +1469,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e60( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_850( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b00( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_880( vector); } @@ -1812,31 +1483,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_11_dc( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_11_0e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_6e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_440( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_610( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e60( coefficient); } return re; @@ -1850,15 +1508,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f1( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_6b(serialized); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_08(serialized); ->>>>>>> main + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1873,15 +1525,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); -======= -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa( - __m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); ->>>>>>> main } /** @@ -1892,19 +1538,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_5d(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); -======= -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2(__m256i a, __m256i b, - int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); ->>>>>>> main return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -1916,11 +1554,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1933,15 +1567,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_0a( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_5d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_c2( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -1957,11 +1585,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_db( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_5f( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ae( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1980,11 +1604,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_10( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2004,11 +1624,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_6e( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_60( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2025,28 +1641,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_60( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2063,48 +1667,26 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_db(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_10(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_6e(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_72( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2115,20 +1697,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f( -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2148,15 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_17( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f1( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_99(&u_as_ntt[i0]); -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_62( - u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_72(&u_as_ntt[i0]); ->>>>>>> main + libcrux_ml_kem_ntt_ntt_vector_u_61(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2171,11 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_881( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2227,15 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_851( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b01( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_881( vector); } @@ -2247,31 +1805,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_44( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_441( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_611( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e61( coefficient); } return re; @@ -2285,11 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( -======= -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_882( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2341,15 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_852( -======= -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e62( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_b02( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_882( vector); } @@ -2361,31 +1896,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_5_6e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_5_4e( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); -<<<<<<< HEAD re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_442( -======= - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_612( ->>>>>>> main + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e62( re.coefficients[i0]); } return re; @@ -2399,10 +1921,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_1d(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_44(serialized); } /** @@ -2411,66 +1932,17 @@ This function found in impl */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_e1(serialized); -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ntt_multiply_20_f1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_polynomial_ntt_multiply_d6_f1( +libcrux_ml_kem_polynomial_ntt_multiply_20_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2488,34 +1960,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_d6_f1( } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_47( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2536,11 +1991,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_02( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2564,11 +2015,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_28( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2590,11 +2037,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2615,23 +2058,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -<<<<<<< HEAD -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_60(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_25(a_minus_b, zeta_r); -======= -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1(__m256i a, - __m256i b, - int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_aa(a_minus_b, zeta_r); ->>>>>>> main + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2644,11 +2077,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84( -======= -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb( ->>>>>>> main +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2663,15 +2092,9 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e0( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_60( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); -======= - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_f1( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); ->>>>>>> main __m256i x = uu____0.fst; __m256i y = uu____0.snd; re->coefficients[j] = x; @@ -2687,79 +2110,44 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_16(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_88(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_f7(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_84(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_f2(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_96(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_26(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_02(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_28(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_bb(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_subtract_reduce_20_71( -======= -libcrux_ml_kem_polynomial_subtract_reduce_d6_c9( ->>>>>>> main +libcrux_ml_kem_polynomial_subtract_reduce_20_70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_sub_09(self->coefficients[i0], @@ -2768,12 +2156,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_d6_c9( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2782,38 +2164,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_message_75( -======= -libcrux_ml_kem_matrix_compute_message_4a( ->>>>>>> main +libcrux_ml_kem_matrix_compute_message_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1b(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_71(v, result); -======= - libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_c9(v, result); ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_70(v, result); return result; } @@ -2824,11 +2189,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(__m256i vector) { -======= -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(__m256i vector) { ->>>>>>> main +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_aa(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2842,15 +2203,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_86( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_dc( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f4(vector); -======= -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_cf( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_7f(vector); ->>>>>>> main + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_aa(vector); } /** @@ -2861,19 +2216,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_to_unsigned_representative_4f(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_86(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_dc(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); -======= -libcrux_ml_kem_vector_traits_to_unsigned_representative_c0(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_cf(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); ->>>>>>> main } /** @@ -2884,27 +2231,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_message_5e( -======= -libcrux_ml_kem_serialize_compress_then_serialize_message_a4( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_message_da( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( - re.coefficients[i0]); - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); ->>>>>>> main uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_09(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2915,30 +2251,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_a4( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2950,37 +2262,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_2f(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_60( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_75(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_5e(message, ret0); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_88( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_6c(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_86( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_4a(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_52(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_a4(message, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_message_da(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2995,19 +2290,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_04(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_b7(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_4a(secret_key, secret_as_ntt); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_5e(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_14(secret_key, secret_as_ntt); ->>>>>>> main + libcrux_ml_kem_ind_cpa_deserialize_secret_key_06(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -3018,17 +2305,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_5e(Eurydice_slice secret_key, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_88(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_40(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -3041,11 +2321,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -3056,11 +2332,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c9( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d1( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3079,24 +2351,6 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_c9(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_8b( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_PRF_d1(input, ret); @@ -3105,20 +2359,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -3126,25 +2380,18 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); return lit; ->>>>>>> main } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3153,36 +2400,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_09(bytes); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); ->>>>>>> main re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_09(coefficient); } return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3191,19 +2424,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -======= -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3215,46 +2438,10 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_55( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_32(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_ba( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -======= - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( ring_element); deserialized_pk[i0] = uu____0; } ->>>>>>> main } typedef libcrux_sha3_avx2_x4_incremental_KeccakState @@ -3268,11 +2455,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( -======= -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_2a( ->>>>>>> main +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_2a( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -3290,38 +2473,18 @@ libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} */ /** A monomorphic instance of -<<<<<<< HEAD libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_final_a9 with const -======= -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_1c( - uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_2a( - copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const ->>>>>>> main generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_1c( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_50( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_2a( copy_of_input); } @@ -3333,11 +2496,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_0c( ->>>>>>> main +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_0c( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -3373,17 +2532,10 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_2e( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_00( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_0c( self, ret); -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_2e( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_0c(self, - ret); ->>>>>>> main } /** @@ -3436,11 +2588,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3452,11 +2600,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( Eurydice_slice uu____0 = Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -3487,11 +2631,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd( -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_4a( ->>>>>>> main +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_4a( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -3527,15 +2667,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_1d( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_dd(self, ret); -======= -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_1d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_4a(self, ret); ->>>>>>> main + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_4a(self, ret); } /** @@ -3588,11 +2722,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3604,11 +2734,7 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( Eurydice_slice uu____0 = Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, uint8_t); -<<<<<<< HEAD size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_09( -======= - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( ->>>>>>> main uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], sampled_coefficients[i1] + (size_t)16U, int16_t)); @@ -3633,42 +2759,24 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_from_i16_array_20_82(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_polynomial_from_i16_array_d6_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_from_i16_array_09(Eurydice_slice_subslice2( -======= - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( ->>>>>>> main a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; @@ -3682,13 +2790,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_xof_closure_8a(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_82( -======= libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_14( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3699,11 +2802,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_c1( -======= static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3712,47 +2811,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_3f( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_1c( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_94( -======= - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_1c( - copy_of_seeds); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_2e( ->>>>>>> main + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_2e( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); -<<<<<<< HEAD - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_61( -======= bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_bf( -======= - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_1d( ->>>>>>> main + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_1d( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_610( -======= done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -3762,11 +2842,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_closure_8a(copy_of_out[i]); -======= libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); ->>>>>>> main } memcpy( ret, ret0, @@ -3780,19 +2856,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ff( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_ba(i, A_transpose[i]); - } -======= static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -3811,11 +2877,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_c1(copy_of_seeds, sampled); -======= libcrux_ml_kem_sampling_sample_from_xof_67(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3832,16 +2894,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( } } } -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -======= ->>>>>>> main } /** @@ -3866,13 +2918,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_95(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_61(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -3882,11 +2929,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_ef( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_08( ->>>>>>> main uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3925,66 +2968,11 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_ef(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { libcrux_ml_kem_hash_functions_avx2_PRFxN_08(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3993,11 +2981,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4032,11 +3016,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_82( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_14( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4048,11 +3028,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_5f( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3c( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4086,11 +3062,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3c( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_82( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_14( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4102,15 +3074,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_6a( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ea( ->>>>>>> main + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( randomness); } @@ -4121,20 +3087,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ea( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_ab( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_64( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; -<<<<<<< HEAD __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_09( -======= - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( ->>>>>>> main re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_09(re->coefficients[j], &t); @@ -4151,46 +3109,25 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ea(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_64(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U, (size_t)11207U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_0d( + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_db( + libcrux_ml_kem_ntt_ntt_at_layer_3_ae( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_10( + libcrux_ml_kem_ntt_ntt_at_layer_2_53( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_6e( + libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_85(re); -======= -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_ab(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_b8(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_5f(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_2b(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4200,20 +3137,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -======= static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4227,23 +3154,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_0d(&re_as_ntt[i0]); - } -======= libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]); } return domain_separator; } @@ -4258,18 +3175,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( uu____0, uu____1, domain_separator); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -4277,11 +3193,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -4297,18 +3209,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_5d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_a1(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4319,19 +3223,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4346,19 +3242,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_41(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( -======= libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( ->>>>>>> main + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4369,11 +3257,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61(uint8_t prf_input[33U], (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); result.snd = domain_separator; return result; @@ -4385,11 +3269,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_c90( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d10( ->>>>>>> main Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4408,15 +3288,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_c90(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_slice input, uint8_t ret[128U]) { libcrux_ml_kem_hash_functions_avx2_PRF_d10(input, ret); ->>>>>>> main } /** @@ -4427,50 +3301,29 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_vector_u_closure_ad(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= -libcrux_ml_kem_matrix_compute_vector_u_closure_02(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main +libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_1f( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_b5( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4478,9 +3331,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_b5( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4488,22 +3338,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_e3( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_fe( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= - result[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4524,22 +3366,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_fe( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_1f(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_cf(&result0[i1], &error_1[i1]); -======= - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_b5(&result[i1], &error_1[i1]); ->>>>>>> main } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -4557,20 +3390,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_34( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_28( __m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, (int16_t)1665); -======= -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_17(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); ->>>>>>> main } /** @@ -4581,11 +3406,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_1b(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -4593,50 +3417,24 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_34(coefficient_compressed); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); - for (size_t i = (size_t)0U; i < (size_t)16U; i++) { - size_t i0 = i; - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_17(coefficient_compressed); ->>>>>>> main + libcrux_ml_kem_vector_traits_decompress_1_28(coefficient_compressed); } return re; } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( -======= -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( ->>>>>>> main +libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -4644,30 +3442,18 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient_normal_form = -<<<<<<< HEAD libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( result.coefficients[i0], (int16_t)1441); __m256i tmp = libcrux_ml_kem_vector_avx2_add_09(self->coefficients[i0], &message->coefficients[i0]); __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &tmp); -======= - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); ->>>>>>> main result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_09(tmp0); } return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4676,39 +3462,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_ring_element_v_e7( -======= -libcrux_ml_kem_matrix_compute_ring_element_v_c1( ->>>>>>> main +libcrux_ml_kem_matrix_compute_ring_element_v_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1b(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_97(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_69( -======= - libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_44(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_77( ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( error_2, message, result); return result; } @@ -4721,11 +3490,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4780,15 +3545,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_49( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_66( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf( vector); } @@ -4800,23 +3559,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_10_bf( -======= -libcrux_ml_kem_serialize_compress_then_serialize_10_ba( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_10_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_49( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_66( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( ->>>>>>> main + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -4836,11 +3586,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4895,15 +3641,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_490( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b0( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_660( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc0( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf0( vector); } @@ -4915,23 +3655,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_11_77( -======= -libcrux_ml_kem_serialize_compress_then_serialize_11_ce( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_11_86( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_490( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_660( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( ->>>>>>> main + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -4952,23 +3683,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_bf(re, uu____0); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_ba(re, uu____0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_10_2b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4979,11 +3700,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( -======= -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4999,11 +3716,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_81(&re, -======= - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_89(&re, ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -5018,11 +3731,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -5077,15 +3786,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_491( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b1( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_661( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc1( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf1( vector); } @@ -5097,11 +3800,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_4_c0( -======= -libcrux_ml_kem_serialize_compress_then_serialize_4_1e( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_4_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5109,19 +3808,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_1e( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_491( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); -======= - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_661( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( - re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), @@ -5137,11 +3828,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -<<<<<<< HEAD -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( -======= -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( ->>>>>>> main +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -5196,15 +3883,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_492( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2b2( -======= -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_662( - __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_cc2( ->>>>>>> main + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf2( vector); } @@ -5216,11 +3897,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_5_2c( -======= -libcrux_ml_kem_serialize_compress_then_serialize_5_65( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_5_60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -5228,19 +3905,11 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_65( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; -<<<<<<< HEAD - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_492( - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_dc2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); -======= - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_662( - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( - re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); ->>>>>>> main Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t), @@ -5257,58 +3926,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c0(re, out); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_1e(re, out); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_4_fd(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5327,18 +3949,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -5346,8 +3957,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( ->>>>>>> main + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -5357,11 +3967,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7( -======= - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_61( ->>>>>>> main + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -5370,58 +3976,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRF_a9_260( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_8e( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_e3(public_key->A, r_as_ntt, error_1, -======= libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_af( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_fe(public_key->A, r_as_ntt, error_1, ->>>>>>> main + libcrux_ml_kem_matrix_compute_vector_u_52(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_message_e3( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_e7( -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_message_df( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c1( ->>>>>>> main + libcrux_ml_kem_matrix_compute_ring_element_v_c3( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9f( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_0c( -======= - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_e1( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e0( ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5445,65 +4026,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_50(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_ff(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____3, copy_of_message, - randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_88(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5518,11 +4047,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____1, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_25(uu____1, copy_of_message, + randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -5537,22 +4065,13 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ac( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_e9( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_5a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -5578,11 +4097,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_a9( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_c5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5600,17 +4115,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b7(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -5618,11 +4126,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5631,25 +4135,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5657,49 +4150,26 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_88(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ac( -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_e9( ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_5a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_5a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_d8_e9(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -5721,17 +4191,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a9(private_key, ciphertext, ret); -======= -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a6(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_c5(private_key, ciphertext, ret); } /** @@ -5745,187 +4208,13 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_9e(private_key, -======= - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_99(private_key, ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0d(private_key, ciphertext, ret); } /** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_d4( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_06( - uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_28(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_32( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} ->>>>>>> main */ /** A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 @@ -5934,20 +4223,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( - Eurydice_slice randomness, uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_96( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_7b( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -5960,11 +4241,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_31( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_16( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5989,49 +4266,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b3( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_02( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ca( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_96( + libcrux_ml_kem_variant_entropy_preprocess_d8_7b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6040,52 +4296,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_01( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_88(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ac(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_e9(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_5a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -6107,22 +4342,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ad( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b3(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_02(uu____0, copy_of_randomness); } /** @@ -6140,178 +4367,28 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_e6( -======= - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_57( ->>>>>>> main - uu____0, copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_06(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_a0( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ad( uu____0, copy_of_randomness); } /** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_8f( - uu____0, copy_of_randomness); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -======= This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ba(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -======= static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); return lit; } @@ -6326,7 +4403,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_7e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6340,7 +4417,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1( libcrux_ml_kem_hash_functions_avx2_G_a9_67( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6350,54 +4426,32 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_f5( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( -======= -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_bd0( - __m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( ->>>>>>> main v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( -======= -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( ->>>>>>> main +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_standard_domain_f5( -======= - libcrux_ml_kem_vector_traits_to_standard_domain_bd0( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_standard_domain_c1( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -6405,9 +4459,6 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6415,53 +4466,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_ef( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_f1(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_47(&result0[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_f6( - &result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -6476,7 +4481,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_d6_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6489,58 +4494,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_f1(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_b8(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_a7( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6551,48 +4514,20 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_ab(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_e1(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_7e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ff(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); uint8_t prf_input[33U]; @@ -6604,73 +4539,26 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( uu____2, copy_of_prf_input0, 0U); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_e4(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_ef(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -======= - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_a2( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6681,22 +4569,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c( -======= -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53( ->>>>>>> main +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_4f( -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_c0( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -6708,9 +4588,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6719,11 +4596,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_50( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5f( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_72( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6741,20 +4614,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5f( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_5c(&re, ret0); -======= - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_53(&re, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6764,13 +4630,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_72(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6779,9 +4645,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6791,33 +4654,15 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_51( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_39( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_50(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82(t_as_ntt, seed_for_a, + public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_02( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2(t_as_ntt, seed_for_a, - public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6833,35 +4678,21 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_51( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_50(sk.secret_as_ntt, -======= -libcrux_ml_kem_ind_cpa_generate_keypair_2f(Eurydice_slice key_generation_seed) { +static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 +libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_ind_cpa_serialize_public_key_39( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6871,26 +4702,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_2f(Eurydice_slice key_generation_seed) { uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair768 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -6899,11 +4718,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6929,11 +4744,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31(public_key, ret0); -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6949,14 +4760,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6972,11 +4775,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_f7(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_2a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6985,21 +4784,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); -======= - libcrux_ml_kem_ind_cpa_generate_keypair_2f(ind_cpa_keypair_randomness); ->>>>>>> main + libcrux_ml_kem_ind_cpa_generate_keypair_1c(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_eb( -======= - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( ->>>>>>> main + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7008,27 +4799,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_51(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -7042,20 +4821,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_96( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_f7(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_51(copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_generate_keypair_2a(copy_of_randomness); } /** @@ -7067,264 +4838,40 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ea( -======= - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_3f( ->>>>>>> main - copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_cf( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1b(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1b(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_47( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_8a(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_3f(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_51( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_dc( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_6d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_96( copy_of_randomness); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::Kyber)} */ /** A monomorphic instance of libcrux_ml_kem.variant.kdf_33 ->>>>>>> main with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_99( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_08( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input); ->>>>>>> main Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_44(ciphertext), -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_07_4f(ciphertext), ->>>>>>> main + libcrux_ml_kem_types_as_slice_d4_4c(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( -======= libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -7352,11 +4899,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_a90( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_c50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7374,17 +4917,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_04(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_5e(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_b7(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -7392,11 +4928,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -7405,25 +4937,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_26( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -7431,44 +4952,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_a60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_88(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_99( -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_1d( ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_08( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_08(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_33_1d(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7496,17 +4997,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a90(private_key, ciphertext, ret); -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_9f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_a60(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_c50(private_key, ciphertext, ret); } /** @@ -7520,11 +5014,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_ea( -======= - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_29( ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_9f( private_key, ciphertext, ret); } @@ -7539,15 +5029,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_31(randomness, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_52( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_44( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); ->>>>>>> main } /** @@ -7570,49 +5054,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_b30( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_6b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_020( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_52( + libcrux_ml_kem_variant_entropy_preprocess_33_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_H_a9_31( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_avx2_G_a9_ab( -======= libcrux_ml_kem_hash_functions_avx2_G_a9_67( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -7621,52 +5084,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_010( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_50(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_88(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_99(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_1d(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_08(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -7691,22 +5133,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( -======= -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_b30(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_020(uu____0, copy_of_randomness); } /** @@ -7724,11 +5158,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_60( - uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ce( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( uu____0, copy_of_randomness); } @@ -7743,52 +5173,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_47( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_63( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7799,12 +5188,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_47(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_63(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7824,7 +5213,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_ee( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -7832,17 +5221,17 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_7f( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_a2( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -7860,21 +5249,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_2f0( +libcrux_ml_kem_ind_cpa_generate_keypair_1c0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_810( + libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_ind_cpa_serialize_public_key_39( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5f(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -7884,22 +5273,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_2f0( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7909,13 +5290,13 @@ with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7924,13 +5305,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_2f0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_1c0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_0a( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7939,13 +5320,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_510(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -7962,12 +5343,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_0a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_510(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_2a0(copy_of_randomness); } /** @@ -7979,17 +5360,10 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_0a( copy_of_randomness); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7999,7 +5373,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ea( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_5e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -8015,9 +5389,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_ea( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_private_key with const @@ -8028,10 +5399,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_72( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ea(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_5e(private_key, ciphertext); } @@ -8044,7 +5415,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_dc( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_72( private_key, ciphertext); } @@ -8052,85 +5423,37 @@ static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_ea( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a7( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); -} - -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_49( - ring_element); - deserialized_pk[i0] = uu____0; - } + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_750( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8140,27 +5463,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_06( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_30( -======= -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c9( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a5( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_serialize_public_key_51( -======= - libcrux_ml_kem_ind_cpa_serialize_public_key_02( ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_public_key_39( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -8169,9 +5481,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_19( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -8181,41 +5490,21 @@ generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_06(public_key); -======= static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_19(public_key); ->>>>>>> main + return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a6( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); -======= Returns `true` if valid, and `false` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_8d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( public_key->value); } @@ -8241,11 +5530,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_40( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_88( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8275,7 +5564,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -8287,11 +5576,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8328,10 +5617,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_0c( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_5c(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2(key_pair, ciphertext, ret); } /** @@ -8345,7 +5634,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ed( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_0c( private_key, ciphertext, ret); } @@ -8368,7 +5657,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8396,7 +5685,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_e3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_25(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8406,7 +5695,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8440,7 +5729,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -8448,7 +5737,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_d6(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2(uu____0, copy_of_randomness); } @@ -8469,7 +5758,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ad( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( uu____0, copy_of_randomness); } @@ -8489,8 +5778,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_58(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_d6_7d(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b0(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -8508,28 +5797,26 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_7d(); ->>>>>>> main + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_17_8c( +libcrux_ml_kem_polynomial_clone_3a_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -8556,7 +5843,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -8566,19 +5853,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_81( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_00(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_17_8c( + libcrux_ml_kem_polynomial_clone_3a_c2( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -8591,7 +5878,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_02( + libcrux_ml_kem_ind_cpa_serialize_public_key_39( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -8605,7 +5892,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____3); + unwrap_41_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -8627,13 +5914,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_56( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_05(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(copy_of_randomness, out); } /** @@ -8646,26 +5933,26 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_25( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_56( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(void) { +libcrux_ml_kem_ind_cca_unpacked_default_6c_31(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -8704,10 +5991,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +K>[TraitClause@0])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -8715,9 +6002,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_c1(void) { + libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -8753,7 +6040,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_5d()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_31()}); } /** @@ -8762,7 +6049,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_c1(); + return libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(); } /** @@ -8771,7 +6058,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_5d(); + return libcrux_ml_kem_ind_cca_unpacked_default_6c_31(); } /** @@ -8780,11 +6067,11 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +K>[TraitClause@0]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -8792,10 +6079,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_c2( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -8808,11 +6095,11 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -8820,10 +6107,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( &self->public_key, serialized); } @@ -8835,24 +6122,24 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_c0(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +K>[TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f( +libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -8879,21 +6166,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@1])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( +libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_6f(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -8907,17 +6194,17 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_42( +libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -8930,8 +6217,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_d0( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_42(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( + libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a(key_pair)); pk[0U] = uu____0; } @@ -8942,7 +6229,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_68(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05(public_key, serialized); } @@ -8960,13 +6247,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_75( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -8986,7 +6273,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -9007,11 +6294,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_4c(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe(public_key, unpacked_public_key); } @@ -9023,7 +6310,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f9( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f1( public_key, unpacked_public_key); } @@ -9032,11 +6319,7 @@ This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD static inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { -======= -static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { ->>>>>>> main return self[0U]; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index d612a20b5..27d97ab36 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -20,16 +20,36 @@ extern "C" { #include "eurydice_glue.h" -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; /** A monomorphic instance of @@ -43,20 +63,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -68,21 +74,15 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 89dfbaa23..5e1f37607 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_portable_H @@ -37,29 +29,6 @@ extern "C" { #define LIBCRUX_ML_KEM_HASH_FUNCTIONS_THREE_BLOCKS \ (LIBCRUX_ML_KEM_HASH_FUNCTIONS_BLOCK_SIZE * (size_t)3U) -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( - Eurydice_slice input, uint8_t ret[64U]) { - uint8_t digest[64U] = {0U}; - libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); -} - -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( - Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -typedef struct libcrux_ml_kem_hash_functions_neon_Simd128Hash_s { - libcrux_sha3_neon_x2_incremental_KeccakState shake128_state[2U]; -} libcrux_ml_kem_hash_functions_neon_Simd128Hash; - -======= ->>>>>>> main static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; @@ -83,12 +52,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( (LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE + \ LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE) -typedef struct libcrux_ml_kem_ind_cca_Kyber_s { -} libcrux_ml_kem_ind_cca_Kyber; - -typedef struct libcrux_ml_kem_ind_cca_MlKem_s { -} libcrux_ml_kem_ind_cca_MlKem; - typedef uint8_t libcrux_ml_kem_ind_cca_MlKemSharedSecret[32U]; static const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = @@ -152,11 +115,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); -<<<<<<< HEAD unwrap_41_30(dst, ret); -======= - unwrap_26_30(dst, ret); ->>>>>>> main memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -267,7 +226,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_10.fst; ret[1U] = r0_10.snd; ret[2U] = r0_10.thd; @@ -290,32 +248,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[19U] = r11_21.f8; ret[20U] = r11_21.f9; ret[21U] = r11_21.f10; -======= - uint8_t result[22U] = {0U}; - result[0U] = r0_10.fst; - result[1U] = r0_10.snd; - result[2U] = r0_10.thd; - result[3U] = r0_10.f3; - result[4U] = r0_10.f4; - result[5U] = r0_10.f5; - result[6U] = r0_10.f6; - result[7U] = r0_10.f7; - result[8U] = r0_10.f8; - result[9U] = r0_10.f9; - result[10U] = r0_10.f10; - result[11U] = r11_21.fst; - result[12U] = r11_21.snd; - result[13U] = r11_21.thd; - result[14U] = r11_21.f3; - result[15U] = r11_21.f4; - result[16U] = r11_21.f5; - result[17U] = r11_21.f6; - result[18U] = r11_21.f7; - result[19U] = r11_21.f8; - result[20U] = r11_21.f9; - result[21U] = r11_21.f10; - memcpy(ret, result, (size_t)22U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -409,7 +341,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -428,27 +359,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -1118,7 +1028,6 @@ libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -1126,27 +1035,6 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( if (vec.elements[i0] >= (int16_t)3329) { size_t uu____0 = i0; vec.elements[uu____0] = vec.elements[uu____0] - (int16_t)3329; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){ - .start = (size_t)0U, - .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - Option_b3 uu____0 = - core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( - &iter, size_t, Option_b3); - if (uu____0.tag == None) { - return v; - } else { - size_t i = uu____0.f0; - if (v.elements[i] >= (int16_t)3329) { - size_t uu____1 = i; - v.elements[uu____1] = v.elements[uu____1] - (int16_t)3329; - } ->>>>>>> main } } return vec; @@ -1181,13 +1069,9 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) -<<<<<<< HEAD Note: The input bound is 28296 to prevent overflow in the multiplication of quotient by FIELD_MODULUS -======= - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. ->>>>>>> main */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( @@ -1239,19 +1123,12 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - the absolute value of `o` is bound as follows: -<<<<<<< HEAD `|result| ≤ ceil(|value| / MONTGOMERY_R) + 1665 In particular, if `|value| ≤ FIELD_MODULUS-1 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS-1`. And, if `|value| ≤ pow2 16 * FIELD_MODULUS-1`, then `|o| <= FIELD_MODULUS + 1664 -======= - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. ->>>>>>> main */ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( @@ -1616,28 +1493,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -1747,7 +1602,6 @@ static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { -<<<<<<< HEAD int16_t result0 = (int16_t)((uint32_t)Eurydice_slice_index( v, (size_t)0U, uint8_t, uint8_t *) & 1U); @@ -1828,26 +1682,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { lit.elements[14U] = result14; lit.elements[15U] = result15; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_portable_vector_type_zero(); - for (size_t i = (size_t)0U; i < (size_t)8U; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U); - } - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; ->>>>>>> main } /** @@ -1904,7 +1738,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = result0_3.fst; ret[1U] = result0_3.snd; ret[2U] = result0_3.thd; @@ -1913,18 +1746,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[5U] = result4_7.snd; ret[6U] = result4_7.thd; ret[7U] = result4_7.f3; -======= - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -1984,7 +1805,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2003,27 +1823,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2077,7 +1876,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -2088,20 +1886,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[7U] = r5_9.thd; ret[8U] = r5_9.f3; ret[9U] = r5_9.f4; -======= - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2172,7 +1956,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2191,27 +1974,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2273,7 +2035,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_4.fst; ret[1U] = r0_4.snd; ret[2U] = r0_4.thd; @@ -2294,30 +2055,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[17U] = r15_19.thd; ret[18U] = r15_19.f3; ret[19U] = r15_19.f4; -======= - uint8_t result[20U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - result[10U] = r10_14.fst; - result[11U] = r10_14.snd; - result[12U] = r10_14.thd; - result[13U] = r10_14.f3; - result[14U] = r10_14.f4; - result[15U] = r15_19.fst; - result[16U] = r15_19.snd; - result[17U] = r15_19.thd; - result[18U] = r15_19.f3; - result[19U] = r15_19.f4; - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2396,7 +2133,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_7.fst; lit.elements[1U] = v0_7.snd; @@ -2415,27 +2151,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { lit.elements[14U] = v8_15.f6; lit.elements[15U] = v8_15.f7; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; ->>>>>>> main } /** @@ -2493,7 +2208,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t)); -<<<<<<< HEAD ret[0U] = r0_2.fst; ret[1U] = r0_2.snd; ret[2U] = r0_2.thd; @@ -2518,34 +2232,6 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[21U] = r21_23.fst; ret[22U] = r21_23.snd; ret[23U] = r21_23.thd; -======= - uint8_t result[24U] = {0U}; - result[0U] = r0_2.fst; - result[1U] = r0_2.snd; - result[2U] = r0_2.thd; - result[3U] = r3_5.fst; - result[4U] = r3_5.snd; - result[5U] = r3_5.thd; - result[6U] = r6_8.fst; - result[7U] = r6_8.snd; - result[8U] = r6_8.thd; - result[9U] = r9_11.fst; - result[10U] = r9_11.snd; - result[11U] = r9_11.thd; - result[12U] = r12_14.fst; - result[13U] = r12_14.snd; - result[14U] = r12_14.thd; - result[15U] = r15_17.fst; - result[16U] = r15_17.snd; - result[17U] = r15_17.thd; - result[18U] = r18_20.fst; - result[19U] = r18_20.snd; - result[20U] = r18_20.thd; - result[21U] = r21_23.fst; - result[22U] = r21_23.snd; - result[23U] = r21_23.thd; - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -2598,7 +2284,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; lit.elements[0U] = v0_1.fst; lit.elements[1U] = v0_1.snd; @@ -2617,27 +2302,6 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { lit.elements[14U] = v14_15.fst; lit.elements[15U] = v14_15.snd; return lit; -======= - libcrux_ml_kem_vector_portable_vector_type_PortableVector re = - libcrux_ml_kem_vector_portable_vector_type_zero(); - re.elements[0U] = v0_1.fst; - re.elements[1U] = v0_1.snd; - re.elements[2U] = v2_3.fst; - re.elements[3U] = v2_3.snd; - re.elements[4U] = v4_5.fst; - re.elements[5U] = v4_5.snd; - re.elements[6U] = v6_7.fst; - re.elements[7U] = v6_7.snd; - re.elements[8U] = v8_9.fst; - re.elements[9U] = v8_9.snd; - re.elements[10U] = v10_11.fst; - re.elements[11U] = v10_11.snd; - re.elements[12U] = v12_13.fst; - re.elements[13U] = v12_13.snd; - re.elements[14U] = v14_15.fst; - re.elements[15U] = v14_15.snd; - return re; ->>>>>>> main } /** @@ -2784,28 +2448,16 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ZERO_20_1c(void) { -======= -libcrux_ml_kem_polynomial_ZERO_d6_19(void) { ->>>>>>> main +libcrux_ml_kem_polynomial_ZERO_20_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2833,13 +2485,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_0f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_12(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a5(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -2849,17 +2496,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2872,29 +2512,18 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_92( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2907,11 +2536,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a9( -======= - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_90( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2933,13 +2558,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_99(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_2f(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -2949,11 +2569,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2978,15 +2594,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be( v); } @@ -2997,11 +2607,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_10_40( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); + libcrux_ml_kem_polynomial_ZERO_20_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -3009,12 +2618,6 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_40( libcrux_ml_kem_vector_portable_vector_type_PortableVector), libcrux_ml_kem_vector_portable_vector_type_PortableVector), size_t, void *); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; @@ -3023,11 +2626,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f( coefficient); re.coefficients[i0] = uu____0; } @@ -3041,11 +2640,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3070,15 +2665,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df0( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b0( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be0( v); } @@ -3089,17 +2678,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_11_c9( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -3108,11 +2690,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_58( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f0( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e0( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f0( coefficient); re.coefficients[i0] = uu____0; } @@ -3126,15 +2704,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_40(serialized); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_a4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d0(serialized); ->>>>>>> main + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -3149,11 +2721,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77( -======= -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c( ->>>>>>> main +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3167,20 +2735,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( -======= - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( ->>>>>>> main + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(b, zeta_r); -======= - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(b, zeta_r); ->>>>>>> main + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3194,11 +2754,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3211,11 +2767,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_67( -======= - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_02( ->>>>>>> main + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d1( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3232,11 +2784,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_82( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_e9( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_1b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3256,11 +2804,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_8a( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3269,14 +2813,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -3287,7 +2825,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_bd( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3296,47 +2834,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_bd( re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] + (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3354,48 +2870,26 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_70( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ec( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_82(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_1b(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_8a(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)7U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, - (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3405,20 +2899,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b( -======= -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75( ->>>>>>> main +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -3438,15 +2924,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_86( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_a4( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_70(&u_as_ntt[i0]); -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5f( - u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_b0(&u_as_ntt[i0]); ->>>>>>> main + libcrux_ml_kem_ntt_ntt_vector_u_ec(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3460,11 +2940,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3489,15 +2965,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df1( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b1( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be1( v); } @@ -3508,17 +2978,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_4_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3527,11 +2990,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f1( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e1( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f1( coefficient); re.coefficients[i0] = uu____0; } @@ -3545,11 +3004,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( -======= -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3574,15 +3029,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_df2( -======= -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_1b2( ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be2( v); } @@ -3593,17 +3042,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_5_c6( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5a( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_20( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3612,11 +3054,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_5a( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_8f2( -======= - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_7e2( ->>>>>>> main + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3630,10 +3068,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_51(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5(serialized); } /** @@ -3642,65 +3079,16 @@ This function found in impl */ /** A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( - Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_ef(serialized); -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_ntt_multiply_20_23( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_polynomial_ntt_multiply_d6_27( +libcrux_ml_kem_polynomial_ntt_multiply_20_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3720,33 +3108,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_d6_27( } /** -<<<<<<< HEAD This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 -======= - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_fc( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3770,11 +3141,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fe( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3783,20 +3150,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)2U), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)3U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3807,11 +3164,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_7c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3820,14 +3173,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], -<<<<<<< HEAD libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U]), libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U] - (size_t)1U)); -======= - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); ->>>>>>> main zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3838,11 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3864,11 +3207,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 -<<<<<<< HEAD - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( -======= - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( ->>>>>>> main + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ca( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3876,11 +3215,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); -<<<<<<< HEAD - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_77(a_minus_b, zeta_r); -======= - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_2c(a_minus_b, zeta_r); ->>>>>>> main + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3893,11 +3228,7 @@ with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a( -======= -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( ->>>>>>> main +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3912,11 +3243,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_42( -======= - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_35( ->>>>>>> main + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ca( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3933,67 +3260,36 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e7(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_e9(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2b(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_5a(&zeta_i, re, - (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_e0(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_29(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fe(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_23(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_13(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_subtract_reduce_20_f5( -======= -libcrux_ml_kem_polynomial_subtract_reduce_d6_5f( ->>>>>>> main +libcrux_ml_kem_polynomial_subtract_reduce_20_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -4012,12 +3308,6 @@ libcrux_ml_kem_polynomial_subtract_reduce_d6_5f( return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4025,38 +3315,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_message_a9( -======= -libcrux_ml_kem_matrix_compute_message_5b( ->>>>>>> main +libcrux_ml_kem_matrix_compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1c(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_23(&secret_as_ntt[i0], - &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_f5(v, result); -======= - libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_d6_5f(v, result); ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_7e(v, result); return result; } @@ -4066,13 +3339,8 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_arithmetic_shift_right_58( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_95( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { -======= -libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { ->>>>>>> main for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4091,15 +3359,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_shift_right_0d_f1( +libcrux_ml_kem_vector_portable_shift_right_0d_64( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_58(v); -======= -libcrux_ml_kem_vector_portable_shift_right_0d_46( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_7d(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v); } /** @@ -4109,17 +3371,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_to_unsigned_representative_87( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_f1(a); -======= -libcrux_ml_kem_vector_traits_to_unsigned_representative_08( +libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_46(a); ->>>>>>> main + libcrux_ml_kem_vector_portable_shift_right_0d_64(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -4133,21 +3388,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_message_f1( -======= -libcrux_ml_kem_serialize_compress_then_serialize_message_71( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_message_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -4163,30 +3410,6 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_71( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4197,37 +3420,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_8b(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_e2( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_a9(&v, secret_key->secret_as_ntt, - u_as_ntt); - uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_f1(message, ret0); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_15( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_75(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_6e( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_5b(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_message_39(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4241,19 +3447,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_decrypt_30(Eurydice_slice secret_key, - uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_92(secret_key, secret_as_ntt); -======= -static inline void libcrux_ml_kem_ind_cpa_decrypt_75(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_80(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_e1(secret_key, secret_as_ntt); ->>>>>>> main + libcrux_ml_kem_ind_cpa_deserialize_secret_key_55(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -4264,17 +3462,10 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_75(Eurydice_slice secret_key, memcpy( secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_15(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); -======= - uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6(&secret_key_unpacked, ciphertext, - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -4286,11 +3477,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -4300,11 +3487,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_03( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_44( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -4322,23 +3505,6 @@ with const generics - K= 3 - LEN= 32 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( - Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_03(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_2e( - size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_PRF_44(input, ret); @@ -4347,19 +3513,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -4367,25 +3533,18 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); return lit; ->>>>>>> main } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -4393,17 +3552,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( - Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4418,9 +3570,6 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( return re; } -/** - See [deserialize_ring_elements_reduced_out]. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4428,19 +3577,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -======= -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4452,46 +3591,10 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_62( - ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_4d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -*/ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_a3( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -======= - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( ring_element); deserialized_pk[i0] = uu____0; } ->>>>>>> main } /** @@ -4510,11 +3613,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( -======= -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_37( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_37( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4547,20 +3646,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( -======= -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_17( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_17( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); -<<<<<<< HEAD - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_40( -======= - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_37( ->>>>>>> main + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_37( copy_of_input); } @@ -4571,11 +3662,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_72( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_72( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -4599,19 +3686,11 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_75( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_9a( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_72( self, ret); -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_75( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, - uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_72(self, - ret); ->>>>>>> main } /** @@ -4663,11 +3742,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( ->>>>>>> main uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4709,11 +3784,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea( -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_e6( ->>>>>>> main +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e6( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -4737,18 +3808,11 @@ generics - K= 3 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_48( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_ea(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e6(self, ret); -======= -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_48( - libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, - uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_e6(self, ret); ->>>>>>> main } /** @@ -4800,11 +3864,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( -======= libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( ->>>>>>> main uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4841,32 +3901,18 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_from_i16_array_20_d3(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_polynomial_from_i16_array_d6_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -4887,13 +3933,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_xof_closure_2c(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_d3( -======= libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4904,11 +3945,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_1b( -======= static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( ->>>>>>> main uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4917,47 +3954,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_83( - copy_of_seeds); - uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_20( -======= - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_17( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_17( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_75( ->>>>>>> main + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_75( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); -<<<<<<< HEAD - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_89( -======= bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( ->>>>>>> main copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_04( -======= - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_48( ->>>>>>> main + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_48( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); -<<<<<<< HEAD - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_890( -======= done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( ->>>>>>> main copy_of_randomness, sampled_coefficients, out); } } @@ -4967,11 +3985,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_closure_2c(copy_of_out[i]); -======= libcrux_ml_kem_sampling_sample_from_xof_closure_ba(copy_of_out[i]); ->>>>>>> main } memcpy( ret, ret0, @@ -4985,19 +3999,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0b( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_a3(i, A_transpose[i]); - } -======= static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { ->>>>>>> main for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5016,11 +4020,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; -<<<<<<< HEAD - libcrux_ml_kem_sampling_sample_from_xof_1b(copy_of_seeds, sampled); -======= libcrux_ml_kem_sampling_sample_from_xof_49(copy_of_seeds, sampled); ->>>>>>> main for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5037,16 +4037,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( } } } -<<<<<<< HEAD - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U][3U]; - memcpy(result, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ret, result, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); -======= ->>>>>>> main } /** @@ -5071,13 +4061,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_06(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_52(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -5086,11 +4071,7 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d3( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d5( ->>>>>>> main uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -5112,66 +4093,11 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf( - uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_d3(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { libcrux_ml_kem_hash_functions_portable_PRFxN_d5(input, ret); ->>>>>>> main } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -5179,11 +4105,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -5218,11 +4140,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_d3( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -5233,11 +4151,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_af( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_a6( ->>>>>>> main +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -5271,11 +4185,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_a6( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } -<<<<<<< HEAD - return libcrux_ml_kem_polynomial_from_i16_array_20_d3( -======= - return libcrux_ml_kem_polynomial_from_i16_array_d6_bb( ->>>>>>> main + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -5286,15 +4196,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( - Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d9( -======= -libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_d1( ->>>>>>> main + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( randomness); } @@ -5304,11 +4208,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_99( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_98( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_73( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -5331,46 +4231,25 @@ with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_73(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, (size_t)11207U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_06( + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_82( + libcrux_ml_kem_ntt_ntt_at_layer_3_1b( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_8a( + libcrux_ml_kem_ntt_ntt_at_layer_2_ea( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f( + libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_6b(re); -======= -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_98(re); - size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)6U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)5U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_35(&zeta_i, re, (size_t)4U, - (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_e9(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_bd(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_d6_a9(re); ->>>>>>> main + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5380,20 +4259,10 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -======= static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5407,23 +4276,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_a0(&re_as_ntt[i0]); - } -======= libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_fb(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]); } return domain_separator; } @@ -5438,18 +4297,17 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( uu____0, uu____1, domain_separator); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -5457,11 +4315,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_re_as_ntt, -======= - lit.fst, copy_of_re_as_ntt, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5477,18 +4331,10 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_20(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3a(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5499,19 +4345,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2(uint8_t prf_input[33U], - uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5526,19 +4364,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_bf(prf_inputs, prf_outputs); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( -======= libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( ->>>>>>> main + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -5549,11 +4379,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b(uint8_t prf_input[33U], (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 result; memcpy( -<<<<<<< HEAD result.fst, copy_of_error_1, -======= - lit.fst, copy_of_error_1, ->>>>>>> main (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); result.snd = domain_separator; return result; @@ -5564,11 +4390,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_030( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_440( ->>>>>>> main Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -5586,15 +4408,9 @@ with const generics - K= 3 - LEN= 128 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( - Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_030(input, ret); -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_slice input, uint8_t ret[128U]) { libcrux_ml_kem_hash_functions_portable_PRF_440(input, ret); ->>>>>>> main } /** @@ -5604,38 +4420,21 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_vector_u_closure_52(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_matrix_compute_vector_u_closure_e7(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main +libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_06( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_0d( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5653,31 +4452,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_d6_0d( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_4b( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { -<<<<<<< HEAD - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= - result[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -5698,22 +4486,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_f7( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ntt_multiply_20_23(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_06(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_9d(&result0[i1], &error_1[i1]); -======= - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result[i1], - &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_d6_0d(&result[i1], &error_1[i1]); ->>>>>>> main } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -5731,15 +4510,9 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_decompress_1_4c( +libcrux_ml_kem_vector_traits_decompress_1_f7( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = -======= -libcrux_ml_kem_vector_traits_decompress_1_94( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = ->>>>>>> main libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = libcrux_ml_kem_vector_portable_sub_0d(z, &vec); @@ -5756,17 +4529,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= -libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( - uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5776,11 +4542,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_decompress_1_4c(coefficient_compressed); -======= - libcrux_ml_kem_vector_traits_decompress_1_94(coefficient_compressed); ->>>>>>> main + libcrux_ml_kem_vector_traits_decompress_1_f7(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -5788,28 +4550,16 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( -======= -libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( ->>>>>>> main +libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -5832,9 +4582,6 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5842,39 +4589,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -<<<<<<< HEAD -libcrux_ml_kem_matrix_compute_ring_element_v_66( -======= -libcrux_ml_kem_matrix_compute_ring_element_v_04( ->>>>>>> main +libcrux_ml_kem_matrix_compute_ring_element_v_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = -<<<<<<< HEAD - libcrux_ml_kem_polynomial_ZERO_20_1c(); - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_23(&t_as_ntt[i0], - &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result, &product); - } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_31(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_8c( -======= - libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_bc(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_d6_92( ->>>>>>> main + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( error_2, message, result); return result; } @@ -5885,11 +4615,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c( -======= -libcrux_ml_kem_vector_portable_compress_compress_20( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5912,15 +4638,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c( +libcrux_ml_kem_vector_portable_compress_0d_20( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_20(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c(v); } /** @@ -5930,24 +4650,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_10_a9( -======= -libcrux_ml_kem_serialize_compress_then_serialize_10_95( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_10_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_20( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -5965,11 +4676,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c0( -======= -libcrux_ml_kem_vector_portable_compress_compress_200( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5992,15 +4699,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a0( +libcrux_ml_kem_vector_portable_compress_0d_200( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c0(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_200(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c0(v); } /** @@ -6010,24 +4711,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_11_e2( -======= -libcrux_ml_kem_serialize_compress_then_serialize_11_c1( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_11_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_200( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -6047,23 +4739,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_a9(re, uu____0); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_95(re, uu____0); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_10_04(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6073,11 +4755,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( -======= -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6093,11 +4771,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_31(&re, -======= - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_9c(&re, ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_ae(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -6110,11 +4784,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c1( -======= -libcrux_ml_kem_vector_portable_compress_compress_201( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6137,15 +4807,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c1(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c1( +libcrux_ml_kem_vector_portable_compress_0d_201( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_201(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c1(v); } /** @@ -6155,11 +4819,7 @@ with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_4_55( -======= -libcrux_ml_kem_serialize_compress_then_serialize_4_c5( ->>>>>>> main +libcrux_ml_kem_serialize_compress_then_serialize_4_b6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -6168,13 +4828,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_c5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_201( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -6191,11 +4846,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_compress_0c2( -======= -libcrux_ml_kem_vector_portable_compress_compress_202( ->>>>>>> main +libcrux_ml_kem_vector_portable_compress_compress_6c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -6218,15 +4869,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_portable_compress_0d_9a2( +libcrux_ml_kem_vector_portable_compress_0d_202( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_0c2(v); -======= -libcrux_ml_kem_vector_portable_compress_0d_0c2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_202(v); ->>>>>>> main + return libcrux_ml_kem_vector_portable_compress_compress_6c2(v); } /** @@ -6236,7 +4881,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b5( +libcrux_ml_kem_serialize_compress_then_serialize_5_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, @@ -6245,13 +4890,8 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_b5( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = -<<<<<<< HEAD - libcrux_ml_kem_vector_portable_compress_0d_9a2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_portable_compress_0d_0c2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_portable_compress_0d_202( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -6270,58 +4910,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_55(re, out); -======= -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c5(re, out); ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_4_b6(re, out); } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6340,18 +4933,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -6359,8 +4941,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( ->>>>>>> main + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -6370,11 +4951,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); -<<<<<<< HEAD - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_a2( -======= - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2b( ->>>>>>> main + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -6383,58 +4960,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRF_f1_c80( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_d8( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_4b(public_key->A, r_as_ntt, error_1, -======= libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_dd( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_f7(public_key->A, r_as_ntt, error_1, ->>>>>>> main + libcrux_ml_kem_matrix_compute_vector_u_42(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = -<<<<<<< HEAD - libcrux_ml_kem_serialize_deserialize_then_decompress_message_52( - copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_66( -======= - libcrux_ml_kem_serialize_deserialize_then_decompress_message_4d( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( ->>>>>>> main + libcrux_ml_kem_matrix_compute_ring_element_v_58( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_ed( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_2d( -======= - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_c0( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_8b( ->>>>>>> main + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_79( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -6458,65 +5010,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cpa_encrypt_95(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_ca(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_171(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_0b(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____3, copy_of_message, - randomness, result); - memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); -======= -static inline void libcrux_ml_kem_ind_cpa_encrypt_d1(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6531,11 +5031,10 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_d1(Eurydice_slice public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____1, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); ->>>>>>> main + uint8_t result[1088U]; + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____1, copy_of_message, + randomness, result); + memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } /** @@ -6549,22 +5048,13 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_85( - Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, - uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, shared_secret, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_a7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_1a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6589,11 +5079,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_b2( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_68( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6611,17 +5097,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -6629,11 +5108,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6642,25 +5117,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -6668,49 +5132,26 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_85( -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_a7( ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_1a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_1a(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_d8_a7(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -6732,17 +5173,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); -======= -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_68(private_key, ciphertext, ret); } /** @@ -6755,185 +5189,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_b1( -======= - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8a( ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( private_key, ciphertext, ret); } /** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.decapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_eb( - &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_170( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7( - uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Portable decapsulate -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const -generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_33(key_pair, ciphertext, - ret); -} - -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ -static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ed( - private_key, ciphertext, ret); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)#1} -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::MlKem)#1} ->>>>>>> main */ /** A monomorphic instance of libcrux_ml_kem.variant.entropy_preprocess_d8 @@ -6941,20 +5203,12 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( - Eurydice_slice randomness, uint8_t ret[32U]) { - Result_00 dst; - Eurydice_slice_to_array2(&dst, randomness, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b7( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -6966,11 +5220,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_fd( -======= static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_c6( ->>>>>>> main Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6994,49 +5244,28 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_63( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c6( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_b0( + libcrux_ml_kem_variant_entropy_preprocess_d8_b7( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -7045,52 +5274,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_85(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_a7(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_d8_1a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -7111,22 +5319,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( -======= -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_16( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness); } /** @@ -7143,175 +5343,27 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_47( -======= - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_95( ->>>>>>> main - uu____0, copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.encapsulate_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_d7(uu____2, copy_of_randomness, - pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Portable encapsualte -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_9b( - uu____0, copy_of_randomness); -} - -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ -static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, - uint8_t randomness[32U]) { - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = - public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_ea( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_16( uu____0, copy_of_randomness); } /** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; - -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure -======= This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a ->>>>>>> main +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_39(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -======= static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); return lit; } @@ -7325,7 +5377,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_26( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7339,7 +5391,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b( libcrux_ml_kem_hash_functions_portable_G_f1_07( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7349,11 +5400,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -<<<<<<< HEAD -libcrux_ml_kem_vector_traits_to_standard_domain_22( -======= -libcrux_ml_kem_vector_traits_to_standard_domain_bd( ->>>>>>> main +libcrux_ml_kem_vector_traits_to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -7361,28 +5408,16 @@ libcrux_ml_kem_vector_traits_to_standard_domain_bd( /** This function found in impl -<<<<<<< HEAD {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 -======= -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_d6 ->>>>>>> main with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( -======= -libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( ->>>>>>> main +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -7390,11 +5425,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_standard_domain_22( -======= - libcrux_ml_kem_vector_traits_to_standard_domain_bd( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_standard_domain_73( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -7404,62 +5435,13 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } - for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_23(matrix_element, - &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_fc(&result0[i1], - &product); - } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_39( - &result0[i1], &error_as_ntt[i1]); - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -7474,7 +5456,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_d6_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7487,58 +5469,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_d6_27(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_d6_5d(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_d6_aa( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( &t_as_ntt[i0], &error_as_ntt[i0]); } ->>>>>>> main } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7548,48 +5488,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_d0(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; -======= -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_3b(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_26(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A = uu____0.fst; ->>>>>>> main Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0(*uu____1)[3U] = public_key->A; uint8_t ret[34U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_171(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_0b(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_172(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; -======= libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); uint8_t prf_input[33U]; @@ -7601,73 +5513,26 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( uu____2, copy_of_prf_input0, 0U); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_06(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_3c(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -======= - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_00( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -7677,22 +5542,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64( -======= -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( ->>>>>>> main +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = -<<<<<<< HEAD - libcrux_ml_kem_vector_traits_to_unsigned_representative_87( -======= - libcrux_ml_kem_vector_traits_to_unsigned_representative_08( ->>>>>>> main + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -7704,9 +5561,6 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7714,11 +5568,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_cd( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8c( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7736,20 +5586,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_8c( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; -<<<<<<< HEAD - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_64(&re, ret0); -======= - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_16(&re, ret0); ->>>>>>> main + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key_mut with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7758,13 +5601,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7773,9 +5616,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( seed_for_a, uint8_t); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7784,33 +5624,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_77( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_96( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); - uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d(t_as_ntt, seed_for_a, + public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_eb( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46(t_as_ntt, seed_for_a, - public_key_serialized); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); ->>>>>>> main + memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); } /** @@ -7826,34 +5648,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -<<<<<<< HEAD -libcrux_ml_kem_ind_cpa_generate_keypair_fc(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_cd(sk.secret_as_ntt, -======= -libcrux_ml_kem_ind_cpa_generate_keypair_52(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_96( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -7863,26 +5671,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_52(Eurydice_slice key_generation_seed) { uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD libcrux_ml_kem_utils_extraction_helper_Keypair768 result; memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); return result; -======= - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; ->>>>>>> main } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -7890,11 +5686,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( -======= -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( ->>>>>>> main +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -7920,11 +5712,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd(public_key, ret0); -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6(public_key, ret0); ->>>>>>> main Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7940,14 +5728,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7962,11 +5742,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_generate_keypair_6c(uint8_t randomness[64U]) { -======= -libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { ->>>>>>> main +libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7975,21 +5751,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_generate_keypair_fc(ind_cpa_keypair_randomness); -======= - libcrux_ml_kem_ind_cpa_generate_keypair_52(ind_cpa_keypair_randomness); ->>>>>>> main + libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d7( -======= - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( ->>>>>>> main + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7998,27 +5766,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_54(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = -<<<<<<< HEAD - libcrux_ml_kem_types_from_e7_f1(copy_of_secret_key_serialized); -======= - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); ->>>>>>> main + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_types_from_64_b1( - uu____2, libcrux_ml_kem_types_from_07_a9(copy_of_public_key)); -======= - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); ->>>>>>> main + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -8032,16 +5788,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_7f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_generate_keypair_6c(copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_generate_keypair_54(copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_generate_keypair_b2(copy_of_randomness); } /** @@ -8052,263 +5804,39 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( -======= - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_6b( ->>>>>>> main - copy_of_randomness); -} - -/** -<<<<<<< HEAD -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure.closure with -types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_closure_53( - size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_1c(); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline void -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa( - size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_1c(); - } -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_cc( - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; - libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_portable_vector_type_PortableVector)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.generate_keypair_unpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_83( - ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_closure_fa(i, - A[i]); - } - for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { - size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_3a_cc(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1; - } - } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_77( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), - pk_serialized); - uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); - unwrap_41_33(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Unpacked API -*/ -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with -const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_17( - copy_of_randomness); -} - -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ -static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( - uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_28( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_7f( copy_of_randomness); } /** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::Kyber)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_6c -======= This function found in impl {(libcrux_ml_kem::variant::Variant for libcrux_ml_kem::variant::Kyber)} */ /** A monomorphic instance of libcrux_ml_kem.variant.kdf_33 ->>>>>>> main with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_00( - Eurydice_slice shared_secret, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_17(shared_secret, kdf_input); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_e0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_23( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; libcrux_ml_kem_utils_into_padded_array_42(shared_secret, kdf_input); ->>>>>>> main Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_a8_44(ciphertext), -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_07_4f(ciphertext), ->>>>>>> main + libcrux_ml_kem_types_as_slice_d4_4c(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( -======= libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -8335,11 +5863,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -<<<<<<< HEAD -static inline void libcrux_ml_kem_ind_cca_decapsulate_b20( -======= -static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( ->>>>>>> main +static inline void libcrux_ml_kem_ind_cca_decapsulate_680( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8357,17 +5881,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_decrypt_30(ind_cpa_secret_key, ciphertext->value, - decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= - libcrux_ml_kem_ind_cpa_decrypt_75(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_80(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( @@ -8375,11 +5892,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -8388,25 +5901,14 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; -<<<<<<< HEAD - libcrux_ml_kem_utils_into_padded_array_170(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_ba_27(ciphertext), - uint8_t); - uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_c8( -======= libcrux_ml_kem_utils_into_padded_array_420(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( ->>>>>>> main Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -8414,44 +5916,24 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____5, copy_of_decrypted, - pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_00( -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_e0( ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_23( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_23(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; -<<<<<<< HEAD libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_ba_27(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, uint8_t), shared_secret); memcpy(ret, shared_secret, (size_t)32U * sizeof(uint8_t)); -======= - libcrux_ml_kem_variant_kdf_33_e0(shared_secret0, ciphertext, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); ->>>>>>> main } /** @@ -8479,17 +5961,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); -======= -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); ->>>>>>> main + libcrux_ml_kem_ind_cca_decapsulate_680(private_key, ciphertext, ret); } /** @@ -8502,11 +5977,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { -<<<<<<< HEAD - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a2( -======= - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_64( ->>>>>>> main + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( private_key, ciphertext, ret); } @@ -8520,15 +5991,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( - Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_fd(randomness, ret); -======= -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_c0( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_3b( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); ->>>>>>> main } /** @@ -8550,49 +6015,28 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -<<<<<<< HEAD -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_8b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_17( -======= -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c60( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_c0( + libcrux_ml_kem_variant_entropy_preprocess_33_3b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( ->>>>>>> main Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_H_f1_fd( - Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_f6_ae(public_key), -======= libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), ->>>>>>> main + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; -<<<<<<< HEAD - libcrux_ml_kem_hash_functions_portable_G_f1_d0( -======= libcrux_ml_kem_hash_functions_portable_G_f1_07( ->>>>>>> main Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -8601,52 +6045,31 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( -<<<<<<< HEAD - (size_t)1184U, libcrux_ml_kem_types_as_slice_f6_ae(public_key), uint8_t); -======= - (size_t)1184U, libcrux_ml_kem_types_as_slice_ba_91(public_key), uint8_t); ->>>>>>> main + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_encrypt_95(uu____2, copy_of_randomness, -======= - libcrux_ml_kem_ind_cpa_encrypt_d1(uu____2, copy_of_randomness, ->>>>>>> main + libcrux_ml_kem_ind_cpa_encrypt_ca(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = -<<<<<<< HEAD - libcrux_ml_kem_types_from_15_e9(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_00(shared_secret, &ciphertext0, -======= - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_e0(shared_secret, &ciphertext0, ->>>>>>> main + libcrux_ml_kem_variant_kdf_33_23(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD tuple_3c result; result.fst = uu____5; memcpy(result.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return result; -======= - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; ->>>>>>> main } /** @@ -8671,22 +6094,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -<<<<<<< HEAD -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( -======= -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( ->>>>>>> main +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_32( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); ->>>>>>> main + return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness); } /** @@ -8703,11 +6118,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); -<<<<<<< HEAD - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_b1( - uu____0, copy_of_randomness); -======= - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_92( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_32( uu____0, copy_of_randomness); } @@ -8721,52 +6132,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_c8( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_22( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8776,12 +6146,12 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_c8(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_22(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8801,7 +6171,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_83( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -8809,17 +6179,17 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_86( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_00( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8836,21 +6206,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_520( +libcrux_ml_kem_ind_cpa_generate_keypair_ea0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_740( + libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_96( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_8c(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -8860,22 +6230,14 @@ libcrux_ml_kem_ind_cpa_generate_keypair_520( uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, + libcrux_ml_kem_utils_extraction_helper_Keypair768 result; + memcpy(result.fst, copy_of_secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, + memcpy(result.snd, copy_of_public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - return lit; + return result; } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8885,12 +6247,12 @@ libcrux_ml_kem_variant_Kyber with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8899,13 +6261,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_520(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_ea0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_61( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8914,13 +6276,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_540(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_88_2d(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_8b( - uu____2, libcrux_ml_kem_types_from_40_60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_8d( + uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); } /** @@ -8936,12 +6298,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_08( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_540(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_b20(copy_of_randomness); } /** @@ -8953,17 +6315,10 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_31( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_08( copy_of_randomness); } -/** - Validate an ML-KEM private key. - - This implements the Hash check in 7.3 3. - Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` - and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8972,7 +6327,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2f( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_a9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -8988,9 +6343,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_2f( (size_t)32U, t, &expected, uint8_t, uint8_t, bool); } -/** - Portable private key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_private_key with const @@ -9000,10 +6352,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_2f(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_a9(private_key, ciphertext); } @@ -9015,7 +6367,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_77( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( private_key, ciphertext); } @@ -9024,82 +6376,35 @@ A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_5a( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a3( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); -} - -/** - See [deserialize_ring_elements_reduced_out]. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e4( - ring_element); - deserialized_pk[i0] = uu____0; - } + return libcrux_ml_kem_polynomial_ZERO_20_19(); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- PUBLIC_KEY_SIZE= 1184 - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e20( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); ->>>>>>> main } -/** - Validate an ML-KEM public key. - - This implements the Modulus check in 7.2 2. - Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the - `public_key` type. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9108,27 +6413,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_82( - uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_07( -======= -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_e3( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_be( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_33( ->>>>>>> main + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; -<<<<<<< HEAD - libcrux_ml_kem_ind_cpa_serialize_public_key_77( -======= - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( ->>>>>>> main + libcrux_ml_kem_ind_cpa_serialize_public_key_96( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -9137,9 +6431,6 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_e3( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -9148,39 +6439,20 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -<<<<<<< HEAD -static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( - uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_82(public_key); -======= static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_e3(public_key); ->>>>>>> main + return libcrux_ml_kem_ind_cca_validate_public_key_be(public_key); } /** Validate a public key. -<<<<<<< HEAD - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ -static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( - libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_09( - public_key.value)) { - uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); - } else { - uu____0 = (CLITERAL(Option_92){.tag = None}); -======= Returns `true` if valid, and `false` otherwise. */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b0( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( public_key->value); } @@ -9206,11 +6478,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b6( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_15( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -9240,7 +6512,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -9252,11 +6524,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_fd_7b(ciphertext), + libcrux_ml_kem_types_as_ref_00_d9(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9292,10 +6564,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_8e( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_1a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6(key_pair, ciphertext, ret); } /** @@ -9309,7 +6581,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_49( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_8e( private_key, ciphertext, ret); } @@ -9332,7 +6604,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -9360,7 +6632,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -9370,7 +6642,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_28( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_fc_cd(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9403,7 +6675,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -9411,7 +6683,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_28(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4(uu____0, copy_of_randomness); } @@ -9431,7 +6703,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_67( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( uu____0, copy_of_randomness); } @@ -9450,8 +6722,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_12(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_d6_19(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_6d(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -9468,27 +6740,25 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_d6_19(); ->>>>>>> main + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])#1} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_17 +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_17_19( +libcrux_ml_kem_polynomial_clone_3a_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -9517,7 +6787,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -9527,19 +6797,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_74( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_41(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_17_19( + libcrux_ml_kem_polynomial_clone_3a_a6( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -9552,7 +6822,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_eb( + libcrux_ml_kem_ind_cpa_serialize_public_key_96( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -9566,7 +6836,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____3); + unwrap_41_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -9587,13 +6857,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_08( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_39(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b(copy_of_randomness, out); } /** @@ -9606,25 +6876,25 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_72( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_08( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(void) { +libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -9663,19 +6933,19 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +K>[TraitClause@0])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_3d(void) { + libcrux_ml_kem_ind_cca_unpacked_default_6f_27(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -9711,7 +6981,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_4f()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_fe()}); } /** @@ -9719,7 +6989,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_3d(); + return libcrux_ml_kem_ind_cca_unpacked_default_6f_27(); } /** @@ -9727,7 +6997,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_4f(); + return libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(); } /** @@ -9736,21 +7006,21 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +K>[TraitClause@0]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_46( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -9763,21 +7033,21 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( &self->public_key, serialized); } @@ -9788,23 +7058,23 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +K>[TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78( +libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -9831,20 +7101,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@1])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_23( +libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_78(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -9858,16 +7128,16 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_23( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a( +libcrux_ml_kem_ind_cca_unpacked_public_key_05_52( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -9879,8 +7149,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_23( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_0a(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( + libcrux_ml_kem_ind_cca_unpacked_public_key_05_52(key_pair)); pk[0U] = uu____0; } @@ -9891,7 +7161,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_e5(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8(public_key, serialized); } @@ -9914,7 +7184,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e2( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -9934,7 +7204,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_ba_91(public_key), + libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -9954,7 +7224,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -9970,7 +7240,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_50( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_fa( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index d70f1bc80..63dd9e1f0 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_mlkem768_portable_types_H @@ -20,18 +20,37 @@ extern "C" { #include "eurydice_glue.h" -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; /** A monomorphic instance of @@ -45,20 +64,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -70,22 +75,17 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector + */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index fc8768589..b0f8eb656 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_avx2_H @@ -217,31 +209,20 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -<<<<<<< HEAD -libcrux_sha3_generic_keccak_new_1e_fa(void) { -======= -libcrux_sha3_generic_keccak_new_89_71(void) { ->>>>>>> main +libcrux_sha3_generic_keccak_new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -407,11 +388,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_16( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_d4( ->>>>>>> main __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1445,11 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_3f( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_1b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1541,11 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d8( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_70( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1582,11 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_95( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1608,11 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_c9( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_fe( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1625,16 +1586,6 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_4e( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_3f(s); - libcrux_sha3_generic_keccak_pi_d8(s); - libcrux_sha3_generic_keccak_chi_95(s); - libcrux_sha3_generic_keccak_iota_c9(s, i0); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_cd( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1643,7 +1594,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_cd( libcrux_sha3_generic_keccak_pi_70(s); libcrux_sha3_generic_keccak_chi_12(s); libcrux_sha3_generic_keccak_iota_fe(s, i0); ->>>>>>> main } } @@ -1655,22 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_26( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_32( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_simd_avx2_load_block_ef_16(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); -======= libcrux_sha3_simd_avx2_load_block_ef_d4(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_cd(s); ->>>>>>> main } /** @@ -1699,11 +1640,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_40( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e6( ->>>>>>> main __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1721,11 +1658,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_80( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -1744,13 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_simd_avx2_load_block_full_ef_40(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); -======= libcrux_sha3_simd_avx2_load_block_full_ef_e6(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_cd(s); ->>>>>>> main } /** @@ -1921,11 +1849,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_83( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_d1( ->>>>>>> main __m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_61(a, ret); } @@ -1939,17 +1863,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_ac( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_83(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_a8( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; libcrux_sha3_simd_avx2_store_block_full_ef_d1(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -1975,11 +1892,7 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e3( ->>>>>>> main __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_78(a, b); } @@ -1992,15 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b7( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -2011,17 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(s); - libcrux_sha3_simd_avx2_store_block_ef_aa(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_66( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_keccakf1600_cd(s); libcrux_sha3_simd_avx2_store_block_ef_e3(s->st, out); ->>>>>>> main } /** @@ -2032,19 +1932,11 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_0a( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(&s); - uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_83(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_fe( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_keccakf1600_cd(&s); uint8_t b[4U][200U]; libcrux_sha3_simd_avx2_store_block_full_ef_d1(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2069,17 +1961,10 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_9b( - Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_fa(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_89_71(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2090,11 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_26(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_32(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; @@ -2104,20 +1985,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_7f(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_ac(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_a8(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2125,22 +1998,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b7(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2151,20 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_66(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_0a(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_fe(s, o1); ->>>>>>> main } } } @@ -2179,11 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_9b(buf0, buf); -======= libcrux_sha3_generic_keccak_keccak_b9(buf0, buf); ->>>>>>> main } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2195,11 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_fa(); -======= - return libcrux_sha3_generic_keccak_new_89_71(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_71(); } /** @@ -2354,11 +2203,7 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_400( -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e60( ->>>>>>> main __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -2376,11 +2221,7 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_800( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; @@ -2399,13 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_7f0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_simd_avx2_load_block_full_ef_400(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_4e(s); -======= libcrux_sha3_simd_avx2_load_block_full_ef_e60(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_cd(s); ->>>>>>> main } /** @@ -2417,11 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_800(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_7f0(s, buf); ->>>>>>> main } /** @@ -2557,43 +2389,11 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_aa0( - __m256i (*a)[5U], Eurydice_slice b[4U]) { - libcrux_sha3_simd_avx2_store_block_780(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_e30( __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_780(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_660( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_cd(s); - libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); -} - -/** - Squeeze another block -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, - Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_660(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types core_core_arch_x86___m256i @@ -2602,10 +2402,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_b70( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); } /** @@ -2616,15 +2415,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_ff0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_4e(s); - libcrux_sha3_simd_avx2_store_block_ef_aa0(s->st, out); -======= -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_ca0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_660( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_keccakf1600_cd(s); libcrux_sha3_simd_avx2_store_block_ef_e30(s->st, out); ->>>>>>> main } /** @@ -2636,11 +2430,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d( -======= libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2648,24 +2438,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1); libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2); ->>>>>>> main } /** @@ -2677,8 +2458,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); } /** @@ -2690,10 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(s, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_next_block_660(s, buf); } /** @@ -2705,11 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58( -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2717,46 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b70(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca0(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_ff0(s, o4); -======= libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o3); libcrux_sha3_generic_keccak_squeeze_next_block_660(s, o4); ->>>>>>> main } /** @@ -2768,11 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_58(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_0b(s, buf); ->>>>>>> main } /** @@ -2784,11 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_7f(s, buf); ->>>>>>> main } /** @@ -2800,11 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_b7(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_block_ca(s, buf); ->>>>>>> main } /** @@ -2816,11 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_ff(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_next_block_66(s, buf); ->>>>>>> main } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 7e314c617..8922e606b 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 65d06b7e81ff34bcc90ca741249b4545ebcec5b3 ->>>>>>> main + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b */ #ifndef __libcrux_sha3_portable_H @@ -87,22 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d6(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; -<<<<<<< HEAD - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_fc(b); -======= return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_d6(b); ->>>>>>> main } /** @@ -205,30 +189,19 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { /** Create a new Shake128 x4 state. -<<<<<<< HEAD */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -======= ->>>>>>> main */ /** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -<<<<<<< HEAD -libcrux_sha3_generic_keccak_new_1e_ba(void) { -======= -libcrux_sha3_generic_keccak_new_89_cf(void) { ->>>>>>> main +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -263,11 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -278,11 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -299,21 +264,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_15( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_35( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_28(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_65(uu____0, copy_of_b); ->>>>>>> main } /** @@ -323,11 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc0(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d60(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -338,15 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc0(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_74(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d60(ab); ->>>>>>> main } /** @@ -360,13 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_74(a, b); ->>>>>>> main } /** @@ -376,11 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc1(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d61(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -391,15 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac0(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc1(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_740(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d61(ab); ->>>>>>> main } /** @@ -413,13 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac0(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_740(a, b); ->>>>>>> main } /** @@ -429,11 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc2(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d62(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -444,15 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac1(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc2(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_741(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d62(ab); ->>>>>>> main } /** @@ -466,13 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac1(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_031(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_741(a, b); ->>>>>>> main } /** @@ -482,11 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc3(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d63(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -497,15 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac2(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc3(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_742(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d63(ab); ->>>>>>> main } /** @@ -519,13 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac2(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_032(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_742(a, b); ->>>>>>> main } /** @@ -535,15 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac3(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_743(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d6(ab); ->>>>>>> main } /** @@ -557,13 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac3(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_033(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_743(a, b); ->>>>>>> main } /** @@ -573,11 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc4(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d64(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -588,15 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac4(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc4(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_744(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d64(ab); ->>>>>>> main } /** @@ -610,13 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac4(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_034(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_744(a, b); ->>>>>>> main } /** @@ -626,11 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc5(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d65(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -641,15 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac5(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc5(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_745(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d65(ab); ->>>>>>> main } /** @@ -663,13 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac5(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_035(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_745(a, b); ->>>>>>> main } /** @@ -679,11 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc6(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d66(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -694,15 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac6(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc6(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_746(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d66(ab); ->>>>>>> main } /** @@ -716,13 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac6(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_036(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_746(a, b); ->>>>>>> main } /** @@ -732,11 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc7(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d67(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -747,15 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac7(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc7(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_747(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d67(ab); ->>>>>>> main } /** @@ -769,13 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac7(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_037(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_747(a, b); ->>>>>>> main } /** @@ -785,11 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc8(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d68(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -800,15 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac8(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc8(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_748(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d68(ab); ->>>>>>> main } /** @@ -822,13 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac8(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_038(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_748(a, b); ->>>>>>> main } /** @@ -838,11 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc9(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d69(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -853,15 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac9(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc9(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_749(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d69(ab); ->>>>>>> main } /** @@ -875,13 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac9(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_039(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_749(a, b); ->>>>>>> main } /** @@ -891,11 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc10(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d610(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -906,15 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac10(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc10(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7410(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d610(ab); ->>>>>>> main } /** @@ -928,13 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac10(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0310(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7410(a, b); ->>>>>>> main } /** @@ -944,11 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc11(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d611(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -959,15 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac11(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc11(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7411(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d611(ab); ->>>>>>> main } /** @@ -981,13 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac11(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0311(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7411(a, b); ->>>>>>> main } /** @@ -997,11 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc12(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d612(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -1012,15 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac12(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc12(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7412(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d612(ab); ->>>>>>> main } /** @@ -1034,13 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac12(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0312(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7412(a, b); ->>>>>>> main } /** @@ -1050,11 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc13(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d613(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -1065,15 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac13(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc13(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7413(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d613(ab); ->>>>>>> main } /** @@ -1087,13 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac13(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0313(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7413(a, b); ->>>>>>> main } /** @@ -1103,11 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc14(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d614(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -1118,15 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac14(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc14(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7414(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d614(ab); ->>>>>>> main } /** @@ -1140,13 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac14(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0314(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7414(a, b); ->>>>>>> main } /** @@ -1156,11 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc15(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d615(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -1171,15 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac15(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc15(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7415(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d615(ab); ->>>>>>> main } /** @@ -1193,13 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac15(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0315(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7415(a, b); ->>>>>>> main } /** @@ -1209,11 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc16(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d616(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -1224,15 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac16(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc16(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7416(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d616(ab); ->>>>>>> main } /** @@ -1246,13 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac16(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0316(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7416(a, b); ->>>>>>> main } /** @@ -1262,11 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc17(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d617(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -1277,15 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac17(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc17(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7417(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d617(ab); ->>>>>>> main } /** @@ -1299,13 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac17(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0317(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7417(a, b); ->>>>>>> main } /** @@ -1315,11 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc18(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d618(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1330,15 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac18(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc18(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7418(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d618(ab); ->>>>>>> main } /** @@ -1352,13 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac18(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0318(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7418(a, b); ->>>>>>> main } /** @@ -1368,11 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc19(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d619(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1383,15 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac19(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc19(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7419(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d619(ab); ->>>>>>> main } /** @@ -1405,13 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac19(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0319(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7419(a, b); ->>>>>>> main } /** @@ -1421,11 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc20(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d620(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1436,15 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac20(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc20(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d620(ab); ->>>>>>> main } /** @@ -1458,13 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac20(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0320(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7420(a, b); ->>>>>>> main } /** @@ -1474,11 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc21(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d621(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1489,15 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac21(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc21(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d621(ab); ->>>>>>> main } /** @@ -1511,13 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac21(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7421(a, b); ->>>>>>> main } /** @@ -1527,11 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_rotate_left_fc22(uint64_t x) { -======= libcrux_sha3_portable_keccak_rotate_left_d622(uint64_t x) { ->>>>>>> main return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1542,15 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak__vxarq_u64_ac22(uint64_t a, uint64_t b) { - uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_fc22(ab); -======= libcrux_sha3_portable_keccak__vxarq_u64_7422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; return libcrux_sha3_portable_keccak_rotate_left_d622(ab); ->>>>>>> main } /** @@ -1564,13 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -<<<<<<< HEAD -libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_ac22(a, b); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(uint64_t a, uint64_t b) { return libcrux_sha3_portable_keccak__vxarq_u64_7422(a, b); ->>>>>>> main } /** @@ -1579,11 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_0d( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1619,55 +1216,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = -<<<<<<< HEAD - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b4(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b40(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b41(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b42(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b43(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b44(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b45(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b46(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b47(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b48(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b49(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b410(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b411(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b412(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b413(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b414(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b415(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b416(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b417(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b418(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b419(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b420(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b421(s->st[3U][4U], t[4U]); - uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_b422(s->st[4U][4U], t[4U]); -======= libcrux_sha3_portable_keccak_xor_and_rotate_5a_03(s->st[1U][0U], t[0U]); s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_030(s->st[2U][0U], t[0U]); @@ -1715,7 +1263,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_a7( libcrux_sha3_portable_keccak_xor_and_rotate_5a_0321(s->st[3U][4U], t[4U]); uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_0322(s->st[4U][4U], t[4U]); ->>>>>>> main s->st[4U][4U] = uu____27; } @@ -1725,11 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_f0( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_d5( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1765,11 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_e2( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1790,11 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_ae( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_00( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1806,16 +1341,6 @@ with types uint64_t with const generics - N= 1 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_7e( - libcrux_sha3_generic_keccak_KeccakState_48 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_0d(s); - libcrux_sha3_generic_keccak_pi_f0(s); - libcrux_sha3_generic_keccak_chi_e2(s); - libcrux_sha3_generic_keccak_iota_ae(s, i0); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { @@ -1824,7 +1349,6 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_b8( libcrux_sha3_generic_keccak_pi_d5(s); libcrux_sha3_generic_keccak_chi_3e(s); libcrux_sha3_generic_keccak_iota_00(s, i0); ->>>>>>> main } } @@ -1835,22 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_28( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_15(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_35(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -1858,19 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_86( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_28(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d4( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_65(s, buf); ->>>>>>> main } /** @@ -1882,21 +1389,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_05( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_86(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d4(uu____0, copy_of_b); ->>>>>>> main } /** @@ -1907,11 +1406,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f3( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1930,13 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_40( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_05(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -1944,11 +1434,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -1966,20 +1452,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_85( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1995,15 +1473,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_1e( - uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_85(a, ret); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_27( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e(a, ret); ->>>>>>> main } /** @@ -2014,17 +1486,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d9( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2049,15 +1514,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_49( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b(a, b); ->>>>>>> main } /** @@ -2067,15 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_80( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main } /** @@ -2085,17 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_87( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_49(s->st, out); ->>>>>>> main } /** @@ -2105,19 +1551,11 @@ with const generics - N= 1 - RATE= 72 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c9( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_27(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2141,17 +1579,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_92( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -2162,11 +1593,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_28(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_40(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2176,20 +1603,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f3(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_40(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d9(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_88(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -2197,22 +1616,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_80(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2223,20 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_87(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c2(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c9(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca(s, o1); ->>>>>>> main } } } @@ -2247,20 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_97( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e4( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_92(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_06(copy_of_data, out); ->>>>>>> main } /** @@ -2270,11 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_97(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e4(buf0, buf); ->>>>>>> main } /** @@ -2282,11 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -2297,11 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2318,21 +1701,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_150( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_350( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_280(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_650(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2342,22 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_280( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_150(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_350(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2365,19 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_860( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_280(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d40( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_650(s, buf); ->>>>>>> main } /** @@ -2389,21 +1747,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_050( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_860(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d40(uu____0, copy_of_b); ->>>>>>> main } /** @@ -2414,11 +1764,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f30( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2437,13 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_400( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2451,11 +1792,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d0( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b0( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -2473,20 +1810,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_850( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e0( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d0(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b0(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2503,15 +1832,9 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e0(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_850(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_270(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e0(a, ret); ->>>>>>> main } /** @@ -2522,17 +1845,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d90( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2557,15 +1873,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d0( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d0(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_490( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b0(a, b); ->>>>>>> main } /** @@ -2575,15 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_800( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2593,17 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_870( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d0(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c20( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_490(s->st, out); ->>>>>>> main } /** @@ -2613,19 +1910,11 @@ with const generics - N= 1 - RATE= 136 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c90( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e0(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_270(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -2649,17 +1938,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_920( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2670,11 +1952,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2684,20 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f30(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_400(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2705,22 +1975,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2731,20 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -2755,20 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_970( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e40( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_920(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_060(copy_of_data, out); ->>>>>>> main } /** @@ -2778,11 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_970(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e40(buf0, buf); ->>>>>>> main } /** @@ -2793,11 +2035,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f31( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2816,13 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_401( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -2833,17 +2066,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_921( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2854,11 +2080,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_280(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_400(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -2868,20 +2090,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f31(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_401(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d90(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_880(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2889,22 +2103,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -2915,20 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c90(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca0(s, o1); ->>>>>>> main } } } @@ -2939,20 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_971( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e41( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_921(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_061(copy_of_data, out); ->>>>>>> main } /** @@ -2962,115 +2152,18 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_971(buf0, buf); -} - -/** - A portable SHA3 512 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - A portable SHA3 256 implementation. -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, - Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ -static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -======= libcrux_sha3_portable_keccakx1_e41(buf0, buf); ->>>>>>> main } typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -<<<<<<< HEAD -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - -/** - Initialise the `KeccakState2`. -*/ -static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState -libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, - Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ -static KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); -} - -======= ->>>>>>> main /** Create a new SHAKE-128 state object. */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -3078,11 +2171,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -3093,11 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3110,19 +2195,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_861( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_281(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d41( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_651(s, buf); ->>>>>>> main } /** @@ -3134,21 +2211,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_051( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_861(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d41(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3159,11 +2228,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f32( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3182,13 +2247,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_402( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_051(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3198,11 +2258,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f32(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_402(s, buf); ->>>>>>> main } /** @@ -3210,11 +2266,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d1( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b1( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -3236,40 +2288,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d1( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d1(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_491( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b1(a, b); } -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types uint64_t -with const generics -- N= 1 -- RATE= 168 -*/ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_b8(s); - libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); -} - -/** - Squeeze another block -*/ -static KRML_MUSTINLINE void -libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { - Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, buf); ->>>>>>> main -} - /** A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block with types uint64_t @@ -3277,10 +2300,9 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_801( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); } /** @@ -3290,15 +2312,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_871( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d1(s->st, out); -======= -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c21( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { + libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_491(s->st, out); ->>>>>>> main } /** @@ -3309,11 +2326,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db( -======= libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3321,24 +2334,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1); libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2); ->>>>>>> main } /** @@ -3348,8 +2352,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_db(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); } /** @@ -3359,10 +2362,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, buf); -======= - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_5c(s, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, buf); } #define libcrux_sha3_Sha224 0 @@ -3408,11 +2408,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -3423,11 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3444,21 +2436,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_151( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_351( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_282(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_652(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3468,22 +2452,13 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_281( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_401( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_151(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_351(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3491,19 +2466,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_862( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_282(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d42( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_652(s, buf); ->>>>>>> main } /** @@ -3515,21 +2482,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_052( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_862(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d42(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3540,11 +2499,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f33( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -3563,13 +2518,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_403( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_052(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3577,11 +2527,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d2( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b2( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -3599,20 +2545,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_851( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e1( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d2(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b2(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3629,15 +2567,9 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e1(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_851(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_271(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e1(a, ret); ->>>>>>> main } /** @@ -3648,17 +2580,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d91( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3683,15 +2608,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d2( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d2(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_492( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b2(a, b); ->>>>>>> main } /** @@ -3701,15 +2620,9 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_802( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3719,17 +2632,10 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_872( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d2(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c22( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_492(s->st, out); ->>>>>>> main } /** @@ -3739,19 +2645,11 @@ with const generics - N= 1 - RATE= 144 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c91( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e1(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_271(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -3775,17 +2673,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_922( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -3796,11 +2687,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_281(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_401(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -3810,20 +2697,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f33(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_403(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d91(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_881(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -3831,22 +2710,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_802(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b2(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -3857,20 +2728,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_872(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c22(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c91(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca1(s, o1); ->>>>>>> main } } } @@ -3881,20 +2744,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_972( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e42( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_922(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_062(copy_of_data, out); ->>>>>>> main } /** @@ -3904,11 +2759,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_972(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e42(buf0, buf); ->>>>>>> main } /** @@ -3916,11 +2767,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -3931,11 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); -<<<<<<< HEAD unwrap_41_0e(dst, uu____0); -======= - unwrap_26_0e(dst, uu____0); ->>>>>>> main size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3952,21 +2795,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_152( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_352( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_283(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_653(uu____0, copy_of_b); ->>>>>>> main } /** @@ -3976,22 +2811,13 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_282( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_402( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_152(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_352(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -3999,19 +2825,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_863( - uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_283(s, buf); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_d43( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_653(s, buf); ->>>>>>> main } /** @@ -4023,21 +2841,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_4c3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_053( ->>>>>>> main uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_863(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_full_d43(uu____0, copy_of_b); ->>>>>>> main } /** @@ -4048,11 +2858,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_f34( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -4071,13 +2877,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_404( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_full_5a_4c3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_full_5a_053(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -4085,11 +2886,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_3d3( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_9b3( ->>>>>>> main uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -4107,20 +2904,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_852( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e2( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d3(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b3(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -4137,15 +2926,9 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e2(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_852(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_272(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e2(a, ret); ->>>>>>> main } /** @@ -4156,17 +2939,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d92( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4191,15 +2967,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_7d3( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_3d3(a, b); -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_493( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_9b3(a, b); ->>>>>>> main } /** @@ -4209,15 +2979,9 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_803( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_7b3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -4227,17 +2991,10 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_873( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(s); - libcrux_sha3_portable_keccak_store_block_5a_7d3(s->st, out); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c23( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(s); libcrux_sha3_portable_keccak_store_block_5a_493(s->st, out); ->>>>>>> main } /** @@ -4247,19 +3004,11 @@ with const generics - N= 1 - RATE= 104 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c92( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e2(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_272(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4283,17 +3032,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_923( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -4304,11 +3046,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_282(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_402(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -4318,20 +3056,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f34(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_404(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d92(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_882(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -4339,22 +3069,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_803(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b3(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -4365,20 +3087,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_873(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c23(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c92(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca2(s, o1); ->>>>>>> main } } } @@ -4389,20 +3103,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_973( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e43( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_923(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_063(copy_of_data, out); ->>>>>>> main } /** @@ -4412,11 +3118,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_973(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e43(buf0, buf); ->>>>>>> main } /** @@ -4507,21 +3209,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_153( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_353( ->>>>>>> main uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_281(uu____0, copy_of_b); -======= libcrux_sha3_portable_keccak_load_block_651(uu____0, copy_of_b); ->>>>>>> main } /** @@ -4531,22 +3225,13 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_283( -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_403( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_portable_keccak_load_block_5a_153(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_7e(s); -======= libcrux_sha3_portable_keccak_load_block_5a_353(uu____0, uu____1); libcrux_sha3_generic_keccak_keccakf1600_b8(s); ->>>>>>> main } /** @@ -4554,20 +3239,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_853( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_7e3( ->>>>>>> main uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; -<<<<<<< HEAD - libcrux_sha3_portable_keccak_store_block_3d1(s, buf); -======= libcrux_sha3_portable_keccak_store_block_9b1(s, buf); ->>>>>>> main /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -4584,15 +3261,9 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_portable_keccak_store_block_full_5a_1e3(uint64_t (*a)[5U], - uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_853(a, ret); -======= libcrux_sha3_portable_keccak_store_block_full_5a_273(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { libcrux_sha3_portable_keccak_store_block_full_7e3(a, ret); ->>>>>>> main } /** @@ -4603,17 +3274,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_and_last_d93( - libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s->st, b); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s->st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4636,19 +3300,11 @@ with const generics - N= 1 - RATE= 168 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_c93( - libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_7e(&s); - uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_1e3(s.st, b); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_ca3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_keccakf1600_b8(&s); uint8_t b[1U][200U]; libcrux_sha3_portable_keccak_store_block_full_5a_273(s.st, b); ->>>>>>> main for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; @@ -4672,17 +3328,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_924( - Eurydice_slice data[1U], Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_ba(); -======= static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -4693,11 +3342,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_block_283(uu____0, ret); -======= libcrux_sha3_generic_keccak_absorb_block_403(uu____0, ret); ->>>>>>> main } size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; @@ -4707,20 +3352,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f32(uu____2, ret); -======= libcrux_sha3_generic_keccak_absorb_final_402(uu____2, ret); ->>>>>>> main size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_and_last_d93(&s, out); -======= libcrux_sha3_generic_keccak_squeeze_first_and_last_883(&s, out); ->>>>>>> main } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -4728,22 +3365,14 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(&s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(&s, o0); ->>>>>>> main core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { -<<<<<<< HEAD if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( -======= - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( ->>>>>>> main &iter, size_t, Option_b3) .tag == None) { break; @@ -4754,20 +3383,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(&s, o); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(&s, o); ->>>>>>> main memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_last_c93(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_last_ca3(s, o1); ->>>>>>> main } } } @@ -4778,20 +3399,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -<<<<<<< HEAD -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_974( -======= static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_e44( ->>>>>>> main Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_keccak_924(copy_of_data, out); -======= libcrux_sha3_generic_keccak_keccak_064(copy_of_data, out); ->>>>>>> main } /** @@ -4801,11 +3414,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; -<<<<<<< HEAD - libcrux_sha3_portable_keccakx1_974(buf0, buf); -======= libcrux_sha3_portable_keccakx1_e44(buf0, buf); ->>>>>>> main } /** @@ -4853,8 +3462,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, } /** -<<<<<<< HEAD -======= A portable SHA3 256 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, @@ -4865,7 +3472,6 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, } /** ->>>>>>> main A portable SHA3 384 implementation. */ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, @@ -5007,11 +3613,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -<<<<<<< HEAD -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de( -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( ->>>>>>> main libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -5019,46 +3621,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_801(s, o0); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b1(s, o0); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o1); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o1); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o2); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o2); ->>>>>>> main Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_871(s, o4); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o3); libcrux_sha3_generic_keccak_squeeze_next_block_c21(s, o4); ->>>>>>> main } /** @@ -5068,11 +3653,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_de(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_five_blocks_3e(s, buf); ->>>>>>> main } /** @@ -5082,11 +3663,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_f31(s, buf); -======= libcrux_sha3_generic_keccak_absorb_final_401(s, buf); ->>>>>>> main } /** @@ -5094,11 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { -<<<<<<< HEAD - return libcrux_sha3_generic_keccak_new_1e_ba(); -======= - return libcrux_sha3_generic_keccak_new_89_cf(); ->>>>>>> main + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -5108,11 +3681,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_first_block_800(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_first_block_7b0(s, buf); ->>>>>>> main } /** @@ -5122,9 +3691,6 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; -<<<<<<< HEAD - libcrux_sha3_generic_keccak_squeeze_next_block_870(s, buf); -======= libcrux_sha3_generic_keccak_squeeze_next_block_c20(s, buf); } @@ -5156,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -5190,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -5207,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5260,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -5277,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5306,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -5320,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -5338,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5385,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -5394,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -5548,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -5579,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -5610,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -5644,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -5661,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5714,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -5731,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5757,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -5771,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -5789,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -5833,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -5842,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -6028,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -6056,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -6103,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -6140,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -6175,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -6222,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -6259,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -6294,8 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); ->>>>>>> main + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** From 2cc5d08dc51d9011b73e45fa933da711162d0d01 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 22 Sep 2024 12:07:20 +0000 Subject: [PATCH 303/348] boring C not working --- libcrux-ml-kem/c/benches/sha3.cc | 12 --- .../c/internal/libcrux_mlkem_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 87 +++---------------- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 87 +++---------------- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 87 +++---------------- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 8 -- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 -- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 -- libcrux-ml-kem/cg/benches/sha3.cc | 10 --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/eurydice_glue.h | 44 ++-------- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2 +- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2 +- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 21 files changed, 59 insertions(+), 334 deletions(-) diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index 221a557d7..a2bfadfce 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -70,17 +70,6 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; -<<<<<<< HEAD - libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); - - for (auto _ : state) - { - libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); -======= auto st = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); @@ -90,7 +79,6 @@ shake128_34_504(benchmark::State &state) auto st = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); ->>>>>>> main } } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 5c7bf744c..f88ca141f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index b3eb85bd0..c95f9f673 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #include "libcrux_mlkem1024_neon.h" @@ -46,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_fa( +static void decapsulate_f8( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9c(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } /** @@ -64,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_fa(private_key, ciphertext, ret); + decapsulate_f8(private_key, ciphertext, ret); } /** @@ -91,12 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ed( +static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc(key_pair, ciphertext, - ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } /** @@ -110,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ed(private_key, ciphertext, ret); + decapsulate_unpacked_c2(private_key, ciphertext, ret); } /** @@ -124,26 +115,20 @@ with const generics - C2_SIZE= 160 - VECTOR_U_COMPRESSION_FACTOR= 11 - VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 +- VECTOR_U_BLOCK_LEN= 352 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_2b( +static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ff(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -157,16 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_2b(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_6b(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -190,23 +169,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_c6( +static tuple_21 encapsulate_unpacked_1c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf(uu____0, - uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -224,16 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c6(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_1c(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -246,22 +212,16 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1536 - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- BYTES_PER_RING_ELEMENT= 1536 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ec(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); ->>>>>>> main } /** @@ -269,16 +229,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_91(copy_of_randomness); ->>>>>>> main } /** @@ -297,19 +251,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -<<<<<<< HEAD -generate_keypair_unpacked_0f(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a5(uu____0); -======= generate_keypair_unpacked_87(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( copy_of_randomness); ->>>>>>> main } /** @@ -318,16 +265,10 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0f(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_87(copy_of_randomness); ->>>>>>> main } /** @@ -341,8 +282,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2c(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_a3(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } /** @@ -353,7 +294,7 @@ static bool validate_public_key_2c(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2c(public_key.value)) { + if (validate_public_key_a3(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 5ce895698..1ed96ad65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index fa3c3947d..5b9b0ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #include "libcrux_mlkem512_neon.h" @@ -46,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_b6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9c1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } /** @@ -62,7 +54,7 @@ static void decapsulate_b6(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_b6(private_key, ciphertext, ret); + decapsulate_55(private_key, ciphertext, ret); } /** @@ -89,11 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_ee( +static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc1(key_pair, ciphertext, - ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } /** @@ -106,7 +97,7 @@ static void decapsulate_unpacked_ee( void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ee(private_key, ciphertext, ret); + decapsulate_unpacked_53(private_key, ciphertext, ret); } /** @@ -120,26 +111,20 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 +- VECTOR_U_BLOCK_LEN= 320 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_e7( +static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ff1(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -153,16 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_e7(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_f8(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -186,23 +165,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ec( +static tuple_ec encapsulate_unpacked_ce( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf1(uu____0, - uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -218,16 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ec(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_ce(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -240,22 +206,16 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 768 - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 +- BYTES_PER_RING_ELEMENT= 768 - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ec1(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); ->>>>>>> main } /** @@ -263,16 +223,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_25( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_25(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1a(copy_of_randomness); ->>>>>>> main } /** @@ -291,19 +245,12 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -<<<<<<< HEAD -generate_keypair_unpacked_29(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a51(uu____0); -======= generate_keypair_unpacked_38(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( copy_of_randomness); ->>>>>>> main } /** @@ -312,16 +259,10 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_29(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_38(copy_of_randomness); ->>>>>>> main } /** @@ -335,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2c1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_a31(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } /** @@ -347,7 +288,7 @@ static bool validate_public_key_2c1(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2c1(public_key.value)) { + if (validate_public_key_a31(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index e75d47b0c..211c714fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 04571732e..c252832a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #include "libcrux_mlkem768_neon.h" @@ -46,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_35( +static void decapsulate_67( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_9c0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } /** @@ -62,7 +54,7 @@ static void decapsulate_35( void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_35(private_key, ciphertext, ret); + decapsulate_67(private_key, ciphertext, ret); } /** @@ -89,11 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_eb( +static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_unpacked_dc0(key_pair, ciphertext, - ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } /** @@ -106,7 +97,7 @@ static void decapsulate_unpacked_eb( void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_eb(private_key, ciphertext, ret); + decapsulate_unpacked_70(private_key, ciphertext, ret); } /** @@ -120,26 +111,20 @@ with const generics - C2_SIZE= 128 - VECTOR_U_COMPRESSION_FACTOR= 10 - VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 +- VECTOR_U_BLOCK_LEN= 320 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_b1( +static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_ff0(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -153,16 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b1(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_ea(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -186,23 +165,16 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_24( +static tuple_3c encapsulate_unpacked_29( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_unpacked_cf0(uu____0, - uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -218,16 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; -<<<<<<< HEAD - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_24(uu____0, uu____1); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_29(uu____0, copy_of_randomness); ->>>>>>> main } /** @@ -240,22 +206,16 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics - CPA_PRIVATE_KEY_SIZE= 1152 - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- BYTES_PER_RING_ELEMENT= 1152 - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ec0(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); ->>>>>>> main } /** @@ -263,16 +223,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_4e( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_4e(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1b(copy_of_randomness); ->>>>>>> main } /** @@ -291,19 +245,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -<<<<<<< HEAD -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_generate_keypair_unpacked_a50(uu____0); -======= generate_keypair_unpacked_42(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( copy_of_randomness); ->>>>>>> main } /** @@ -312,16 +259,10 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { -<<<<<<< HEAD - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); -======= /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_42(copy_of_randomness); ->>>>>>> main } /** @@ -335,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2c0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_a30(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } /** @@ -347,7 +288,7 @@ static bool validate_public_key_2c0(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2c0(public_key.value)) { + if (validate_public_key_a30(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 173c6b6b9..aaf2756d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: 04413e808445c4f78fe89cd15b85ff549ed3be62 - * Libcrux: 1ecfc745f64e318b06fd59a787d07818640c56cc -======= * Charon: 53530427db2941ce784201e64086766504bc5642 * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 ->>>>>>> main */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 9a61a13b6..68997c944 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d ->>>>>>> main */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 3fe657545..aee7d70ec 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,19 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: -<<<<<<< HEAD - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 86be6d1083452ef1a2c8991bcf72e36e8f6f5efb - * Libcrux: e8928fc5424f83c8cb35b980033be17621fc0ef0 -======= * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 * Libcrux: 6b71b5fae48b400c6dac49234638dd52385d111d ->>>>>>> main */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index faf3b8351..7212fc4ed 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -69,24 +69,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); -======= libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); ->>>>>>> main for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); -<<<<<<< HEAD - libcrux_sha3_generic_keccak_absorb_final_80(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_6d(&st, out); -======= libcrux_sha3_generic_keccak_absorb_final_7f(&st, last); libcrux_sha3_generic_keccak_squeeze_first_three_blocks_ed(&st, out); ->>>>>>> main } } diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 3f94b9400..066ecdc86 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b +Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 6aeb59968..cdd27af77 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -2,11 +2,7 @@ * SPDX-FileCopyrightText: 2024 Eurydice Contributors * SPDX-FileCopyrightText: 2024 Cryspen Sarl * -<<<<<<< HEAD - * SPDX-License-Identifier: Apache-2.0 -======= * SPDX-License-Identifier: MIT or Apache-2.0 ->>>>>>> main */ #pragma once @@ -99,12 +95,8 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -<<<<<<< HEAD -#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ -======= #define Eurydice_array_eq(sz, a1, a2, t, _) \ ->>>>>>> main - (memcmp(a1, a2, sz * sizeof(t)) == 0) + (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ sz, a1, a2, t, _, _ret_t) \ Eurydice_array_eq(sz, a1, a2, t, _) @@ -129,10 +121,8 @@ typedef struct { Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) - static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, - char *dst_ok, - Eurydice_slice src, - size_t sz) { +static inline void Eurydice_slice_to_array3(uint8_t *dst_tag, char *dst_ok, + Eurydice_slice src, size_t sz) { *dst_tag = 0; memcpy(dst_ok, src.ptr, sz); } @@ -162,7 +152,7 @@ static inline uint32_t core_num__u8_6__count_ones(uint8_t x0) { #endif } -// wraparound semantics in C +// unsigned overflow wraparound semantics in C static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x, uint16_t y) { return x + y; } @@ -170,39 +160,21 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { return x - y; } -static inline uint16_t core_num__i16_1__wrapping_add(int16_t x, int16_t y) { - return x + y; -} - -static inline uint16_t core_num__i16_1__wrapping_sub(int16_t x, int16_t y) { - return x - y; -} - -static inline uint16_t core_num__i16_1__wrapping_mul(int16_t x, int16_t y) { - return x * y; -} - // ITERATORS #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ -<<<<<<< HEAD - ? (CLITERAL(ret_t){.tag = None}) \ -======= ? (CLITERAL(ret_t){.tag = None, .f0 = 0}) \ ->>>>>>> main : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next + Eurydice_range_iter_next - // See note in karamel/lib/Inlining.ml if you change this +// See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter \ - Eurydice_into_iter - -#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + Eurydice_into_iter #if defined(__cplusplus) - } +} #endif diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index e29636144..f90749b11 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 304d4f8d0..a3ab78f37 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index c108a5889..ec7a09505 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 27d97ab36..a11530661 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 5e1f37607..0687e1bdf 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 63dd9e1f0..2b39497d4 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index b0f8eb656..4e5eb5c5d 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 8922e606b..c09062f0f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 */ #ifndef __libcrux_sha3_portable_H From 29148553dd08d6266c5c114569a8f0e9f38908b4 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 22 Sep 2024 19:13:53 +0000 Subject: [PATCH 304/348] Use opaque_to_smt to make serialize functions fast to verify --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 42 +----- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 11 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 101 ++++---------- .../extraction/Libcrux_ml_kem.Serialize.fsti | 124 ++++-------------- .../Libcrux_ml_kem.Vector.Avx2.fsti | 7 +- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 8 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 12 ++ ...crux_ml_kem.Vector.Portable.Serialize.fsti | 12 ++ .../Libcrux_ml_kem.Vector.Portable.fsti | 17 ++- .../Libcrux_ml_kem.Vector.Traits.fst | 12 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 4 +- .../proofs/fstar/spec/Spec.MLKEM.Math.fst | 5 +- libcrux-ml-kem/src/ind_cpa.rs | 8 +- libcrux-ml-kem/src/serialize.rs | 90 +++++++------ libcrux-ml-kem/src/vector/avx2.rs | 4 +- libcrux-ml-kem/src/vector/portable.rs | 8 +- .../src/vector/portable/compress.rs | 4 +- .../src/vector/portable/serialize.rs | 44 +++++++ libcrux-ml-kem/src/vector/traits.rs | 5 +- 19 files changed, 222 insertions(+), 296 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index daba9dd3b..245a00761 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -197,32 +197,7 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result -val compress_then_serialize_ring_element_u1 - (v_COMPRESSION_FACTOR v_OUT_LEN: usize) - (#v_Vector: Type0) - {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) - (requires True) - (fun _ -> Prims.l_True) - -let compress_then_serialize_ring_element_u1 = admit() - -val compress_then_serialize_u_helper (i v_K v_OUT_LEN v_BLOCK_LEN: usize) : - Lemma (requires (Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v i < v v_K)) - (ensures (v (v_OUT_LEN /! v_K) == v ((i +! sz 1) *! (v_OUT_LEN /! v_K)) - v (i *! (v_OUT_LEN /! v_K)) /\ - v (v_OUT_LEN /! v_K) == v v_BLOCK_LEN /\ - v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN /\ - v i * (v v_OUT_LEN / v v_K) + (v v_OUT_LEN / v v_K) <= v v_OUT_LEN)) - -let compress_then_serialize_u_helper i v_K v_OUT_LEN v_BLOCK_LEN = - assert (v (v_OUT_LEN /! v_K) == v ((i +! sz 1) *! (v_OUT_LEN /! v_K)) - v (i *! (v_OUT_LEN /! v_K))); - assert (v (v_OUT_LEN /! v_K) == v v_BLOCK_LEN); - assert (v i * (v v_OUT_LEN / v v_K) < v v_OUT_LEN); - assert (v i * (v v_OUT_LEN / v v_K) + (v v_OUT_LEN / v v_K) <= v v_OUT_LEN) - -#push-options "--max_fuel 1 --max_ifuel 1 --z3rlimit 2000" +#push-options "--z3rlimit 200" let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) @@ -233,8 +208,6 @@ let compress_then_serialize_u (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (out: t_Slice u8) = - //assume (forall (i:nat). i < v v_K ==> (forall (j:nat). j < 16 ==> (forall (k:nat). k < 16 ==> - // v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Seq.index input i).f_coefficients.[sz j]) k) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))); let _:Prims.unit = assert ((v Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT * v v_COMPRESSION_FACTOR) / 8 == 320 \/ @@ -246,20 +219,15 @@ let compress_then_serialize_u (fun out i -> let out:t_Slice u8 = out in let i:usize = i in - v i >= 0 /\ v i <= v v_K /\ - v (Core.Slice.impl__len #u8 out <: usize) == v v_OUT_LEN) + v i < v v_K ==> + (Seq.length out == v v_OUT_LEN /\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index input (v i)))) out (fun out temp_1_ -> let out:t_Slice u8 = out in let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = temp_1_ in - assert (v i >= 0 /\ v i < v v_K); - assert (v (v_OUT_LEN /! v_K) == v v_OUT_LEN / v v_K); - assert (v (i *! (v_OUT_LEN /! v_K <: usize)) == v i * v (v_OUT_LEN /! v_K)); - assert (v (i +! sz 1) == v i + 1); - assert (v ((i +! sz 1 <: usize) *! (v_OUT_LEN /! v_K <: usize)) == v (i +! sz 1) * v (v_OUT_LEN /! v_K)); - compress_then_serialize_u_helper i v_K v_OUT_LEN v_BLOCK_LEN; let out:t_Slice u8 = Rust_primitives.Hax.Monomorphized_update_at.update_at_range out ({ @@ -281,7 +249,7 @@ let compress_then_serialize_u Core.Ops.Range.t_Range usize ] <: t_Slice u8) - (compress_then_serialize_ring_element_u1 v_COMPRESSION_FACTOR + (Libcrux_ml_kem.Serialize.compress_then_serialize_ring_element_u v_COMPRESSION_FACTOR v_BLOCK_LEN #v_Vector re diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 37373dc6b..550d08b03 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -50,13 +50,6 @@ val sample_vector_cbd_then_ntt (Seq.slice prf_input 0 32) (sz (v domain_separator))) -let compress_then_serialize_u_helper_f (v_K: usize) (#v_Vector: Type0) - {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - (input: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - forall (i:nat). i < v v_K ==> (let re = Seq.index input i in forall (j:nat). j < 256 ==> - (let coef:t_Array i16 (sz 16) = Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Seq.index re.f_coefficients (j / 16)) in - v (Seq.index coef (j % 16)) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) - /// Call [`compress_then_serialize_ring_element_u`] on each ring element. val compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) @@ -69,7 +62,9 @@ val compress_then_serialize_u Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ Core.Slice.impl__len #u8 out == v_OUT_LEN /\ - compress_then_serialize_u_helper_f v_K #v_Vector input) + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index input i))) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 8ed8516c8..2226342d3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -16,12 +16,11 @@ let to_unsigned_field_modulus Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a: v_Vector) = + let _:Prims.unit = reveal_opaque (`%field_modulus_range) (field_modulus_range #v_Vector) in let result:v_Vector = Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector a in let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" - let compress_then_serialize_10_ (v_OUT_LEN: usize) (#v_Vector: Type0) @@ -38,24 +37,16 @@ let compress_then_serialize_10_ (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in - v i >= 0 /\ v i <= 16 /\ - (v i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in let _:Prims.unit = assert (20 * v i + 20 <= 320) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve @@ -97,8 +88,6 @@ let compress_then_serialize_10_ let _:Prims.unit = admit () (* Panic freedom *) in result -#pop-options - #push-options "--admit_smt_queries true" let compress_then_serialize_11_ @@ -162,8 +151,6 @@ let compress_then_serialize_11_ #pop-options -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" - let compress_then_serialize_4_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -173,31 +160,23 @@ let compress_then_serialize_4_ (serialized: t_Slice u8) = let _:Prims.unit = assert_norm (pow2 4 == 16) in - let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> let serialized:t_Slice u8 = serialized in let i:usize = i in - v i >= 0 /\ v i <= 16 /\ Seq.length serialized == v v__serialized_len /\ - (v i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + v i >= 0 /\ v i <= 16 /\ v i < 16 ==> + (Seq.length serialized == 128 /\ coefficients_field_modulus_range re)) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in let i:usize = i in let _:Prims.unit = assert (8 * v i + 8 <= 128) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve @@ -240,8 +219,6 @@ let compress_then_serialize_4_ let hax_temp_output:Prims.unit = result in serialized -#pop-options - #push-options "--admit_smt_queries true" let compress_then_serialize_5_ @@ -252,14 +229,13 @@ let compress_then_serialize_5_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = - let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - (fun serialized i -> + (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in - let i:usize = i in - (Core.Slice.impl__len #u8 serialized <: usize) =. v__serialized_len <: bool) + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -320,23 +296,16 @@ let compress_then_serialize_message (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in let i:usize = i in - v i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in let i:usize = i in let _:Prims.unit = assert (2 * v i + 2 <= 32) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) @@ -378,8 +347,6 @@ let compress_then_serialize_message let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" - let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) (#v_Vector: Type0) @@ -402,10 +369,6 @@ let compress_then_serialize_ring_element_u <: Rust_primitives.Hax.t_Never) -#pop-options - -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" - let compress_then_serialize_ring_element_v (v_COMPRESSION_FACTOR v_OUT_LEN: usize) (#v_Vector: Type0) @@ -435,8 +398,6 @@ let compress_then_serialize_ring_element_v in out -#pop-options - let deserialize_then_decompress_10_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -892,8 +853,6 @@ let deserialize_to_uncompressed_ring_element in re -#push-options "--fuel 0 --ifuel 0 --z3rlimit 500" - let serialize_uncompressed_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -909,24 +868,16 @@ let serialize_uncompressed_ring_element (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in let i:usize = i in - v i >= 0 /\ v i <= 16 /\ - (v i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in let i:usize = i in let _:Prims.unit = assert (24 * v i + 24 <= 384) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) @@ -962,5 +913,3 @@ let serialize_uncompressed_ring_element let result:t_Array u8 (sz 384) = serialized in let _:Prims.unit = admit () (* Panic freedom *) in result - -#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 15846a26a..be80d6dac 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -9,19 +9,26 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +[@@ "opaque_to_smt"] +let field_modulus_range (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (a: v_Vector) = + let coef = Libcrux_ml_kem.Vector.Traits.f_to_i16_array a in + forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index coef i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + +[@@ "opaque_to_smt"] +let coefficients_field_modulus_range (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i) + val to_unsigned_field_modulus (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a: v_Vector) : Prims.Pure v_Vector - (requires - forall (i: nat). - i < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + (requires field_modulus_range a) (ensures fun result -> let result:v_Vector = result in @@ -37,21 +44,7 @@ val compress_then_serialize_10_ {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) - (requires - v v_OUT_LEN == 320 /\ - (forall (i: nat). - i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + (requires v v_OUT_LEN == 320 /\ coefficients_field_modulus_range re) (fun _ -> Prims.l_True) val compress_then_serialize_11_ @@ -67,22 +60,11 @@ val compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires - Seq.length serialized == 128 /\ - (forall (i: nat). - i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) - (fun _ -> Prims.l_True) + (requires Seq.length serialized == 128 /\ coefficients_field_modulus_range re) + (ensures + fun serialized_future -> + let serialized_future:t_Slice u8 = serialized_future in + Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized) val compress_then_serialize_5_ (#v_Vector: Type0) @@ -91,27 +73,17 @@ val compress_then_serialize_5_ (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) - (fun _ -> Prims.l_True) + (ensures + fun serialized_future -> + let serialized_future:t_Slice u8 = serialized_future in + Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized) val compress_then_serialize_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 (sz 32)) - (requires - forall (i: nat). - i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + (requires coefficients_field_modulus_range re) (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_u @@ -122,20 +94,7 @@ val compress_then_serialize_ring_element_u : Prims.Pure (t_Array u8 v_OUT_LEN) (requires (v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11) /\ - v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ - (forall (i: nat). - i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ coefficients_field_modulus_range re) (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v @@ -148,19 +107,7 @@ val compress_then_serialize_ring_element_v (requires (v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5) /\ v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ Seq.length out == v v_OUT_LEN /\ - (forall (i: nat). - i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS))) + coefficients_field_modulus_range re) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in @@ -269,18 +216,5 @@ val serialize_uncompressed_ring_element {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 (sz 384)) - (requires - forall (i: nat). - i < 16 ==> - (forall (j: nat). - j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) >= - - - (v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re - .Libcrux_ml_kem.Polynomial.f_coefficients.[ sz i ]) - j) < - v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + (requires coefficients_field_modulus_range re) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 73dd1d799..0a135cf42 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -208,8 +208,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (fun (vector: t_SIMD256Vector) -> forall (i: nat). i < 16 ==> - v (Seq.index (impl.f_repr vector) i) >= 0 /\ - v (Seq.index (impl.f_repr vector) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS); + v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329); f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> @@ -232,8 +231,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = v v_COEFFICIENT_BITS == 11) /\ (forall (i: nat). i < 16 ==> - v (Seq.index (impl.f_repr vector) i) >= 0 /\ - v (Seq.index (impl.f_repr vector) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)); + v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329 + )); f_compress_post = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index 3de4509e5..938330976 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -53,9 +53,7 @@ val compress (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ v v_COEFFICIENT_BITS == 11) /\ (forall (i: nat). - i < 16 ==> - v (Seq.index a.f_elements i) >= 0 /\ - v (Seq.index a.f_elements i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)) + i < 16 ==> v (Seq.index a.f_elements i) >= 0 /\ v (Seq.index a.f_elements i) < 3329)) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in @@ -68,9 +66,7 @@ val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires forall (i: nat). - i < 16 ==> - v (Seq.index a.f_elements i) >= 0 /\ - v (Seq.index a.f_elements i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + i < 16 ==> v (Seq.index a.f_elements i) >= 0 /\ v (Seq.index a.f_elements i) < 3329) (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index eed6ec9d6..a9947aa86 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -297,6 +297,9 @@ let deserialize_1_lemma inputs = #pop-options +let deserialize_1_bounded_lemma inputs = + admit() + let deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } @@ -348,6 +351,9 @@ let deserialize_10_lemma inputs = #pop-options +let deserialize_10_bounded_lemma inputs = + admit() + let deserialize_11_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } @@ -471,6 +477,9 @@ let deserialize_12_lemma inputs = #pop-options +let deserialize_12_bounded_lemma inputs = + admit() + let deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } @@ -522,6 +531,9 @@ let deserialize_4_lemma inputs = #pop-options +let deserialize_4_bounded_lemma inputs = + admit() + let deserialize_5_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 16fd7000e..6f7c4897d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -61,6 +61,9 @@ val deserialize_1_ (v: t_Slice u8) val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) +val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) + val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 20) @@ -69,6 +72,9 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) +val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) + val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 22) @@ -82,6 +88,9 @@ val deserialize_12_ (bytes: t_Slice u8) val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_12_ inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) +val deserialize_12_bounded_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_12_ inputs).f_elements i) 12) + val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 8) @@ -90,6 +99,9 @@ val deserialize_4_ (bytes: t_Slice u8) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) +val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) + val deserialize_5_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 10) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 3ffb27cb0..2c4690115 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 400" +#push-options "--z3rlimit 200" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations @@ -226,9 +226,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> forall (i: nat). - i < 16 ==> - v (Seq.index (impl.f_repr a) i) >= 0 /\ - v (Seq.index (impl.f_repr a) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS); + i < 16 ==> v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329); f_compress_1_post = (fun @@ -250,8 +248,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v v_COEFFICIENT_BITS == 11) /\ (forall (i: nat). i < 16 ==> - v (Seq.index (impl.f_repr a) i) >= 0 /\ - v (Seq.index (impl.f_repr a) i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)); + v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329)); f_compress_post = (fun @@ -510,6 +507,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); f_serialize_4_pre = @@ -540,6 +538,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); f_serialize_5_pre = @@ -588,6 +587,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + let _:Prims.unit = + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a + in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); f_serialize_11_pre = @@ -636,6 +638,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + let _:Prims.unit = + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a + in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); f_rej_sample_pre = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index ab5746891..1394dbd46 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -5,6 +5,8 @@ open FStar.Mul #push-options "--z3rlimit 50" +#push-options "--admit_smt_queries true" + let decompress_1_ (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) @@ -31,6 +33,8 @@ let decompress_1_ #pop-options +#pop-options + let montgomery_multiply_fe (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) @@ -48,6 +52,8 @@ let to_standard_domain v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS +#push-options "--admit_smt_queries true" + let to_unsigned_representative (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) @@ -57,6 +63,6 @@ let to_unsigned_representative let fm:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in - let result:v_T = f_add #v_T #FStar.Tactics.Typeclasses.solve a fm in - let _:Prims.unit = admit () (* Panic freedom *) in - result + f_add #v_T #FStar.Tactics.Typeclasses.solve a fm + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index dd493a634..48acb8256 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -436,8 +436,8 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) : Prims.Pure v_T - (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) - (ensures + (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) + (ensures fun result -> let result:v_T = result in f_to_i16_array result == diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst index dabcb0f5c..128981634 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.Math.fst @@ -275,7 +275,7 @@ let serialize_post (coefficients: t_Array i16 (sz 16) { serialize_pre d1 coefficients }) (output: t_Array u8 (sz (d1 * 2))) = BitVecEq.int_t_array_bitwise_eq coefficients d1 - output 8 + output 8 // TODO: this is an alternative version of byte_decode // rename to decoded bytes @@ -284,5 +284,6 @@ let deserialize_post (bytes: t_Array u8 (sz (d1 * 2))) (output: t_Array i16 (sz 16)) = BitVecEq.int_t_array_bitwise_eq bytes 8 - output d1 + output d1 /\ + forall (i:nat). i < 16 ==> bounded (Seq.index output i) d1 #pop-options diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 4673dca06..493839a6c 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -291,12 +291,13 @@ pub(crate) fn generate_keypair< /// Call [`compress_then_serialize_ring_element_u`] on each ring element. #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::fstar::options("--z3rlimit 200")] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ $COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ - ${out.len()} == $OUT_LEN"))] + ${out.len()} == $OUT_LEN /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input i))"))] #[hax_lib::ensures(|_| fstar!("$out_future == Spec.MLKEM.compress_then_encode_u #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $input)") @@ -317,7 +318,8 @@ fn compress_then_serialize_u< // for the following bug https://github.com/hacspec/hax/issues/720 cloop! { for (i, re) in input.into_iter().enumerate() { - hax_lib::loop_invariant!(|i: usize| out.len() == OUT_LEN); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < v $K ==> (Seq.length out == v $OUT_LEN /\\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $input (v $i)))") }); out[i * (OUT_LEN / K)..(i + 1) * (OUT_LEN / K)].copy_from_slice( &compress_then_serialize_ring_element_u::(&re), ); diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index c9f071153..6779d0e7f 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -6,34 +6,43 @@ use crate::{ }; #[inline(always)] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] +let coefficients_field_modulus_range (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i)")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] +let field_modulus_range (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (a: v_Vector) = + let coef = Libcrux_ml_kem.Vector.Traits.f_to_i16_array a in + forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v $FIELD_MODULUS) /\\ + v (Seq.index coef i) < v $FIELD_MODULUS")] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) < v $FIELD_MODULUS"))] +#[hax_lib::requires(fstar!("field_modulus_range $a"))] #[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) >= 0 /\\ v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $result) i) < v $FIELD_MODULUS"))] pub(super) fn to_unsigned_field_modulus( a: Vector, ) -> Vector { + hax_lib::fstar!("reveal_opaque (`%field_modulus_range) (field_modulus_range #$:Vector)"); to_unsigned_representative::(a) } #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> - (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS)"))] +#[hax_lib::requires(fstar!("coefficients_field_modulus_range $re"))] pub(super) fn compress_then_serialize_message( re: PolynomialRingElement, ) -> [u8; SHARED_SECRET_SIZE] { let mut serialized = [0u8; SHARED_SECRET_SIZE]; for i in 0..16 { - hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < 16 ==> (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS)") }); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i < 16 ==> + coefficients_field_modulus_range $re") }); hax_lib::fstar!("assert (2 * v $i + 2 <= 32)"); + hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #$:Vector)"); let coefficient = to_unsigned_field_modulus(re.coefficients[i]); let coefficient_compressed = Vector::compress_1(coefficient); @@ -43,6 +52,7 @@ pub(super) fn compress_then_serialize_message( serialized } + #[inline(always)] #[hax_lib::fstar::verification_status(lax)] pub(super) fn deserialize_then_decompress_message( @@ -58,21 +68,18 @@ pub(super) fn deserialize_then_decompress_message( #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] -#[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> - (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS)"))] +#[hax_lib::requires(fstar!("coefficients_field_modulus_range $re"))] pub(super) fn serialize_uncompressed_ring_element( re: &PolynomialRingElement, ) -> [u8; BYTES_PER_RING_ELEMENT] { hax_lib::fstar!("assert_norm (pow2 12 == 4096)"); let mut serialized = [0u8; BYTES_PER_RING_ELEMENT]; for i in 0..VECTORS_IN_RING_ELEMENT { - hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ (v $i < 16 ==> (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS))") }); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ + v $i < 16 ==> coefficients_field_modulus_range $re") }); hax_lib::fstar!("assert (24 * v $i + 24 <= 384)"); + hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #$:Vector)"); let coefficient = to_unsigned_field_modulus(re.coefficients[i]); let bytes = Vector::serialize_12(coefficient); @@ -152,21 +159,18 @@ pub(super) fn deserialize_ring_elements_reduced< #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] -#[hax_lib::requires(fstar!("v $OUT_LEN == 320 /\\ (forall (i:nat). i < 16 ==> - (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] +#[hax_lib::requires(fstar!("v $OUT_LEN == 320 /\\ coefficients_field_modulus_range $re"))] fn compress_then_serialize_10( re: &PolynomialRingElement, ) -> [u8; OUT_LEN] { hax_lib::fstar!("assert_norm (pow2 10 == 1024)"); let mut serialized = [0u8; OUT_LEN]; for i in 0..VECTORS_IN_RING_ELEMENT { - hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ (v $i < 16 ==> (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS))") }); + hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ + v $i < 16 ==> coefficients_field_modulus_range $re") }); hax_lib::fstar!("assert (20 * v $i + 20 <= 320)"); + hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #$:Vector)"); let coefficient = Vector::compress::<10>(to_unsigned_field_modulus(re.coefficients[i])); @@ -193,11 +197,8 @@ fn compress_then_serialize_11( } #[inline(always)] -#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] -#[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ - (forall (i:nat). i < 16 ==> (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] +#[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 10 \\/ v $COMPRESSION_FACTOR == 11) /\\ + v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ coefficients_field_modulus_range $re"))] pub(super) fn compress_then_serialize_ring_element_u< const COMPRESSION_FACTOR: usize, const OUT_LEN: usize, @@ -218,26 +219,25 @@ pub(super) fn compress_then_serialize_ring_element_u< #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] -#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] -#[hax_lib::requires(fstar!("Seq.length $serialized == 128 /\\ (forall (i:nat). i < 16 ==> - (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] +#[hax_lib::requires(fstar!("Seq.length $serialized == 128 /\\ + coefficients_field_modulus_range $re"))] +#[hax_lib::ensures(|_| + fstar!("${serialized_future.len()} == ${serialized.len()}") +)] fn compress_then_serialize_4( re: PolynomialRingElement, serialized: &mut [u8], ) { hax_lib::fstar!("assert_norm (pow2 4 == 16)"); - let _serialized_len = serialized.len(); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { // NOTE: Using `$serialized` in loop_invariant doesn't work here hax_lib::loop_invariant!(|i: usize| { fstar!("v $i >= 0 /\\ v $i <= 16 /\\ - Seq.length serialized == v $_serialized_len /\\ (v $i < 16 ==> (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[i]) j) < v $FIELD_MODULUS))") }); + v $i < 16 ==> (Seq.length serialized == 128 /\\ coefficients_field_modulus_range $re)") }); hax_lib::fstar!("assert (8 * v $i + 8 <= 128)"); + hax_lib::fstar!("reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #$:Vector)"); let coefficient = Vector::compress::<4>(to_unsigned_field_modulus(re.coefficients[i])); @@ -252,15 +252,16 @@ fn compress_then_serialize_4( #[hax_lib::requires( serialized.len() == 160 )] +#[hax_lib::ensures(|_| + fstar!("${serialized_future.len()} == ${serialized.len()}") +)] fn compress_then_serialize_5( re: PolynomialRingElement, serialized: &mut [u8], ) { - let _serialized_len = serialized.len(); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for i in 0..VECTORS_IN_RING_ELEMENT { - hax_lib::loop_invariant!(|i: usize| serialized.len() == _serialized_len); let coefficients = Vector::compress::<5>(to_unsigned_representative::(re.coefficients[i])); @@ -271,11 +272,8 @@ fn compress_then_serialize_5( } #[inline(always)] -#[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 500")] #[hax_lib::requires(fstar!("(v $COMPRESSION_FACTOR == 4 \\/ v $COMPRESSION_FACTOR == 5) /\\ v $OUT_LEN == 32 * v $COMPRESSION_FACTOR /\\ - Seq.length $out == v $OUT_LEN /\\ (forall (i:nat). i < 16 ==> (forall (j:nat). j < 16 ==> - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) >= -(v $FIELD_MODULUS) /\\ - v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array ${re.coefficients}.[sz i]) j) < v $FIELD_MODULUS))"))] + Seq.length $out == v $OUT_LEN /\\ coefficients_field_modulus_range $re"))] #[hax_lib::ensures(|_| fstar!("${out_future.len()} == ${out.len()}") )] diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 3306c8433..8f73537cf 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -142,7 +142,7 @@ impl Operations for SIMD256Vector { } #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\ - v (Seq.index (impl.f_repr $vector) i) < v $FIELD_MODULUS"))] + v (Seq.index (impl.f_repr $vector) i) < 3329"))] #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))] fn compress_1(vector: Self) -> Self { hax_lib::fstar!("admit()"); @@ -156,7 +156,7 @@ impl Operations for SIMD256Vector { v $COEFFICIENT_BITS == 10 \\/ v $COEFFICIENT_BITS == 11) /\\ (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $vector) i) >= 0 /\\ - v (Seq.index (impl.f_repr $vector) i) < v $FIELD_MODULUS)"))] + v (Seq.index (impl.f_repr $vector) i) < 3329)"))] #[ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/ v $COEFFICIENT_BITS == 5 \\/ v $COEFFICIENT_BITS == 10 \\/ diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 16d99dba7..6a631d556 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -99,7 +99,7 @@ impl Operations for PortableVector { } #[requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\ - v (Seq.index (impl.f_repr $a) i) < v $FIELD_MODULUS"))] + v (Seq.index (impl.f_repr $a) i) < 3329"))] #[ensures(|out| fstar!("forall (i:nat). i < 16 ==> bounded (Seq.index (impl.f_repr $out) i) 1"))] fn compress_1(a: Self) -> Self { compress_1(a) @@ -110,7 +110,7 @@ impl Operations for PortableVector { v $COEFFICIENT_BITS == 10 \\/ v $COEFFICIENT_BITS == 11) /\\ (forall (i:nat). i < 16 ==> v (Seq.index (impl.f_repr $a) i) >= 0 /\\ - v (Seq.index (impl.f_repr $a) i) < v $FIELD_MODULUS)"))] + v (Seq.index (impl.f_repr $a) i) < 3329)"))] #[ensures(|out| fstar!("(v $COEFFICIENT_BITS == 4 \\/ v $COEFFICIENT_BITS == 5 \\/ v $COEFFICIENT_BITS == 10 \\/ @@ -199,6 +199,7 @@ impl Operations for PortableVector { #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a"); deserialize_1(a) } @@ -214,6 +215,7 @@ impl Operations for PortableVector { #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a"); deserialize_4(a) } @@ -237,6 +239,7 @@ impl Operations for PortableVector { #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a"); deserialize_10(a) } @@ -260,6 +263,7 @@ impl Operations for PortableVector { #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a"); deserialize_12(a) } diff --git a/libcrux-ml-kem/src/vector/portable/compress.rs b/libcrux-ml-kem/src/vector/portable/compress.rs index 8183d26d5..fa8e5a0ee 100644 --- a/libcrux-ml-kem/src/vector/portable/compress.rs +++ b/libcrux-ml-kem/src/vector/portable/compress.rs @@ -94,7 +94,7 @@ let compress_message_coefficient_range_helper (fe: u16) : Lemma "))] #[hax_lib::fstar::options("--fuel 0 --ifuel 0 --z3rlimit 2000")] #[hax_lib::requires(fstar!("forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\ - v (Seq.index ${a}.f_elements i) < v $FIELD_MODULUS"))] + v (Seq.index ${a}.f_elements i) < 3329"))] #[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\ v (${result}.f_elements.[ sz i ] <: i16) < 2"))] pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector { @@ -123,7 +123,7 @@ pub(crate) fn compress_1(mut a: PortableVector) -> PortableVector { v $COEFFICIENT_BITS == 10 \\/ v $COEFFICIENT_BITS == 11) /\\ (forall (i:nat). i < 16 ==> v (Seq.index ${a}.f_elements i) >= 0 /\\ - v (Seq.index ${a}.f_elements i) < v $FIELD_MODULUS)"))] + v (Seq.index ${a}.f_elements i) < 3329)"))] #[hax_lib::ensures(|result| fstar!("forall (i:nat). i < 16 ==> v (${result}.f_elements.[ sz i ] <: i16) >= 0 /\\ v (${result}.f_elements.[ sz i ] <: i16) < pow2 (v $COEFFICIENT_BITS))"))] pub(crate) fn compress(mut a: PortableVector) -> PortableVector { diff --git a/libcrux-ml-kem/src/vector/portable/serialize.rs b/libcrux-ml-kem/src/vector/portable/serialize.rs index e10194a40..151c1b31b 100644 --- a/libcrux-ml-kem/src/vector/portable/serialize.rs +++ b/libcrux-ml-kem/src/vector/portable/serialize.rs @@ -59,6 +59,16 @@ pub(crate) fn serialize_1(v: PortableVector) -> [u8; 2] { ] } +//deserialize_1_bounded_lemma +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_1} inputs).f_elements i) 1) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +let deserialize_1_bounded_lemma inputs = + admit() +"))] +//deserialize_1_lemma #[cfg_attr(hax, hax_lib::fstar::after(interface, " val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma (ensures bit_vec_of_int_t_array (${deserialize_1} inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) @@ -73,6 +83,7 @@ let deserialize_1_lemma inputs = #pop-options "))] +//deserialize_1_bit_vec_lemma #[cfg_attr(hax, hax_lib::fstar::after(" #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" @@ -200,6 +211,16 @@ pub(crate) fn deserialize_4_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (v0, v1, v2, v3, v4, v5, v6, v7) } +//deserialize_4_bounded_lemma +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_4} inputs).f_elements i) 4) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +let deserialize_4_bounded_lemma inputs = + admit() +"))] +//deserialize_4_lemma #[cfg_attr(hax, hax_lib::fstar::after(interface, " val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (${deserialize_4} inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) @@ -214,6 +235,7 @@ let deserialize_4_lemma inputs = #pop-options "))] +//deserialize_4_bit_vec_lemma #[cfg_attr(hax, hax_lib::fstar::after(" #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" @@ -454,6 +476,16 @@ pub(crate) fn deserialize_10_int(bytes: &[u8]) -> (i16, i16, i16, i16, i16, i16, (r0, r1, r2, r3, r4, r5, r6, r7) } +//deserialize_10_bounded_lemma +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_10} inputs).f_elements i) 10) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +let deserialize_10_bounded_lemma inputs = + admit() +"))] +//deserialize_10_lemma #[cfg_attr(hax, hax_lib::fstar::after(interface, " val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (${deserialize_10} inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) @@ -468,6 +500,7 @@ let deserialize_10_lemma inputs = #pop-options "))] +//deserialize_10_bit_vec_lemma #[cfg_attr(hax, hax_lib::fstar::after(" #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" @@ -711,6 +744,16 @@ pub(crate) fn deserialize_12_int(bytes: &[u8]) -> (i16, i16) { (r0, r1) } +//deserialize_12_bounded_lemma +#[cfg_attr(hax, hax_lib::fstar::after(interface, " +val deserialize_12_bounded_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (${deserialize_12} inputs).f_elements i) 12) +"))] +#[cfg_attr(hax, hax_lib::fstar::after(" +let deserialize_12_bounded_lemma inputs = + admit() +"))] +//deserialize_12_lemma #[cfg_attr(hax, hax_lib::fstar::after(interface, " val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma (ensures bit_vec_of_int_t_array (${deserialize_12} inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) @@ -725,6 +768,7 @@ let deserialize_12_lemma inputs = #pop-options "))] +//deserialize_12_bit_vec_lemma #[cfg_attr(hax, hax_lib::fstar::after(" #push-options \"--compat_pre_core 2 --z3rlimit 300 --z3refresh\" diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 6c8a2cb21..dacbec1a3 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -223,16 +223,17 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("f_to_i16_array $result == Spec.Utils.map2 (+.) (f_to_i16_array $a) (Spec.Utils.map_array (fun x -> (x >>! 15l) &. $FIELD_MODULUS) (f_to_i16_array $a))"))] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); let fm = T::bitwise_and_with_constant(t, FIELD_MODULUS); T::add(a, &fm) } +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::fstar::options("--z3rlimit 50")] #[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] From a0a7d89f298a757de9c8e0c4ea9792ddb664fa4d Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 22 Sep 2024 19:18:51 +0000 Subject: [PATCH 305/348] Use `fold-enum-slice` hax branch --- Cargo.lock | 22 +++++++++++----------- Cargo.toml | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index f5c2c65ea..1ba626ec1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -191,9 +191,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.1.18" +version = "1.1.21" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b62ac837cdb5cb22e10a256099b4fc502b1dfe560cb282963a974d7abd80e476" +checksum = "07b1695e2c7e8fc85310cde85aeaab7e3097f593c91d209d3f9df76c928100f0" dependencies = [ "jobserver", "libc", @@ -290,9 +290,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.17" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e5a21b8495e732f1b3c364c9949b201ca7bae518c502c80256c96ad79eaf6ac" +checksum = "b0956a43b323ac1afaffc053ed5c4b7c1f1800bacd1683c353aabbb752515dd3" dependencies = [ "clap_builder", "clap_derive", @@ -300,9 +300,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.17" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cf2dd12af7a047ad9d6da2b6b249759a22a7abc0f474c1dae1777afa4b21a73" +checksum = "4d72166dd41634086d5803a47eb71ae740e61d84709c36f3c34110173db3961b" dependencies = [ "anstream", "anstyle", @@ -312,9 +312,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.13" +version = "4.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0" +checksum = "4ac6a0c7b1a9e9a5186361f67dfa1b88213572f427fb9ab038efb2bd8c582dab" dependencies = [ "heck", "proc-macro2", @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" +source = "git+https://github.com/hacspec/hax/?branch=fold-enum-slice#0bb2f9bdce8f36cecd87a0adb59a975ddf660fca" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" +source = "git+https://github.com/hacspec/hax/?branch=fold-enum-slice#0bb2f9bdce8f36cecd87a0adb59a975ddf660fca" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#9313dbaa10a1c769daded71b641cf1d4854c8dfb" +source = "git+https://github.com/hacspec/hax/?branch=fold-enum-slice#0bb2f9bdce8f36cecd87a0adb59a975ddf660fca" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index 1b8317ec1..bfa8a2d6e 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -79,8 +79,8 @@ getrandom = { version = "0.2", features = ["js"], optional = true } # This is only required when doing proofs. #[target.'cfg(hax)'.dependencies] [workspace.dependencies] -hax-lib-macros = { git = "https://github.com/hacspec/hax", branch = "main" } -hax-lib = { git = "https://github.com/hacspec/hax/", branch = "main" } +hax-lib-macros = { git = "https://github.com/hacspec/hax", branch = "fold-enum-slice" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "fold-enum-slice" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } From 737bf435cc71dfa8e0b385ec5da962532a46f6e1 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 23 Sep 2024 06:33:05 +0000 Subject: [PATCH 306/348] Use main branch of hax --- Cargo.lock | 6 +++--- Cargo.toml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 1ba626ec1..de7055b90 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=fold-enum-slice#0bb2f9bdce8f36cecd87a0adb59a975ddf660fca" +source = "git+https://github.com/hacspec/hax/?branch=main#0bd125aa5ab3ce2400ac3e01072710bb628b270f" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=fold-enum-slice#0bb2f9bdce8f36cecd87a0adb59a975ddf660fca" +source = "git+https://github.com/hacspec/hax/?branch=main#0bd125aa5ab3ce2400ac3e01072710bb628b270f" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=fold-enum-slice#0bb2f9bdce8f36cecd87a0adb59a975ddf660fca" +source = "git+https://github.com/hacspec/hax/?branch=main#0bd125aa5ab3ce2400ac3e01072710bb628b270f" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index bfa8a2d6e..1b8317ec1 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -79,8 +79,8 @@ getrandom = { version = "0.2", features = ["js"], optional = true } # This is only required when doing proofs. #[target.'cfg(hax)'.dependencies] [workspace.dependencies] -hax-lib-macros = { git = "https://github.com/hacspec/hax", branch = "fold-enum-slice" } -hax-lib = { git = "https://github.com/hacspec/hax/", branch = "fold-enum-slice" } +hax-lib-macros = { git = "https://github.com/hacspec/hax", branch = "main" } +hax-lib = { git = "https://github.com/hacspec/hax/", branch = "main" } [dev-dependencies] libcrux = { path = ".", features = ["rand", "tests"] } From c7c3b3e5e40dc188bd55a798bdca9673f44db161 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 23 Sep 2024 06:39:22 +0000 Subject: [PATCH 307/348] Remove `use crate::vector::FIELD_MODULUS` --- libcrux-ml-kem/src/vector/avx2.rs | 2 -- libcrux-ml-kem/src/vector/portable.rs | 2 -- 2 files changed, 4 deletions(-) diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 8f73537cf..907f14ecd 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -7,8 +7,6 @@ mod ntt; mod sampling; mod serialize; -use crate::vector::FIELD_MODULUS; - #[derive(Clone, Copy)] #[hax_lib::fstar::before(interface,"noeq")] #[hax_lib::fstar::after(interface,"let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 6a631d556..0c1d07d1e 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -15,8 +15,6 @@ use vector_type::*; pub(crate) use vector_type::PortableVector; -use crate::vector::FIELD_MODULUS; - #[cfg(hax)] impl crate::vector::traits::Repr for PortableVector { fn repr(x: Self) -> [i16; 16] { From ec66aac38b08189f6af07b83cb322c228ab537d4 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 23 Sep 2024 07:34:15 +0000 Subject: [PATCH 308/348] Update serialize.rs --- .../fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst | 4 ---- .../extraction/Libcrux_ml_kem.Serialize.fst | 16 ++++++---------- libcrux-ml-kem/src/serialize.rs | 4 ++-- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 245a00761..7246b601c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -197,8 +197,6 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--z3rlimit 200" - let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) (#v_Vector: Type0) @@ -265,8 +263,6 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out -#pop-options - #push-options "--admit_smt_queries true" let deserialize_then_decompress_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 2226342d3..c2604b65e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -617,8 +617,6 @@ let deserialize_then_decompress_5_ in re -#push-options "--admit_smt_queries true" - let deserialize_then_decompress_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -669,9 +667,9 @@ let deserialize_then_decompress_message in re) in - re - -#pop-options + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) @@ -715,8 +713,6 @@ let deserialize_then_decompress_ring_element_v <: Rust_primitives.Hax.t_Never) -#push-options "--admit_smt_queries true" - let deserialize_to_reduced_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -763,9 +759,9 @@ let deserialize_to_reduced_ring_element in re) in - re - -#pop-options + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_ring_elements_reduced (v_K: usize) diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index 6779d0e7f..55c49e527 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -54,7 +54,7 @@ pub(super) fn compress_then_serialize_message( } #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] pub(super) fn deserialize_then_decompress_message( serialized: [u8; SHARED_SECRET_SIZE], ) -> PolynomialRingElement { @@ -111,7 +111,7 @@ pub(super) fn deserialize_to_uncompressed_ring_element( /// /// This MUST NOT be used with secret inputs, like its caller `deserialize_ring_elements_reduced`. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires( serialized.len() == BYTES_PER_RING_ELEMENT )] From aee4c5b7de9c48eb0e6bf3165f40564521abfe75 Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 23 Sep 2024 07:40:56 +0000 Subject: [PATCH 309/348] Update traits.rs --- libcrux-ml-kem/src/vector/traits.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 9d4ce44c3..8239a12db 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -223,7 +223,6 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } -#[hax_lib::fstar::verification_status(lax)] #[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("forall i. From 57abb85fdce169f551d14aa281e644ad9b42c600 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Mon, 23 Sep 2024 08:56:29 +0000 Subject: [PATCH 310/348] update C code --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 18 + libcrux-ml-kem/c/internal/libcrux_core.h | 45 +- .../c/internal/libcrux_mlkem_avx2.h | 10 +- .../c/internal/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 138 +++--- libcrux-ml-kem/c/libcrux_core.c | 52 ++- libcrux-ml-kem/c/libcrux_core.h | 17 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 403 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 397 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 50 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- libcrux-ml-kem/cg/code_gen.txt | 10 +- libcrux-ml-kem/cg/eurydice_glue.h | 3 + libcrux-ml-kem/cg/libcrux_core.h | 52 ++- libcrux-ml-kem/cg/libcrux_ct_ops.h | 10 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 296 ++++++------- .../cg/libcrux_mlkem768_avx2_types.h | 74 ++-- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 290 +++++++------ .../cg/libcrux_mlkem768_portable_types.h | 80 ++-- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 22 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 178 ++++---- 44 files changed, 1244 insertions(+), 1163 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 3f94b9400..12d9d454e 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 660918c54..ad026b9e1 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -130,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -137,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -188,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -210,6 +225,9 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index f8f5af4ba..eaff82347 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_core_H @@ -291,14 +291,15 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -382,14 +383,15 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -405,14 +407,15 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -428,14 +431,15 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -451,14 +455,15 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index f147d9e53..49e1f29a2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index d42bef246..f3a967c5f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 689e36ba6..ff78ba53c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 07b17390c..063a10640 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -258,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -292,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -362,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -422,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -496,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -650,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -712,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -746,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -816,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -873,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -944,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1130,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -1205,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1242,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -1324,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1361,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 036632ec8..9b9cd41ce 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_core.h" @@ -390,14 +390,15 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -519,14 +520,15 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -539,14 +541,15 @@ void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -559,14 +562,15 @@ void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -579,14 +583,15 @@ void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -599,14 +604,15 @@ void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 38e88f4b5..9d39b6164 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_core_H @@ -197,14 +197,15 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 1e9c333ae..4f564c146 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 2baeeeeb6..65f4818c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index f0e9dd8a6..5552a8b63 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 331428cc2..01b6def3f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index e525f91c8..da249a492 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 69da40f05..75bb82159 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 7d6dc8938..9e27b56f2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index c01cba19e..4b8af1f2a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index c6d9cc60a..39e4b67b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 51eb9d7bf..3f156c570 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 50ffc92a0..172185891 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 15e7950f8..1033e69a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index d43dc5b54..4d8d496ac 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 0527bf446..4f102ff81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c86540cb9..a3cebbef2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b3cae06b5..18db095f7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_mlkem_avx2.h" @@ -603,7 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + core_result_unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -694,7 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + core_result_unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -797,7 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + core_result_unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -924,7 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + core_result_unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1031,15 +1031,16 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1068,7 +1069,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_ec(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1117,7 +1118,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_851( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_3d1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -1329,19 +1330,19 @@ typedef struct IndCpaPrivateKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_f6_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); - lit.secret_as_ntt[2U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[2U] = ZERO_ef_7d(); return lit; } @@ -1360,33 +1361,33 @@ typedef struct IndCpaPublicKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_85_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[0U][2U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); - lit.A[1U][2U] = ZERO_20_7d(); - lit.A[2U][0U] = ZERO_20_7d(); - lit.A[2U][1U] = ZERO_20_7d(); - lit.A[2U][2U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[0U][2U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[1U][2U] = ZERO_ef_7d(); + lit.A[2U][0U] = ZERO_ef_7d(); + lit.A[2U][1U] = ZERO_ef_7d(); + lit.A[2U][2U] = ZERO_ef_7d(); return lit; } @@ -1716,17 +1717,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); +from_i16_array_ef_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1745,7 +1747,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1930,7 +1932,7 @@ sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1974,7 +1976,7 @@ sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2125,15 +2127,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_09( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2159,7 +2162,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -2216,7 +2219,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2237,18 +2240,19 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2267,15 +2271,16 @@ ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_311( +static KRML_MUSTINLINE void add_to_ring_element_ef_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2302,15 +2307,16 @@ static __m256i to_standard_domain_c1(__m256i v) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_ba( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2344,7 +2350,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -2357,10 +2363,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_311(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2413,7 +2419,7 @@ static void generate_keypair_unpacked_4a1( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -2431,8 +2437,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_f6_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_85_801(); + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; serialize_public_key_391( @@ -2583,7 +2589,7 @@ static KRML_MUSTINLINE tuple_b0 sample_ring_element_cbd_461(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2763,20 +2769,21 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_4a1( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_84( +static KRML_MUSTINLINE void add_error_reduce_ef_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2804,7 +2811,7 @@ static KRML_MUSTINLINE void compute_vector_u_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2824,11 +2831,11 @@ static KRML_MUSTINLINE void compute_vector_u_a91( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_311(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_311(&result0[i1], &product); } invert_ntt_montgomery_4a1(&result0[i1]); - add_error_reduce_20_84(&result0[i1], &error_1[i1]); + add_error_reduce_ef_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2860,7 +2867,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2874,16 +2881,17 @@ deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_b0( +add_message_error_reduce_ef_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2915,13 +2923,13 @@ compute_ring_element_v_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_311(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); invert_ntt_montgomery_4a1(&result); - result = add_message_error_reduce_20_b0(error_2, message, result); + result = add_message_error_reduce_ef_b0(error_2, message, result); return result; } @@ -3381,7 +3389,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_601(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_85_801(); + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); deserialize_ring_elements_reduced_3d1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -3500,7 +3508,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3522,7 +3530,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_941( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3609,7 +3617,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_2d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3689,7 +3697,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_57(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -3728,7 +3736,7 @@ static KRML_MUSTINLINE void ntt_vector_u_600( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -3744,7 +3752,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3833,7 +3841,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_39(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3908,7 +3916,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_7b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3934,16 +3942,17 @@ deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3969,13 +3978,13 @@ compute_message_781( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_311(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); invert_ntt_montgomery_4a1(&result); - result = subtract_reduce_20_79(v, result); + result = subtract_reduce_ef_79(v, result); return result; } @@ -4209,7 +4218,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_850( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_3d(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -4363,20 +4372,20 @@ typedef struct IndCpaPrivateKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_f6_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); - lit.secret_as_ntt[2U] = ZERO_20_7d(); - lit.secret_as_ntt[3U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[2U] = ZERO_ef_7d(); + lit.secret_as_ntt[3U] = ZERO_ef_7d(); return lit; } @@ -4395,40 +4404,40 @@ typedef struct IndCpaPublicKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_85_80(void) { +static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[0U][2U] = ZERO_20_7d(); - lit.A[0U][3U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); - lit.A[1U][2U] = ZERO_20_7d(); - lit.A[1U][3U] = ZERO_20_7d(); - lit.A[2U][0U] = ZERO_20_7d(); - lit.A[2U][1U] = ZERO_20_7d(); - lit.A[2U][2U] = ZERO_20_7d(); - lit.A[2U][3U] = ZERO_20_7d(); - lit.A[3U][0U] = ZERO_20_7d(); - lit.A[3U][1U] = ZERO_20_7d(); - lit.A[3U][2U] = ZERO_20_7d(); - lit.A[3U][3U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[0U][2U] = ZERO_ef_7d(); + lit.A[0U][3U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[1U][2U] = ZERO_ef_7d(); + lit.A[1U][3U] = ZERO_ef_7d(); + lit.A[2U][0U] = ZERO_ef_7d(); + lit.A[2U][1U] = ZERO_ef_7d(); + lit.A[2U][2U] = ZERO_ef_7d(); + lit.A[2U][3U] = ZERO_ef_7d(); + lit.A[3U][0U] = ZERO_ef_7d(); + lit.A[3U][1U] = ZERO_ef_7d(); + lit.A[3U][2U] = ZERO_ef_7d(); + lit.A[3U][3U] = ZERO_ef_7d(); return lit; } @@ -4770,7 +4779,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4971,7 +4980,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4992,15 +5001,16 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_31( +static KRML_MUSTINLINE void add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5034,7 +5044,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5047,10 +5057,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_31(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5103,7 +5113,7 @@ static void generate_keypair_unpacked_4a( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5121,8 +5131,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_f6_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_85_80(); + IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; serialize_public_key_39( @@ -5273,7 +5283,7 @@ static KRML_MUSTINLINE tuple_71 sample_ring_element_cbd_46(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5337,7 +5347,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_4a( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -5353,7 +5363,7 @@ static KRML_MUSTINLINE void compute_vector_u_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5373,11 +5383,11 @@ static KRML_MUSTINLINE void compute_vector_u_a9( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_31(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_31(&result0[i1], &product); } invert_ntt_montgomery_4a(&result0[i1]); - add_error_reduce_20_84(&result0[i1], &error_1[i1]); + add_error_reduce_ef_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5400,13 +5410,13 @@ compute_ring_element_v_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_31(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); invert_ntt_montgomery_4a(&result); - result = add_message_error_reduce_20_b0(error_2, message, result); + result = add_message_error_reduce_ef_b0(error_2, message, result); return result; } @@ -5583,7 +5593,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_600(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_85_80(); + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); deserialize_ring_elements_reduced_3d( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -5705,7 +5715,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_940( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5756,7 +5766,7 @@ static KRML_MUSTINLINE void ntt_vector_u_60( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -5772,7 +5782,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5820,13 +5830,13 @@ compute_message_78( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_31(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); invert_ntt_montgomery_4a(&result); - result = subtract_reduce_20_79(v, result); + result = subtract_reduce_ef_79(v, result); return result; } @@ -6024,7 +6034,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_3d0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -6178,18 +6188,18 @@ typedef struct IndCpaPrivateKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_f6_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); return lit; } @@ -6208,28 +6218,28 @@ typedef struct IndCpaPublicKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_85_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); return lit; } @@ -6559,7 +6569,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6765,7 +6775,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6786,15 +6796,16 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_310( +static KRML_MUSTINLINE void add_to_ring_element_ef_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6828,7 +6839,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6841,10 +6852,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_310(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6897,7 +6908,7 @@ static void generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6915,8 +6926,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_f6_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_85_800(); + IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; serialize_public_key_390( @@ -7113,7 +7124,7 @@ static KRML_MUSTINLINE tuple_74 sample_ring_element_cbd_460(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7177,7 +7188,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_4a0( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -7193,7 +7204,7 @@ static KRML_MUSTINLINE void compute_vector_u_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7213,11 +7224,11 @@ static KRML_MUSTINLINE void compute_vector_u_a90( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_310(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_310(&result0[i1], &product); } invert_ntt_montgomery_4a0(&result0[i1]); - add_error_reduce_20_84(&result0[i1], &error_1[i1]); + add_error_reduce_ef_84(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7240,13 +7251,13 @@ compute_ring_element_v_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_310(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); invert_ntt_montgomery_4a0(&result); - result = add_message_error_reduce_20_b0(error_2, message, result); + result = add_message_error_reduce_ef_b0(error_2, message, result); return result; } @@ -7373,7 +7384,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_60(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_85_800(); + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); deserialize_ring_elements_reduced_3d0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -7495,7 +7506,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7532,7 +7543,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7569,13 +7580,13 @@ compute_message_780( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_310(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); invert_ntt_montgomery_4a0(&result); - result = subtract_reduce_20_79(v, result); + result = subtract_reduce_ef_79(v, result); return result; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index c59cb8009..679ea6f82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index f41d3f0c9..ccc6f3b26 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_mlkem_portable.h" @@ -79,7 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + core_result_unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2281,15 +2281,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2318,7 +2319,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_d3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2369,7 +2370,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_581( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_8b(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -2593,20 +2594,20 @@ typedef struct IndCpaPrivateKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_f6_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); - lit.secret_as_ntt[2U] = ZERO_20_19(); - lit.secret_as_ntt[3U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[2U] = ZERO_ef_19(); + lit.secret_as_ntt[3U] = ZERO_ef_19(); return lit; } @@ -2625,40 +2626,40 @@ typedef struct IndCpaPublicKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_85_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[0U][2U] = ZERO_20_19(); - lit.A[0U][3U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); - lit.A[1U][2U] = ZERO_20_19(); - lit.A[1U][3U] = ZERO_20_19(); - lit.A[2U][0U] = ZERO_20_19(); - lit.A[2U][1U] = ZERO_20_19(); - lit.A[2U][2U] = ZERO_20_19(); - lit.A[2U][3U] = ZERO_20_19(); - lit.A[3U][0U] = ZERO_20_19(); - lit.A[3U][1U] = ZERO_20_19(); - lit.A[3U][2U] = ZERO_20_19(); - lit.A[3U][3U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[0U][2U] = ZERO_ef_19(); + lit.A[0U][3U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); + lit.A[1U][2U] = ZERO_ef_19(); + lit.A[1U][3U] = ZERO_ef_19(); + lit.A[2U][0U] = ZERO_ef_19(); + lit.A[2U][1U] = ZERO_ef_19(); + lit.A[2U][2U] = ZERO_ef_19(); + lit.A[2U][3U] = ZERO_ef_19(); + lit.A[3U][0U] = ZERO_ef_19(); + lit.A[3U][1U] = ZERO_ef_19(); + lit.A[3U][2U] = ZERO_ef_19(); + lit.A[3U][3U] = ZERO_ef_19(); return lit; } @@ -2980,17 +2981,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); +from_i16_array_ef_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3012,7 +3014,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3181,7 +3183,7 @@ sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3225,7 +3227,7 @@ sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3391,15 +3393,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_0a( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3427,7 +3430,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -3486,7 +3489,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3507,18 +3510,19 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3539,15 +3543,16 @@ ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3580,15 +3585,16 @@ to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_69( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3624,7 +3630,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3637,10 +3643,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3693,7 +3699,7 @@ static void generate_keypair_unpacked_86( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -3711,8 +3717,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ea1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_f6_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_85_6b(); + IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; serialize_public_key_96( @@ -3864,7 +3870,7 @@ static KRML_MUSTINLINE tuple_710 sample_ring_element_cbd_72(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4052,20 +4058,21 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_04( invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_15( +static KRML_MUSTINLINE void add_error_reduce_ef_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4096,7 +4103,7 @@ static KRML_MUSTINLINE void compute_vector_u_02( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4116,11 +4123,11 @@ static KRML_MUSTINLINE void compute_vector_u_02( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a(&result0[i1], &product); } invert_ntt_montgomery_04(&result0[i1]); - add_error_reduce_20_15(&result0[i1], &error_1[i1]); + add_error_reduce_ef_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4157,7 +4164,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4174,16 +4181,17 @@ deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_f0( +add_message_error_reduce_ef_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4218,13 +4226,13 @@ compute_ring_element_v_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); invert_ntt_montgomery_04(&result); - result = add_message_error_reduce_20_f0(error_2, message, result); + result = add_message_error_reduce_ef_f0(error_2, message, result); return result; } @@ -4581,7 +4589,7 @@ generics */ static void encrypt_5f1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_85_6b(); + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); deserialize_ring_elements_reduced_8b( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -4700,7 +4708,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_0b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4724,7 +4732,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4793,7 +4801,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_c9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4860,7 +4868,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4902,7 +4910,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2a( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -4918,7 +4926,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4989,7 +4997,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_c2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5049,7 +5057,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5077,16 +5085,17 @@ deserialize_then_decompress_ring_element_v_41(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5115,13 +5124,13 @@ compute_message_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); invert_ntt_montgomery_04(&result); - result = subtract_reduce_20_1e(v, result); + result = subtract_reduce_ef_1e(v, result); return result; } @@ -5357,7 +5366,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_580( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_8b0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -5511,18 +5520,18 @@ typedef struct IndCpaPrivateKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_f6_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); return lit; } @@ -5541,28 +5550,28 @@ typedef struct IndCpaPublicKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_85_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); return lit; } @@ -5891,7 +5900,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6086,7 +6095,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6107,15 +6116,16 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a0( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6153,7 +6163,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6166,10 +6176,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a0(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6222,7 +6232,7 @@ static void generate_keypair_unpacked_860( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6240,8 +6250,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ea0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_f6_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_85_6b0(); + IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; serialize_public_key_960( @@ -6425,7 +6435,7 @@ static KRML_MUSTINLINE tuple_740 sample_ring_element_cbd_720(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6489,7 +6499,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_040( invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -6505,7 +6515,7 @@ static KRML_MUSTINLINE void compute_vector_u_020( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6525,11 +6535,11 @@ static KRML_MUSTINLINE void compute_vector_u_020( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a0(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a0(&result0[i1], &product); } invert_ntt_montgomery_040(&result0[i1]); - add_error_reduce_20_15(&result0[i1], &error_1[i1]); + add_error_reduce_ef_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6552,13 +6562,13 @@ compute_ring_element_v_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a0(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); invert_ntt_montgomery_040(&result); - result = add_message_error_reduce_20_f0(error_2, message, result); + result = add_message_error_reduce_ef_f0(error_2, message, result); return result; } @@ -6738,7 +6748,7 @@ generics */ static void encrypt_5f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_85_6b0(); + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); deserialize_ring_elements_reduced_8b0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -6860,7 +6870,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6911,7 +6921,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2a0( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -6927,7 +6937,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6975,13 +6985,13 @@ compute_message_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a0(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); invert_ntt_montgomery_040(&result); - result = subtract_reduce_20_1e(v, result); + result = subtract_reduce_ef_1e(v, result); return result; } @@ -7179,7 +7189,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_8b1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -7333,19 +7343,19 @@ typedef struct IndCpaPrivateKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_f6_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); - lit.secret_as_ntt[2U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[2U] = ZERO_ef_19(); return lit; } @@ -7364,33 +7374,33 @@ typedef struct IndCpaPublicKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_85_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[0U][2U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); - lit.A[1U][2U] = ZERO_20_19(); - lit.A[2U][0U] = ZERO_20_19(); - lit.A[2U][1U] = ZERO_20_19(); - lit.A[2U][2U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[0U][2U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); + lit.A[1U][2U] = ZERO_ef_19(); + lit.A[2U][0U] = ZERO_ef_19(); + lit.A[2U][1U] = ZERO_ef_19(); + lit.A[2U][2U] = ZERO_ef_19(); return lit; } @@ -7719,7 +7729,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7903,7 +7913,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7924,15 +7934,16 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a1( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7970,7 +7981,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7983,10 +7994,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a1(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8039,7 +8050,7 @@ static void generate_keypair_unpacked_861( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8057,8 +8068,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ea( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_f6_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_85_6b1(); + IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; serialize_public_key_961( @@ -8210,7 +8221,7 @@ static KRML_MUSTINLINE tuple_b00 sample_ring_element_cbd_721(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8274,7 +8285,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_041( invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -8290,7 +8301,7 @@ static KRML_MUSTINLINE void compute_vector_u_021( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8310,11 +8321,11 @@ static KRML_MUSTINLINE void compute_vector_u_021( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a1(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a1(&result0[i1], &product); } invert_ntt_montgomery_041(&result0[i1]); - add_error_reduce_20_15(&result0[i1], &error_1[i1]); + add_error_reduce_ef_15(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8337,13 +8348,13 @@ compute_ring_element_v_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a1(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); invert_ntt_montgomery_041(&result); - result = add_message_error_reduce_20_f0(error_2, message, result); + result = add_message_error_reduce_ef_f0(error_2, message, result); return result; } @@ -8474,7 +8485,7 @@ generics */ static void encrypt_5f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_85_6b1(); + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); deserialize_ring_elements_reduced_8b1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -8596,7 +8607,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8633,7 +8644,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8670,13 +8681,13 @@ compute_message_b71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a1(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); invert_ntt_montgomery_041(&result); - result = subtract_reduce_20_1e(v, result); + result = subtract_reduce_ef_1e(v, result); return result; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 6fff48a70..626edaff4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7163ceade..3ae00514c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 5db24bab4..467def628 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_71(void) { +new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_71(); + return new_89_71(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6530e87bc..47d070cdc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 0eadd5bb5..3678325cd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1740,7 +1740,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2089,7 +2089,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2130,7 +2130,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2438,7 +2438,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2479,7 +2479,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 2841710c3..f0331c49a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6b269f09b..ec5a84fa2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 0f5121e9c3b5f9c1097bb312d02ecc880162ce9b + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 066ecdc86..12d9d454e 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 +F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty +Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index cdd27af77..30a7c281d 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -19,6 +19,9 @@ extern "C" { #include "karamel/target.h" +// Ignore an expression. +#define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) + // SLICES, ARRAYS, ETC. // The MSVC C++ compiler does not support compound literals. diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index f90749b11..ad3b32845 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_core_H @@ -97,14 +97,15 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -130,14 +131,15 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -163,14 +165,15 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -315,14 +318,15 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -481,14 +485,15 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -514,14 +519,15 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index a3ab78f37..f3a831536 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index ec7a09505..674633a41 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_avx2_H @@ -723,7 +723,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, ret0); + unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -823,7 +823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_07(dst, ret0); + unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -936,7 +936,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_ea(dst, ret0); + unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1081,7 +1081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_76(dst, ret0); + unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1196,17 +1196,18 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_7d(void) { +libcrux_ml_kem_polynomial_ZERO_ef_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1236,7 +1237,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -1250,7 +1251,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,7 +1274,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1310,7 +1311,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_56(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -1390,7 +1391,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1486,7 +1487,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_11_6e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1641,16 +1642,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1684,7 +1686,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** @@ -1702,7 +1704,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1808,7 +1810,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_4_44( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1899,7 +1901,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_5_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1928,21 +1930,22 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_63( +libcrux_ml_kem_polynomial_ntt_multiply_ef_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1961,16 +1964,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_63( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_31( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2125,22 +2129,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_70( +libcrux_ml_kem_polynomial_subtract_reduce_ef_70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,16 +2174,16 @@ libcrux_ml_kem_matrix_compute_message_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_70(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_70(v, result); return result; } @@ -2359,20 +2364,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -2380,15 +2385,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); return lit; } @@ -2403,7 +2408,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2759,19 +2764,20 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2791,7 +2797,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2919,7 +2925,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -3016,7 +3022,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3062,7 +3068,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3125,7 +3131,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** @@ -3179,7 +3185,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -3210,7 +3216,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d4(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -3227,7 +3233,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3302,21 +3308,22 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3345,7 +3352,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3366,12 +3373,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_cf(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_ef_cf(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3409,7 +3416,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3424,17 +3431,18 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_62( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3468,16 +3476,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_62( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_62( error_2, message, result); return result; } @@ -4031,7 +4039,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_88(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -4374,21 +4382,21 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); return lit; } @@ -4434,17 +4442,18 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -4481,7 +4490,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4494,12 +4503,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4557,7 +4566,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -4681,9 +4690,9 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -5231,7 +5240,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5252,9 +5261,9 @@ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_1c0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -5429,7 +5438,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a7( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -5445,7 +5454,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( public_key, deserialized_pk); @@ -5779,7 +5788,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b0(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -5800,23 +5809,24 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_c2( +libcrux_ml_kem_polynomial_clone_8d_c2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5865,7 +5875,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_3a_c2( + libcrux_ml_kem_polynomial_clone_8d_c2( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5892,7 +5902,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____3); + unwrap_26_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -5940,19 +5950,19 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_6c_31(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_31(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -5991,10 +6001,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_6c_31(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0])#3} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -6002,9 +6012,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_0e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6040,7 +6050,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_31()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_31()}); } /** @@ -6049,7 +6059,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6f_0e(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_0e(); } /** @@ -6058,7 +6068,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6c_31(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_31(); } /** @@ -6067,11 +6077,11 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0]} +K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6079,7 +6089,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( @@ -6095,11 +6105,11 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6107,10 +6117,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_84( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( &self->public_key, serialized); } @@ -6122,24 +6132,24 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_84(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_84(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@1])#2} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6166,21 +6176,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@1])#4} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( +libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_d6_c1(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6194,17 +6204,17 @@ libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6217,8 +6227,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_c7_a6( - libcrux_ml_kem_ind_cca_unpacked_public_key_05_7a(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a(key_pair)); pk[0U] = uu____0; } @@ -6229,7 +6239,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_05(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index a11530661..34a008cc6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -20,36 +20,16 @@ extern "C" { #include "eurydice_glue.h" -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** A monomorphic instance of @@ -63,6 +43,20 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -74,15 +68,21 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 0687e1bdf..0e3e07dc6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_portable_H @@ -115,7 +115,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_30(dst, ret); + unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2448,16 +2448,17 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_19(void) { +libcrux_ml_kem_polynomial_ZERO_ef_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2486,7 +2487,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a5(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -2499,7 +2500,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2523,7 +2524,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2559,7 +2560,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -2610,7 +2611,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2681,7 +2682,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_11_c6( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2844,15 +2845,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2887,7 +2889,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ec( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** @@ -2904,7 +2906,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2981,7 +2983,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3045,7 +3047,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_5_20( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3075,20 +3077,21 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_76( +libcrux_ml_kem_polynomial_ntt_multiply_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3109,15 +3112,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_76( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3275,21 +3279,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_7e( +libcrux_ml_kem_polynomial_subtract_reduce_ef_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,16 +3325,16 @@ libcrux_ml_kem_matrix_compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_7e(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_7e(v, result); return result; } @@ -3513,19 +3518,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -3533,15 +3538,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); return lit; } @@ -3555,7 +3560,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3901,18 +3906,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3934,7 +3940,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4062,7 +4068,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -4140,7 +4146,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4185,7 +4191,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4247,7 +4253,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** @@ -4301,7 +4307,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -4332,7 +4338,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -4349,7 +4355,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4421,20 +4427,21 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4465,7 +4472,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4486,12 +4493,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_9d(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_ef_9d(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4532,7 +4539,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4550,16 +4557,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_e4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4595,16 +4603,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_58( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_e4( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_e4( error_2, message, result); return result; } @@ -5015,7 +5023,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ca(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -5350,20 +5358,20 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); return lit; } @@ -5408,16 +5416,17 @@ libcrux_ml_kem_vector_traits_to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5456,7 +5465,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5469,12 +5478,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5531,7 +5540,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5650,9 +5659,9 @@ libcrux_ml_kem_variant_MlKem with const generics static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -6189,7 +6198,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6209,9 +6218,9 @@ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_ea0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -6381,7 +6390,7 @@ generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a3( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -6396,7 +6405,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( public_key, deserialized_pk); @@ -6723,7 +6732,7 @@ libcrux_ml_kem_variant_MlKem with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_6d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -6743,22 +6752,23 @@ libcrux_ml_kem_variant_MlKem with const generics static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_a6( +libcrux_ml_kem_polynomial_clone_8d_a6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6809,7 +6819,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_3a_a6( + libcrux_ml_kem_polynomial_clone_8d_a6( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6836,7 +6846,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____3); + unwrap_26_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -6883,18 +6893,18 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6933,19 +6943,19 @@ libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0])#3} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_6f_27(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6981,7 +6991,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_fe()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fe()}); } /** @@ -6989,7 +6999,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6f_27(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); } /** @@ -6997,7 +7007,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6c_fe(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(); } /** @@ -7006,18 +7016,18 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0]} +K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( @@ -7033,21 +7043,21 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( &self->public_key, serialized); } @@ -7058,23 +7068,23 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_a6(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a6(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@1])#2} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7101,20 +7111,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@1])#4} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( +libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_d6_99(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7128,16 +7138,16 @@ libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_05_52( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_52( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7149,8 +7159,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_c7_b4( - libcrux_ml_kem_ind_cca_unpacked_public_key_05_52(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_52(key_pair)); pk[0U] = uu____0; } @@ -7161,7 +7171,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_c8(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 2b39497d4..0ae3513dd 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_mlkem768_portable_types_H @@ -20,37 +20,18 @@ extern "C" { #include "eurydice_glue.h" -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; /** A monomorphic instance of @@ -64,6 +45,20 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -75,17 +70,22 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 4e5eb5c5d..7c68c3394 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_71(void) { +libcrux_sha3_generic_keccak_new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_71(); + libcrux_sha3_generic_keccak_new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_71(); + return libcrux_sha3_generic_keccak_new_89_71(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index c09062f0f..52282e41f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 37d35d82c8bcd1e0950b938515fa0a85603ba8e2 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 + * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty + * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2676,7 +2676,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3035,7 +3035,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3331,7 +3331,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3372,7 +3372,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3671,7 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -3722,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3756,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3773,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3826,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3843,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3872,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3886,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3904,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3951,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -3960,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4114,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4145,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -4176,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4210,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4227,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4280,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4297,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4323,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4337,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4355,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4399,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -4408,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4594,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4622,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -4669,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4706,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4741,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -4788,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4825,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4860,7 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** From 3631be66363899bc6fd65542f46c83ce852075f6 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 23 Sep 2024 11:17:53 +0200 Subject: [PATCH 311/348] removed typeclass _super constraint --- .../Libcrux_ml_kem.Vector.Traits.fst | 14 ++++---------- .../Libcrux_ml_kem.Vector.Traits.fsti | 8 ++++---- libcrux-ml-kem/src/vector/traits.rs | 18 +++++++++--------- 3 files changed, 17 insertions(+), 23 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 1c6967d6d..485013065 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -11,25 +11,19 @@ let decompress_1_ (vec: v_T) = let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in - let _:Prims.unit = - assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) - in + let _:Prims.unit = assert (forall i. Seq.index (i1.f_repr z) i == 0s) in let _:Prims.unit = assert (forall i. - let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + let x = Seq.index (i1.f_repr vec) i in ((0 - v x) == 0 \/ (0 - v x) == - 1)) in let _:Prims.unit = assert (forall i. - i < 16 ==> - Spec.Utils.is_intb (pow2 15 - 1) - (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) + i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (0 - v (Seq.index (i1.f_repr vec) i))) in let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = - assert (forall i. - Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ - Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) + assert (forall i. Seq.index (i1.f_repr s) i == 0s \/ Seq.index (i1.f_repr s) i == (-1s)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index e5599b2b3..0a54ddd5f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -399,7 +399,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) : Prims.Pure v_T (requires forall i. - let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + let x = Seq.index (i1.f_repr vec) i in (x == 0s \/ x == 1s)) (fun _ -> Prims.l_True) @@ -411,11 +411,11 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) : Prims.Pure v_T - (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) + (requires Spec.Utils.is_i16b_array 3328 (i1.f_repr a)) (ensures fun result -> let result:v_T = result in forall i. - (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in - let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in + (let x = Seq.index (i1.f_repr a) i in + let y = Seq.index (i1.f_repr result) i in (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index aa0434e85..6cff1d585 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -214,10 +214,10 @@ pub fn to_standard_domain(v: T) -> T { #[hax_lib::fstar::verification_status(lax)] #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("forall i. - (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in - let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in + (let x = Seq.index (i1.f_repr ${a}) i in + let y = Seq.index (i1.f_repr ${result}) i in (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); @@ -226,20 +226,20 @@ pub fn to_unsigned_representative(a: T) -> T { } #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in +#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { let z = T::ZERO(); - hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); - hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in + hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${z}) i == 0s)"); + hax_lib::fstar!("assert(forall i. let x = Seq.index (i1.f_repr ${vec}) i in ((0 - v x) == 0 \\/ (0 - v x) == -1))"); hax_lib::fstar!("assert(forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) - (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"); + (0 - v (Seq.index (i1.f_repr ${vec}) i)))"); let s = T::sub(z, &vec); - hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ - Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); + hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${s}) i == 0s \\/ + Seq.index (i1.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); let res = T::bitwise_and_with_constant(s, 1665); res From 44af8bab271322d2ad322d9a703b62a22e168fdd Mon Sep 17 00:00:00 2001 From: mamonet Date: Mon, 23 Sep 2024 09:47:34 +0000 Subject: [PATCH 312/348] Mark to_unsigned_representative as lax --- .../proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst | 2 +- libcrux-ml-kem/src/vector/traits.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 5557ab9f0..31c67d6b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -53,7 +53,7 @@ let to_standard_domain v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS -#push-options "--z3rlimit 100" +#push-options "--admit_smt_queries true" let to_unsigned_representative (#v_T: Type0) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 8239a12db..2ee7d1667 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -223,7 +223,7 @@ pub fn to_standard_domain(v: T) -> T { T::montgomery_multiply_by_constant(v, MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS as i16) } -#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("forall i. (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in From ab29fdcdb78f5f848aa11f0be7204991d368f832 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 23 Sep 2024 20:30:08 +0200 Subject: [PATCH 313/348] traits --- libcrux-ml-kem/src/vector/traits.rs | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 6cff1d585..aa0434e85 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -214,10 +214,10 @@ pub fn to_standard_domain(v: T) -> T { #[hax_lib::fstar::verification_status(lax)] #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1.f_repr a)"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)"))] #[hax_lib::ensures(|result| fstar!("forall i. - (let x = Seq.index (i1.f_repr ${a}) i in - let y = Seq.index (i1.f_repr ${result}) i in + (let x = Seq.index (i1._super_8706949974463268012.f_repr ${a}) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr ${result}) i in (v y >= 0 /\\ v y <= 3328 /\\ (v y % 3329 == v x % 3329)))"))] pub fn to_unsigned_representative(a: T) -> T { let t = T::shift_right::<15>(a); @@ -226,20 +226,20 @@ pub fn to_unsigned_representative(a: T) -> T { } #[hax_lib::fstar::options("--z3rlimit 100")] -#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1.f_repr ${vec}) i in +#[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { let z = T::ZERO(); - hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${z}) i == 0s)"); - hax_lib::fstar!("assert(forall i. let x = Seq.index (i1.f_repr ${vec}) i in + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${z}) i == 0s)"); + hax_lib::fstar!("assert(forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in ((0 - v x) == 0 \\/ (0 - v x) == -1))"); hax_lib::fstar!("assert(forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) - (0 - v (Seq.index (i1.f_repr ${vec}) i)))"); + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i)))"); let s = T::sub(z, &vec); - hax_lib::fstar!("assert(forall i. Seq.index (i1.f_repr ${s}) i == 0s \\/ - Seq.index (i1.f_repr ${s}) i == -1s)"); + hax_lib::fstar!("assert(forall i. Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == 0s \\/ + Seq.index (i1._super_8706949974463268012.f_repr ${s}) i == -1s)"); hax_lib::fstar!("assert (i1.f_bitwise_and_with_constant_pre ${s} 1665s)"); let res = T::bitwise_and_with_constant(s, 1665); res From 946816270f3cf4d2a1cdc8079c35935f54b00353 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Mon, 23 Sep 2024 19:41:20 +0000 Subject: [PATCH 314/348] hax passes --- Cargo.lock | 10 +- .../Libcrux_intrinsics.Avx2_extract.fsti | 48 ++-- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 20 +- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 22 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 20 +- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 22 +- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 20 +- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 22 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 12 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 10 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 12 +- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 10 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 12 +- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 10 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 12 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 10 +- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 12 +- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 10 +- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 12 +- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 10 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 12 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 10 +- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 12 +- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 10 +- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 12 +- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 10 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 242 +++++++++--------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 32 +-- .../Libcrux_ml_kem.Vector.Traits.fst | 14 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 8 +- 30 files changed, 342 insertions(+), 336 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 37c652c35..75a660c64 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#288f77f086bbbd28a953ac66f77281750dbf8138" +source = "git+https://github.com/hacspec/hax/?branch=main#dc2725b99a689f85331d108c0b8057eb7bf9b8dc" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#288f77f086bbbd28a953ac66f77281750dbf8138" +source = "git+https://github.com/hacspec/hax/?branch=main#dc2725b99a689f85331d108c0b8057eb7bf9b8dc" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#288f77f086bbbd28a953ac66f77281750dbf8138" +source = "git+https://github.com/hacspec/hax/?branch=main#dc2725b99a689f85331d108c0b8057eb7bf9b8dc" dependencies = [ "proc-macro2", "quote", @@ -1259,9 +1259,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" +checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" [[package]] name = "plotters" diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index b83e598ef..83942f87d 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -55,8 +55,6 @@ val mm256_castsi128_si256 (vector: t_Vec128) val mm256_castsi256_ps (a: t_Vec256) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 - val mm256_cmpeq_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -66,8 +64,6 @@ val mm256_cmpgt_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fu val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 - val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -97,12 +93,6 @@ val mm256_mulhi_epi16 (lhs rhs: t_Vec256) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) -unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 - let lemma_mm256_mullo_epi16 v1 v2 : - Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == - Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) - [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() - val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_or_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -130,12 +120,6 @@ val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ - val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 -let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : - Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == - Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) - [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() - val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -159,8 +143,6 @@ val mm256_shuffle_epi8 (vector control: t_Vec256) val mm256_sign_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 - val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -182,8 +164,6 @@ val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 - val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -248,8 +228,6 @@ val mm_add_epi16 (lhs rhs: t_Vec128) val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) -unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 - val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 Prims.l_True @@ -270,8 +248,6 @@ val mm_mullo_epi16 (lhs rhs: t_Vec128) vec128_as_i16x8 result == Spec.Utils.map2 mul_mod (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) -unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 - val mm_set1_epi16 (constant: i16) : Prims.Pure t_Vec128 Prims.l_True @@ -317,3 +293,27 @@ val mm_sub_epi16 (lhs rhs: t_Vec128) val vec256_blendv_epi32 (a b mask: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +unfold let mm256_castsi256_si128 = BitVec.Intrinsics.mm256_castsi256_si128 + +unfold let mm256_extracti128_si256 = BitVec.Intrinsics.mm256_extracti128_si256 + +unfold let mm256_mullo_epi16 = BitVec.Intrinsics.mm256_mullo_epi16 + let lemma_mm256_mullo_epi16 v1 v2 : + Lemma (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2) == + Spec.Utils.map2 mul_mod (vec256_as_i16x16 v1) (vec256_as_i16x16 v2)) + [SMTPat (vec256_as_i16x16 (mm256_mullo_epi16 v1 v2))] = admit() + +unfold let mm256_set_epi16 = BitVec.Intrinsics.mm256_set_epi16 +let lemma_mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0 : + Lemma (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0) == + Spec.Utils.create16 v0 v1 v2 v3 v4 v5 v6 v7 v8 v9 v10 v11 v12 v13 v14 v15) + [SMTPat (vec256_as_i16x16 (mm256_set_epi16 v15 v14 v13 v12 v11 v10 v9 v8 v7 v6 v5 v4 v3 v2 v1 v0))] = admit() + +unfold let mm256_slli_epi16 = BitVec.Intrinsics.mm256_slli_epi16 + +unfold let mm256_srli_epi16 = BitVec.Intrinsics.mm256_srli_epi16 + +unfold let mm_movemask_epi8 = BitVec.Intrinsics.mm_movemask_epi8 + +unfold let mm_packs_epi16 = BitVec.Intrinsics.mm_packs_epi16 diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index 5b6e2821a..aa7ed17dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -23,16 +23,6 @@ let validate_private_key private_key ciphertext -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -67,3 +57,13 @@ let generate_keypair v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash #Libcrux_ml_kem.Variant.t_MlKem randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 5b0fce20c..e9318afb7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -22,17 +22,6 @@ val validate_private_key v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) (fun _ -> Prims.l_True) -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -89,3 +78,14 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 7fef2a90d..c3b934ab1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -23,16 +23,6 @@ let validate_private_key private_key ciphertext -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -69,3 +59,13 @@ let generate_keypair v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 7c867302a..cb0a837dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -22,17 +22,6 @@ val validate_private_key v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) (fun _ -> Prims.l_True) -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -89,3 +78,14 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 72dc038fd..0b6792e08 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -23,16 +23,6 @@ let validate_private_key private_key ciphertext -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - Libcrux_ml_kem.Ind_cca.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - public_key - let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -70,3 +60,13 @@ let generate_keypair #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem randomness + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index b6eebff7d..38a2b4ebf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -22,17 +22,6 @@ val validate_private_key v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) (fun _ -> Prims.l_True) -/// Portable public key validation -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) - /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -89,3 +78,14 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) + +/// Portable public key validation +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index fa5fe72ac..1ed6cc3c1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index bcc5175d7..4f57bcb17 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 71bd9a6b9..8cab7c870 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index f67065c23..d71f032a7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 05e5c2210..60a05dcc1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index c9e22f2f1..9ce6a597e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 3168) (sz 1568)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index bf5136891..d84c15890 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index d0826d519..79530147b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 500adf645..58b2f0dc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index f2209a462..3d846ac51 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index 5643a8778..97dccb937 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 3) (sz 192) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index 5e99ac5c1..eee7fb43d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 1632) (sz 800)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index 46d55d183..3ec064b3f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index 01f0318c5..0b2855263 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 8c34ac785..4608a3923 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index 5dd4322ff..1b4e3414d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index e2f719aef..d98e44837 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -13,12 +13,6 @@ let validate_private_key private_key ciphertext -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -43,3 +37,9 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = (sz 2) (sz 128) randomness + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index de32d7d0d..c14954e5d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -10,11 +10,6 @@ val validate_private_key (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) -/// Validate a public key. -/// Returns `true` if valid, and `false` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) - /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -39,3 +34,8 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair (sz 2400) (sz 1184)) Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index eed6ec9d6..b676b472e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -244,6 +244,127 @@ let serialize_5_int (v: t_Slice i16) = in r0, r1, r2, r3, r4 <: (u8 & u8 & u8 & u8 & u8) +let deserialize_11_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let deserialize_5_ (bytes: t_Slice u8) = + let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = + deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + { + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + let list = + [ + v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; + v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); + Rust_primitives.Hax.array_of_list 16 list + } + <: + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + +let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = + serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; + r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; + r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); + Rust_primitives.Hax.array_of_list 22 list + +let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let r0_4_:(u8 & u8 & u8 & u8 & u8) = + serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 8 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let r5_9_:(u8 & u8 & u8 & u8 & u8) = + serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice i16) + in + let list = + [ + r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; + r5_9_._5 + ] + in + FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); + Rust_primitives.Hax.array_of_list 10 list + let deserialize_1_ (v: t_Slice u8) = let result0:i16 = cast ((v.[ sz 0 ] <: u8) &. 1uy <: u8) <: i16 in let result1:i16 = cast (((v.[ sz 0 ] <: u8) >>! 1l <: u8) &. 1uy <: u8) <: i16 in @@ -348,36 +469,6 @@ let deserialize_10_lemma inputs = #pop-options -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -522,36 +613,6 @@ let deserialize_4_lemma inputs = #pop-options -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. @@ -742,37 +803,6 @@ let serialize_10_lemma inputs = #pop-options -let serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_10_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r11_21_:(u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8 & u8) = - serialize_11_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_10_._1; r0_10_._2; r0_10_._3; r0_10_._4; r0_10_._5; r0_10_._6; r0_10_._7; r0_10_._8; - r0_10_._9; r0_10_._10; r0_10_._11; r11_21_._1; r11_21_._2; r11_21_._3; r11_21_._4; r11_21_._5; - r11_21_._6; r11_21_._7; r11_21_._8; r11_21_._9; r11_21_._10; r11_21_._11 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 22); - Rust_primitives.Hax.array_of_list 22 list - let serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let r0_2_:(u8 & u8 & u8) = serialize_12_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { @@ -943,33 +973,3 @@ let serialize_4_lemma inputs = (BitVecEq.retype (bit_vec_of_int_t_array inputs.f_elements 4)) #pop-options - -let serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let r0_4_:(u8 & u8 & u8 & u8 & u8) = - serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 0; - Core.Ops.Range.f_end = sz 8 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let r5_9_:(u8 & u8 & u8 & u8 & u8) = - serialize_5_int (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ { - Core.Ops.Range.f_start = sz 8; - Core.Ops.Range.f_end = sz 16 - } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice i16) - in - let list = - [ - r0_4_._1; r0_4_._2; r0_4_._3; r0_4_._4; r0_4_._5; r5_9_._1; r5_9_._2; r5_9_._3; r5_9_._4; - r5_9_._5 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 10); - Rust_primitives.Hax.array_of_list 10 list diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 16fd7000e..856f8399d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -53,6 +53,22 @@ val serialize_5_int (v: t_Slice i16) (requires Core.Slice.impl__len #i16 v =. sz 8) (fun _ -> Prims.l_True) +val deserialize_11_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 22) + (fun _ -> Prims.l_True) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires Core.Slice.impl__len #u8 bytes =. sz 10) + (fun _ -> Prims.l_True) + +val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + val deserialize_1_ (v: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 v =. sz 2) @@ -69,11 +85,6 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 22) - (fun _ -> Prims.l_True) - val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 24) @@ -90,11 +101,6 @@ val deserialize_4_ (bytes: t_Slice u8) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 10) - (fun _ -> Prims.l_True) - val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) @@ -109,9 +115,6 @@ val serialize_10_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_Por (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 10)) (ensures bit_vec_of_int_t_array (serialize_10_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 10) -val serialize_11_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) - val serialize_12_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) @@ -125,6 +128,3 @@ val serialize_4_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector val serialize_4_lemma (inputs: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Lemma (requires (forall i. Rust_primitives.bounded (Seq.index inputs.f_elements i) 4)) (ensures bit_vec_of_int_t_array (serialize_4_ inputs) 8 == bit_vec_of_int_t_array inputs.f_elements 4) - -val serialize_5_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 485013065..1c6967d6d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -11,19 +11,25 @@ let decompress_1_ (vec: v_T) = let z:v_T = f_ZERO #v_T #FStar.Tactics.Typeclasses.solve () in - let _:Prims.unit = assert (forall i. Seq.index (i1.f_repr z) i == 0s) in + let _:Prims.unit = + assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) + in let _:Prims.unit = assert (forall i. - let x = Seq.index (i1.f_repr vec) i in + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in ((0 - v x) == 0 \/ (0 - v x) == - 1)) in let _:Prims.unit = assert (forall i. - i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (0 - v (Seq.index (i1.f_repr vec) i))) + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) in let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = - assert (forall i. Seq.index (i1.f_repr s) i == 0s \/ Seq.index (i1.f_repr s) i == (-1s)) + assert (forall i. + Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ + Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) in let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 0a54ddd5f..e5599b2b3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -399,7 +399,7 @@ val decompress_1_ (#v_T: Type0) {| i1: t_Operations v_T |} (vec: v_T) : Prims.Pure v_T (requires forall i. - let x = Seq.index (i1.f_repr vec) i in + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in (x == 0s \/ x == 1s)) (fun _ -> Prims.l_True) @@ -411,11 +411,11 @@ val to_standard_domain (#v_T: Type0) {| i1: t_Operations v_T |} (v: v_T) val to_unsigned_representative (#v_T: Type0) {| i1: t_Operations v_T |} (a: v_T) : Prims.Pure v_T - (requires Spec.Utils.is_i16b_array 3328 (i1.f_repr a)) + (requires Spec.Utils.is_i16b_array 3328 (i1._super_8706949974463268012.f_repr a)) (ensures fun result -> let result:v_T = result in forall i. - (let x = Seq.index (i1.f_repr a) i in - let y = Seq.index (i1.f_repr result) i in + (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))) From 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Tue, 24 Sep 2024 11:36:47 +0200 Subject: [PATCH 315/348] f* reextract --- Cargo.lock | 10 +-- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 66 ------------------- ...crux_ml_kem.Vector.Portable.Serialize.fsti | 16 ----- 3 files changed, 5 insertions(+), 87 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6f73d6fed..e09691d28 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#0bd125aa5ab3ce2400ac3e01072710bb628b270f" +source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#0bd125aa5ab3ce2400ac3e01072710bb628b270f" +source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#0bd125aa5ab3ce2400ac3e01072710bb628b270f" +source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" dependencies = [ "proc-macro2", "quote", @@ -1259,9 +1259,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.30" +version = "0.3.31" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d231b230927b5e4ad203db57bbcbee2802f6bce620b1e4a9024a07d94e2907ec" +checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" [[package]] name = "plotters" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index de5f6acf6..37ca063e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -472,42 +472,9 @@ let deserialize_10_lemma inputs = #pop-options -<<<<<<< HEAD let deserialize_10_bounded_lemma inputs = admit() -let deserialize_11_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 11 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_11_int (bytes.[ { Core.Ops.Range.f_start = sz 11; Core.Ops.Range.f_end = sz 22 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - -======= ->>>>>>> dev let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -655,42 +622,9 @@ let deserialize_4_lemma inputs = #pop-options -<<<<<<< HEAD let deserialize_4_bounded_lemma inputs = admit() -let deserialize_5_ (bytes: t_Slice u8) = - let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 5 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - let v8_15_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = - deserialize_5_int (bytes.[ { Core.Ops.Range.f_start = sz 5; Core.Ops.Range.f_end = sz 10 } - <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - in - { - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - let list = - [ - v0_7_._1; v0_7_._2; v0_7_._3; v0_7_._4; v0_7_._5; v0_7_._6; v0_7_._7; v0_7_._8; v8_15_._1; - v8_15_._2; v8_15_._3; v8_15_._4; v8_15_._5; v8_15_._6; v8_15_._7; v8_15_._8 - ] - in - FStar.Pervasives.assert_norm (Prims.eq2 (List.Tot.length list) 16); - Rust_primitives.Hax.array_of_list 16 list - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - -======= ->>>>>>> dev let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index b8bec32b1..97118a4cc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -88,17 +88,9 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) -<<<<<<< HEAD val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) -val deserialize_11_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 22) - (fun _ -> Prims.l_True) - -======= ->>>>>>> dev val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 24) @@ -118,17 +110,9 @@ val deserialize_4_ (bytes: t_Slice u8) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) -<<<<<<< HEAD val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires Core.Slice.impl__len #u8 bytes =. sz 10) - (fun _ -> Prims.l_True) - -======= ->>>>>>> dev val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) From 5971b6982c7af3edf6b84c36aa90697e599288a4 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 24 Sep 2024 12:54:26 +0000 Subject: [PATCH 316/348] c code refresh --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 18 - libcrux-ml-kem/c/internal/libcrux_core.h | 81 +- .../c/internal/libcrux_mlkem_avx2.h | 40 +- .../c/internal/libcrux_mlkem_portable.h | 40 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 138 +- libcrux-ml-kem/c/libcrux_core.c | 88 +- libcrux-ml-kem/c/libcrux_core.h | 17 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1049 ++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1107 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 14 +- libcrux-ml-kem/c/libcrux_sha3.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 50 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- libcrux-ml-kem/cg/code_gen.txt | 10 +- libcrux-ml-kem/cg/libcrux_core.h | 66 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 10 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 806 ++++++------ .../cg/libcrux_mlkem768_avx2_types.h | 74 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 836 +++++++------ .../cg/libcrux_mlkem768_portable_types.h | 80 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 22 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 178 +-- 43 files changed, 2562 insertions(+), 2584 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 12d9d454e..21d1a541d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd +Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index ad026b9e1..660918c54 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,13 +18,6 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) -#define EURYDICE_ASSERT(test, msg) \ - do { \ - if (!(test)) { \ - fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ - __FILE__, __LINE__); \ - } \ - } while (0) // SLICES, ARRAYS, ETC. @@ -137,10 +130,6 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } -static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { - store32_le(dst, src); -} - static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -148,7 +137,6 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -200,9 +188,6 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } -static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { - return x < y ? x : y; -} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -225,9 +210,6 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next -#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ - Eurydice_range_iter_next - // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index eaff82347..ea0d66fb8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_c61( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451( uint8_t value[1568U]); /** @@ -82,7 +82,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_8d1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_721( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1( uint8_t value[3168U]); /** @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_c60( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450( uint8_t value[1184U]); /** @@ -120,7 +120,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_8d0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_720( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0( uint8_t value[2400U]); /** @@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_c6( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45( uint8_t value[800U]); /** @@ -158,7 +158,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_8d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_72( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c( uint8_t value[1632U]); /** @@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cc1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cf1( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_fc1( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_1f1( uint8_t value[1088U]); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_471( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_491( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cc0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cf0( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_fc0( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_1f0( uint8_t value[768U]); /** @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_470( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_490( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cf( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -291,15 +291,14 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -321,7 +320,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_fc( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_1f( uint8_t value[1568U]); /** @@ -344,7 +343,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_49( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** @@ -383,15 +382,14 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -407,15 +405,14 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -431,15 +428,14 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -455,15 +451,14 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 49e1f29a2..faf1c9b68 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,7 +41,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2e1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -51,7 +51,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ca1( +bool libcrux_ml_kem_ind_cca_validate_private_key_c61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -69,7 +69,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -90,7 +90,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c21( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -116,7 +116,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ab1( +void libcrux_ml_kem_ind_cca_decapsulate_0b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -128,7 +128,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2e0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -138,7 +138,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ca0( +bool libcrux_ml_kem_ind_cca_validate_private_key_c60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -156,7 +156,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -177,7 +177,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c20( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -203,7 +203,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ab0( +void libcrux_ml_kem_ind_cca_decapsulate_0b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -215,7 +215,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_2e(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -225,7 +225,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ca( +bool libcrux_ml_kem_ind_cca_validate_private_key_c6( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -242,7 +242,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd( uint8_t randomness[64U]); /** @@ -264,7 +264,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -290,7 +290,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ab( +void libcrux_ml_kem_ind_cca_decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f3a967c5f..7d3aec1df 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,7 +46,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3c1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f71(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -56,7 +56,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_53( +bool libcrux_ml_kem_ind_cca_validate_private_key_ed( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_361( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_551( +void libcrux_ml_kem_ind_cca_decapsulate_391( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -133,7 +133,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3c0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f70(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -143,7 +143,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_24( +bool libcrux_ml_kem_ind_cca_validate_private_key_d8( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_360( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_550( +void libcrux_ml_kem_ind_cca_decapsulate_390( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -220,7 +220,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3c(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f7(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -230,7 +230,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_9e( +bool libcrux_ml_kem_ind_cca_validate_private_key_c3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_36( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_55( +void libcrux_ml_kem_ind_cca_decapsulate_39( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index ff78ba53c..653268abf 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 063a10640..924fca293 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_89_cf(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_89_cf(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -258,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -292,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -362,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -422,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -496,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -650,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -712,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -746,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -816,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -873,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -944,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1130,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -1205,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1242,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -1324,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1361,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 9b9cd41ce..c70315723 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "internal/libcrux_core.h" @@ -91,7 +91,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_c61( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -111,7 +111,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_8d1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -127,7 +127,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_721( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -146,7 +146,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_c60( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -166,7 +166,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_8d0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_720( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -201,7 +201,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_c6( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -221,7 +221,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_8d( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_72( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -254,7 +254,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cc1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cf1( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -268,7 +268,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_fc1( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_1f1( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -287,7 +287,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_471( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_491( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -319,7 +319,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cc0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cf0( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -333,7 +333,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_fc0( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_1f0( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -352,7 +352,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_470( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_490( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -384,21 +384,20 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cc( +uint8_t *libcrux_ml_kem_types_as_slice_fd_cf( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -438,7 +437,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_fc( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_1f( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -476,7 +475,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_49( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -520,15 +519,14 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -541,15 +539,14 @@ void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -562,15 +559,14 @@ void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -583,15 +579,14 @@ void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -604,15 +599,14 @@ void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 9d39b6164..d11c83a5a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_core_H @@ -197,15 +197,14 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 4f564c146..0c4269273 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 65f4818c6..291cdea74 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_mlkem1024_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_1b0( +static void decapsulate_ee0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ab0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_0b0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_1b0( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_1b0(private_key, ciphertext, ret); + decapsulate_ee0(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ac0( +static tuple_21 encapsulate_370( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c60(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c20(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ac0(uu____0, copy_of_randomness); + return encapsulate_370(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_630( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_200( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_2a0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_630(copy_of_randomness); + return generate_keypair_200(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_550( +static KRML_MUSTINLINE bool validate_private_key_5f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ca0(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c60(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_550( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_550(private_key, ciphertext); + return validate_private_key_5f0(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_d30(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_950(public_key); +static KRML_MUSTINLINE bool validate_public_key_4a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2e0(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_d30(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_d30(public_key->value); + return validate_public_key_4a0(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 5552a8b63..e261044f5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 01b6def3f..8589f3cb7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_mlkem1024_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_861( +static void decapsulate_c81( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_551(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_391(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_861( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_861(private_key, ciphertext, ret); + decapsulate_c81(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_6f1( +static tuple_21 encapsulate_7d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_131(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_361(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6f1(uu____0, copy_of_randomness); + return encapsulate_7d1(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_7f1( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_081( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_b21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_911(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7f1(copy_of_randomness); + return generate_keypair_081(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_1e1( +static KRML_MUSTINLINE bool validate_private_key_501( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_53(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ed(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_1e1( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_1e1(private_key, ciphertext); + return validate_private_key_501(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_f91(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3c1(public_key); +static KRML_MUSTINLINE bool validate_public_key_931(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f71(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_f91(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_f91(public_key->value); + return validate_public_key_931(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index da249a492..5e13dac2e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 75bb82159..e2d3aeec9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 9e27b56f2..3147278df 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_ee(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ab(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_0b(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_1b(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1b(private_key, ciphertext, ret); + decapsulate_ee(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_ac( +static tuple_ec encapsulate_37( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c6(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c2(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ac(uu____0, copy_of_randomness); + return encapsulate_37(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_63( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_20( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_2a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_63(copy_of_randomness); + return generate_keypair_20(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_55( +static KRML_MUSTINLINE bool validate_private_key_5f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ca(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c6(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_55( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_55(private_key, ciphertext); + return validate_private_key_5f(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_d3(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_95(public_key); +static KRML_MUSTINLINE bool validate_public_key_4a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2e(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_d3(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_d3(public_key->value); + return validate_public_key_4a(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4b8af1f2a..b8b6f8b0d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 39e4b67b9..f4b93367f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_860( +static void decapsulate_c80( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_550(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_390(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_860( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_860(private_key, ciphertext, ret); + decapsulate_c80(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_6f0( +static tuple_ec encapsulate_7d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_130(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_360(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6f0(uu____0, copy_of_randomness); + return encapsulate_7d0(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_7f0( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_080( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_b20(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7f0(copy_of_randomness); + return generate_keypair_080(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_1e0( +static KRML_MUSTINLINE bool validate_private_key_500( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_24(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_d8(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_1e0( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_1e0(private_key, ciphertext); + return validate_private_key_500(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_f90(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3c0(public_key); +static KRML_MUSTINLINE bool validate_public_key_930(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f70(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_f90(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_f90(public_key->value); + return validate_public_key_930(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 3f156c570..7b475f089 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 172185891..9d931422e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 1033e69a1..067de4a91 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_1b1( +static void decapsulate_ee1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ab1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_0b1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_1b1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_1b1(private_key, ciphertext, ret); + decapsulate_ee1(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ac1( +static tuple_3c encapsulate_371( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c61(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_c21(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ac1(uu____0, copy_of_randomness); + return encapsulate_371(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_631( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_201( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_2a1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_dd1(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_631(copy_of_randomness); + return generate_keypair_201(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_551( +static KRML_MUSTINLINE bool validate_private_key_5f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ca1(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c61(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_551( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_551(private_key, ciphertext); + return validate_private_key_5f1(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_d31(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_951(public_key); +static KRML_MUSTINLINE bool validate_public_key_4a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_2e1(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_d31(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_d31(public_key->value); + return validate_public_key_4a1(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 4d8d496ac..7a86aed30 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 4f102ff81..fae6a874c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_86( +static void decapsulate_c8( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_55(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_39(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_86( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_86(private_key, ciphertext, ret); + decapsulate_c8(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_6f( +static tuple_3c encapsulate_7d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_13(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_36(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6f(uu____0, copy_of_randomness); + return encapsulate_7d(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_7f( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_08( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_b2(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_7f(copy_of_randomness); + return generate_keypair_08(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_1e( +static KRML_MUSTINLINE bool validate_private_key_50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_9e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c3(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_1e( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_1e(private_key, ciphertext); + return validate_private_key_50(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_f9(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3c(public_key); +static KRML_MUSTINLINE bool validate_public_key_93(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f7(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_f9(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_f9(public_key->value); + return validate_public_key_93(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index a3cebbef2..5feb24427 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 18db095f7..a0b9361ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "internal/libcrux_mlkem_avx2.h" @@ -603,7 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, ret0); + core_result_unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -694,7 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_26_07(dst, ret0); + core_result_unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -797,7 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_26_ea(dst, ret0); + core_result_unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -924,7 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_26_76(dst, ret0); + core_result_unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1031,16 +1031,15 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1068,8 +1067,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_ec(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1088,7 +1087,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -1102,7 +1101,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ec(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } } @@ -1113,13 +1112,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_851( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_7d();); - deserialize_ring_elements_reduced_3d1(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_fb1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1130,7 +1129,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_d1(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_e4(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1143,8 +1142,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_bb(__m256i vector) { - return shift_right_d1(vector); +static __m256i shift_right_09_92(__m256i vector) { + return shift_right_e4(vector); } /** @@ -1154,25 +1153,35 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_b5(__m256i a) { - __m256i t = shift_right_09_bb(a); + __m256i t = shift_right_09_92(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); } +/** +A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_88(__m256i a) { + return to_unsigned_representative_b5(a); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_88( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_b5(re->coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_88(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1180,7 +1189,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_88( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); + uint8_t result[384U]; + memcpy(result, serialized, (size_t)384U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)384U * sizeof(uint8_t)); } /** @@ -1190,7 +1201,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_721( +static KRML_MUSTINLINE void serialize_secret_key_051( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1208,7 +1219,7 @@ static KRML_MUSTINLINE void serialize_secret_key_721( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_88(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1223,13 +1234,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_821( +static KRML_MUSTINLINE void serialize_public_key_mut_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_721(t_as_ntt, ret); + serialize_secret_key_051(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1246,11 +1257,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_391( +static KRML_MUSTINLINE void serialize_public_key_f71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_821(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_7b1(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -1264,15 +1275,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_951(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2e1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_851( + deserialize_ring_elements_reduced_out_bf1( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_391( + serialize_public_key_f71( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1302,7 +1313,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ca1( +bool libcrux_ml_kem_ind_cca_validate_private_key_c61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1330,19 +1341,19 @@ typedef struct IndCpaPrivateKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_f6_191(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_ef_7d(); - lit.secret_as_ntt[1U] = ZERO_ef_7d(); - lit.secret_as_ntt[2U] = ZERO_ef_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[2U] = ZERO_20_7d(); return lit; } @@ -1361,33 +1372,33 @@ typedef struct IndCpaPublicKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_85_801(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_ef_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_7d(); - lit.A[0U][1U] = ZERO_ef_7d(); - lit.A[0U][2U] = ZERO_ef_7d(); - lit.A[1U][0U] = ZERO_ef_7d(); - lit.A[1U][1U] = ZERO_ef_7d(); - lit.A[1U][2U] = ZERO_ef_7d(); - lit.A[2U][0U] = ZERO_ef_7d(); - lit.A[2U][1U] = ZERO_ef_7d(); - lit.A[2U][2U] = ZERO_ef_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[0U][2U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); + lit.A[1U][2U] = ZERO_20_7d(); + lit.A[2U][0U] = ZERO_20_7d(); + lit.A[2U][1U] = ZERO_20_7d(); + lit.A[2U][2U] = ZERO_20_7d(); return lit; } @@ -1414,7 +1425,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1717,18 +1728,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_ef_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); +from_i16_array_20_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1747,7 +1757,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_ef_14( + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1932,7 +1942,7 @@ sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_14( + return from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1976,7 +1986,7 @@ sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_14( + return from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2127,16 +2137,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_09( +static KRML_MUSTINLINE void poly_barrett_reduce_20_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2162,7 +2171,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_ef_09(re); + poly_barrett_reduce_20_09(re); } /** @@ -2219,7 +2228,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2240,19 +2249,18 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2271,16 +2279,15 @@ ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_311( +static KRML_MUSTINLINE void add_to_ring_element_20_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2307,16 +2314,15 @@ static __m256i to_standard_domain_c1(__m256i v) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( +static KRML_MUSTINLINE void add_standard_error_reduce_20_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2350,7 +2356,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -2363,10 +2369,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_311(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2384,7 +2390,7 @@ static void generate_keypair_unpacked_4a1( IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_7e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_0e1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2419,7 +2425,7 @@ static void generate_keypair_unpacked_4a1( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -2435,18 +2441,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1c1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1e1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); + IndCpaPrivateKeyUnpacked_a0 private_key = default_f6_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_85_801(); generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_391( + serialize_public_key_f71( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_721(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_051(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2470,7 +2476,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_281( +static KRML_MUSTINLINE void serialize_kem_secret_key_7b1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2526,7 +2532,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2535,13 +2541,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_1c1(ind_cpa_keypair_randomness); + generate_keypair_1e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_281( + serialize_kem_secret_key_7b1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2550,13 +2556,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_720(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d0( - uu____2, libcrux_ml_kem_types_from_5a_c60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f60( + uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key)); } /** @@ -2569,7 +2575,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_7b1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_441(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2586,10 +2592,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_461(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2d1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_7d();); + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2654,7 +2660,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_f8( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_92( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2675,7 +2681,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_de( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_7a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2694,7 +2700,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_2e( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2711,7 +2717,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_cb(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_57(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); @@ -2741,7 +2747,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_cb( + inv_ntt_layer_int_vec_step_reduce_57( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2758,32 +2764,31 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_4a1( +static KRML_MUSTINLINE void invert_ntt_montgomery_0c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f8(&zeta_i, re); - invert_ntt_at_layer_2_de(&zeta_i, re); - invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_1_92(&zeta_i, re); + invert_ntt_at_layer_2_7a(&zeta_i, re); + invert_ntt_at_layer_3_2e(&zeta_i, re); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_09(re); + poly_barrett_reduce_20_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_84( +static KRML_MUSTINLINE void add_error_reduce_20_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2804,14 +2809,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a91( +static KRML_MUSTINLINE void compute_vector_u_7f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_7d();); + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2831,11 +2836,11 @@ static KRML_MUSTINLINE void compute_vector_u_a91( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_311(&result0[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_311(&result0[i1], &product); } - invert_ntt_montgomery_4a1(&result0[i1]); - add_error_reduce_ef_84(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_0c1(&result0[i1]); + add_error_reduce_20_a2(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2852,7 +2857,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_14(__m256i vec) { +static __m256i decompress_1_46(__m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, @@ -2866,8 +2871,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_message_4f(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2875,23 +2880,22 @@ deserialize_then_decompress_message_a6(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_14(coefficient_compressed);); + re.coefficients[i0] = decompress_1_46(coefficient_compressed);); return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_ef_b0( +add_message_error_reduce_20_df( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2918,18 +2922,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_e61( +compute_ring_element_v_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_311(&result, &product);); - invert_ntt_montgomery_4a1(&result); - result = add_message_error_reduce_ef_b0(error_2, message, result); + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_311(&result, &product);); + invert_ntt_montgomery_0c1(&result); + result = add_message_error_reduce_20_df(error_2, message, result); return result; } @@ -2940,7 +2944,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_57(__m256i vector) { +compress_ciphertext_coefficient_b6(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2987,8 +2991,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_a1(__m256i vector) { - return compress_ciphertext_coefficient_57(vector); +static __m256i compress_09_46(__m256i vector) { + return compress_ciphertext_coefficient_b6(vector); } /** @@ -2997,14 +3001,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_0a0( +static KRML_MUSTINLINE void compress_then_serialize_10_6b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_a1(to_unsigned_representative_b5(re->coefficients[i0])); + compress_09_46(to_unsigned_field_modulus_88(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3012,7 +3016,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_0a0( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + uint8_t result[320U]; + memcpy(result, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)320U * sizeof(uint8_t)); } /** @@ -3022,7 +3028,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_570(__m256i vector) { +compress_ciphertext_coefficient_b60(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3069,8 +3075,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_a10(__m256i vector) { - return compress_ciphertext_coefficient_570(vector); +static __m256i compress_09_460(__m256i vector) { + return compress_ciphertext_coefficient_b60(vector); } /** @@ -3080,10 +3086,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_130( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_430( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_0a0(re, uu____0); + compress_then_serialize_10_6b0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3096,7 +3102,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_491( +static void compress_then_serialize_u_6d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3112,7 +3118,7 @@ static void compress_then_serialize_u_491( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_130(&re, ret); + compress_then_serialize_ring_element_u_430(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3125,7 +3131,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_571(__m256i vector) { +compress_ciphertext_coefficient_b61(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3172,8 +3178,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_a11(__m256i vector) { - return compress_ciphertext_coefficient_571(vector); +static __m256i compress_09_461(__m256i vector) { + return compress_ciphertext_coefficient_b61(vector); } /** @@ -3182,16 +3188,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_22( +static KRML_MUSTINLINE void compress_then_serialize_4_85( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_a11(to_unsigned_representative_b5(re.coefficients[i0])); + compress_09_461(to_unsigned_field_modulus_88(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3208,7 +3212,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_572(__m256i vector) { +compress_ciphertext_coefficient_b62(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3255,8 +3259,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_a12(__m256i vector) { - return compress_ciphertext_coefficient_572(vector); +static __m256i compress_09_462(__m256i vector) { + return compress_ciphertext_coefficient_b62(vector); } /** @@ -3265,16 +3269,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_10( +static KRML_MUSTINLINE void compress_then_serialize_5_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_a12(to_unsigned_representative_b5(re.coefficients[i0])); + compress_09_462(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3291,9 +3293,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_460( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_610( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_22(re, out); + compress_then_serialize_4_85(re, out); } /** @@ -3313,7 +3315,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_671(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_721(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -3332,7 +3334,7 @@ static void encrypt_unpacked_671(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_461(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2d1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3346,25 +3348,25 @@ static void encrypt_unpacked_671(IndCpaPublicKeyUnpacked_a0 *public_key, sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_a91(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7f1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_a6(copy_of_message); + deserialize_then_decompress_message_4f(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e61(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ac1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_491( + compress_then_serialize_u_6d1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_460( + compress_then_serialize_ring_element_v_610( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3387,10 +3389,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_601(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); - deserialize_ring_elements_reduced_3d1( + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_85_801(); + deserialize_ring_elements_reduced_fb1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -3405,7 +3407,7 @@ static void encrypt_601(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_671(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_721(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3420,7 +3422,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_5a1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_541(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3447,11 +3449,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c21( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_7b1( + entropy_preprocess_d8_441( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3461,7 +3463,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( size_t); uint8_t ret[32U]; H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3475,19 +3477,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c61( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_601(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_691(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_fc1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1f1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_5a1(shared_secret, shared_secret_array); + kdf_d8_541(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3507,8 +3509,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_d1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_to_uncompressed_ring_element_59(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3525,12 +3527,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_941( +static KRML_MUSTINLINE void deserialize_secret_key_181( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3542,7 +3544,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_941( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_d1(secret_bytes); + deserialize_to_uncompressed_ring_element_59(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3561,7 +3563,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c7(__m256i vector) { +decompress_ciphertext_coefficient_74(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3605,8 +3607,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_79(__m256i vector) { - return decompress_ciphertext_coefficient_c7(vector); +static __m256i decompress_ciphertext_coefficient_09_da(__m256i vector) { + return decompress_ciphertext_coefficient_74(vector); } /** @@ -3616,8 +3618,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_2d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_10_3d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3629,7 +3631,7 @@ deserialize_then_decompress_10_2d(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_79(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_da(coefficient); } return re; } @@ -3641,7 +3643,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c70(__m256i vector) { +decompress_ciphertext_coefficient_740(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3685,8 +3687,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_790(__m256i vector) { - return decompress_ciphertext_coefficient_c70(vector); +static __m256i decompress_ciphertext_coefficient_09_da0(__m256i vector) { + return decompress_ciphertext_coefficient_740(vector); } /** @@ -3696,15 +3698,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_57(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_11_1a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_790(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_da0(coefficient); } return re; } @@ -3716,8 +3718,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_cc0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_2d(serialized); +deserialize_then_decompress_ring_element_u_880(Eurydice_slice serialized) { + return deserialize_then_decompress_10_3d(serialized); } /** @@ -3726,7 +3728,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_600( +static KRML_MUSTINLINE void ntt_vector_u_2c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); @@ -3736,7 +3738,7 @@ static KRML_MUSTINLINE void ntt_vector_u_600( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_ef_09(re); + poly_barrett_reduce_20_09(re); } /** @@ -3747,12 +3749,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_841( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_7d();); + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3770,8 +3772,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_841( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc0(u_bytes); - ntt_vector_u_600(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_880(u_bytes); + ntt_vector_u_2c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3785,7 +3787,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c71(__m256i vector) { +decompress_ciphertext_coefficient_741(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3829,8 +3831,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_791(__m256i vector) { - return decompress_ciphertext_coefficient_c71(vector); +static __m256i decompress_ciphertext_coefficient_09_da1(__m256i vector) { + return decompress_ciphertext_coefficient_741(vector); } /** @@ -3840,15 +3842,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_39(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_4_f1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_791(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_da1(coefficient); } return re; } @@ -3860,7 +3862,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_c72(__m256i vector) { +decompress_ciphertext_coefficient_742(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3904,8 +3906,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_792(__m256i vector) { - return decompress_ciphertext_coefficient_c72(vector); +static __m256i decompress_ciphertext_coefficient_09_da2(__m256i vector) { + return decompress_ciphertext_coefficient_742(vector); } /** @@ -3915,8 +3917,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_7b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_5_7e(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3924,7 +3926,7 @@ deserialize_then_decompress_5_7b(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_792(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_da2(re.coefficients[i0]); } return re; } @@ -3936,23 +3938,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_800(Eurydice_slice serialized) { - return deserialize_then_decompress_4_39(serialized); +deserialize_then_decompress_ring_element_v_050(Eurydice_slice serialized) { + return deserialize_then_decompress_4_f1(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_ef_79(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_20_27(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3974,17 +3975,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_781( +compute_message_a41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_311(&result, &product);); - invert_ntt_montgomery_4a1(&result); - result = subtract_reduce_ef_79(v, result); + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_311(&result, &product);); + invert_ntt_montgomery_0c1(&result); + result = subtract_reduce_20_27(v, result); return result; } @@ -3994,12 +3995,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_e4( +static KRML_MUSTINLINE void compress_then_serialize_message_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_b5(re.coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_88(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4009,7 +4010,9 @@ static KRML_MUSTINLINE void compress_then_serialize_message_e4( Eurydice_slice_copy(uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, serialized, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -4022,18 +4025,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_cb1(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_e51(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_841(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a81(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_800( + deserialize_then_decompress_ring_element_v_050( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_781(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a41(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_e4(message, ret0); + compress_then_serialize_message_d2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4047,10 +4050,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b81(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_981(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_941(secret_key, secret_as_ntt); + deserialize_secret_key_181(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4061,7 +4064,7 @@ static void decrypt_b81(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_cb1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_e51(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4113,7 +4116,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ab1( +void libcrux_ml_kem_ind_cca_decapsulate_0b1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4131,7 +4134,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b81(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_981(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4153,7 +4156,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_471(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_491(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4163,17 +4166,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_601(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_691(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_5a1(Eurydice_array_to_slice( + kdf_d8_541(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_5a1(shared_secret0, shared_secret1); + kdf_d8_541(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_471(ciphertext), + libcrux_ml_kem_types_as_ref_00_491(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4188,7 +4191,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -4202,7 +4205,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ec(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4213,13 +4216,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_850( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_7d();); - deserialize_ring_elements_reduced_3d(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_fb(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4232,7 +4235,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_72( +static KRML_MUSTINLINE void serialize_secret_key_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4250,7 +4253,7 @@ static KRML_MUSTINLINE void serialize_secret_key_72( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_88(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4265,13 +4268,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_82( +static KRML_MUSTINLINE void serialize_public_key_mut_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_72(t_as_ntt, ret); + serialize_secret_key_05(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4288,11 +4291,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_39( +static KRML_MUSTINLINE void serialize_public_key_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_82(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_7b(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -4306,15 +4309,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_950(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2e0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_850( + deserialize_ring_elements_reduced_out_bf0( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_39( + serialize_public_key_f7( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4344,7 +4347,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ca0( +bool libcrux_ml_kem_ind_cca_validate_private_key_c60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -4372,20 +4375,20 @@ typedef struct IndCpaPrivateKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_f6_19(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_ef_7d(); - lit.secret_as_ntt[1U] = ZERO_ef_7d(); - lit.secret_as_ntt[2U] = ZERO_ef_7d(); - lit.secret_as_ntt[3U] = ZERO_ef_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[2U] = ZERO_20_7d(); + lit.secret_as_ntt[3U] = ZERO_20_7d(); return lit; } @@ -4404,40 +4407,40 @@ typedef struct IndCpaPublicKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { +static IndCpaPublicKeyUnpacked_01 default_85_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_ef_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_7d(); - lit.A[0U][1U] = ZERO_ef_7d(); - lit.A[0U][2U] = ZERO_ef_7d(); - lit.A[0U][3U] = ZERO_ef_7d(); - lit.A[1U][0U] = ZERO_ef_7d(); - lit.A[1U][1U] = ZERO_ef_7d(); - lit.A[1U][2U] = ZERO_ef_7d(); - lit.A[1U][3U] = ZERO_ef_7d(); - lit.A[2U][0U] = ZERO_ef_7d(); - lit.A[2U][1U] = ZERO_ef_7d(); - lit.A[2U][2U] = ZERO_ef_7d(); - lit.A[2U][3U] = ZERO_ef_7d(); - lit.A[3U][0U] = ZERO_ef_7d(); - lit.A[3U][1U] = ZERO_ef_7d(); - lit.A[3U][2U] = ZERO_ef_7d(); - lit.A[3U][3U] = ZERO_ef_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[0U][2U] = ZERO_20_7d(); + lit.A[0U][3U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); + lit.A[1U][2U] = ZERO_20_7d(); + lit.A[1U][3U] = ZERO_20_7d(); + lit.A[2U][0U] = ZERO_20_7d(); + lit.A[2U][1U] = ZERO_20_7d(); + lit.A[2U][2U] = ZERO_20_7d(); + lit.A[2U][3U] = ZERO_20_7d(); + lit.A[3U][0U] = ZERO_20_7d(); + lit.A[3U][1U] = ZERO_20_7d(); + lit.A[3U][2U] = ZERO_20_7d(); + lit.A[3U][3U] = ZERO_20_7d(); return lit; } @@ -4464,7 +4467,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4779,7 +4782,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_ef_14( + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4980,7 +4983,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5001,16 +5004,15 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_31( +static KRML_MUSTINLINE void add_to_ring_element_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5044,7 +5046,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5057,10 +5059,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_31(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5078,7 +5080,7 @@ static void generate_keypair_unpacked_4a( IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_7e(key_generation_seed, hashed); + cpa_keygen_seed_d8_0e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5113,7 +5115,7 @@ static void generate_keypair_unpacked_4a( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5129,18 +5131,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1c0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1e0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); + IndCpaPrivateKeyUnpacked_01 private_key = default_f6_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_85_80(); generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_39( + serialize_public_key_f7( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_72(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5164,7 +5166,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_280( +static KRML_MUSTINLINE void serialize_kem_secret_key_7b0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5220,7 +5222,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5229,13 +5231,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_1c0(ind_cpa_keypair_randomness); + generate_keypair_1e0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_280( + serialize_kem_secret_key_7b0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5244,13 +5246,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_721(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d1( - uu____2, libcrux_ml_kem_types_from_5a_c61(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f61( + uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key)); } /** @@ -5263,7 +5265,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_7b0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_440(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5280,10 +5282,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_46(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2d(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_7d();); + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5336,18 +5338,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_4a( +static KRML_MUSTINLINE void invert_ntt_montgomery_0c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f8(&zeta_i, re); - invert_ntt_at_layer_2_de(&zeta_i, re); - invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_1_92(&zeta_i, re); + invert_ntt_at_layer_2_7a(&zeta_i, re); + invert_ntt_at_layer_3_2e(&zeta_i, re); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_09(re); + poly_barrett_reduce_20_09(re); } /** @@ -5356,14 +5358,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a9( +static KRML_MUSTINLINE void compute_vector_u_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_7d();); + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5383,11 +5385,11 @@ static KRML_MUSTINLINE void compute_vector_u_a9( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_31(&result0[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_31(&result0[i1], &product); } - invert_ntt_montgomery_4a(&result0[i1]); - add_error_reduce_ef_84(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_0c(&result0[i1]); + add_error_reduce_20_a2(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5405,18 +5407,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_e6( +compute_ring_element_v_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_31(&result, &product);); - invert_ntt_montgomery_4a(&result); - result = add_message_error_reduce_ef_b0(error_2, message, result); + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_31(&result, &product);); + invert_ntt_montgomery_0c(&result); + result = add_message_error_reduce_20_df(error_2, message, result); return result; } @@ -5426,14 +5428,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_78( +static KRML_MUSTINLINE void compress_then_serialize_11_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_a10(to_unsigned_representative_b5(re->coefficients[i0])); + compress_09_460(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5451,10 +5453,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_13( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_78(re, uu____0); + compress_then_serialize_11_99(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5467,7 +5469,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_49( +static void compress_then_serialize_u_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5483,7 +5485,7 @@ static void compress_then_serialize_u_49( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_13(&re, ret); + compress_then_serialize_ring_element_u_43(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5496,9 +5498,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_46( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_10(re, out); + compress_then_serialize_5_c3(re, out); } /** @@ -5518,7 +5520,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_67(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_72(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5536,7 +5538,7 @@ static void encrypt_unpacked_67(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_46(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2d(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5550,25 +5552,25 @@ static void encrypt_unpacked_67(IndCpaPublicKeyUnpacked_01 *public_key, sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_a9(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7f(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_a6(copy_of_message); + deserialize_then_decompress_message_4f(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e6(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ac(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_49( + compress_then_serialize_u_6d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_46( + compress_then_serialize_ring_element_v_61( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5591,10 +5593,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_600(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); - deserialize_ring_elements_reduced_3d( + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_85_80(); + deserialize_ring_elements_reduced_fb( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5609,7 +5611,7 @@ static void encrypt_600(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_67(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_72(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5624,7 +5626,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_5a0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_540(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5651,11 +5653,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c20( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_7b0( + entropy_preprocess_d8_440( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5665,7 +5667,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( size_t); uint8_t ret[32U]; H_a9_16(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5679,19 +5681,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_600(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_690(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_fc(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_5a0(shared_secret, shared_secret_array); + kdf_d8_540(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5710,12 +5712,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_940( +static KRML_MUSTINLINE void deserialize_secret_key_180( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5727,7 +5729,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_940( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_d1(secret_bytes); + deserialize_to_uncompressed_ring_element_59(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -5746,8 +5748,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_cc(Eurydice_slice serialized) { - return deserialize_then_decompress_11_57(serialized); +deserialize_then_decompress_ring_element_u_88(Eurydice_slice serialized) { + return deserialize_then_decompress_11_1a(serialized); } /** @@ -5756,7 +5758,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_60( +static KRML_MUSTINLINE void ntt_vector_u_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); @@ -5766,7 +5768,7 @@ static KRML_MUSTINLINE void ntt_vector_u_60( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_ef_09(re); + poly_barrett_reduce_20_09(re); } /** @@ -5777,12 +5779,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_84( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_7d();); + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5800,8 +5802,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_84( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc(u_bytes); - ntt_vector_u_60(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_88(u_bytes); + ntt_vector_u_2c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5815,8 +5817,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_80(Eurydice_slice serialized) { - return deserialize_then_decompress_5_7b(serialized); +deserialize_then_decompress_ring_element_v_05(Eurydice_slice serialized) { + return deserialize_then_decompress_5_7e(serialized); } /** @@ -5826,17 +5828,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_78( +compute_message_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_31(&result, &product);); - invert_ntt_montgomery_4a(&result); - result = subtract_reduce_ef_79(v, result); + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_31(&result, &product);); + invert_ntt_montgomery_0c(&result); + result = subtract_reduce_20_27(v, result); return result; } @@ -5850,18 +5852,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_cb(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_e5(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_84(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a8(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_80( + deserialize_then_decompress_ring_element_v_05( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_78(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a4(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_e4(message, ret0); + compress_then_serialize_message_d2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5875,10 +5877,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_b80(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_980(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_940(secret_key, secret_as_ntt); + deserialize_secret_key_180(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5889,7 +5891,7 @@ static void decrypt_b80(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_cb(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5929,7 +5931,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ab0( +void libcrux_ml_kem_ind_cca_decapsulate_0b0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5947,7 +5949,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b80(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_980(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5969,7 +5971,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5979,17 +5981,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_600(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_690(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_5a0(Eurydice_array_to_slice( + kdf_d8_540(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_5a0(shared_secret0, shared_secret1); + kdf_d8_540(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_49(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6004,7 +6006,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6018,7 +6020,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_3d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_ec(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6029,13 +6031,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_85( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_7d();); - deserialize_ring_elements_reduced_3d0(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_7d();); + deserialize_ring_elements_reduced_fb0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6048,7 +6050,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_720( +static KRML_MUSTINLINE void serialize_secret_key_050( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6066,7 +6068,7 @@ static KRML_MUSTINLINE void serialize_secret_key_720( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_88(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6081,13 +6083,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_820( +static KRML_MUSTINLINE void serialize_public_key_mut_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_720(t_as_ntt, ret); + serialize_secret_key_050(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6104,11 +6106,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_390( +static KRML_MUSTINLINE void serialize_public_key_f70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_820(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_7b0(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -6122,15 +6124,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_95(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_2e(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_85( + deserialize_ring_elements_reduced_out_bf( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_390( + serialize_public_key_f70( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6160,7 +6162,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ca( +bool libcrux_ml_kem_ind_cca_validate_private_key_c6( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -6188,18 +6190,18 @@ typedef struct IndCpaPrivateKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_f6_190(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_ef_7d(); - lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[0U] = ZERO_20_7d(); + lit.secret_as_ntt[1U] = ZERO_20_7d(); return lit; } @@ -6218,28 +6220,28 @@ typedef struct IndCpaPublicKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_85_800(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_ef_7d();); + uu____0[i] = ZERO_20_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_7d(); - lit.A[0U][1U] = ZERO_ef_7d(); - lit.A[1U][0U] = ZERO_ef_7d(); - lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[0U][0U] = ZERO_20_7d(); + lit.A[0U][1U] = ZERO_20_7d(); + lit.A[1U][0U] = ZERO_20_7d(); + lit.A[1U][1U] = ZERO_20_7d(); return lit; } @@ -6266,7 +6268,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e0( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6569,7 +6571,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_ef_14( + return from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6775,7 +6777,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_7d();); + re_as_ntt[i] = ZERO_20_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6796,16 +6798,15 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_310( +static KRML_MUSTINLINE void add_to_ring_element_20_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6839,7 +6840,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6852,10 +6853,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_310(&t_as_ntt[i0], &product); + ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6873,7 +6874,7 @@ static void generate_keypair_unpacked_4a0( IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_7e0(key_generation_seed, hashed); + cpa_keygen_seed_d8_0e0(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6908,7 +6909,7 @@ static void generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6924,18 +6925,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1c( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1e( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); + IndCpaPrivateKeyUnpacked_d6 private_key = default_f6_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_85_800(); generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_390( + serialize_public_key_f70( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_720(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_050(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6959,7 +6960,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_28( +static KRML_MUSTINLINE void serialize_kem_secret_key_7b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7014,7 +7015,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7024,13 +7025,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_1c(ind_cpa_keypair_randomness); + generate_keypair_1e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_28( + serialize_kem_secret_key_7b( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7039,13 +7040,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_2a( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d( - uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f6( + uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); } /** @@ -7058,7 +7059,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_7b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7121,10 +7122,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_460(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2d0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_7d();); + error_1[i] = ZERO_20_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7177,18 +7178,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_4a0( +static KRML_MUSTINLINE void invert_ntt_montgomery_0c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f8(&zeta_i, re); - invert_ntt_at_layer_2_de(&zeta_i, re); - invert_ntt_at_layer_3_0f(&zeta_i, re); + invert_ntt_at_layer_1_92(&zeta_i, re); + invert_ntt_at_layer_2_7a(&zeta_i, re); + invert_ntt_at_layer_3_2e(&zeta_i, re); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_09(re); + poly_barrett_reduce_20_09(re); } /** @@ -7197,14 +7198,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a90( +static KRML_MUSTINLINE void compute_vector_u_7f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_7d();); + result0[i] = ZERO_20_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7224,11 +7225,11 @@ static KRML_MUSTINLINE void compute_vector_u_a90( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_310(&result0[i1], &product); + ntt_multiply_20_63(a_element, &r_as_ntt[j]); + add_to_ring_element_20_310(&result0[i1], &product); } - invert_ntt_montgomery_4a0(&result0[i1]); - add_error_reduce_ef_84(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_0c0(&result0[i1]); + add_error_reduce_20_a2(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7246,18 +7247,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_e60( +compute_ring_element_v_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_310(&result, &product);); - invert_ntt_montgomery_4a0(&result); - result = add_message_error_reduce_ef_b0(error_2, message, result); + ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_310(&result, &product);); + invert_ntt_montgomery_0c0(&result); + result = add_message_error_reduce_20_df(error_2, message, result); return result; } @@ -7270,7 +7271,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_490( +static void compress_then_serialize_u_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7286,7 +7287,7 @@ static void compress_then_serialize_u_490( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_130(&re, ret); + compress_then_serialize_ring_element_u_430(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7309,7 +7310,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_670(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_720(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7327,7 +7328,7 @@ static void encrypt_unpacked_670(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_460(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2d0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7341,25 +7342,25 @@ static void encrypt_unpacked_670(IndCpaPublicKeyUnpacked_d6 *public_key, sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_a90(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_7f0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_a6(copy_of_message); + deserialize_then_decompress_message_4f(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_e60(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ac0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_490( + compress_then_serialize_u_6d0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_460( + compress_then_serialize_ring_element_v_610( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7382,10 +7383,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_60(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); - deserialize_ring_elements_reduced_3d0( + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_85_800(); + deserialize_ring_elements_reduced_fb0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -7400,7 +7401,7 @@ static void encrypt_60(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_670(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_720(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7415,7 +7416,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_5a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_54(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7442,11 +7443,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c2( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_7b( + entropy_preprocess_d8_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7456,7 +7457,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( size_t); uint8_t ret[32U]; H_a9_160(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7470,19 +7471,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_69(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_fc0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1f0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_5a(shared_secret, shared_secret_array); + kdf_d8_54(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7501,12 +7502,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_94( +static KRML_MUSTINLINE void deserialize_secret_key_18( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_7d();); + secret_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7518,7 +7519,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_94( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_d1(secret_bytes); + deserialize_to_uncompressed_ring_element_59(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -7538,12 +7539,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_840( +static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_7d();); + u_as_ntt[i] = ZERO_20_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7561,8 +7562,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_840( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cc0(u_bytes); - ntt_vector_u_600(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_880(u_bytes); + ntt_vector_u_2c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7576,17 +7577,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_780( +compute_message_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_310(&result, &product);); - invert_ntt_montgomery_4a0(&result); - result = subtract_reduce_ef_79(v, result); + ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_310(&result, &product);); + invert_ntt_montgomery_0c0(&result); + result = subtract_reduce_20_27(v, result); return result; } @@ -7600,18 +7601,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_cb0(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_e50(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_840(ciphertext, u_as_ntt); + deserialize_then_decompress_u_a80(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_800( + deserialize_then_decompress_ring_element_v_050( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_780(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a40(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_e4(message, ret0); + compress_then_serialize_message_d2(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7625,10 +7626,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_b8(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_98(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_94(secret_key, secret_as_ntt); + deserialize_secret_key_18(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7639,7 +7640,7 @@ static void decrypt_b8(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_cb0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_e50(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7679,7 +7680,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ab( +void libcrux_ml_kem_ind_cca_decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7697,7 +7698,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_b8(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_98(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7719,7 +7720,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_470(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_490(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7729,16 +7730,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_ab( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_60(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_69(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_5a(Eurydice_array_to_slice((size_t)32U, + kdf_d8_54(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_5a(shared_secret0, shared_secret1); + kdf_d8_54(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_470(ciphertext), + libcrux_ml_kem_types_as_ref_00_490(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 679ea6f82..b1d46ac81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index ccc6f3b26..f54504354 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "internal/libcrux_mlkem_portable.h" @@ -79,7 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_26_30(dst, ret); + core_result_unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1146,15 +1146,15 @@ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = (int16_t) + a.elements[i0] = (int16_t) libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); + (uint16_t)a.elements[i0]); } - return v; + return a; } /** @@ -1163,8 +1163,8 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_1(a); } KRML_MUSTINLINE uint32_t @@ -2281,16 +2281,15 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2318,8 +2317,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_to_reduced_ring_element_8a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2340,7 +2339,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2354,7 +2353,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d3(ring_element); + deserialize_to_reduced_ring_element_8a(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2365,13 +2364,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_581( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_611( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_19();); - deserialize_ring_elements_reduced_8b(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_bb(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2383,7 +2382,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +shift_right_3c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2402,8 +2401,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_64(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_95(v); +shift_right_0d_3e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_3c(v); } /** @@ -2416,27 +2415,41 @@ static libcrux_ml_kem_vector_portable_vector_type_PortableVector to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_64(a); + shift_right_0d_3e(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_portable_add_0d(a, &fm); } +/** +A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +to_unsigned_field_modulus_c4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + to_unsigned_representative_9f(a); + return result; +} + /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_9f(re->coefficients[i0]); + to_unsigned_field_modulus_c4(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2444,7 +2457,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c4( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); + uint8_t result[384U]; + memcpy(result, serialized, (size_t)384U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)384U * sizeof(uint8_t)); } /** @@ -2454,7 +2469,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_80( +static KRML_MUSTINLINE void serialize_secret_key_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2472,7 +2487,7 @@ static KRML_MUSTINLINE void serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2487,13 +2502,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_1d( +static KRML_MUSTINLINE void serialize_public_key_mut_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_80(t_as_ntt, ret); + serialize_secret_key_1d(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2510,11 +2525,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_96( +static KRML_MUSTINLINE void serialize_public_key_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_1d(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_0d(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -2528,15 +2543,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3c1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f71(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_581( + deserialize_ring_elements_reduced_out_611( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_96( + serialize_public_key_8c( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2566,7 +2581,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_53( +bool libcrux_ml_kem_ind_cca_validate_private_key_ed( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -2594,20 +2609,20 @@ typedef struct IndCpaPrivateKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_f6_a3(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_ef_19(); - lit.secret_as_ntt[1U] = ZERO_ef_19(); - lit.secret_as_ntt[2U] = ZERO_ef_19(); - lit.secret_as_ntt[3U] = ZERO_ef_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[2U] = ZERO_20_19(); + lit.secret_as_ntt[3U] = ZERO_20_19(); return lit; } @@ -2626,40 +2641,40 @@ typedef struct IndCpaPublicKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_85_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_ef_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_19(); - lit.A[0U][1U] = ZERO_ef_19(); - lit.A[0U][2U] = ZERO_ef_19(); - lit.A[0U][3U] = ZERO_ef_19(); - lit.A[1U][0U] = ZERO_ef_19(); - lit.A[1U][1U] = ZERO_ef_19(); - lit.A[1U][2U] = ZERO_ef_19(); - lit.A[1U][3U] = ZERO_ef_19(); - lit.A[2U][0U] = ZERO_ef_19(); - lit.A[2U][1U] = ZERO_ef_19(); - lit.A[2U][2U] = ZERO_ef_19(); - lit.A[2U][3U] = ZERO_ef_19(); - lit.A[3U][0U] = ZERO_ef_19(); - lit.A[3U][1U] = ZERO_ef_19(); - lit.A[3U][2U] = ZERO_ef_19(); - lit.A[3U][3U] = ZERO_ef_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[0U][2U] = ZERO_20_19(); + lit.A[0U][3U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); + lit.A[1U][2U] = ZERO_20_19(); + lit.A[1U][3U] = ZERO_20_19(); + lit.A[2U][0U] = ZERO_20_19(); + lit.A[2U][1U] = ZERO_20_19(); + lit.A[2U][2U] = ZERO_20_19(); + lit.A[2U][3U] = ZERO_20_19(); + lit.A[3U][0U] = ZERO_20_19(); + lit.A[3U][1U] = ZERO_20_19(); + lit.A[3U][2U] = ZERO_20_19(); + lit.A[3U][3U] = ZERO_20_19(); return lit; } @@ -2686,7 +2701,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_61( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_39( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2981,18 +2996,17 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_ef_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); +from_i16_array_20_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3014,7 +3028,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_ef_bb( + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3183,7 +3197,7 @@ sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_bb( + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3227,7 +3241,7 @@ sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_bb( + return from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3393,16 +3407,15 @@ static KRML_MUSTINLINE void ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_0a( +static KRML_MUSTINLINE void poly_barrett_reduce_20_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3430,7 +3443,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_ef_0a(re); + poly_barrett_reduce_20_0a(re); } /** @@ -3489,7 +3502,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3510,19 +3523,18 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3543,16 +3555,15 @@ ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_3a( +static KRML_MUSTINLINE void add_to_ring_element_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3585,16 +3596,15 @@ to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( +static KRML_MUSTINLINE void add_standard_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3630,7 +3640,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3643,10 +3653,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3664,7 +3674,7 @@ static void generate_keypair_unpacked_86( IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_61(key_generation_seed, hashed); + cpa_keygen_seed_d8_39(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3699,7 +3709,7 @@ static void generate_keypair_unpacked_86( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -3715,18 +3725,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ea1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_791( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); + IndCpaPrivateKeyUnpacked_42 private_key = default_f6_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_85_6b(); generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_96( + serialize_public_key_8c( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_80(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3750,7 +3760,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_bb( +static KRML_MUSTINLINE void serialize_kem_secret_key_64( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3806,7 +3816,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3815,13 +3825,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ea1(ind_cpa_keypair_randomness); + generate_keypair_791(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_bb( + serialize_kem_secret_key_64( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3830,13 +3840,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b21(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_721(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d1( - uu____2, libcrux_ml_kem_types_from_5a_c61(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f61( + uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key)); } /** @@ -3849,7 +3859,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_f3(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_8d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3867,10 +3877,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_72(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f9(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_19();); + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3935,7 +3945,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2e( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3956,7 +3966,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_42( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_82( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3975,7 +3985,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_0c( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_be( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3995,7 +4005,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_1b( + inv_ntt_layer_int_vec_step_reduce_66( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4015,7 +4025,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4030,7 +4040,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_6a( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_1b( + inv_ntt_layer_int_vec_step_reduce_66( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4047,32 +4057,31 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_04( +static KRML_MUSTINLINE void invert_ntt_montgomery_45( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2e(&zeta_i, re); - invert_ntt_at_layer_2_42(&zeta_i, re); - invert_ntt_at_layer_3_0c(&zeta_i, re); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_0a(re); + invert_ntt_at_layer_1_9d(&zeta_i, re); + invert_ntt_at_layer_2_82(&zeta_i, re); + invert_ntt_at_layer_3_be(&zeta_i, re); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_15( +static KRML_MUSTINLINE void add_error_reduce_20_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4096,14 +4105,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_02( +static KRML_MUSTINLINE void compute_vector_u_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_19();); + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4123,11 +4132,11 @@ static KRML_MUSTINLINE void compute_vector_u_02( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_3a(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a(&result0[i1], &product); } - invert_ntt_montgomery_04(&result0[i1]); - add_error_reduce_ef_15(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_45(&result0[i1]); + add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4163,8 +4172,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_message_52(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4181,17 +4190,16 @@ deserialize_then_decompress_message_c9(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_ef_f0( +add_message_error_reduce_20_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4221,18 +4229,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c7( +compute_ring_element_v_14( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_3a(&result, &product);); - invert_ntt_montgomery_04(&result); - result = add_message_error_reduce_ef_f0(error_2, message, result); + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a(&result, &product);); + invert_ntt_montgomery_45(&result); + result = add_message_error_reduce_20_42(error_2, message, result); return result; } @@ -4242,16 +4250,16 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_6c(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_c5(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)10, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4263,9 +4271,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_20( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_6c(v); +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_4f( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_c5(a); } /** @@ -4274,16 +4282,16 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_6c0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_c50(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)11, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4296,8 +4304,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_200(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_6c0(v); +compress_0d_4f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_c50(a); } /** @@ -4306,14 +4314,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_ba( +static KRML_MUSTINLINE void compress_then_serialize_11_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_200(to_unsigned_representative_9f(re->coefficients[i0])); + compress_0d_4f0(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4331,10 +4339,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ed( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_03( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_ba(re, uu____0); + compress_then_serialize_11_8b(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4347,7 +4355,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_bf( +static void compress_then_serialize_u_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4363,7 +4371,7 @@ static void compress_then_serialize_u_bf( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_ed(&re, ret); + compress_then_serialize_ring_element_u_03(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4375,16 +4383,16 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_6c1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_c51(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)4, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4397,8 +4405,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_201(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_6c1(v); +compress_0d_4f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_c51(a); } /** @@ -4407,16 +4415,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( +static KRML_MUSTINLINE void compress_then_serialize_4_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_201(to_unsigned_representative_9f(re.coefficients[i0])); + compress_0d_4f1(to_unsigned_field_modulus_c4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4432,16 +4438,16 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_6c2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_c52(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)5, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4454,8 +4460,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_202(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_6c2(v); +compress_0d_4f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_c52(a); } /** @@ -4464,16 +4470,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_96( +static KRML_MUSTINLINE void compress_then_serialize_5_32( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_202(to_unsigned_representative_9f(re.coefficients[i0])); + compress_0d_4f2(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4490,9 +4494,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_de( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_96(re, out); + compress_then_serialize_5_32(re, out); } /** @@ -4513,7 +4517,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_0d(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_ad(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4531,7 +4535,7 @@ static void encrypt_unpacked_0d(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_72(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f9(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4545,25 +4549,25 @@ static void encrypt_unpacked_0d(IndCpaPublicKeyUnpacked_42 *public_key, sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_02(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_cc(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c9(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c7(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_14(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_bf( + compress_then_serialize_u_7a( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_de( + compress_then_serialize_ring_element_v_8f( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4587,10 +4591,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5f1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f41(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); - deserialize_ring_elements_reduced_8b( + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_85_6b(); + deserialize_ring_elements_reduced_bb( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4605,7 +4609,7 @@ static void encrypt_5f1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_0d(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_ad(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4620,7 +4624,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_cf(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_f0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4647,11 +4651,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_361( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_f3( + entropy_preprocess_d8_8d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4661,7 +4665,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( size_t); uint8_t ret[32U]; H_f1_c6(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4675,19 +4679,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_131( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cc(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_5f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_fc(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1f(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_cf(shared_secret, shared_secret_array); + kdf_d8_f0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4707,8 +4711,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_0b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_to_uncompressed_ring_element_7a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4727,12 +4731,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_e71( +static KRML_MUSTINLINE void deserialize_secret_key_a71( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4744,7 +4748,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_0b(secret_bytes); + deserialize_to_uncompressed_ring_element_7a(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -4763,7 +4767,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_be( +decompress_ciphertext_coefficient_b4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4788,9 +4792,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4f( +decompress_ciphertext_coefficient_0d_4c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_be(v); + return decompress_ciphertext_coefficient_b4(v); } /** @@ -4800,8 +4804,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_c9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_10_58(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4817,7 +4821,7 @@ deserialize_then_decompress_10_c9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4f(coefficient); + decompress_ciphertext_coefficient_0d_4c(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4830,7 +4834,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_be0( +decompress_ciphertext_coefficient_b40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4855,9 +4859,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4f0( +decompress_ciphertext_coefficient_0d_4c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_be0(v); + return decompress_ciphertext_coefficient_b40(v); } /** @@ -4867,8 +4871,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_fe(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_11_5c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4877,7 +4881,7 @@ deserialize_then_decompress_11_fe(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4f0(coefficient); + decompress_ciphertext_coefficient_0d_4c0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4890,8 +4894,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { - return deserialize_then_decompress_11_fe(serialized); +deserialize_then_decompress_ring_element_u_9c(Eurydice_slice serialized) { + return deserialize_then_decompress_11_5c(serialized); } /** @@ -4900,7 +4904,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2a( +static KRML_MUSTINLINE void ntt_vector_u_72( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); @@ -4910,7 +4914,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2a( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_ef_0a(re); + poly_barrett_reduce_20_0a(re); } /** @@ -4921,12 +4925,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7c( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_19();); + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4944,8 +4948,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); - ntt_vector_u_2a(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c(u_bytes); + ntt_vector_u_72(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4959,7 +4963,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_be1( +decompress_ciphertext_coefficient_b41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4984,9 +4988,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4f1( +decompress_ciphertext_coefficient_0d_4c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_be1(v); + return decompress_ciphertext_coefficient_b41(v); } /** @@ -4996,8 +5000,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_c2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_4_6c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5006,7 +5010,7 @@ deserialize_then_decompress_4_c2(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4f1(coefficient); + decompress_ciphertext_coefficient_0d_4c1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5019,7 +5023,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_be2( +decompress_ciphertext_coefficient_b42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5044,9 +5048,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4f2( +decompress_ciphertext_coefficient_0d_4c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_be2(v); + return decompress_ciphertext_coefficient_b42(v); } /** @@ -5056,8 +5060,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_5_96(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5066,7 +5070,7 @@ deserialize_then_decompress_5_a7(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_4f2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_4c2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5079,23 +5083,22 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_41(Eurydice_slice serialized) { - return deserialize_then_decompress_5_a7(serialized); +deserialize_then_decompress_ring_element_v_ad(Eurydice_slice serialized) { + return deserialize_then_decompress_5_96(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_ef_1e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_20_87(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5120,17 +5123,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_b7( +compute_message_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_3a(&result, &product);); - invert_ntt_montgomery_04(&result); - result = subtract_reduce_ef_1e(v, result); + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a(&result, &product);); + invert_ntt_montgomery_45(&result); + result = subtract_reduce_20_87(v, result); return result; } @@ -5140,13 +5143,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_2c( +static KRML_MUSTINLINE void compress_then_serialize_message_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_9f(re.coefficients[i0]); + to_unsigned_field_modulus_c4(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5157,7 +5160,9 @@ static KRML_MUSTINLINE void compress_then_serialize_message_2c( Eurydice_slice_copy(uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, serialized, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -5170,18 +5175,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_ed(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_81(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_7c(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_41( + deserialize_then_decompress_ring_element_v_ad( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_b7(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); + compress_then_serialize_message_4f(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5195,10 +5200,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_1f1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_411(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_e71(secret_key, secret_as_ntt); + deserialize_secret_key_a71(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5209,7 +5214,7 @@ static void decrypt_1f1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_ed(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_81(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5261,7 +5266,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_551( +void libcrux_ml_kem_ind_cca_decapsulate_391( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5279,7 +5284,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_551( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_1f1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_411(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5301,7 +5306,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_551( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_49(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5311,17 +5316,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_551( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_5f1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_f41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_cf(Eurydice_array_to_slice((size_t)32U, + kdf_d8_f0(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_cf(shared_secret0, shared_secret1); + kdf_d8_f0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_49(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5336,7 +5341,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5350,7 +5355,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d3(ring_element); + deserialize_to_reduced_ring_element_8a(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5361,13 +5366,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_580( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_610( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_19();); - deserialize_ring_elements_reduced_8b0(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_bb0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5380,7 +5385,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_800( +static KRML_MUSTINLINE void serialize_secret_key_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5398,7 +5403,7 @@ static KRML_MUSTINLINE void serialize_secret_key_800( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5413,13 +5418,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_1d0( +static KRML_MUSTINLINE void serialize_public_key_mut_0d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_800(t_as_ntt, ret); + serialize_secret_key_1d0(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5436,11 +5441,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_960( +static KRML_MUSTINLINE void serialize_public_key_8c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_1d0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_0d0(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -5454,15 +5459,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3c0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f70(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_580( + deserialize_ring_elements_reduced_out_610( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_960( + serialize_public_key_8c0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5492,7 +5497,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_24( +bool libcrux_ml_kem_ind_cca_validate_private_key_d8( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -5520,18 +5525,18 @@ typedef struct IndCpaPrivateKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_f6_a30(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_ef_19(); - lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); return lit; } @@ -5550,28 +5555,28 @@ typedef struct IndCpaPublicKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_85_6b0(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_ef_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_19(); - lit.A[0U][1U] = ZERO_ef_19(); - lit.A[1U][0U] = ZERO_ef_19(); - lit.A[1U][1U] = ZERO_ef_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); return lit; } @@ -5598,7 +5603,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_c9( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_eb( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5900,7 +5905,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_ef_bb( + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6095,7 +6100,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6116,16 +6121,15 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( +static KRML_MUSTINLINE void add_to_ring_element_20_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6163,7 +6167,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6176,10 +6180,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6197,7 +6201,7 @@ static void generate_keypair_unpacked_860( IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_c9(key_generation_seed, hashed); + cpa_keygen_seed_d8_eb(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6232,7 +6236,7 @@ static void generate_keypair_unpacked_860( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6248,18 +6252,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ea0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_790( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); + IndCpaPrivateKeyUnpacked_ae private_key = default_f6_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_85_6b0(); generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_960( + serialize_public_key_8c0( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_800(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6283,7 +6287,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_ad( +static KRML_MUSTINLINE void serialize_kem_secret_key_ee( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6339,7 +6343,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6348,13 +6352,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ea0(ind_cpa_keypair_randomness); + generate_keypair_790(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_ad( + serialize_kem_secret_key_ee( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6363,13 +6367,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d( - uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f6( + uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); } /** @@ -6382,7 +6386,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_91(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6432,10 +6436,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_720(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f90(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_19();); + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6488,18 +6492,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_040( +static KRML_MUSTINLINE void invert_ntt_montgomery_450( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2e(&zeta_i, re); - invert_ntt_at_layer_2_42(&zeta_i, re); - invert_ntt_at_layer_3_0c(&zeta_i, re); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_0a(re); + invert_ntt_at_layer_1_9d(&zeta_i, re); + invert_ntt_at_layer_2_82(&zeta_i, re); + invert_ntt_at_layer_3_be(&zeta_i, re); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } /** @@ -6508,14 +6512,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_020( +static KRML_MUSTINLINE void compute_vector_u_cc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_19();); + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6535,11 +6539,11 @@ static KRML_MUSTINLINE void compute_vector_u_020( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_3a0(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a0(&result0[i1], &product); } - invert_ntt_montgomery_040(&result0[i1]); - add_error_reduce_ef_15(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_450(&result0[i1]); + add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6557,18 +6561,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c70( +compute_ring_element_v_140( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_3a0(&result, &product);); - invert_ntt_montgomery_040(&result); - result = add_message_error_reduce_ef_f0(error_2, message, result); + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a0(&result, &product);); + invert_ntt_montgomery_450(&result); + result = add_message_error_reduce_20_42(error_2, message, result); return result; } @@ -6578,14 +6582,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_7e0( +static KRML_MUSTINLINE void compress_then_serialize_10_630( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_20(to_unsigned_representative_9f(re->coefficients[i0])); + compress_0d_4f(to_unsigned_field_modulus_c4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6593,7 +6597,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_7e0( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + uint8_t result[320U]; + memcpy(result, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)320U * sizeof(uint8_t)); } /** @@ -6603,10 +6609,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_ed0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_030( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_7e0(re, uu____0); + compress_then_serialize_10_630(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6619,7 +6625,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_bf0( +static void compress_then_serialize_u_7a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6635,7 +6641,7 @@ static void compress_then_serialize_u_bf0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_ed0(&re, ret); + compress_then_serialize_ring_element_u_030(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6648,9 +6654,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_de0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); + compress_then_serialize_4_51(re, out); } /** @@ -6671,7 +6677,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_0d0(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_ad0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6690,7 +6696,7 @@ static void encrypt_unpacked_0d0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_720(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f90(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6704,25 +6710,25 @@ static void encrypt_unpacked_0d0(IndCpaPublicKeyUnpacked_ae *public_key, sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_020(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_cc0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c9(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c70(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_140(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_bf0( + compress_then_serialize_u_7a0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_de0( + compress_then_serialize_ring_element_v_8f0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6746,10 +6752,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f40(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); - deserialize_ring_elements_reduced_8b0( + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_85_6b0(); + deserialize_ring_elements_reduced_bb0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6764,7 +6770,7 @@ static void encrypt_5f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_0d0(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_ad0(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -6779,7 +6785,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_3b(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6806,11 +6812,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_360( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_64( + entropy_preprocess_d8_91( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6820,7 +6826,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( size_t); uint8_t ret[32U]; H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6834,19 +6840,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_130( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cc0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_5f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_fc0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1f0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_c2(shared_secret, shared_secret_array); + kdf_d8_3b(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6865,12 +6871,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_e70( +static KRML_MUSTINLINE void deserialize_secret_key_a70( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6882,7 +6888,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_0b(secret_bytes); + deserialize_to_uncompressed_ring_element_7a(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -6901,8 +6907,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { - return deserialize_then_decompress_10_c9(serialized); +deserialize_then_decompress_ring_element_u_9c0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_58(serialized); } /** @@ -6911,7 +6917,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2a0( +static KRML_MUSTINLINE void ntt_vector_u_720( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); @@ -6921,7 +6927,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2a0( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_ef_0a(re); + poly_barrett_reduce_20_0a(re); } /** @@ -6932,12 +6938,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7c0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_19();); + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6955,8 +6961,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); - ntt_vector_u_2a0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c0(u_bytes); + ntt_vector_u_720(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6970,8 +6976,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_410(Eurydice_slice serialized) { - return deserialize_then_decompress_4_c2(serialized); +deserialize_then_decompress_ring_element_v_ad0(Eurydice_slice serialized) { + return deserialize_then_decompress_4_6c(serialized); } /** @@ -6981,17 +6987,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_b70( +compute_message_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_3a0(&result, &product);); - invert_ntt_montgomery_040(&result); - result = subtract_reduce_ef_1e(v, result); + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a0(&result, &product);); + invert_ntt_montgomery_450(&result); + result = subtract_reduce_20_87(v, result); return result; } @@ -7005,18 +7011,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_ed0(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_810(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_7c0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_410( + deserialize_then_decompress_ring_element_v_ad0( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_b70(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); + compress_then_serialize_message_4f(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7030,10 +7036,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_1f0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_410(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_e70(secret_key, secret_as_ntt); + deserialize_secret_key_a70(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7044,7 +7050,7 @@ static void decrypt_1f0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_ed0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_810(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7084,7 +7090,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_550( +void libcrux_ml_kem_ind_cca_decapsulate_390( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7102,7 +7108,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_550( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_1f0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_410(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7124,7 +7130,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_550( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_470(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_490(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7134,17 +7140,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_550( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_5f0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_f40(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_c2(Eurydice_array_to_slice((size_t)32U, + kdf_d8_3b(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_c2(shared_secret0, shared_secret1); + kdf_d8_3b(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_470(ciphertext), + libcrux_ml_kem_types_as_ref_00_490(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7159,7 +7165,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -7173,7 +7179,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_8b1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d3(ring_element); + deserialize_to_reduced_ring_element_8a(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7184,13 +7190,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_58( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_61( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_19();); - deserialize_ring_elements_reduced_8b1(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_20_19();); + deserialize_ring_elements_reduced_bb1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7203,7 +7209,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_801( +static KRML_MUSTINLINE void serialize_secret_key_1d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7221,7 +7227,7 @@ static KRML_MUSTINLINE void serialize_secret_key_801( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c4(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7236,13 +7242,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_1d1( +static KRML_MUSTINLINE void serialize_public_key_mut_0d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_801(t_as_ntt, ret); + serialize_secret_key_1d1(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7259,11 +7265,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_961( +static KRML_MUSTINLINE void serialize_public_key_8c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_1d1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_0d1(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -7277,15 +7283,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3c(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f7(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_58( + deserialize_ring_elements_reduced_out_61( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_961( + serialize_public_key_8c1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7315,7 +7321,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_9e( +bool libcrux_ml_kem_ind_cca_validate_private_key_c3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -7343,19 +7349,19 @@ typedef struct IndCpaPrivateKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_f6_a31(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_ef_19(); - lit.secret_as_ntt[1U] = ZERO_ef_19(); - lit.secret_as_ntt[2U] = ZERO_ef_19(); + lit.secret_as_ntt[0U] = ZERO_20_19(); + lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[2U] = ZERO_20_19(); return lit; } @@ -7374,33 +7380,33 @@ typedef struct IndCpaPublicKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_85_6b1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_ef_19();); + uu____0[i] = ZERO_20_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_19(); - lit.A[0U][1U] = ZERO_ef_19(); - lit.A[0U][2U] = ZERO_ef_19(); - lit.A[1U][0U] = ZERO_ef_19(); - lit.A[1U][1U] = ZERO_ef_19(); - lit.A[1U][2U] = ZERO_ef_19(); - lit.A[2U][0U] = ZERO_ef_19(); - lit.A[2U][1U] = ZERO_ef_19(); - lit.A[2U][2U] = ZERO_ef_19(); + lit.A[0U][0U] = ZERO_20_19(); + lit.A[0U][1U] = ZERO_20_19(); + lit.A[0U][2U] = ZERO_20_19(); + lit.A[1U][0U] = ZERO_20_19(); + lit.A[1U][1U] = ZERO_20_19(); + lit.A[1U][2U] = ZERO_20_19(); + lit.A[2U][0U] = ZERO_20_19(); + lit.A[2U][1U] = ZERO_20_19(); + lit.A[2U][2U] = ZERO_20_19(); return lit; } @@ -7427,7 +7433,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_26( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_99( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7729,7 +7735,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_ef_bb( + return from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7913,7 +7919,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_19();); + re_as_ntt[i] = ZERO_20_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7934,16 +7940,15 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( +static KRML_MUSTINLINE void add_to_ring_element_20_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7981,7 +7986,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7994,10 +7999,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); + ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_20_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8015,7 +8020,7 @@ static void generate_keypair_unpacked_861( IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_26(key_generation_seed, hashed); + cpa_keygen_seed_d8_99(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8050,7 +8055,7 @@ static void generate_keypair_unpacked_861( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_26_33(dst, uu____5); + core_result_unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8066,18 +8071,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ea( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_79( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); + IndCpaPrivateKeyUnpacked_f8 private_key = default_f6_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_85_6b1(); generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_961( + serialize_public_key_8c1( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_801(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8101,7 +8106,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_59( +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8157,7 +8162,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8166,13 +8171,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ea(ind_cpa_keypair_randomness); + generate_keypair_79(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_59( + serialize_kem_secret_key_d8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8181,13 +8186,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_720(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d0( - uu____2, libcrux_ml_kem_types_from_5a_c60(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f60( + uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key)); } /** @@ -8200,7 +8205,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_b7(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_03(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8218,10 +8223,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_721(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_f91(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_19();); + error_1[i] = ZERO_20_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8274,18 +8279,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_041( +static KRML_MUSTINLINE void invert_ntt_montgomery_451( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2e(&zeta_i, re); - invert_ntt_at_layer_2_42(&zeta_i, re); - invert_ntt_at_layer_3_0c(&zeta_i, re); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_6a(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_0a(re); + invert_ntt_at_layer_1_9d(&zeta_i, re); + invert_ntt_at_layer_2_82(&zeta_i, re); + invert_ntt_at_layer_3_be(&zeta_i, re); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_20_0a(re); } /** @@ -8294,14 +8299,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_021( +static KRML_MUSTINLINE void compute_vector_u_cc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_19();); + result0[i] = ZERO_20_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8321,11 +8326,11 @@ static KRML_MUSTINLINE void compute_vector_u_021( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_3a1(&result0[i1], &product); + ntt_multiply_20_76(a_element, &r_as_ntt[j]); + add_to_ring_element_20_3a1(&result0[i1], &product); } - invert_ntt_montgomery_041(&result0[i1]); - add_error_reduce_ef_15(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_451(&result0[i1]); + add_error_reduce_20_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8343,18 +8348,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c71( +compute_ring_element_v_141( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_3a1(&result, &product);); - invert_ntt_montgomery_041(&result); - result = add_message_error_reduce_ef_f0(error_2, message, result); + ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_20_3a1(&result, &product);); + invert_ntt_montgomery_451(&result); + result = add_message_error_reduce_20_42(error_2, message, result); return result; } @@ -8367,7 +8372,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_bf1( +static void compress_then_serialize_u_7a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8383,7 +8388,7 @@ static void compress_then_serialize_u_bf1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_ed0(&re, ret); + compress_then_serialize_ring_element_u_030(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8407,7 +8412,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_0d1(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_ad1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -8427,7 +8432,7 @@ static void encrypt_unpacked_0d1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_721(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_f91(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8441,25 +8446,25 @@ static void encrypt_unpacked_0d1(IndCpaPublicKeyUnpacked_f8 *public_key, sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_021(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_cc1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c9(copy_of_message); + deserialize_then_decompress_message_52(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c71(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_141(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_bf1( + compress_then_serialize_u_7a1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_de0( + compress_then_serialize_ring_element_v_8f0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8483,10 +8488,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_5f(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); - deserialize_ring_elements_reduced_8b1( + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_85_6b1(); + deserialize_ring_elements_reduced_bb1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -8501,7 +8506,7 @@ static void encrypt_5f(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_0d1(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_ad1(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8516,7 +8521,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_1a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_b2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8543,11 +8548,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_36( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_b7( + entropy_preprocess_d8_03( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8557,7 +8562,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( size_t); uint8_t ret[32U]; H_f1_c61(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8571,19 +8576,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_13( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cc1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_5f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_f4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_fc1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_1f1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_1a(shared_secret, shared_secret_array); + kdf_d8_b2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8602,12 +8607,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_e7( +static KRML_MUSTINLINE void deserialize_secret_key_a7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_19();); + secret_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8619,7 +8624,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_e7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_0b(secret_bytes); + deserialize_to_uncompressed_ring_element_7a(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -8639,12 +8644,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7c1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_19();); + u_as_ntt[i] = ZERO_20_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8662,8 +8667,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); - ntt_vector_u_2a0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c0(u_bytes); + ntt_vector_u_720(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8677,17 +8682,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_b71( +compute_message_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_3a1(&result, &product);); - invert_ntt_montgomery_041(&result); - result = subtract_reduce_ef_1e(v, result); + ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_20_3a1(&result, &product);); + invert_ntt_montgomery_451(&result); + result = subtract_reduce_20_87(v, result); return result; } @@ -8701,18 +8706,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_ed1(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_811(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_7c1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1e1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_410( + deserialize_then_decompress_ring_element_v_ad0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_b71(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2c(message, ret0); + compress_then_serialize_message_4f(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8726,10 +8731,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_1f(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_41(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_e7(secret_key, secret_as_ntt); + deserialize_secret_key_a7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8740,7 +8745,7 @@ static void decrypt_1f(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_ed1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_811(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8780,7 +8785,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_55( +void libcrux_ml_kem_ind_cca_decapsulate_39( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8798,7 +8803,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_55( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_1f(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_41(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8820,7 +8825,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_55( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_471(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_491(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -8830,16 +8835,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_55( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_5f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_f4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_1a(Eurydice_array_to_slice((size_t)32U, + kdf_d8_b2(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_1a(shared_secret0, shared_secret1); + kdf_d8_b2(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_471(ciphertext), + libcrux_ml_kem_types_as_ref_00_491(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 626edaff4..148c73ed6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem_portable_H @@ -312,7 +312,7 @@ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector a); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for @@ -320,7 +320,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector a); uint32_t libcrux_ml_kem_vector_portable_arithmetic_get_n_least_significant_bits( uint8_t n, uint32_t value); diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3ae00514c..7c2339260 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 467def628..1ff80c854 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_89_71(void) { +new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_89_71(); + return new_1e_71(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 47d070cdc..4a83c4c39 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 3678325cd..2986801bc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_89_cf(void) { +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1740,7 +1740,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2089,7 +2089,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2130,7 +2130,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2438,7 +2438,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2479,7 +2479,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_26_0e(dst, uu____0); + core_result_unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index f0331c49a..ebfa2320d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index ec5a84fa2..6756fcc4b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 12d9d454e..21d1a541d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 -Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac -Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty -Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 +Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d +Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 +Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd +Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index ad3b32845..a68cda013 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_core_H @@ -97,15 +97,14 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -131,15 +130,14 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -165,15 +163,14 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -221,7 +218,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_4c( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_e2( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -245,7 +242,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_5a_c6(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_5a_45(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -279,7 +276,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_3a_8d(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_3a_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -295,7 +292,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_7f_72(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_7f_8c(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -318,15 +315,14 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -359,7 +355,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_c4(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_6e(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -376,7 +372,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_e0( +static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_0e( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -428,7 +424,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_d9( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_b6( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -485,15 +481,14 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -519,15 +514,14 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result[TraitClause@0, -TraitClause@1]} +This function found in impl {core::result::Result} */ /** -A monomorphic instance of core.result.unwrap_26 +A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index f3a831536..525ed90e5 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 674633a41..d84185894 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_avx2_H @@ -723,7 +723,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, ret0); + unwrap_41_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -823,7 +823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_26_07(dst, ret0); + unwrap_41_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -936,7 +936,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_26_ea(dst, ret0); + unwrap_41_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1081,7 +1081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_26_76(dst, ret0); + unwrap_41_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1196,18 +1196,17 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_ef_7d(void) { +libcrux_ml_kem_polynomial_ZERO_20_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1236,8 +1235,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -1248,10 +1247,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_60( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1269,12 +1268,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_06( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_33( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1287,7 +1286,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_06( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_81( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_60( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1310,8 +1309,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_56(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e9(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -1322,7 +1321,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_88( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1373,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e6( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_75( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_88( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e( vector); } @@ -1388,10 +1387,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_d9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1404,7 +1403,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e6( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_75( coefficient); } return re; @@ -1418,7 +1417,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_880( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1469,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e60( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_750( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_880( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e0( vector); } @@ -1484,10 +1483,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_6e( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1495,7 +1494,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6e( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e60( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_750( coefficient); } return re; @@ -1509,9 +1508,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f1( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_75( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_1c(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d9(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1642,17 +1641,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1669,7 +1667,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_88( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U, @@ -1686,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_61( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } /** @@ -1699,12 +1697,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1724,9 +1722,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f1( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_75( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_61(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_88(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1741,7 +1739,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_881( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1793,9 +1791,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e61( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_751( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_881( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e1( vector); } @@ -1807,10 +1805,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_44( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_2e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1818,7 +1816,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_44( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e61( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_751( coefficient); } return re; @@ -1832,7 +1830,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_882( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1884,9 +1882,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e62( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_752( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_882( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e2( vector); } @@ -1898,10 +1896,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_c7( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1909,7 +1907,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_c7( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_e62( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_752( re.coefficients[i0]); } return re; @@ -1923,29 +1921,28 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_51( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_44(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2e(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_ef_63( +libcrux_ml_kem_polynomial_ntt_multiply_20_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1964,17 +1961,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_ef_63( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -1995,7 +1991,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_02( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ee( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2019,7 +2015,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_28( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2041,7 +2037,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2062,7 +2058,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_60(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e3(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); @@ -2081,7 +2077,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2096,7 +2092,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_60( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e3( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2114,38 +2110,37 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_02(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_28(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ee(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_19(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_ef_70( +libcrux_ml_kem_polynomial_subtract_reduce_20_6f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,21 +2164,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_52( +libcrux_ml_kem_matrix_compute_message_74( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_70(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_6f(v, result); return result; } @@ -2194,7 +2189,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_aa(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2208,9 +2203,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_dc( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_16( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_aa(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(vector); } /** @@ -2222,12 +2217,24 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_dc(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_16(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); } +/** +A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(__m256i a) { + return libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(a); +} + /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_message with types @@ -2236,14 +2243,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_da( +libcrux_ml_kem_serialize_compress_then_serialize_message_bc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( - re.coefficients[i0]); + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( + re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -2253,7 +2259,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_da( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, serialized, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -2267,20 +2275,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_88( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_69( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_84(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_da( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_51( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_52(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_74(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_da(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_bc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2295,11 +2303,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b7(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_2a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_06(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_33(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2311,7 +2319,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_b7(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_88(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_69(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2364,20 +2372,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -2385,15 +2393,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); return lit; } @@ -2405,10 +2413,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2429,7 +2437,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2443,7 +2451,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_26( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5a( ring_element); deserialized_pk[i0] = uu____0; } @@ -2764,20 +2772,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_ef_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2797,7 +2804,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_14( + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2925,7 +2932,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -3022,7 +3029,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_14( + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3068,7 +3075,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_14( + return libcrux_ml_kem_polynomial_from_i16_array_20_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3131,7 +3138,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); } /** @@ -3185,7 +3192,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -3215,8 +3222,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d4(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_93(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -3229,11 +3236,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_66(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3307,23 +3314,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_matrix_compute_vector_u_closure_83(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_cf( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3345,14 +3351,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3373,12 +3379,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_52( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_cf(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_9e(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3397,7 +3403,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_28( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_fd( __m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); @@ -3413,10 +3419,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3424,25 +3430,24 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_28(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_fd(coefficient_compressed); } return re; } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_62( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3470,22 +3475,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_c3( +libcrux_ml_kem_matrix_compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b2(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_62( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_c6( error_2, message, result); return result; } @@ -3498,7 +3503,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3553,9 +3558,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b7( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f( vector); } @@ -3567,14 +3572,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2b( +libcrux_ml_kem_serialize_compress_then_serialize_10_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc( - libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b7( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3583,7 +3588,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2b( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + uint8_t result[320U]; + memcpy(result, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)320U * sizeof(uint8_t)); } /** @@ -3594,7 +3601,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3649,9 +3656,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b70( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f0( vector); } @@ -3663,13 +3670,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_86( +libcrux_ml_kem_serialize_compress_then_serialize_11_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc0( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b70( libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3691,10 +3698,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_33(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3708,7 +3715,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_98( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3724,7 +3731,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3739,7 +3746,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3794,9 +3801,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b71( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f1( vector); } @@ -3808,16 +3815,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_fd( +libcrux_ml_kem_serialize_compress_then_serialize_4_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_dc1( - libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b71( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3836,7 +3841,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3891,9 +3896,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_dc2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b72( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_bf2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f2( vector); } @@ -3905,15 +3910,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_60( +libcrux_ml_kem_serialize_compress_then_serialize_5_15( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_dc2( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_b72( libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; @@ -3934,9 +3937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_fd(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_7a(re, out); } /** @@ -3957,7 +3960,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3975,7 +3978,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_8c( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_66( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -3990,27 +3993,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_52(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_38(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b0( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c3( + libcrux_ml_kem_matrix_compute_ring_element_v_af( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_83( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_98( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_3c( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dc( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4034,13 +4037,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_88(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_65(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4056,7 +4059,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_88(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_25(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4073,7 +4076,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_54( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4105,7 +4108,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_c5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_82( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4123,7 +4126,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b7(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_2a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4147,7 +4150,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4158,18 +4161,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_88(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_65(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_5a( + libcrux_ml_kem_variant_kdf_d8_54( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_5a(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_54(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + libcrux_ml_kem_types_as_ref_00_b6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4199,10 +4202,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0d( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_63( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } /** @@ -4216,7 +4219,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0d(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_63(private_key, ciphertext, ret); } @@ -4231,7 +4234,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_44( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4274,11 +4277,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_02( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_86( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_7b( + libcrux_ml_kem_variant_entropy_preprocess_d8_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4289,7 +4292,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_02( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_e0(public_key), + libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4304,20 +4307,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_02( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_88(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_65(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_5a(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_54(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4350,14 +4353,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ad( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c5( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_02(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_86(uu____0, copy_of_randomness); } /** @@ -4375,28 +4378,28 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_ad( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c5( uu____0, copy_of_randomness); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); return lit; } @@ -4411,7 +4414,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_7e( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4442,18 +4445,17 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -4490,7 +4492,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_20_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4503,12 +4505,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4528,7 +4530,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_7e(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4566,7 +4568,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -4578,15 +4580,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( - re->coefficients[i0]); + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( + re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4594,7 +4595,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); + uint8_t result[384U]; + memcpy(result, serialized, (size_t)384U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)384U * sizeof(uint8_t)); } /** @@ -4605,7 +4608,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4623,7 +4626,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_72( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_88(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4639,13 +4642,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_72(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4663,11 +4666,11 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_39( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -4688,20 +4691,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_1c(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_1e(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_39( + libcrux_ml_kem_ind_cpa_serialize_public_key_f7( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_72(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4727,7 +4730,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4784,7 +4787,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_2a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4793,13 +4796,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_1c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_1e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4808,13 +4811,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d( - uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f6( + uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); } /** @@ -4830,12 +4833,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_96( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_2a(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness); } /** @@ -4847,7 +4850,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_96( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( copy_of_randomness); } @@ -4863,7 +4866,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_08( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_42( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -4874,7 +4877,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_08( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_4c(ciphertext), + libcrux_ml_kem_types_as_slice_d4_e2(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -4908,7 +4911,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_c50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_820( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4926,7 +4929,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b7(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_2a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4950,7 +4953,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -4961,18 +4964,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_c50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_88(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_65(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_08( + libcrux_ml_kem_variant_kdf_33_42( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_08(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_42(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + libcrux_ml_kem_types_as_ref_00_b6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5006,10 +5009,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_9f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } /** @@ -5023,7 +5026,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_9f( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_0b( private_key, ciphertext, ret); } @@ -5038,7 +5041,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_44( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_ad( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); } @@ -5063,11 +5066,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_020( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_860( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_44( + libcrux_ml_kem_variant_entropy_preprocess_33_ad( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5078,7 +5081,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_020( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_e0(public_key), + libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5093,20 +5096,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_020( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_88(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_65(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_08(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_42(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5142,14 +5145,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_020(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_860(uu____0, copy_of_randomness); } /** @@ -5167,7 +5170,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e7( uu____0, copy_of_randomness); } @@ -5182,7 +5185,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_63( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_08( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); } @@ -5202,7 +5205,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_63(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_08(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5240,7 +5243,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5258,21 +5261,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_1c0( +libcrux_ml_kem_ind_cpa_generate_keypair_1e0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_39( + libcrux_ml_kem_ind_cpa_serialize_public_key_f7( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_72(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5305,7 +5308,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5314,13 +5317,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_1c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_1e0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_28( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5329,13 +5332,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_2a0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d( - uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f6( + uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); } /** @@ -5352,12 +5355,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_0a( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_b1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_2a0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness); } /** @@ -5369,7 +5372,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_0a( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_b1( copy_of_randomness); } @@ -5382,7 +5385,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_5e( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5408,10 +5411,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_72( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_5e(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e9(private_key, ciphertext); } @@ -5424,7 +5427,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_72( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( private_key, ciphertext); } @@ -5436,9 +5439,9 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a7( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_3d( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -5449,14 +5452,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -5472,16 +5475,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_eb( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_40( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_d1( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_39( + libcrux_ml_kem_ind_cpa_serialize_public_key_f7( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5500,9 +5503,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_91( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c9(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_eb(public_key); } /** @@ -5513,7 +5516,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_fc( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_91( public_key->value); } @@ -5539,11 +5542,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_64( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_69( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5573,7 +5576,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( @@ -5585,11 +5588,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_25( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + libcrux_ml_kem_types_as_ref_00_b6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5626,10 +5629,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_0c( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_31( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_c2(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_64(key_pair, ciphertext, ret); } /** @@ -5643,7 +5646,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_0c( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_31( private_key, ciphertext, ret); } @@ -5666,7 +5669,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5694,7 +5697,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_25(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5704,7 +5707,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5738,7 +5741,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ab( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5746,7 +5749,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_e2(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d(uu____0, copy_of_randomness); } @@ -5767,7 +5770,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_5c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ab( uu____0, copy_of_randomness); } @@ -5787,8 +5790,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b0(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b2(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_7d(); } /** @@ -5806,27 +5809,26 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_64( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_8d_c2( +libcrux_ml_kem_polynomial_clone_3a_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5853,7 +5855,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -5868,14 +5870,14 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_81(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_64(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_c2( + libcrux_ml_kem_polynomial_clone_3a_d3( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5888,7 +5890,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_39( + libcrux_ml_kem_ind_cpa_serialize_public_key_f7( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -5902,7 +5904,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____3); + unwrap_41_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -5924,13 +5926,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_56( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_1b( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_15(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98(copy_of_randomness, out); } /** @@ -5943,26 +5945,26 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_56( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_1b( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_31(void) { +libcrux_ml_kem_ind_cca_unpacked_default_6c_c5(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6001,10 +6003,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_31(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +K>[TraitClause@0])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -6012,9 +6014,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_0e(void) { + libcrux_ml_kem_ind_cca_unpacked_default_6f_bb(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6050,7 +6052,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_31()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_c5()}); } /** @@ -6059,7 +6061,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_0e(); + return libcrux_ml_kem_ind_cca_unpacked_default_6f_bb(); } /** @@ -6068,7 +6070,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_31(); + return libcrux_ml_kem_ind_cca_unpacked_default_6c_c5(); } /** @@ -6077,11 +6079,11 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +K>[TraitClause@0]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6089,10 +6091,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_82( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -6105,11 +6107,11 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6117,10 +6119,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_84( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_b6( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b( &self->public_key, serialized); } @@ -6132,24 +6134,24 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_84(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_b6(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +K>[TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1( +libcrux_ml_kem_ind_cpa_unpacked_clone_d6_0d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6176,21 +6178,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@1])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( +libcrux_ml_kem_ind_cca_unpacked_clone_c7_56( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_d6_0d(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6204,17 +6206,17 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a( +libcrux_ml_kem_ind_cca_unpacked_public_key_05_e2( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6227,8 +6229,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_a6( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_7a(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_c7_56( + libcrux_ml_kem_ind_cca_unpacked_public_key_05_e2(key_pair)); pk[0U] = uu____0; } @@ -6239,7 +6241,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_05(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b(public_key, serialized); } @@ -6257,13 +6259,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_ed( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_4f( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -6283,7 +6285,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_16( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_e0(public_key), + libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -6304,11 +6306,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f1( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_fe(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_ed(public_key, unpacked_public_key); } @@ -6320,7 +6322,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_f1( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 34a008cc6..80dd501f6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -20,16 +20,36 @@ extern "C" { #include "eurydice_glue.h" -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; /** A monomorphic instance of @@ -43,20 +63,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -68,21 +74,15 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 0e3e07dc6..aac1ad359 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_portable_H @@ -115,7 +115,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_26_30(dst, ret); + unwrap_41_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1226,15 +1226,15 @@ libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_compress_1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - v.elements[i0] = (int16_t) + a.elements[i0] = (int16_t) libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( - (uint16_t)v.elements[i0]); + (uint16_t)a.elements[i0]); } - return v; + return a; } /** @@ -1243,8 +1243,8 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_compress_1_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_1(v); + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_1(a); } static KRML_MUSTINLINE uint32_t @@ -2448,17 +2448,16 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_ef_19(void) { +libcrux_ml_kem_polynomial_ZERO_20_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2486,8 +2485,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_a5(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_75(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -2497,10 +2496,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2519,12 +2518,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5f( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2537,7 +2536,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_55( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_50( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8f( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2559,8 +2558,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e3(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ef(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -2570,7 +2569,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2595,9 +2594,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b4( v); } @@ -2608,10 +2607,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_38( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2627,7 +2626,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( coefficient); re.coefficients[i0] = uu____0; } @@ -2641,7 +2640,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2666,9 +2665,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b40( v); } @@ -2679,10 +2678,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_c6( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_68( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2691,7 +2690,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_c6( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( coefficient); re.coefficients[i0] = uu____0; } @@ -2705,9 +2704,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_a4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f7( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_c8(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_38(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2845,16 +2844,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2872,7 +2870,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ec( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_52( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, @@ -2889,7 +2887,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_ec( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } /** @@ -2901,12 +2899,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f8( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2926,9 +2924,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_a4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f7( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_ec(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_52(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2942,7 +2940,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2967,9 +2965,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b41( v); } @@ -2980,10 +2978,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2992,7 +2990,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( coefficient); re.coefficients[i0] = uu____0; } @@ -3006,7 +3004,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3031,9 +3029,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_be2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b42( v); } @@ -3044,10 +3042,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_20( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_57( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3056,7 +3054,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_20( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4f2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,28 +3068,27 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_32( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(serialized); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_ef_76( +libcrux_ml_kem_polynomial_ntt_multiply_20_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3112,16 +3109,15 @@ libcrux_ml_kem_polynomial_ntt_multiply_ef_76( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3145,7 +3141,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fe( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ab( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3168,7 +3164,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_3a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3189,7 +3185,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_23( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_10( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3211,7 +3207,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ca( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3232,7 +3228,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3247,7 +3243,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ca( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3264,37 +3260,36 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_fe(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_23(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ab(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_3a(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_10(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_8c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_ef_7e( +libcrux_ml_kem_polynomial_subtract_reduce_20_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,21 +3315,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_60( +libcrux_ml_kem_matrix_compute_message_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_7e(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_20_2c(v, result); return result; } @@ -3344,7 +3339,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_95( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3364,9 +3359,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_64( +libcrux_ml_kem_vector_portable_shift_right_0d_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c(v); } /** @@ -3379,13 +3374,27 @@ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_64(a); + libcrux_ml_kem_vector_portable_shift_right_0d_3e(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_portable_add_0d(a, &fm); } +/** +A monomorphic instance of libcrux_ml_kem.serialize.to_unsigned_field_modulus +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector result = + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(a); + return result; +} + /** A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_message with types @@ -3393,13 +3402,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_39( +libcrux_ml_kem_serialize_compress_then_serialize_message_ec( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3412,7 +3421,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_39( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); + uint8_t result[32U]; + memcpy(result, serialized, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } /** @@ -3425,20 +3436,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_15( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_75( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_70(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f8(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_7c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_32( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_60(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_dc(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_39(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_ec(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3452,11 +3463,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_80(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_46(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_55(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_5f(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3468,7 +3479,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_80(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_15(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_75(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3518,19 +3529,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -3538,15 +3549,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); return lit; } @@ -3557,10 +3568,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3582,7 +3593,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -3596,7 +3607,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b2( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c7( ring_element); deserialized_pk[i0] = uu____0; } @@ -3906,19 +3917,18 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_ef_bb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3940,7 +3950,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4068,7 +4078,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -4146,7 +4156,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4191,7 +4201,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( + return libcrux_ml_kem_polynomial_from_i16_array_20_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4253,7 +4263,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); } /** @@ -4307,7 +4317,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -4337,8 +4347,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_3e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_ed(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -4351,11 +4361,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d6(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4426,22 +4436,21 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_76(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_33( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4465,14 +4474,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4493,12 +4502,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_42( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_9d(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_20_33(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4517,7 +4526,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_f7( +libcrux_ml_kem_vector_traits_decompress_1_5b( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4536,10 +4545,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4549,7 +4558,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_f7(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_5b(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4557,17 +4566,16 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_e4( +libcrux_ml_kem_polynomial_add_message_error_reduce_20_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4597,22 +4605,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_58( +libcrux_ml_kem_matrix_compute_ring_element_v_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_e4( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_f0( error_2, message, result); return result; } @@ -4623,17 +4631,17 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_6c( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_compress_c5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)10, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)10, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4646,9 +4654,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_20( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_6c(v); +libcrux_ml_kem_vector_portable_compress_0d_4f( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_c5(a); } /** @@ -4658,15 +4666,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_04( +libcrux_ml_kem_serialize_compress_then_serialize_10_83( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_20( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( + libcrux_ml_kem_vector_portable_compress_0d_4f( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4675,7 +4683,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_04( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); + uint8_t result[320U]; + memcpy(result, serialized, (size_t)320U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)320U * sizeof(uint8_t)); } /** @@ -4684,17 +4694,17 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_6c0( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_compress_c50( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)11, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)11, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4707,9 +4717,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_200( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_6c0(v); +libcrux_ml_kem_vector_portable_compress_0d_4f0( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_c50(a); } /** @@ -4719,14 +4729,14 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_41( +libcrux_ml_kem_serialize_compress_then_serialize_11_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_200( + libcrux_ml_kem_vector_portable_compress_0d_4f0( libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[22U]; @@ -4747,10 +4757,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_ae( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_04(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_83(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4763,7 +4773,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4779,7 +4789,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_ae(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cf(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4792,17 +4802,17 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_6c1( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_compress_c51( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)4, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)4, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4815,9 +4825,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_201( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_6c1(v); +libcrux_ml_kem_vector_portable_compress_0d_4f1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_c51(a); } /** @@ -4827,17 +4837,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b6( +libcrux_ml_kem_serialize_compress_then_serialize_4_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_201( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( + libcrux_ml_kem_vector_portable_compress_0d_4f1( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4854,17 +4862,17 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_6c2( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +libcrux_ml_kem_vector_portable_compress_compress_c52( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; int16_t uu____0 = libcrux_ml_kem_vector_portable_compress_compress_ciphertext_coefficient( - (uint8_t)(int32_t)5, (uint16_t)v.elements[i0]); - v.elements[i0] = uu____0; + (uint8_t)(int32_t)5, (uint16_t)a.elements[i0]); + a.elements[i0] = uu____0; } - return v; + return a; } /** @@ -4877,9 +4885,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_202( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_6c2(v); +libcrux_ml_kem_vector_portable_compress_0d_4f2( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return libcrux_ml_kem_vector_portable_compress_compress_c52(a); } /** @@ -4889,16 +4897,14 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a0( +libcrux_ml_kem_serialize_compress_then_serialize_5_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { - LowStar_Ignore_ignore(Eurydice_slice_len(serialized, uint8_t), size_t, - void *); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_202( + libcrux_ml_kem_vector_portable_compress_0d_4f2( libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4918,9 +4924,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_79( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b6(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_17(re, out); } /** @@ -4941,7 +4947,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4959,7 +4965,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d6( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4974,27 +4980,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_42(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_7b(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f0( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_58( + libcrux_ml_kem_matrix_compute_ring_element_v_43( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_48( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_86( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_79( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e9( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5018,13 +5024,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_ca(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5040,7 +5046,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_ca(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5056,7 +5062,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_1a( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b2( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5087,7 +5093,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_68( +static inline void libcrux_ml_kem_ind_cca_decapsulate_6b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5105,7 +5111,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_68( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_80(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_46(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5129,7 +5135,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_68( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5140,18 +5146,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_68( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ca(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_1a( + libcrux_ml_kem_variant_kdf_d8_b2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_1a(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_b2(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + libcrux_ml_kem_types_as_ref_00_b6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5181,10 +5187,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_68(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6b(private_key, ciphertext, ret); } /** @@ -5197,7 +5203,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_85( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d5( private_key, ciphertext, ret); } @@ -5211,7 +5217,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_b7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_03( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5252,11 +5258,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_b7( + libcrux_ml_kem_variant_entropy_preprocess_d8_03( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5267,7 +5273,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_e0(public_key), + libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5282,20 +5288,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ca(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_1a(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_b2(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5327,14 +5333,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_16( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_28( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_fd(uu____0, copy_of_randomness); } /** @@ -5351,27 +5357,27 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_16( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_28( uu____0, copy_of_randomness); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0, TraitClause@1])} +K>[TraitClause@0])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); return lit; } @@ -5385,7 +5391,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_26( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_99( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5416,17 +5422,16 @@ libcrux_ml_kem_vector_traits_to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@1]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( +libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5465,7 +5470,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_20_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5478,12 +5483,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( + libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5502,7 +5507,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_26(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_99(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5540,7 +5545,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5551,14 +5556,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5567,7 +5572,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4( Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); + uint8_t result[384U]; + memcpy(result, serialized, (size_t)384U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)384U * sizeof(uint8_t)); } /** @@ -5577,7 +5584,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5595,7 +5602,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c4(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5610,13 +5617,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5633,11 +5640,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_96( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -5657,20 +5664,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ea(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_79(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_96( + libcrux_ml_kem_ind_cpa_serialize_public_key_8c( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5695,7 +5702,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5751,7 +5758,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5760,13 +5767,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ea(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_79(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5775,13 +5782,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b2(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d( - uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f6( + uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); } /** @@ -5797,12 +5804,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_7f( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_08( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_b2(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness); } /** @@ -5813,7 +5820,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_7f( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_08( copy_of_randomness); } @@ -5828,7 +5835,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_23( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_44( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5839,7 +5846,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_23( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_4c(ciphertext), + libcrux_ml_kem_types_as_slice_d4_e2(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5872,7 +5879,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_680( +static inline void libcrux_ml_kem_ind_cca_decapsulate_6b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5890,7 +5897,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_680( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_80(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_46(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5914,7 +5921,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_680( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -5925,18 +5932,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_680( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ca(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_23( + libcrux_ml_kem_variant_kdf_33_44( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_23(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_44(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + libcrux_ml_kem_types_as_ref_00_b6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5970,10 +5977,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_c7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_680(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6b0(private_key, ciphertext, ret); } /** @@ -5986,7 +5993,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_1b( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_c7( private_key, ciphertext, ret); } @@ -6000,7 +6007,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_3b( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_ec( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); } @@ -6024,11 +6031,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_3b( + libcrux_ml_kem_variant_entropy_preprocess_33_ec( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6039,7 +6046,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a0( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_e0(public_key), + libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6054,20 +6061,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_e0(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_ca(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_23(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_44(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6103,14 +6110,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_32( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_fd0(uu____0, copy_of_randomness); } /** @@ -6127,7 +6134,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_32( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5e( uu____0, copy_of_randomness); } @@ -6141,7 +6148,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_22( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_01( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); } @@ -6160,7 +6167,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_22(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_01(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6198,7 +6205,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____5); + unwrap_41_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6215,21 +6222,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ea0( +libcrux_ml_kem_ind_cpa_generate_keypair_790( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_96( + libcrux_ml_kem_ind_cpa_serialize_public_key_8c( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_80(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6261,7 +6268,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6270,13 +6277,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ea0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_790(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_59( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6285,13 +6292,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_b20(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_72(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_8d( - uu____2, libcrux_ml_kem_types_from_5a_c6(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_f6( + uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); } /** @@ -6307,12 +6314,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_08( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_05( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_b20(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness); } /** @@ -6324,7 +6331,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_08( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_05( copy_of_randomness); } @@ -6336,7 +6343,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_a9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_79( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6361,10 +6368,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_03( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_a9(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_79(private_key, ciphertext); } @@ -6376,7 +6383,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_4d( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_03( private_key, ciphertext); } @@ -6388,9 +6395,9 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_a3( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_8b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -6400,14 +6407,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_7b( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -6422,16 +6429,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_be( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_bb( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_21( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_7b( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_96( + libcrux_ml_kem_ind_cpa_serialize_public_key_8c( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6449,9 +6456,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_aa( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_be(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_bb(public_key); } /** @@ -6461,7 +6468,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_34( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_aa( public_key->value); } @@ -6491,7 +6498,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_15( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_75( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6521,7 +6528,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( @@ -6533,11 +6540,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_02( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_d9(ciphertext), + libcrux_ml_kem_types_as_ref_00_b6(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6573,7 +6580,7 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_2e( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6(key_pair, ciphertext, ret); @@ -6590,7 +6597,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_8e( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_2e( private_key, ciphertext, ret); } @@ -6613,7 +6620,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_02( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6641,7 +6648,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_02(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6651,7 +6658,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_c4(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6684,7 +6691,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6692,7 +6699,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_a4(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_02(uu____0, copy_of_randomness); } @@ -6712,7 +6719,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_c0( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_10( uu____0, copy_of_randomness); } @@ -6731,8 +6738,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_6d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_95(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_20_19(); } /** @@ -6749,26 +6756,25 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6b( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, -TraitClause@2])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d +A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_8d_a6( +libcrux_ml_kem_polynomial_clone_3a_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6812,14 +6818,14 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8e(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6b(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_a6( + libcrux_ml_kem_polynomial_clone_3a_06( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6832,7 +6838,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_96( + libcrux_ml_kem_ind_cpa_serialize_public_key_8c( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -6846,7 +6852,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_26_33(dst, uu____3); + unwrap_41_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -6867,7 +6873,7 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_08( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ec( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6886,25 +6892,25 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_08( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ec( copy_of_randomness, key_pair); } /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1])#1} +K>[TraitClause@0])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(void) { +libcrux_ml_kem_ind_cca_unpacked_default_6c_05(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6943,19 +6949,19 @@ libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1])#3} +K>[TraitClause@0])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { + libcrux_ml_kem_ind_cca_unpacked_default_6f_c3(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6991,7 +6997,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fe()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_05()}); } /** @@ -6999,7 +7005,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); + return libcrux_ml_kem_ind_cca_unpacked_default_6f_c3(); } /** @@ -7007,7 +7013,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_fe(); + return libcrux_ml_kem_ind_cca_unpacked_default_6c_05(); } /** @@ -7016,21 +7022,21 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@1]} +K>[TraitClause@0]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_1d( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -7043,21 +7049,21 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a6( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_6b( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d( &self->public_key, serialized); } @@ -7068,23 +7074,23 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a6(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_6b(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0, TraitClause@2])#2} +K>[TraitClause@1])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99( +libcrux_ml_kem_ind_cpa_unpacked_clone_d6_25( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7111,20 +7117,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0, TraitClause@2])#4} +K>[TraitClause@1])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( +libcrux_ml_kem_ind_cca_unpacked_clone_c7_e5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_99(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_d6_25(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7138,16 +7144,16 @@ libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0, TraitClause@1]#2} +K>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_52( +libcrux_ml_kem_ind_cca_unpacked_public_key_05_7e( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7159,8 +7165,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_b4( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_52(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_c7_e5( + libcrux_ml_kem_ind_cca_unpacked_public_key_05_7e(key_pair)); pk[0U] = uu____0; } @@ -7171,7 +7177,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_c8(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d(public_key, serialized); } @@ -7194,7 +7200,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_22( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -7214,7 +7220,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_c6( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_e0(public_key), + libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -7234,7 +7240,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_fa( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_ee( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -7250,7 +7256,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_fa( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_ee( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 0ae3513dd..1fe947eb8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_mlkem768_portable_types_H @@ -20,18 +20,37 @@ extern "C" { #include "eurydice_glue.h" -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; /** A monomorphic instance of @@ -45,20 +64,6 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; - -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -70,22 +75,17 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; /** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector + */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 7c68c3394..641b2bad1 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_89_71(void) { +libcrux_sha3_generic_keccak_new_1e_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_89_71(); + libcrux_sha3_generic_keccak_new_1e_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_89_71(); + return libcrux_sha3_generic_keccak_new_1e_71(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 52282e41f..bfa447a0c 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 - * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 5643e656b989aca7629723653a2570c7df6252b9-dirty - * Libcrux: 2cc5d08dc51d9011b73e45fa933da711162d0d01 + * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d + * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 + * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd + * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0, TraitClause@1]#1} +N>[TraitClause@0]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_89 +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_89_cf(void) { +libcrux_sha3_generic_keccak_new_1e_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_89_cf(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2676,7 +2676,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_26_0e(dst, uu____0); + unwrap_41_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3035,7 +3035,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3331,7 +3331,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_89_cf(); + libcrux_sha3_generic_keccak_new_1e_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3372,7 +3372,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3671,7 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_89_cf(); + return libcrux_sha3_generic_keccak_new_1e_cf(); } /** @@ -3722,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3756,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3773,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3826,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3843,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3872,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3886,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3904,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3951,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); return self; } @@ -3960,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4114,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_8b_47(void) { +libcrux_sha3_generic_keccak_new_9d_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4145,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_8b_47(); + return libcrux_sha3_generic_keccak_new_9d_47(); } /** @@ -4176,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4210,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4227,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4280,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4297,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4323,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); + libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4337,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4355,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4399,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); return self; } @@ -4408,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4594,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_8b +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_8b_470(void) { +libcrux_sha3_generic_keccak_new_9d_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4622,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_8b_470(); + return libcrux_sha3_generic_keccak_new_9d_470(); } /** @@ -4669,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4706,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4741,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); } /** @@ -4788,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0, TraitClause@1]#2} +PARALLEL_LANES, RATE>[TraitClause@0]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4825,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4860,7 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); } /** From bc1ba13c0653352da78e5a12bca5909dabc719ba Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 24 Sep 2024 13:17:00 +0000 Subject: [PATCH 317/348] Add proofs for encapsulate/decapsulate in Ind_cca --- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 66 +++++++++++++++---- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 10 +-- .../proofs/fstar/spec/Spec.MLKEM.fst | 4 +- libcrux-ml-kem/src/ind_cca.rs | 41 ++++++++++-- 4 files changed, 96 insertions(+), 25 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 812549884..de9bf4482 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -192,8 +192,6 @@ let validate_public_key in public_key =. public_key_serialized -#push-options "--admit_smt_queries true" - #push-options "--z3rlimit 500" let decapsulate @@ -210,6 +208,10 @@ let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = + let _:Prims.unit = + assert (v v_CIPHERTEXT_SIZE == + v v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) + in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -221,6 +223,20 @@ let decapsulate let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in + let _:Prims.unit = + assert (ind_cpa_secret_key == slice private_key.f_value (sz 0) v_CPA_SECRET_KEY_SIZE); + assert (ind_cpa_public_key == + slice private_key.f_value v_CPA_SECRET_KEY_SIZE (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) + ); + assert (ind_cpa_public_key_hash == + slice private_key.f_value + (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) + (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE)); + assert (implicit_rejection_value == + slice private_key.f_value + (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE) + (length private_key.f_value)) + in let decrypted:t_Array u8 (sz 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K v_CIPHERTEXT_SIZE @@ -234,6 +250,7 @@ let decapsulate let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in + let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) decrypted in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } @@ -249,6 +266,11 @@ let decapsulate <: t_Slice u8) in + let _:Prims.unit = + lemma_slice_append to_hash decrypted ind_cpa_public_key_hash; + assert (decrypted == Spec.MLKEM.ind_cpa_decrypt v_K ind_cpa_secret_key ciphertext.f_value); + assert (to_hash == concat decrypted ind_cpa_public_key_hash) + in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K @@ -260,11 +282,21 @@ let decapsulate (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in + let _:Prims.unit = + assert ((shared_secret, pseudorandomness) == + split hashed Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE); + assert (length implicit_rejection_value = + v_SECRET_KEY_SIZE -! v_CPA_SECRET_KEY_SIZE -! v_PUBLIC_KEY_SIZE -! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE); + assert (length implicit_rejection_value = Spec.MLKEM.v_SHARED_SECRET_SIZE); + assert (Spec.MLKEM.v_SHARED_SECRET_SIZE <=. Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE implicit_rejection_value in + let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) implicit_rejection_value in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } @@ -285,8 +317,12 @@ let decapsulate <: t_Slice u8) in - let _:Prims.unit = assert (v (sz 32) < pow2 32) in - let _:Prims.unit = assert (i4.f_PRF_pre (sz 32) to_hash) in + let _:Prims.unit = + assert_norm (pow2 32 == 0x100000000); + assert (v (sz 32) < pow2 32); + assert (i4.f_PRF_pre (sz 32) to_hash); + lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value + in let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K @@ -294,6 +330,10 @@ let decapsulate (sz 32) (to_hash <: t_Slice u8) in + let _:Prims.unit = + assert (implicit_rejection_shared_secret == Spec.Utils.v_PRF (sz 32) to_hash); + assert (Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE) + in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 @@ -331,8 +371,6 @@ let decapsulate #pop-options -#pop-options - #push-options "--z3rlimit 150" let encapsulate @@ -359,6 +397,7 @@ let encapsulate let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in + let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) randomness in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } @@ -379,6 +418,11 @@ let encapsulate <: t_Slice u8) in + let _:Prims.unit = + assert (Seq.slice to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == randomness); + lemma_slice_append to_hash randomness (Spec.Utils.v_H public_key.f_value); + assert (to_hash == concat randomness (Spec.Utils.v_H public_key.f_value)) + in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K @@ -412,13 +456,9 @@ let encapsulate shared_secret ciphertext in - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) = - ciphertext, shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + ciphertext, shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 69d9a3cbd..1f5d45da9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -100,9 +100,9 @@ class t_Variant (v_Self: Type0) = { v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - t_Array u8 (sz 32) - -> Type0; + randomness: t_Slice u8 -> + result: t_Array u8 (sz 32) + -> pred: Type0{pred ==> result == randomness}; f_entropy_preprocess: v_K: usize -> #v_Hasher: Type0 -> @@ -183,9 +183,9 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) - (out: t_Array u8 (sz 32)) + (result: t_Array u8 (sz 32)) -> - true); + result == randomness); f_entropy_preprocess = fun diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst index 44ae4d7af..07c9216ae 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.MLKEM.fst @@ -240,7 +240,8 @@ val ind_cpa_encrypt (r:rank) (public_key: t_MLKEMPublicKey r) (message: t_Array u8 v_SHARED_SECRET_SIZE) (randomness:t_Array u8 v_SHARED_SECRET_SIZE) : (t_MLKEMCiphertext r & bool) - + +[@ "opaque_to_smt"] let ind_cpa_encrypt r public_key message randomness = let (t_as_ntt_bytes, seed_for_A) = split public_key (v_T_AS_NTT_ENCODED_SIZE r) in let t_as_ntt = vector_decode_12 #r t_as_ntt_bytes in @@ -262,6 +263,7 @@ val ind_cpa_decrypt (r:rank) (secret_key: t_MLKEMCPAPrivateKey r) (ciphertext: t_MLKEMCiphertext r): t_MLKEMSharedSecret +[@ "opaque_to_smt"] let ind_cpa_decrypt r secret_key ciphertext = let (c1,c2) = split ciphertext (v_C1_SIZE r) in let u = decode_then_decompress_u #r c1 in diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 2199a9412..ae4b87ebe 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -163,10 +163,7 @@ fn generate_keypair< MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } -// For some reason F* manages to assert the post-condition but fails to verify it -// as a part of function signature #[hax_lib::fstar::options("--z3rlimit 150")] -#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ @@ -205,7 +202,11 @@ fn encapsulate< ) -> (MlKemCiphertext, MlKemSharedSecret) { let randomness = Scheme::entropy_preprocess::(&randomness); let mut to_hash: [u8; 2 * H_DIGEST_SIZE] = into_padded_array(&randomness); + hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $randomness"); to_hash[H_DIGEST_SIZE..].copy_from_slice(&Hasher::H(public_key.as_slice())); + hax_lib::fstar!("assert (Seq.slice to_hash 0 (v $H_DIGEST_SIZE) == $randomness); + lemma_slice_append $to_hash $randomness (Spec.Utils.v_H ${public_key}.f_value); + assert ($to_hash == concat $randomness (Spec.Utils.v_H ${public_key}.f_value))"); let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); @@ -233,7 +234,6 @@ fn encapsulate< /// This code verifies on some machines, runs out of memory on others #[hax_lib::fstar::options("--z3rlimit 500")] -#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE $K /\\ $CPA_SECRET_KEY_SIZE == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ @@ -276,10 +276,17 @@ pub(crate) fn decapsulate< private_key: &MlKemPrivateKey, ciphertext: &MlKemCiphertext, ) -> MlKemSharedSecret { + hax_lib::fstar!("assert (v $CIPHERTEXT_SIZE == v $IMPLICIT_REJECTION_HASH_INPUT_SIZE - v $SHARED_SECRET_SIZE)"); let (ind_cpa_secret_key, secret_key) = private_key.value.split_at(CPA_SECRET_KEY_SIZE); let (ind_cpa_public_key, secret_key) = secret_key.split_at(PUBLIC_KEY_SIZE); let (ind_cpa_public_key_hash, implicit_rejection_value) = secret_key.split_at(H_DIGEST_SIZE); + hax_lib::fstar!("assert ($ind_cpa_secret_key == slice ${private_key}.f_value (sz 0) $CPA_SECRET_KEY_SIZE); + assert ($ind_cpa_public_key == slice ${private_key}.f_value $CPA_SECRET_KEY_SIZE ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE)); + assert ($ind_cpa_public_key_hash == slice ${private_key}.f_value ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE) + ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE)); + assert ($implicit_rejection_value == slice ${private_key}.f_value ($CPA_SECRET_KEY_SIZE +! $PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE) + (length ${private_key}.f_value))"); let decrypted = crate::ind_cpa::decrypt::< K, CIPHERTEXT_SIZE, @@ -290,18 +297,31 @@ pub(crate) fn decapsulate< >(ind_cpa_secret_key, &ciphertext.value); let mut to_hash: [u8; SHARED_SECRET_SIZE + H_DIGEST_SIZE] = into_padded_array(&decrypted); + hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $decrypted"); to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ind_cpa_public_key_hash); + hax_lib::fstar!("lemma_slice_append to_hash $decrypted $ind_cpa_public_key_hash; + assert ($decrypted == Spec.MLKEM.ind_cpa_decrypt $K $ind_cpa_secret_key ${ciphertext}.f_value); + assert ($to_hash == concat $decrypted $ind_cpa_public_key_hash)"); let hashed = Hasher::G(&to_hash); let (shared_secret, pseudorandomness) = hashed.split_at(SHARED_SECRET_SIZE); + hax_lib::fstar!("assert (($shared_secret , $pseudorandomness) == split $hashed $SHARED_SECRET_SIZE); + assert (length $implicit_rejection_value = $SECRET_KEY_SIZE -! $CPA_SECRET_KEY_SIZE -! $PUBLIC_KEY_SIZE -! $H_DIGEST_SIZE); + assert (length $implicit_rejection_value = Spec.MLKEM.v_SHARED_SECRET_SIZE); + assert (Spec.MLKEM.v_SHARED_SECRET_SIZE <=. Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE $K)"); let mut to_hash: [u8; IMPLICIT_REJECTION_HASH_INPUT_SIZE] = into_padded_array(implicit_rejection_value); + hax_lib::fstar!("eq_intro (Seq.slice $to_hash 0 32) $implicit_rejection_value"); to_hash[SHARED_SECRET_SIZE..].copy_from_slice(ciphertext.as_ref()); - hax_lib::fstar!("assert (v (sz 32) < pow2 32)"); - hax_lib::fstar!("assert (i4.f_PRF_pre (sz 32) to_hash)"); + hax_lib::fstar!("assert_norm (pow2 32 == 0x100000000); + assert (v (sz 32) < pow2 32); + assert (i4.f_PRF_pre (sz 32) $to_hash); + lemma_slice_append $to_hash $implicit_rejection_value ${ciphertext}.f_value"); let implicit_rejection_shared_secret: [u8; SHARED_SECRET_SIZE] = Hasher::PRF(&to_hash); + hax_lib::fstar!("assert ($implicit_rejection_shared_secret == Spec.Utils.v_PRF (sz 32) $to_hash); + assert (Seq.length $ind_cpa_public_key == v $PUBLIC_KEY_SIZE)"); let expected_ciphertext = crate::ind_cpa::encrypt::< K, CIPHERTEXT_SIZE, @@ -551,6 +571,9 @@ pub(crate) trait Variant { ciphertext: &MlKemCiphertext, ) -> [u8; 32]; #[requires(randomness.len() == 32)] + #[ensures(|result| + fstar!("$result == $randomness")) + ] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; } @@ -578,6 +601,9 @@ impl Variant for Kyber { #[inline(always)] #[requires(randomness.len() == 32)] + #[ensures(|result| + fstar!("$result == Spec.Utils.v_H $randomness")) + ] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { Hasher::H(&randomness) } @@ -605,6 +631,9 @@ impl Variant for MlKem { #[inline(always)] #[requires(randomness.len() == 32)] + #[ensures(|result| + fstar!("$result == $randomness")) + ] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { randomness.try_into().unwrap() } From ff16b9e8164d0fd89efabd103d4a6c874df0c127 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 24 Sep 2024 14:34:21 +0000 Subject: [PATCH 318/348] c regen --- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 1 - libcrux-ml-kem/cg/libcrux_core.h | 50 +-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 8 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 294 +++++++++--------- .../cg/libcrux_mlkem768_avx2_types.h | 72 ++--- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 288 ++++++++--------- .../cg/libcrux_mlkem768_portable_types.h | 78 ++--- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 20 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 176 +++++------ 10 files changed, 510 insertions(+), 485 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 21d1a541d..cfb1412a1 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 1bd0af95285033fec42133810440d56977c17ade +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d +Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 30a7c281d..1e2772eba 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -19,7 +19,6 @@ extern "C" { #include "karamel/target.h" -// Ignore an expression. #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) // SLICES, ARRAYS, ETC. diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index a68cda013..c34810389 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_core_H @@ -97,14 +97,15 @@ typedef struct Result_6f_s { } Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_76(Result_6f self, uint8_t ret[24U]) { +static inline void unwrap_26_76(Result_6f self, uint8_t ret[24U]) { if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -130,14 +131,15 @@ typedef struct Result_7a_s { } Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_ea(Result_7a self, uint8_t ret[20U]) { +static inline void unwrap_26_ea(Result_7a self, uint8_t ret[20U]) { if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -163,14 +165,15 @@ typedef struct Result_cd_s { } Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_07(Result_cd self, uint8_t ret[10U]) { +static inline void unwrap_26_07(Result_cd self, uint8_t ret[10U]) { if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -315,14 +318,15 @@ typedef struct Result_00_s { } Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_33(Result_00 self, uint8_t ret[32U]) { +static inline void unwrap_26_33(Result_00 self, uint8_t ret[32U]) { if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -481,14 +485,15 @@ typedef struct Result_c0_s { } Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_30(Result_c0 self, int16_t ret[16U]) { +static inline void unwrap_26_30(Result_c0 self, int16_t ret[16U]) { if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -514,14 +519,15 @@ typedef struct Result_56_s { } Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void unwrap_41_0e(Result_56 self, uint8_t ret[8U]) { +static inline void unwrap_26_0e(Result_56 self, uint8_t ret[8U]) { if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 525ed90e5..8d410ee3b 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d84185894..af0f83010 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_mlkem768_avx2_H @@ -723,7 +723,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, ret0); + unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -823,7 +823,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - unwrap_41_07(dst, ret0); + unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -936,7 +936,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - unwrap_41_ea(dst, ret0); + unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1081,7 +1081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - unwrap_41_76(dst, ret0); + unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1196,17 +1196,18 @@ static inline size_t libcrux_ml_kem_vector_avx2_rej_sample_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_20_7d(void) { +libcrux_ml_kem_polynomial_ZERO_ef_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1236,7 +1237,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -1250,7 +1251,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_60( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1273,7 +1274,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_33( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1310,7 +1311,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e9(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -1390,7 +1391,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_10_d9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1486,7 +1487,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1641,16 +1642,17 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1684,7 +1686,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_88( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** @@ -1702,7 +1704,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1808,7 +1810,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_4_2e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1899,7 +1901,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1928,21 +1930,22 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_51( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_20_63( +libcrux_ml_kem_polynomial_ntt_multiply_ef_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1961,16 +1964,17 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_63( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_31( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2125,22 +2129,23 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_20_6f( +libcrux_ml_kem_polynomial_subtract_reduce_ef_6f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,16 +2174,16 @@ libcrux_ml_kem_matrix_compute_message_74( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_6f(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_6f(v, result); return result; } @@ -2372,20 +2377,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -2393,15 +2398,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_85_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); return lit; } @@ -2416,7 +2421,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2772,19 +2777,20 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_20_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_14(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2804,7 +2810,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2932,7 +2938,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -3029,7 +3035,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3075,7 +3081,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3138,7 +3144,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); } /** @@ -3192,7 +3198,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -3223,7 +3229,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_93(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -3240,7 +3246,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_66(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3315,21 +3321,22 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_matrix_compute_vector_u_closure_83(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_9e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3358,7 +3365,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3379,12 +3386,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_9e(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_ef_9e(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3422,7 +3429,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3437,17 +3444,18 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_c6( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3481,16 +3489,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_c6( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_c6( error_2, message, result); return result; } @@ -4042,7 +4050,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_65(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -4385,21 +4393,21 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); return lit; } @@ -4445,17 +4453,18 @@ static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -4492,7 +4501,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_20_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4505,12 +4514,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_63(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_31(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_ba( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4568,7 +4577,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -4693,9 +4702,9 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_1e(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -5243,7 +5252,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5264,9 +5273,9 @@ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_1e0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -5441,7 +5450,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_3d( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -5457,7 +5466,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( public_key, deserialized_pk); @@ -5791,7 +5800,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b2(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_7d(); } /** @@ -5812,23 +5821,24 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_64( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_7d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_3a_d3( +libcrux_ml_kem_polynomial_clone_8d_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5877,7 +5887,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_3a_d3( + libcrux_ml_kem_polynomial_clone_8d_d3( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5904,7 +5914,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____3); + unwrap_26_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -5952,19 +5962,19 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_6c_c5(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_c5(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6003,10 +6013,10 @@ libcrux_ml_kem_ind_cca_unpacked_default_6c_c5(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0])#3} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 @@ -6014,9 +6024,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_6f_bb(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_bb(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6052,7 +6062,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_c5()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_c5()}); } /** @@ -6061,7 +6071,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6f_bb(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_bb(); } /** @@ -6070,7 +6080,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6c_c5(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_c5(); } /** @@ -6079,11 +6089,11 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0]} +K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6091,7 +6101,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_7b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b( @@ -6107,11 +6117,11 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 @@ -6119,10 +6129,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_b6( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_b6( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_7b( &self->public_key, serialized); } @@ -6134,24 +6144,24 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_b6(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_b6(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@1])#2} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_d6_0d( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_0d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6178,21 +6188,21 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_d6_0d( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@1])#4} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_c7_56( +libcrux_ml_kem_ind_cca_unpacked_clone_28_56( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_d6_0d(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_0d(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6206,17 +6216,17 @@ libcrux_ml_kem_ind_cca_unpacked_clone_c7_56( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_05_e2( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_e2( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6229,8 +6239,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_c7_56( - libcrux_ml_kem_ind_cca_unpacked_public_key_05_e2(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_56( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_e2(key_pair)); pk[0U] = uu____0; } @@ -6241,7 +6251,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_7b(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_7b(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 80dd501f6..25b048abc 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_mlkem768_avx2_types_H @@ -20,36 +20,16 @@ extern "C" { #include "eurydice_glue.h" -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 - libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; - -typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** A monomorphic instance of @@ -63,6 +43,20 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 + libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768PublicKeyUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -74,15 +68,21 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; -typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef struct libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index aac1ad359..ded408c91 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_mlkem768_portable_H @@ -115,7 +115,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - unwrap_41_30(dst, ret); + unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2448,16 +2448,17 @@ typedef libcrux_ml_kem_types_MlKemPublicKey_15 /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_20_19(void) { +libcrux_ml_kem_polynomial_ZERO_ef_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2486,7 +2487,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_75(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -2499,7 +2500,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2523,7 +2524,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2559,7 +2560,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ef(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -2610,7 +2611,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_10_38( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2681,7 +2682,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_11_68( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2844,15 +2845,16 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2887,7 +2889,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_52( (size_t)6U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** @@ -2904,7 +2906,7 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2981,7 +2983,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3045,7 +3047,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_5_57( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3075,20 +3077,21 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_32( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_20_76( +libcrux_ml_kem_polynomial_ntt_multiply_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3109,15 +3112,16 @@ libcrux_ml_kem_polynomial_ntt_multiply_20_76( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_20_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3275,21 +3279,22 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea( (size_t)6U); libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_20_2c( +libcrux_ml_kem_polynomial_subtract_reduce_ef_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,16 +3325,16 @@ libcrux_ml_kem_matrix_compute_message_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_20_2c(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_2c(v, result); return result; } @@ -3529,19 +3534,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -3549,15 +3554,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); return lit; } @@ -3571,7 +3576,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3917,18 +3922,19 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_20_bb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_bb(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3950,7 +3956,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4078,7 +4084,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -4156,7 +4162,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4201,7 +4207,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_20_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4263,7 +4269,7 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_20_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); } /** @@ -4317,7 +4323,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; @@ -4348,7 +4354,7 @@ generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_ed(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -4365,7 +4371,7 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d6(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4437,20 +4443,21 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_20_33( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_33( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4481,7 +4488,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4502,12 +4509,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result0[i1], &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_20_33(&result0[i1], + libcrux_ml_kem_polynomial_add_error_reduce_ef_33(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4548,7 +4555,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4566,16 +4573,17 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_20_f0( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4611,16 +4619,16 @@ libcrux_ml_kem_matrix_compute_ring_element_v_43( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_20_f0( + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f0( error_2, message, result); return result; } @@ -5029,7 +5037,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -5364,20 +5372,20 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_20_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_20_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); return lit; } @@ -5422,16 +5430,17 @@ libcrux_ml_kem_vector_traits_to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5470,7 +5479,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_20_19(); + libcrux_ml_kem_polynomial_ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5483,12 +5492,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_20_76(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_20_3a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_20_69( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5545,7 +5554,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5666,9 +5675,9 @@ libcrux_ml_kem_variant_MlKem with const generics static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_79(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -6205,7 +6214,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( uint8_t uu____5[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____5); + unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6225,9 +6234,9 @@ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 libcrux_ml_kem_ind_cpa_generate_keypair_790( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; @@ -6397,7 +6406,7 @@ generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_8b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -6412,7 +6421,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( public_key, deserialized_pk); @@ -6739,7 +6748,7 @@ libcrux_ml_kem_variant_MlKem with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_95(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_20_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_19(); } /** @@ -6759,22 +6768,23 @@ libcrux_ml_kem_variant_MlKem with const generics static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6b( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_20_19(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); } } /** This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])} +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@2])} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_3a +A monomorphic instance of libcrux_ml_kem.polynomial.clone_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_3a_06( +libcrux_ml_kem_polynomial_clone_8d_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6825,7 +6835,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_3a_06( + libcrux_ml_kem_polynomial_clone_8d_06( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6852,7 +6862,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value, Eurydice_slice, uint8_t[32U]); - unwrap_41_33(dst, uu____3); + unwrap_26_33(dst, uu____3); memcpy(out->private_key.implicit_rejection_value, uu____3, (size_t)32U * sizeof(uint8_t)); } @@ -6899,18 +6909,18 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6c +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_1c with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_6c_05(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_05(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_85_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6949,19 +6959,19 @@ libcrux_ml_kem_ind_cca_unpacked_default_6c_05(void) { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0])#3} +K>[TraitClause@0, TraitClause@1])#3} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_6f +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.default_07 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_6f_c3(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_c3(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_f6_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6997,7 +7007,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_6c_05()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_05()}); } /** @@ -7005,7 +7015,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6f_c3(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_c3(); } /** @@ -7013,7 +7023,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_6c_05(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_05(); } /** @@ -7022,18 +7032,18 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@0]} +K>[TraitClause@0, TraitClause@1]} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_a6 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_dd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_0d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d( @@ -7049,21 +7059,21 @@ libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_05 with types +libcrux_ml_kem.ind_cca.unpacked.serialized_public_key_mut_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_6b( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6b( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_0d( &self->public_key, serialized); } @@ -7074,23 +7084,23 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_05_6b(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6b(key_pair, serialized); } /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@1])#2} +K>[TraitClause@0, TraitClause@2])#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_d6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.clone_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_d6_25( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_25( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7117,20 +7127,20 @@ libcrux_ml_kem_ind_cpa_unpacked_clone_d6_25( /** This function found in impl {(core::clone::Clone for libcrux_ml_kem::ind_cca::unpacked::MlKemPublicKeyUnpacked[TraitClause@1])#4} +K>[TraitClause@0, TraitClause@2])#4} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_c7 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.clone_28 with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_c7_e5( +libcrux_ml_kem_ind_cca_unpacked_clone_28_e5( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_d6_25(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_25(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7144,16 +7154,16 @@ libcrux_ml_kem_ind_cca_unpacked_clone_c7_e5( /** This function found in impl {libcrux_ml_kem::ind_cca::unpacked::MlKemKeyPairUnpacked[TraitClause@0]#2} +K>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_05 +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.public_key_de with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_05_7e( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_7e( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7165,8 +7175,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_c7_e5( - libcrux_ml_kem_ind_cca_unpacked_public_key_05_7e(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_e5( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7e(key_pair)); pk[0U] = uu____0; } @@ -7177,7 +7187,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_a6_0d(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_0d(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 1fe947eb8..026ba1bf6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_mlkem768_portable_types_H @@ -20,37 +20,18 @@ extern "C" { #include "eurydice_glue.h" -typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; - -typedef struct - libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; -} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; +typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { + int16_t elements[16U]; +} libcrux_ml_kem_vector_portable_vector_type_PortableVector; /** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement with types libcrux_ml_kem_vector_portable_vector_type_PortableVector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t */ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { + libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; /** A monomorphic instance of @@ -64,6 +45,20 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8; + +typedef libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768PublicKeyUnpacked; + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types @@ -75,17 +70,22 @@ typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8_s { } libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8; /** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector - +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t */ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_f0_s { - libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_f0; +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; -typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { - int16_t elements[16U]; -} libcrux_ml_kem_vector_portable_vector_type_PortableVector; +typedef struct + libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; +} libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 641b2bad1..4343a48cd 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_sha3_avx2_H @@ -212,17 +212,17 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_71(void) { +libcrux_sha3_generic_keccak_new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -1964,7 +1964,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_71(); + libcrux_sha3_generic_keccak_new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2005,7 +2005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_b9( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2048,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_71(); + return libcrux_sha3_generic_keccak_new_89_71(); } /** diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index bfa447a0c..10e5c1870 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 */ #ifndef __libcrux_sha3_portable_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1582,7 +1582,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -1623,7 +1623,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -1684,7 +1684,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1941,7 +1941,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1982,7 +1982,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2069,7 +2069,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2110,7 +2110,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2163,7 +2163,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -2182,7 +2182,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2419,7 +2419,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2676,7 +2676,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2717,7 +2717,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -2778,7 +2778,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - unwrap_41_0e(dst, uu____0); + unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3035,7 +3035,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3331,7 +3331,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -3372,7 +3372,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -3671,7 +3671,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -3722,16 +3722,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -3756,16 +3756,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3773,7 +3773,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3826,16 +3826,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3843,7 +3843,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3872,7 +3872,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -3886,17 +3886,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -3904,7 +3904,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -3951,7 +3951,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -3960,16 +3960,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4114,21 +4114,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4145,7 +4145,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -4176,16 +4176,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -4210,16 +4210,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4227,7 +4227,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4280,16 +4280,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4297,7 +4297,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4323,7 +4323,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -4337,17 +4337,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -4355,7 +4355,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { @@ -4399,7 +4399,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -4408,16 +4408,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -4594,21 +4594,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -4622,7 +4622,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -4669,16 +4669,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4706,7 +4706,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4741,7 +4741,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -4788,16 +4788,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -4825,7 +4825,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, Option_b3) .tag == None) { break; @@ -4860,7 +4860,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** From 6758f5c74edc70520635665f34082150e426b97f Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 24 Sep 2024 14:53:30 +0000 Subject: [PATCH 319/348] pinned versions --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 18 + libcrux-ml-kem/c/internal/libcrux_core.h | 43 +- .../c/internal/libcrux_mlkem_avx2.h | 8 +- .../c/internal/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 136 +++--- libcrux-ml-kem/c/libcrux_core.c | 50 ++- libcrux-ml-kem/c/libcrux_core.h | 15 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 401 +++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 395 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 48 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg/code_gen.txt | 6 +- libcrux-ml-kem/cg/libcrux_core.h | 6 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 6 +- .../cg/libcrux_mlkem768_avx2_types.h | 6 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 6 +- .../cg/libcrux_mlkem768_portable_types.h | 6 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 6 +- 43 files changed, 716 insertions(+), 664 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 21d1a541d..e4e28910d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d -Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 -Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 +Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d +Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 660918c54..ad026b9e1 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -18,6 +18,13 @@ extern "C" { #include "krml/lowstar_endianness.h" #define LowStar_Ignore_ignore(e, t, _ret_t) ((void)e) +#define EURYDICE_ASSERT(test, msg) \ + do { \ + if (!(test)) { \ + fprintf(stderr, "assertion \"%s\" failed: file \"%s\", line %d\n", msg, \ + __FILE__, __LINE__); \ + } \ + } while (0) // SLICES, ARRAYS, ETC. @@ -130,6 +137,10 @@ static inline void core_num__u32_8__to_be_bytes(uint32_t src, uint8_t dst[4]) { memcpy(dst, &x, 4); } +static inline void core_num__u32_8__to_le_bytes(uint32_t src, uint8_t dst[4]) { + store32_le(dst, src); +} + static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { return load32_le(buf); } @@ -137,6 +148,7 @@ static inline uint32_t core_num__u32_8__from_le_bytes(uint8_t buf[4]) { static inline void core_num__u64_9__to_le_bytes(uint64_t v, uint8_t buf[8]) { store64_le(buf, v); } + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t buf[8]) { return load64_le(buf); } @@ -188,6 +200,9 @@ static inline uint8_t Eurydice_bitand_pv_u8(uint8_t *p, uint8_t v) { static inline uint8_t Eurydice_shr_pv_u8(uint8_t *p, int32_t v) { return (*p) >> v; } +static inline uint32_t Eurydice_min_u32(uint32_t x, uint32_t y) { + return x < y ? x : y; +} #define core_num_nonzero_private_NonZeroUsizeInner size_t static inline core_num_nonzero_private_NonZeroUsizeInner @@ -210,6 +225,9 @@ core_num_nonzero_private___core__clone__Clone_for_core__num__nonzero__private__N #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next +#define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next \ + Eurydice_range_iter_next + // See note in karamel/lib/Inlining.ml if you change this #define Eurydice_into_iter(x, t, _ret_t) (x) #define core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I___into_iter \ diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ea0d66fb8..4dc60c6c7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __internal_libcrux_core_H @@ -291,14 +291,15 @@ typedef struct core_result_Result_00_s { } core_result_Result_00; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]); +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]); /** Pad the `slice` with `0`s at the end. @@ -382,14 +383,15 @@ typedef struct core_result_Result_6f_s { } core_result_Result_6f; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]); +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]); /** A monomorphic instance of core.result.Result @@ -405,14 +407,15 @@ typedef struct core_result_Result_7a_s { } core_result_Result_7a; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]); +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]); /** A monomorphic instance of core.result.Result @@ -428,14 +431,15 @@ typedef struct core_result_Result_cd_s { } core_result_Result_cd; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]); +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -451,14 +455,15 @@ typedef struct core_result_Result_c0_s { } core_result_Result_c0; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]); +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]); typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { Eurydice_slice fst[4U]; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index faf1c9b68..edc4170ea 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7d3aec1df..be78cb001 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 653268abf..354aca0c1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 924fca293..513206ab2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_cf(); + return libcrux_sha3_generic_keccak_new_89_cf(); } /** @@ -258,16 +258,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_15( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -292,16 +292,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_15( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -309,7 +309,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_15(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_15(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -362,16 +362,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_45( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -379,7 +379,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_45( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -408,7 +408,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} static inline void libcrux_sha3_portable_incremental_absorb_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_45(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_45(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_4f @@ -422,17 +422,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_4f */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b6( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; @@ -440,7 +440,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b6( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -487,7 +487,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_absorb_final_7d( libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b6(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b6(&self, buf); return self; } @@ -496,16 +496,16 @@ libcrux_sha3_portable_incremental_absorb_final_7d( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e( uint8_t ret[136U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -650,21 +650,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f -libcrux_sha3_generic_keccak_new_9d_47(void) { +libcrux_sha3_generic_keccak_new_8b_47(void) { libcrux_sha3_generic_keccak_KeccakXofState_4f lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[136U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e(ret); memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -681,7 +681,7 @@ libcrux_sha3::portable::incremental::Shake256Absorb)#2} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_new_7d(void) { - return libcrux_sha3_generic_keccak_new_9d_47(); + return libcrux_sha3_generic_keccak_new_8b_47(); } /** @@ -712,16 +712,16 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_8b_150( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); @@ -746,16 +746,16 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_150( /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( +static inline size_t libcrux_sha3_generic_keccak_absorb_full_8b_7a0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -763,7 +763,7 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( Eurydice_slice copy_of_inputs0[1U]; memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_150(uu____0, copy_of_inputs0); + libcrux_sha3_generic_keccak_fill_buffer_8b_150(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -816,16 +816,16 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_7a0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_8b_450( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -833,7 +833,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_450( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { @@ -859,7 +859,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} static inline void libcrux_sha3_portable_incremental_absorb_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_9d_450(self, buf); + libcrux_sha3_generic_keccak_absorb_8b_450(self, buf); } typedef libcrux_sha3_generic_keccak_KeccakXofState_78 @@ -873,17 +873,17 @@ typedef libcrux_sha3_generic_keccak_KeccakXofState_78 */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 - DELIMITER= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_8b_b60( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; @@ -891,7 +891,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_b60( Eurydice_slice copy_of_inputs[1U]; memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_7a0(uu____0, copy_of_inputs); + libcrux_sha3_generic_keccak_absorb_full_8b_7a0(uu____0, copy_of_inputs); size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { @@ -935,7 +935,7 @@ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_absorb_final_1c( libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { Eurydice_slice buf[1U] = {input}; - libcrux_sha3_generic_keccak_absorb_final_9d_b60(&self, buf); + libcrux_sha3_generic_keccak_absorb_final_8b_b60(&self, buf); return self; } @@ -944,16 +944,16 @@ libcrux_sha3_portable_incremental_absorb_final_1c( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( +static inline void libcrux_sha3_generic_keccak_zero_block_8b_5e0( uint8_t ret[168U]) { ret[0U] = 0U; ret[1U] = 0U; @@ -1130,21 +1130,21 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_5e0( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +A monomorphic instance of libcrux_sha3.generic_keccak.new_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 -libcrux_sha3_generic_keccak_new_9d_470(void) { +libcrux_sha3_generic_keccak_new_8b_470(void) { libcrux_sha3_generic_keccak_KeccakXofState_78 lit; - lit.inner = libcrux_sha3_generic_keccak_new_1e_cf(); + lit.inner = libcrux_sha3_generic_keccak_new_89_cf(); uint8_t ret[168U]; - libcrux_sha3_generic_keccak_zero_block_9d_5e0(ret); + libcrux_sha3_generic_keccak_zero_block_8b_5e0(ret); memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); lit.buf_len = (size_t)0U; lit.sponge = false; @@ -1158,7 +1158,7 @@ libcrux_sha3::portable::incremental::Shake128Absorb)} */ static inline libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_new_1c(void) { - return libcrux_sha3_generic_keccak_new_9d_470(); + return libcrux_sha3_generic_keccak_new_8b_470(); } /** @@ -1205,16 +1205,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_81( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1242,7 +1242,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1277,7 +1277,7 @@ libcrux_sha3::portable::incremental::Shake256Squeeze)#3} static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba(self, buf); } /** @@ -1324,16 +1324,16 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_810( */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +PARALLEL_LANES, RATE>[TraitClause@0, TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_8b with types uint64_t with const generics - PARALLEL_LANES= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_8b_ba0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out[1U]) { if (self->sponge) { @@ -1361,7 +1361,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_ba0( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1396,7 +1396,7 @@ libcrux_sha3::portable::incremental::Shake128Squeeze)#1} static inline void libcrux_sha3_portable_incremental_squeeze_10( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_9d_ba0(self, buf); + libcrux_sha3_generic_keccak_squeeze_8b_ba0(self, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index c70315723..c0efed48a 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "internal/libcrux_core.h" @@ -390,14 +390,15 @@ uint8_t *libcrux_ml_kem_types_as_slice_fd_cf( } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[32size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_33(core_result_Result_00 self, uint8_t ret[32U]) { +void core_result_unwrap_26_33(core_result_Result_00 self, uint8_t ret[32U]) { if (self.tag == core_result_Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); @@ -519,14 +520,15 @@ void libcrux_ml_kem_utils_into_padded_array_42(Eurydice_slice slice, } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[24size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { +void core_result_unwrap_26_76(core_result_Result_6f self, uint8_t ret[24U]) { if (self.tag == core_result_Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); @@ -539,14 +541,15 @@ void core_result_unwrap_41_76(core_result_Result_6f self, uint8_t ret[24U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[20size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { +void core_result_unwrap_26_ea(core_result_Result_7a self, uint8_t ret[20U]) { if (self.tag == core_result_Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); @@ -559,14 +562,15 @@ void core_result_unwrap_41_ea(core_result_Result_7a self, uint8_t ret[20U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[10size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { +void core_result_unwrap_26_07(core_result_Result_cd self, uint8_t ret[10U]) { if (self.tag == core_result_Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); @@ -579,14 +583,15 @@ void core_result_unwrap_41_07(core_result_Result_cd self, uint8_t ret[10U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types int16_t[16size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { +void core_result_unwrap_26_30(core_result_Result_c0 self, int16_t ret[16U]) { if (self.tag == core_result_Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); @@ -599,14 +604,15 @@ void core_result_unwrap_41_30(core_result_Result_c0 self, int16_t ret[16U]) { } /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]) { +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]) { if (self.tag == core_result_Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index d11c83a5a..f7265777c 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_core_H @@ -197,14 +197,15 @@ typedef struct core_result_Result_56_s { } core_result_Result_56; /** -This function found in impl {core::result::Result} +This function found in impl {core::result::Result[TraitClause@0, +TraitClause@1]} */ /** -A monomorphic instance of core.result.unwrap_41 +A monomorphic instance of core.result.unwrap_26 with types uint8_t[8size_t], core_array_TryFromSliceError */ -void core_result_unwrap_41_0e(core_result_Result_56 self, uint8_t ret[8U]); +void core_result_unwrap_26_0e(core_result_Result_56 self, uint8_t ret[8U]); typedef struct Eurydice_slice_uint8_t_x2_s { Eurydice_slice fst; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 0c4269273..0a85a746d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 291cdea74..31d8304e1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index e261044f5..8e758c512 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 8589f3cb7..e8df4813a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 5e13dac2e..fa38f9693 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e2d3aeec9..2c452d78b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 3147278df..a285e9e59 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index b8b6f8b0d..13b581872 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index f4b93367f..25be9d68b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 7b475f089..71cbfb6fe 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9d931422e..537ec47e9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 067de4a91..282d5e8f3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 7a86aed30..36ab7426f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index fae6a874c..fae5cc397 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 5feb24427..ff60c10cb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a0b9361ed..97b6fd741 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "internal/libcrux_mlkem_avx2.h" @@ -603,7 +603,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, ret0); + core_result_unwrap_26_0e(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -694,7 +694,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), Eurydice_slice, uint8_t[10U]); - core_result_unwrap_41_07(dst, ret0); + core_result_unwrap_26_07(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -797,7 +797,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), Eurydice_slice, uint8_t[20U]); - core_result_unwrap_41_ea(dst, ret0); + core_result_unwrap_26_ea(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -924,7 +924,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), Eurydice_slice, uint8_t[24U]); - core_result_unwrap_41_76(dst, ret0); + core_result_unwrap_26_76(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1031,15 +1031,16 @@ inline __m256i libcrux_ml_kem_vector_avx2_clone_78(__m256i *self) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_20_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_7d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1068,7 +1069,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1117,7 +1118,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_fb1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -1341,19 +1342,19 @@ typedef struct IndCpaPrivateKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_f6_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); - lit.secret_as_ntt[2U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[2U] = ZERO_ef_7d(); return lit; } @@ -1372,33 +1373,33 @@ typedef struct IndCpaPublicKeyUnpacked_a0_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_85_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[0U][2U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); - lit.A[1U][2U] = ZERO_20_7d(); - lit.A[2U][0U] = ZERO_20_7d(); - lit.A[2U][1U] = ZERO_20_7d(); - lit.A[2U][2U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[0U][2U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[1U][2U] = ZERO_ef_7d(); + lit.A[2U][0U] = ZERO_ef_7d(); + lit.A[2U][1U] = ZERO_ef_7d(); + lit.A[2U][2U] = ZERO_ef_7d(); return lit; } @@ -1728,17 +1729,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_20_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); +from_i16_array_ef_14(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1757,7 +1759,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1942,7 +1944,7 @@ sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1986,7 +1988,7 @@ sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -2137,15 +2139,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_09( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_09( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2171,7 +2174,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -2228,7 +2231,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2249,18 +2252,19 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2279,15 +2283,16 @@ ntt_multiply_20_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_311( +static KRML_MUSTINLINE void add_to_ring_element_ef_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2314,15 +2319,16 @@ static __m256i to_standard_domain_c1(__m256i v) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_ba( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2356,7 +2362,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -2369,10 +2375,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_311(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2425,7 +2431,7 @@ static void generate_keypair_unpacked_4a1( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -2443,8 +2449,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1e1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_f6_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_85_801(); + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; serialize_public_key_f71( @@ -2595,7 +2601,7 @@ static KRML_MUSTINLINE tuple_b0 sample_ring_element_cbd_2d1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2775,20 +2781,21 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_0c1( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_a2( +static KRML_MUSTINLINE void add_error_reduce_ef_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2816,7 +2823,7 @@ static KRML_MUSTINLINE void compute_vector_u_7f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2836,11 +2843,11 @@ static KRML_MUSTINLINE void compute_vector_u_7f1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_311(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_311(&result0[i1], &product); } invert_ntt_montgomery_0c1(&result0[i1]); - add_error_reduce_20_a2(&result0[i1], &error_1[i1]); + add_error_reduce_ef_a2(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2872,7 +2879,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_message_4f(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2886,16 +2893,17 @@ deserialize_then_decompress_message_4f(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_20_df( +add_message_error_reduce_ef_df( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2927,13 +2935,13 @@ compute_ring_element_v_ac1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_311(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); invert_ntt_montgomery_0c1(&result); - result = add_message_error_reduce_20_df(error_2, message, result); + result = add_message_error_reduce_ef_df(error_2, message, result); return result; } @@ -3391,7 +3399,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_85_801(); + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); deserialize_ring_elements_reduced_fb1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -3510,7 +3518,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_59(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3532,7 +3540,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_181( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3619,7 +3627,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_3d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3699,7 +3707,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_1a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -3738,7 +3746,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2c0( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -3754,7 +3762,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3843,7 +3851,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_f1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -3918,7 +3926,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_7e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3944,16 +3952,17 @@ deserialize_then_decompress_ring_element_v_050(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_20_27(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_27(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3979,13 +3988,13 @@ compute_message_a41( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_311(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); invert_ntt_montgomery_0c1(&result); - result = subtract_reduce_20_27(v, result); + result = subtract_reduce_ef_27(v, result); return result; } @@ -4221,7 +4230,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_fb(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -4375,20 +4384,20 @@ typedef struct IndCpaPrivateKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_f6_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); - lit.secret_as_ntt[2U] = ZERO_20_7d(); - lit.secret_as_ntt[3U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[2U] = ZERO_ef_7d(); + lit.secret_as_ntt[3U] = ZERO_ef_7d(); return lit; } @@ -4407,40 +4416,40 @@ typedef struct IndCpaPublicKeyUnpacked_01_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_85_80(void) { +static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[0U][2U] = ZERO_20_7d(); - lit.A[0U][3U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); - lit.A[1U][2U] = ZERO_20_7d(); - lit.A[1U][3U] = ZERO_20_7d(); - lit.A[2U][0U] = ZERO_20_7d(); - lit.A[2U][1U] = ZERO_20_7d(); - lit.A[2U][2U] = ZERO_20_7d(); - lit.A[2U][3U] = ZERO_20_7d(); - lit.A[3U][0U] = ZERO_20_7d(); - lit.A[3U][1U] = ZERO_20_7d(); - lit.A[3U][2U] = ZERO_20_7d(); - lit.A[3U][3U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[0U][2U] = ZERO_ef_7d(); + lit.A[0U][3U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[1U][2U] = ZERO_ef_7d(); + lit.A[1U][3U] = ZERO_ef_7d(); + lit.A[2U][0U] = ZERO_ef_7d(); + lit.A[2U][1U] = ZERO_ef_7d(); + lit.A[2U][2U] = ZERO_ef_7d(); + lit.A[2U][3U] = ZERO_ef_7d(); + lit.A[3U][0U] = ZERO_ef_7d(); + lit.A[3U][1U] = ZERO_ef_7d(); + lit.A[3U][2U] = ZERO_ef_7d(); + lit.A[3U][3U] = ZERO_ef_7d(); return lit; } @@ -4782,7 +4791,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4983,7 +4992,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5004,15 +5013,16 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_31( +static KRML_MUSTINLINE void add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5046,7 +5056,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5059,10 +5069,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_31(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5115,7 +5125,7 @@ static void generate_keypair_unpacked_4a( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -5133,8 +5143,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1e0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_f6_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_85_80(); + IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); + IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; serialize_public_key_f7( @@ -5285,7 +5295,7 @@ static KRML_MUSTINLINE tuple_71 sample_ring_element_cbd_2d(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5349,7 +5359,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_0c( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -5365,7 +5375,7 @@ static KRML_MUSTINLINE void compute_vector_u_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5385,11 +5395,11 @@ static KRML_MUSTINLINE void compute_vector_u_7f( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_31(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_31(&result0[i1], &product); } invert_ntt_montgomery_0c(&result0[i1]); - add_error_reduce_20_a2(&result0[i1], &error_1[i1]); + add_error_reduce_ef_a2(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5412,13 +5422,13 @@ compute_ring_element_v_ac( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_31(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); invert_ntt_montgomery_0c(&result); - result = add_message_error_reduce_20_df(error_2, message, result); + result = add_message_error_reduce_ef_df(error_2, message, result); return result; } @@ -5595,7 +5605,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_85_80(); + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); deserialize_ring_elements_reduced_fb( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -5717,7 +5727,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_180( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5768,7 +5778,7 @@ static KRML_MUSTINLINE void ntt_vector_u_2c( ntt_at_layer_3_ae(&zeta_i, re); ntt_at_layer_2_53(&zeta_i, re); ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -5784,7 +5794,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5832,13 +5842,13 @@ compute_message_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_31(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); invert_ntt_montgomery_0c(&result); - result = subtract_reduce_20_27(v, result); + result = subtract_reduce_ef_27(v, result); return result; } @@ -6036,7 +6046,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_7d();); + deserialized_pk[i] = ZERO_ef_7d();); deserialize_ring_elements_reduced_fb0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -6190,18 +6200,18 @@ typedef struct IndCpaPrivateKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_f6_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_20_7d(); - lit.secret_as_ntt[1U] = ZERO_20_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_7d(); + lit.secret_as_ntt[1U] = ZERO_ef_7d(); return lit; } @@ -6220,28 +6230,28 @@ typedef struct IndCpaPublicKeyUnpacked_d6_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_85_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_20_7d();); + uu____0[i] = ZERO_ef_7d();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_7d(); - lit.A[0U][1U] = ZERO_20_7d(); - lit.A[1U][0U] = ZERO_20_7d(); - lit.A[1U][1U] = ZERO_20_7d(); + lit.A[0U][0U] = ZERO_ef_7d(); + lit.A[0U][1U] = ZERO_ef_7d(); + lit.A[1U][0U] = ZERO_ef_7d(); + lit.A[1U][1U] = ZERO_ef_7d(); return lit; } @@ -6571,7 +6581,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( int16_t s[272U]) { - return from_i16_array_20_14( + return from_i16_array_ef_14( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6777,7 +6787,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_7d();); + re_as_ntt[i] = ZERO_ef_7d();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6798,15 +6808,16 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_310( +static KRML_MUSTINLINE void add_to_ring_element_ef_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6840,7 +6851,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6853,10 +6864,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_310(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6909,7 +6920,7 @@ static void generate_keypair_unpacked_4a0( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6927,8 +6938,8 @@ with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1e( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_f6_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_85_800(); + IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); + IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; serialize_public_key_f70( @@ -7125,7 +7136,7 @@ static KRML_MUSTINLINE tuple_74 sample_ring_element_cbd_2d0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_7d();); + error_1[i] = ZERO_ef_7d();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7189,7 +7200,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_0c0( invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_09(re); + poly_barrett_reduce_ef_09(re); } /** @@ -7205,7 +7216,7 @@ static KRML_MUSTINLINE void compute_vector_u_7f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_7d();); + result0[i] = ZERO_ef_7d();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7225,11 +7236,11 @@ static KRML_MUSTINLINE void compute_vector_u_7f0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(a_element, &r_as_ntt[j]); - add_to_ring_element_20_310(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_310(&result0[i1], &product); } invert_ntt_montgomery_0c0(&result0[i1]); - add_error_reduce_20_a2(&result0[i1], &error_1[i1]); + add_error_reduce_ef_a2(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7252,13 +7263,13 @@ compute_ring_element_v_ac0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_310(&result, &product);); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); invert_ntt_montgomery_0c0(&result); - result = add_message_error_reduce_20_df(error_2, message, result); + result = add_message_error_reduce_ef_df(error_2, message, result); return result; } @@ -7385,7 +7396,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_85_800(); + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); deserialize_ring_elements_reduced_fb0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -7507,7 +7518,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_18( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_7d();); + secret_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7544,7 +7555,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_7d();); + u_as_ntt[i] = ZERO_ef_7d();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7581,13 +7592,13 @@ compute_message_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_20_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_20_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_310(&result, &product);); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); invert_ntt_montgomery_0c0(&result); - result = subtract_reduce_20_27(v, result); + result = subtract_reduce_ef_27(v, result); return result; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index b1d46ac81..705b94d1c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index f54504354..65f4405d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "internal/libcrux_mlkem_portable.h" @@ -79,7 +79,7 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), Eurydice_slice, int16_t[16U]); - core_result_unwrap_41_30(dst, ret); + core_result_unwrap_26_30(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -2281,15 +2281,16 @@ libcrux_ml_kem_vector_portable_vector_type_clone_3b( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_20_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_19(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2318,7 +2319,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_8a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2369,7 +2370,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_611( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_bb(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -2609,20 +2610,20 @@ typedef struct IndCpaPrivateKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_f6_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); - lit.secret_as_ntt[2U] = ZERO_20_19(); - lit.secret_as_ntt[3U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[2U] = ZERO_ef_19(); + lit.secret_as_ntt[3U] = ZERO_ef_19(); return lit; } @@ -2641,40 +2642,40 @@ typedef struct IndCpaPublicKeyUnpacked_42_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_85_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[0U][2U] = ZERO_20_19(); - lit.A[0U][3U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); - lit.A[1U][2U] = ZERO_20_19(); - lit.A[1U][3U] = ZERO_20_19(); - lit.A[2U][0U] = ZERO_20_19(); - lit.A[2U][1U] = ZERO_20_19(); - lit.A[2U][2U] = ZERO_20_19(); - lit.A[2U][3U] = ZERO_20_19(); - lit.A[3U][0U] = ZERO_20_19(); - lit.A[3U][1U] = ZERO_20_19(); - lit.A[3U][2U] = ZERO_20_19(); - lit.A[3U][3U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[0U][2U] = ZERO_ef_19(); + lit.A[0U][3U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); + lit.A[1U][2U] = ZERO_ef_19(); + lit.A[1U][3U] = ZERO_ef_19(); + lit.A[2U][0U] = ZERO_ef_19(); + lit.A[2U][1U] = ZERO_ef_19(); + lit.A[2U][2U] = ZERO_ef_19(); + lit.A[2U][3U] = ZERO_ef_19(); + lit.A[3U][0U] = ZERO_ef_19(); + lit.A[3U][1U] = ZERO_ef_19(); + lit.A[3U][2U] = ZERO_ef_19(); + lit.A[3U][3U] = ZERO_ef_19(); return lit; } @@ -2996,17 +2997,18 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_20 +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_20_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); +from_i16_array_ef_bb(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3028,7 +3030,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3197,7 +3199,7 @@ sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3241,7 +3243,7 @@ sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3407,15 +3409,16 @@ static KRML_MUSTINLINE void ntt_at_layer_1_21( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_20_0a( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_0a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3443,7 +3446,7 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -3502,7 +3505,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3523,18 +3526,19 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_20 +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_19(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3555,15 +3559,16 @@ ntt_multiply_20_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3596,15 +3601,16 @@ to_standard_domain_73( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_20_69( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3640,7 +3646,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3653,10 +3659,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3709,7 +3715,7 @@ static void generate_keypair_unpacked_86( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -3727,8 +3733,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_791( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_f6_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_85_6b(); + IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); + IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; serialize_public_key_8c( @@ -3880,7 +3886,7 @@ static KRML_MUSTINLINE tuple_710 sample_ring_element_cbd_f9(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -4068,20 +4074,21 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_45( invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_20_bd( +static KRML_MUSTINLINE void add_error_reduce_ef_bd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4112,7 +4119,7 @@ static KRML_MUSTINLINE void compute_vector_u_cc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4132,11 +4139,11 @@ static KRML_MUSTINLINE void compute_vector_u_cc( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a(&result0[i1], &product); } invert_ntt_montgomery_45(&result0[i1]); - add_error_reduce_20_bd(&result0[i1], &error_1[i1]); + add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4173,7 +4180,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_message_52(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4190,16 +4197,17 @@ deserialize_then_decompress_message_52(uint8_t serialized[32U]) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_20_42( +add_message_error_reduce_ef_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4234,13 +4242,13 @@ compute_ring_element_v_14( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); invert_ntt_montgomery_45(&result); - result = add_message_error_reduce_20_42(error_2, message, result); + result = add_message_error_reduce_ef_42(error_2, message, result); return result; } @@ -4593,7 +4601,7 @@ generics */ static void encrypt_f41(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_85_6b(); + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); deserialize_ring_elements_reduced_bb( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -4712,7 +4720,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_7a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4736,7 +4744,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4805,7 +4813,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_58(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4872,7 +4880,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_5c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4914,7 +4922,7 @@ static KRML_MUSTINLINE void ntt_vector_u_72( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -4930,7 +4938,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5001,7 +5009,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_6c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5061,7 +5069,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_96(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5089,16 +5097,17 @@ deserialize_then_decompress_ring_element_v_ad(Eurydice_slice serialized) { /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_20 +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_20_87(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_87(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5127,13 +5136,13 @@ compute_message_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); invert_ntt_montgomery_45(&result); - result = subtract_reduce_20_87(v, result); + result = subtract_reduce_ef_87(v, result); return result; } @@ -5371,7 +5380,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_610( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_bb0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -5525,18 +5534,18 @@ typedef struct IndCpaPrivateKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_f6_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); return lit; } @@ -5555,28 +5564,28 @@ typedef struct IndCpaPublicKeyUnpacked_ae_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_85_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); return lit; } @@ -5905,7 +5914,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6100,7 +6109,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6121,15 +6130,16 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a0( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6167,7 +6177,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6180,10 +6190,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a0(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6236,7 +6246,7 @@ static void generate_keypair_unpacked_860( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -6254,8 +6264,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_790( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_f6_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_85_6b0(); + IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); + IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; serialize_public_key_8c0( @@ -6439,7 +6449,7 @@ static KRML_MUSTINLINE tuple_740 sample_ring_element_cbd_f90(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6503,7 +6513,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_450( invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -6519,7 +6529,7 @@ static KRML_MUSTINLINE void compute_vector_u_cc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6539,11 +6549,11 @@ static KRML_MUSTINLINE void compute_vector_u_cc0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a0(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a0(&result0[i1], &product); } invert_ntt_montgomery_450(&result0[i1]); - add_error_reduce_20_bd(&result0[i1], &error_1[i1]); + add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6566,13 +6576,13 @@ compute_ring_element_v_140( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a0(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); invert_ntt_montgomery_450(&result); - result = add_message_error_reduce_20_42(error_2, message, result); + result = add_message_error_reduce_ef_42(error_2, message, result); return result; } @@ -6754,7 +6764,7 @@ generics */ static void encrypt_f40(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_85_6b0(); + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); deserialize_ring_elements_reduced_bb0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -6876,7 +6886,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6927,7 +6937,7 @@ static KRML_MUSTINLINE void ntt_vector_u_720( ntt_at_layer_3_1b(&zeta_i, re); ntt_at_layer_2_ea(&zeta_i, re); ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -6943,7 +6953,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6991,13 +7001,13 @@ compute_message_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a0(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); invert_ntt_montgomery_450(&result); - result = subtract_reduce_20_87(v, result); + result = subtract_reduce_ef_87(v, result); return result; } @@ -7195,7 +7205,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_20_19();); + deserialized_pk[i] = ZERO_ef_19();); deserialize_ring_elements_reduced_bb1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -7349,19 +7359,19 @@ typedef struct IndCpaPrivateKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPrivateKeyUnpacked[TraitClause@0])} +K>[TraitClause@0, TraitClause@1])} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_f6 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_1a with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_f6_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_20_19(); - lit.secret_as_ntt[1U] = ZERO_20_19(); - lit.secret_as_ntt[2U] = ZERO_20_19(); + lit.secret_as_ntt[0U] = ZERO_ef_19(); + lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[2U] = ZERO_ef_19(); return lit; } @@ -7380,33 +7390,33 @@ typedef struct IndCpaPublicKeyUnpacked_f8_s { /** This function found in impl {(core::default::Default for libcrux_ml_kem::ind_cpa::unpacked::IndCpaPublicKeyUnpacked[TraitClause@0])#1} +K>[TraitClause@0, TraitClause@1])#1} */ /** -A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_85 +A monomorphic instance of libcrux_ml_kem.ind_cpa.unpacked.default_8d with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_85_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_20_19();); + uu____0[i] = ZERO_ef_19();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_20_19(); - lit.A[0U][1U] = ZERO_20_19(); - lit.A[0U][2U] = ZERO_20_19(); - lit.A[1U][0U] = ZERO_20_19(); - lit.A[1U][1U] = ZERO_20_19(); - lit.A[1U][2U] = ZERO_20_19(); - lit.A[2U][0U] = ZERO_20_19(); - lit.A[2U][1U] = ZERO_20_19(); - lit.A[2U][2U] = ZERO_20_19(); + lit.A[0U][0U] = ZERO_ef_19(); + lit.A[0U][1U] = ZERO_ef_19(); + lit.A[0U][2U] = ZERO_ef_19(); + lit.A[1U][0U] = ZERO_ef_19(); + lit.A[1U][1U] = ZERO_ef_19(); + lit.A[1U][2U] = ZERO_ef_19(); + lit.A[2U][0U] = ZERO_ef_19(); + lit.A[2U][1U] = ZERO_ef_19(); + lit.A[2U][2U] = ZERO_ef_19(); return lit; } @@ -7735,7 +7745,7 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( int16_t s[272U]) { - return from_i16_array_20_bb( + return from_i16_array_ef_bb( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7919,7 +7929,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_20_19();); + re_as_ntt[i] = ZERO_ef_19();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7940,15 +7950,16 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( /** This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]#2} +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0, +TraitClause@1]#2} */ /** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_20 +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_ef with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_20_3a1( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7986,7 +7997,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -7999,10 +8010,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_20_3a1(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_20_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8055,7 +8066,7 @@ static void generate_keypair_unpacked_861( uint8_t uu____5[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_33(dst, uu____5); + core_result_unwrap_26_33(dst, uu____5); memcpy(public_key->seed_for_A, uu____5, (size_t)32U * sizeof(uint8_t)); } @@ -8073,8 +8084,8 @@ libcrux_ml_kem_variant_MlKem with const generics */ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_79( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_f6_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_85_6b1(); + IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); + IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; serialize_public_key_8c1( @@ -8226,7 +8237,7 @@ static KRML_MUSTINLINE tuple_b00 sample_ring_element_cbd_f91(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_20_19();); + error_1[i] = ZERO_ef_19();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8290,7 +8301,7 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_451( invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_20_0a(re); + poly_barrett_reduce_ef_0a(re); } /** @@ -8306,7 +8317,7 @@ static KRML_MUSTINLINE void compute_vector_u_cc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_20_19();); + result0[i] = ZERO_ef_19();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8326,11 +8337,11 @@ static KRML_MUSTINLINE void compute_vector_u_cc1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(a_element, &r_as_ntt[j]); - add_to_ring_element_20_3a1(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a1(&result0[i1], &product); } invert_ntt_montgomery_451(&result0[i1]); - add_error_reduce_20_bd(&result0[i1], &error_1[i1]); + add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8353,13 +8364,13 @@ compute_ring_element_v_141( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_20_3a1(&result, &product);); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); invert_ntt_montgomery_451(&result); - result = add_message_error_reduce_20_42(error_2, message, result); + result = add_message_error_reduce_ef_42(error_2, message, result); return result; } @@ -8490,7 +8501,7 @@ generics */ static void encrypt_f4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_85_6b1(); + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); deserialize_ring_elements_reduced_bb1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); @@ -8612,7 +8623,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_20_19();); + secret_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8649,7 +8660,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_20_19();); + u_as_ntt[i] = ZERO_ef_19();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8686,13 +8697,13 @@ compute_message_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_20_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_20_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_20_3a1(&result, &product);); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); invert_ntt_montgomery_451(&result); - result = subtract_reduce_20_87(v, result); + result = subtract_reduce_ef_87(v, result); return result; } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 148c73ed6..850ef79ff 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 7c2339260..3c9d12e58 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 1ff80c854..b246030f2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "internal/libcrux_sha3_avx2.h" @@ -167,16 +167,16 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types core_core_arch_x86___m256i with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_71(void) { +new_89_71(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -1679,7 +1679,7 @@ with const generics */ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_71(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_89_71(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -1719,7 +1719,7 @@ static KRML_MUSTINLINE void keccak_b9(Eurydice_slice data[4U], .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1757,7 +1757,7 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, */ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_71(); + return new_89_71(); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 4a83c4c39..ae63d5635 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 2986801bc..1ccb6aef7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_sha3_internal_H @@ -192,16 +192,16 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { */ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +N>[TraitClause@0, TraitClause@1]#1} */ /** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +A monomorphic instance of libcrux_sha3.generic_keccak.new_89 with types uint64_t with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_cf(void) { +libcrux_sha3_generic_keccak_new_89_cf(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -247,7 +247,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_65( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1465,7 +1465,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_650( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1740,7 +1740,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; @@ -1781,7 +1781,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_064( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -1832,7 +1832,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_653( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2089,7 +2089,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; @@ -2130,7 +2130,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_063( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2181,7 +2181,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_652( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2438,7 +2438,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; @@ -2479,7 +2479,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_062( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2627,7 +2627,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2668,7 +2668,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_061( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2745,7 +2745,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_060( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; @@ -2837,7 +2837,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_651( Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t), Eurydice_slice, uint8_t[8U]); - core_result_unwrap_41_0e(dst, uu____0); + core_result_unwrap_26_0e(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -3093,7 +3093,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_cf(); + libcrux_sha3_generic_keccak_new_89_cf(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; @@ -3134,7 +3134,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_06( .end = blocks}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A__TraitClause_0___6__next( &iter, size_t, core_option_Option_b3) .tag == core_option_None) { break; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index ebfa2320d..e84736e6c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6756fcc4b..dcf61fdac 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: b351338f6a84c7a1afc27433eb0ffdc668b3581d - * Eurydice: 7efec1624422fd5e94388ef06b9c76dfe7a48d46 - * Karamel: c96fb69d15693284644d6aecaa90afa37e4de8f0 + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 + * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 9e07b1b2962c1f8d7ad6c5cacb94bd68fd4d8a3d + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index cfb1412a1..e4e28910d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 1bd0af95285033fec42133810440d56977c17ade +Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac -Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 +Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 +Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index c34810389..167e6f0ec 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8d410ee3b..be254be76 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index af0f83010..31e79d8fb 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 25b048abc..9d502829e 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index ded408c91..32f0d2918 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 026ba1bf6..b8421f790 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 4343a48cd..5b77b14b3 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 10e5c1870..eb7601a34 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 1bd0af95285033fec42133810440d56977c17ade + * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac - * Karamel: baec61db14d5132ae8eb4bd7a288638b7f2f1db8 + * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: 5971b6982c7af3edf6b84c36aa90697e599288a4 + * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 */ #ifndef __libcrux_sha3_portable_H From 15d46ebc0610f3d852205f17d4a6bcc16b40d167 Mon Sep 17 00:00:00 2001 From: mamonet Date: Tue, 24 Sep 2024 20:48:09 +0000 Subject: [PATCH 320/348] Add post-condition for entropy_preprocess --- .../fstar/extraction/Libcrux_ml_kem.Variant.fsti | 10 +++++----- libcrux-ml-kem/src/variant.rs | 4 +++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti index d7d3cdd82..943518133 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -59,9 +59,9 @@ class t_Variant (v_Self: Type0) = { v_K: usize -> #v_Hasher: Type0 -> {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - t_Array u8 (sz 32) - -> Type0; + randomness: t_Slice u8 -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == randomness}; f_entropy_preprocess: v_K: usize -> #v_Hasher: Type0 -> @@ -158,9 +158,9 @@ let impl: t_Variant t_MlKem = i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) (randomness: t_Slice u8) - (out1: t_Array u8 (sz 32)) + (res: t_Array u8 (sz 32)) -> - true); + res == randomness); f_entropy_preprocess = (fun diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs index bd9f9fae9..5ccee1f83 100644 --- a/libcrux-ml-kem/src/variant.rs +++ b/libcrux-ml-kem/src/variant.rs @@ -18,6 +18,7 @@ pub(crate) trait Variant { ciphertext: &MlKemCiphertext, ) -> [u8; 32]; #[requires(randomness.len() == 32)] + #[ensures(|res| fstar!("$res == $randomness"))] // FIX: Only true for ML-KEM, not Kyber fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; #[requires(seed.len() == 32)] fn cpa_keygen_seed>(seed: &[u8]) -> [u8; 64]; @@ -69,7 +70,7 @@ pub(crate) struct MlKem {} impl Variant for MlKem { #[inline(always)] #[requires(shared_secret.len() == 32)] - #[ensures(|res| fstar!("$res == $shared_secret"))] // FIX: Only true for ML-KEM, not Kyber + #[ensures(|res| fstar!("$res == $shared_secret"))] fn kdf>( shared_secret: &[u8], _: &MlKemCiphertext, @@ -81,6 +82,7 @@ impl Variant for MlKem { #[inline(always)] #[requires(randomness.len() == 32)] + #[ensures(|res| fstar!("$res == $randomness"))] fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32] { let mut out = [0u8; 32]; out.copy_from_slice(randomness); From 970017bdbde55530ff9f36af523ef80b020aa572 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 24 Sep 2024 21:16:22 +0000 Subject: [PATCH 321/348] fstar --- .../Libcrux_ml_kem.Constant_time_ops.fsti | 45 +++------------ libcrux-ml-kem/src/constant_time_ops.rs | 55 +++++-------------- 2 files changed, 21 insertions(+), 79 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 437691615..4b08592c4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -10,14 +10,7 @@ val inz (value: u8) (ensures fun result -> let result:u8 = result in - Hax_lib.implies (value =. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 0uy <: bool) && - Hax_lib.implies (value <>. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 1uy <: bool)) + (value == 0uy ==> result == 0uy) /\ (value !==0uy ==> result == 1uy)) val is_non_zero (value: u8) : Prims.Pure u8 @@ -25,14 +18,7 @@ val is_non_zero (value: u8) (ensures fun result -> let result:u8 = result in - Hax_lib.implies (value =. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 0uy <: bool) && - Hax_lib.implies (value <>. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 1uy <: bool)) + (value == 0uy ==> result == 0uy) /\ (value !==0uy ==> result == 1uy)) /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. @@ -42,14 +28,7 @@ val compare (lhs rhs: t_Slice u8) (ensures fun result -> let result:u8 = result in - Hax_lib.implies (lhs =. rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 0uy <: bool) && - Hax_lib.implies (lhs <>. rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 1uy <: bool)) + (lhs == rhs ==> result == 0uy) /\ (lhs !==rhs ==> result == 1uy)) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) : Prims.Pure u8 @@ -57,14 +36,7 @@ val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) (ensures fun result -> let result:u8 = result in - Hax_lib.implies (lhs =. rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 0uy <: bool) && - Hax_lib.implies (lhs <>. rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - result =. 1uy <: bool)) + (lhs == rhs ==> result == 0uy) /\ (lhs !==rhs ==> result == 1uy)) /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. @@ -76,8 +48,7 @@ val select_ct (lhs rhs: t_Slice u8) (selector: u8) (ensures fun result -> let result:t_Array u8 (sz 32) = result in - Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && - Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) + (selector == 0uy ==> result == lhs) /\ (selector !==0uy ==> result == rhs)) val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) : Prims.Pure (t_Array u8 (sz 32)) @@ -87,8 +58,7 @@ val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) (ensures fun result -> let result:t_Array u8 (sz 32) = result in - Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs <: bool) && - Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs <: bool)) + (selector == 0uy ==> result == lhs) /\ (selector !==0uy ==> result == rhs)) val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) @@ -100,5 +70,4 @@ val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s fun result -> let result:t_Array u8 (sz 32) = result in let selector = if lhs_c =. rhs_c then 0uy else 1uy in - Hax_lib.implies (selector =. 0uy <: bool) (fun _ -> result =. lhs_s <: bool) && - Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> result =. rhs_s <: bool)) + ((selector == 0uy ==> result == lhs_s) /\ (selector !==0uy ==> result == rhs_s))) diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index a1f9df644..dc83a397b 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -11,14 +11,8 @@ use crate::constants::SHARED_SECRET_SIZE; // XXX: We have to disable this for C extraction for now. See eurydice/issues#37 /// Return 1 if `value` is not zero and 0 otherwise. -#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($value =. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 0uy <: bool) && - Hax_lib.implies ($value <>. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 1uy <: bool)"))] +#[hax_lib::ensures(|result| fstar!("($value == 0uy ==> $result == 0uy) /\\ + ($value !== 0uy ==> $result == 1uy)"))] fn inz(value: u8) -> u8 { let _orig_value = value; let value = value as u16; @@ -53,14 +47,8 @@ fn inz(value: u8) -> u8 { } #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. -#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($value =. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 0uy <: bool) && - Hax_lib.implies ($value <>. 0uy <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 1uy <: bool)"))] +#[hax_lib::ensures(|result| fstar!("($value == 0uy ==> $result == 0uy) /\\ + ($value !== 0uy ==> $result == 1uy)"))] fn is_non_zero(value: u8) -> u8 { #[cfg(eurydice)] return inz(value); @@ -72,14 +60,8 @@ fn is_non_zero(value: u8) -> u8 { /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. #[hax_lib::requires(lhs.len() == rhs.len())] -#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($lhs =. $rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 0uy <: bool) && - Hax_lib.implies ($lhs <>. $rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 1uy <: bool)"))] +#[hax_lib::ensures(|result| fstar!("($lhs == $rhs ==> $result == 0uy) /\\ + ($lhs !== $rhs ==> $result == 1uy)"))] fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { let mut r: u8 = 0; for i in 0..lhs.len() { @@ -128,9 +110,8 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { lhs.len() == rhs.len() && lhs.len() == SHARED_SECRET_SIZE )] -#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($selector =. 0uy <: bool) - (fun _ -> $result =. $lhs <: bool) && - Hax_lib.implies ($selector <>. 0uy <: bool) (fun _ -> $result =. $rhs <: bool)"))] +#[hax_lib::ensures(|result| fstar!("($selector == 0uy ==> $result == $lhs) /\\ + ($selector !== 0uy ==> $result == $rhs)"))] #[hax_lib::fstar::options("--ifuel 0 --z3rlimit 50")] fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { let mask = is_non_zero(selector).wrapping_sub(1); @@ -182,14 +163,8 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. #[hax_lib::requires(lhs.len() == rhs.len())] -#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($lhs =. $rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 0uy <: bool) && - Hax_lib.implies ($lhs <>. $rhs <: bool) - (fun temp_0_ -> - let _:Prims.unit = temp_0_ in - $result =. 1uy <: bool)"))] +#[hax_lib::ensures(|result| fstar!("($lhs == $rhs ==> $result == 0uy) /\\ + ($lhs !== $rhs ==> $result == 1uy)"))] pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 { #[cfg(eurydice)] return compare(lhs, rhs); @@ -203,9 +178,8 @@ pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 lhs.len() == rhs.len() && lhs.len() == SHARED_SECRET_SIZE )] -#[hax_lib::ensures(|result| fstar!("Hax_lib.implies ($selector =. 0uy <: bool) - (fun _ -> $result =. $lhs <: bool) && - Hax_lib.implies ($selector <>. 0uy <: bool) (fun _ -> $result =. $rhs <: bool)"))] +#[hax_lib::ensures(|result| fstar!("($selector == 0uy ==> $result == $lhs) /\\ + ($selector !== 0uy ==> $result == $rhs)"))] pub(crate) fn select_shared_secret_in_constant_time( lhs: &[u8], rhs: &[u8], @@ -224,9 +198,8 @@ pub(crate) fn select_shared_secret_in_constant_time( lhs_s.len() == SHARED_SECRET_SIZE )] #[hax_lib::ensures(|result| fstar!("let selector = if $lhs_c =. $rhs_c then 0uy else 1uy in - Hax_lib.implies (selector =. 0uy <: bool) - (fun _ -> $result =. $lhs_s <: bool) && - Hax_lib.implies (selector <>. 0uy <: bool) (fun _ -> $result =. $rhs_s <: bool)"))] + ((selector == 0uy ==> $result == $lhs_s) /\\ + (selector !== 0uy ==> $result == $rhs_s))"))] pub(crate) fn compare_ciphertexts_select_shared_secret_in_constant_time( lhs_c: &[u8], rhs_c: &[u8], From b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 24 Sep 2024 20:39:58 +0000 Subject: [PATCH 322/348] verifies --- .../Libcrux_ml_kem.Constant_time_ops.fsti | 14 +++++++------- libcrux-ml-kem/src/constant_time_ops.rs | 14 +++++++------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index 4b08592c4..dc6fd2b46 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -10,7 +10,7 @@ val inz (value: u8) (ensures fun result -> let result:u8 = result in - (value == 0uy ==> result == 0uy) /\ (value !==0uy ==> result == 1uy)) + (value == 0uy ==> result == 0uy) /\ (value =!= 0uy ==> result == 1uy)) val is_non_zero (value: u8) : Prims.Pure u8 @@ -18,7 +18,7 @@ val is_non_zero (value: u8) (ensures fun result -> let result:u8 = result in - (value == 0uy ==> result == 0uy) /\ (value !==0uy ==> result == 1uy)) + (value == 0uy ==> result == 0uy) /\ (value =!= 0uy ==> result == 1uy)) /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. @@ -28,7 +28,7 @@ val compare (lhs rhs: t_Slice u8) (ensures fun result -> let result:u8 = result in - (lhs == rhs ==> result == 0uy) /\ (lhs !==rhs ==> result == 1uy)) + (lhs == rhs ==> result == 0uy) /\ (lhs =!= rhs ==> result == 1uy)) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) : Prims.Pure u8 @@ -36,7 +36,7 @@ val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) (ensures fun result -> let result:u8 = result in - (lhs == rhs ==> result == 0uy) /\ (lhs !==rhs ==> result == 1uy)) + (lhs == rhs ==> result == 0uy) /\ (lhs =!= rhs ==> result == 1uy)) /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. @@ -48,7 +48,7 @@ val select_ct (lhs rhs: t_Slice u8) (selector: u8) (ensures fun result -> let result:t_Array u8 (sz 32) = result in - (selector == 0uy ==> result == lhs) /\ (selector !==0uy ==> result == rhs)) + (selector == 0uy ==> result == lhs) /\ (selector =!= 0uy ==> result == rhs)) val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) : Prims.Pure (t_Array u8 (sz 32)) @@ -58,7 +58,7 @@ val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) (ensures fun result -> let result:t_Array u8 (sz 32) = result in - (selector == 0uy ==> result == lhs) /\ (selector !==0uy ==> result == rhs)) + (selector == 0uy ==> result == lhs) /\ (selector =!= 0uy ==> result == rhs)) val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) @@ -70,4 +70,4 @@ val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s fun result -> let result:t_Array u8 (sz 32) = result in let selector = if lhs_c =. rhs_c then 0uy else 1uy in - ((selector == 0uy ==> result == lhs_s) /\ (selector !==0uy ==> result == rhs_s))) + ((selector == 0uy ==> result == lhs_s) /\ (selector =!= 0uy ==> result == rhs_s))) diff --git a/libcrux-ml-kem/src/constant_time_ops.rs b/libcrux-ml-kem/src/constant_time_ops.rs index dc83a397b..02ea01eca 100644 --- a/libcrux-ml-kem/src/constant_time_ops.rs +++ b/libcrux-ml-kem/src/constant_time_ops.rs @@ -12,7 +12,7 @@ use crate::constants::SHARED_SECRET_SIZE; /// Return 1 if `value` is not zero and 0 otherwise. #[hax_lib::ensures(|result| fstar!("($value == 0uy ==> $result == 0uy) /\\ - ($value !== 0uy ==> $result == 1uy)"))] + ($value =!= 0uy ==> $result == 1uy)"))] fn inz(value: u8) -> u8 { let _orig_value = value; let value = value as u16; @@ -48,7 +48,7 @@ fn inz(value: u8) -> u8 { #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. #[hax_lib::ensures(|result| fstar!("($value == 0uy ==> $result == 0uy) /\\ - ($value !== 0uy ==> $result == 1uy)"))] + ($value =!= 0uy ==> $result == 1uy)"))] fn is_non_zero(value: u8) -> u8 { #[cfg(eurydice)] return inz(value); @@ -61,7 +61,7 @@ fn is_non_zero(value: u8) -> u8 { /// match and 0 otherwise. #[hax_lib::requires(lhs.len() == rhs.len())] #[hax_lib::ensures(|result| fstar!("($lhs == $rhs ==> $result == 0uy) /\\ - ($lhs !== $rhs ==> $result == 1uy)"))] + ($lhs =!= $rhs ==> $result == 1uy)"))] fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { let mut r: u8 = 0; for i in 0..lhs.len() { @@ -111,7 +111,7 @@ fn compare(lhs: &[u8], rhs: &[u8]) -> u8 { lhs.len() == SHARED_SECRET_SIZE )] #[hax_lib::ensures(|result| fstar!("($selector == 0uy ==> $result == $lhs) /\\ - ($selector !== 0uy ==> $result == $rhs)"))] + ($selector =!= 0uy ==> $result == $rhs)"))] #[hax_lib::fstar::options("--ifuel 0 --z3rlimit 50")] fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { let mask = is_non_zero(selector).wrapping_sub(1); @@ -164,7 +164,7 @@ fn select_ct(lhs: &[u8], rhs: &[u8], selector: u8) -> [u8; SHARED_SECRET_SIZE] { #[inline(never)] // Don't inline this to avoid that the compiler optimizes this out. #[hax_lib::requires(lhs.len() == rhs.len())] #[hax_lib::ensures(|result| fstar!("($lhs == $rhs ==> $result == 0uy) /\\ - ($lhs !== $rhs ==> $result == 1uy)"))] + ($lhs =!= $rhs ==> $result == 1uy)"))] pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 { #[cfg(eurydice)] return compare(lhs, rhs); @@ -179,7 +179,7 @@ pub(crate) fn compare_ciphertexts_in_constant_time(lhs: &[u8], rhs: &[u8]) -> u8 lhs.len() == SHARED_SECRET_SIZE )] #[hax_lib::ensures(|result| fstar!("($selector == 0uy ==> $result == $lhs) /\\ - ($selector !== 0uy ==> $result == $rhs)"))] + ($selector =!= 0uy ==> $result == $rhs)"))] pub(crate) fn select_shared_secret_in_constant_time( lhs: &[u8], rhs: &[u8], @@ -199,7 +199,7 @@ pub(crate) fn select_shared_secret_in_constant_time( )] #[hax_lib::ensures(|result| fstar!("let selector = if $lhs_c =. $rhs_c then 0uy else 1uy in ((selector == 0uy ==> $result == $lhs_s) /\\ - (selector !== 0uy ==> $result == $rhs_s))"))] + (selector =!= 0uy ==> $result == $rhs_s))"))] pub(crate) fn compare_ciphertexts_select_shared_secret_in_constant_time( lhs_c: &[u8], rhs_c: &[u8], From a1aebab14d3ed8f36ac3a7833459e336b7ab5f98 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Tue, 24 Sep 2024 21:22:49 +0000 Subject: [PATCH 323/348] c code refresh --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 38 +- .../c/internal/libcrux_mlkem_avx2.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 32 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 75 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1407 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1407 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 16 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 39 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 914 ++++++----- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 910 ++++++----- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 2541 insertions(+), 2573 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index e4e28910d..dc4e2de87 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 +Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 4dc60c6c7..159a636f7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671( uint8_t value[1568U]); /** @@ -82,7 +82,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1( uint8_t value[3168U]); /** @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670( uint8_t value[1184U]); /** @@ -120,7 +120,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0( uint8_t value[2400U]); /** @@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67( uint8_t value[800U]); /** @@ -158,7 +158,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af( uint8_t value[1632U]); /** @@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cf1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_1f1( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451( uint8_t value[1088U]); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_491( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_401( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cf0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_1f0( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450( uint8_t value[768U]); /** @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_490( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_400( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cf( +uint8_t *libcrux_ml_kem_types_as_slice_fd_fe( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_1f( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45( uint8_t value[1568U]); /** @@ -344,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_49( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_40( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index edc4170ea..4e09fe0de 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,7 +41,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2e1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -51,7 +51,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c61( +bool libcrux_ml_kem_ind_cca_validate_private_key_701( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -69,7 +69,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -90,7 +90,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -116,7 +116,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b1( +void libcrux_ml_kem_ind_cca_decapsulate_7f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -128,7 +128,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2e0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -138,7 +138,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c60( +bool libcrux_ml_kem_ind_cca_validate_private_key_700( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -156,7 +156,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -177,7 +177,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -203,7 +203,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b0( +void libcrux_ml_kem_ind_cca_decapsulate_7f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -215,7 +215,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2e(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -225,7 +225,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c6( +bool libcrux_ml_kem_ind_cca_validate_private_key_70( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -242,7 +242,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( uint8_t randomness[64U]); /** @@ -264,7 +264,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -290,7 +290,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b( +void libcrux_ml_kem_ind_cca_decapsulate_7f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index be78cb001..e94b99f4e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,7 +46,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f71(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -56,7 +56,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ed( +bool libcrux_ml_kem_ind_cca_validate_private_key_ae( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_361( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_391( +void libcrux_ml_kem_ind_cca_decapsulate_191( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -133,7 +133,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f70(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -143,7 +143,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_d8( +bool libcrux_ml_kem_ind_cca_validate_private_key_b4( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_360( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_390( +void libcrux_ml_kem_ind_cca_decapsulate_190( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -220,7 +220,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f7(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -230,7 +230,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c3( +bool libcrux_ml_kem_ind_cca_validate_private_key_33( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_36( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_39( +void libcrux_ml_kem_ind_cca_decapsulate_19( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 354aca0c1..01f450745 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 513206ab2..bf6cd4dc8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index c0efed48a..d429ee70b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,37 +8,28 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "internal/libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; - uint16_t result = (((uint32_t)value0 | - (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & - 0xFFFFU) >> - 8U & - 1U; - return (uint8_t)result; + uint8_t result = + (uint8_t)((uint32_t)core_num__u16_7__wrapping_add(~value0, 1U) >> 8U); + return (uint32_t)result & 1U; } static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; - r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + uint8_t nr = (uint32_t)r | + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + r = nr; } return is_non_zero(r); } @@ -48,10 +39,6 @@ compare_ciphertexts_in_constant_time(Eurydice_slice lhs, Eurydice_slice rhs) { return compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -59,10 +46,12 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & - (uint32_t)~mask); + uint8_t outi = + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); + out[i0] = outi; } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -91,7 +80,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_451( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -111,7 +100,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_f61( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -127,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_8c1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -146,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_450( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -166,7 +155,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_f60( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -182,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_8c0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -201,7 +190,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_45( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -221,7 +210,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_f6( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -236,7 +225,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_8c( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -254,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cf1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -268,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_1f1( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -287,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_491( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_401( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -319,7 +308,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cf0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -333,7 +322,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_1f0( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -352,7 +341,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_490( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_400( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -384,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_cf( +uint8_t *libcrux_ml_kem_types_as_slice_fd_fe( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -438,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_1f( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -476,7 +465,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_49( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_40( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index f7265777c..53e88573a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 0a85a746d..2dd639ec9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 31d8304e1..3fca09119 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_ee0( +static void decapsulate_510( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_0b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_ee0( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_ee0(private_key, ciphertext, ret); + decapsulate_510(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_370( +static tuple_21 encapsulate_d10( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c20(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a10(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_370(uu____0, copy_of_randomness); + return encapsulate_d10(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_200( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b80( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_200(copy_of_randomness); + return generate_keypair_b80(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_5f0( +static KRML_MUSTINLINE bool validate_private_key_650( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_c60(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_5f0( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_5f0(private_key, ciphertext); + return validate_private_key_650(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_4a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2e0(public_key); +static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_4a0(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_4a0(public_key->value); + return validate_public_key_3e0(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 8e758c512..ae31b1f2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index e8df4813a..f4fbc294f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_mlkem1024_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c81( +static void decapsulate_831( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_391(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_191(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_c81( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_c81(private_key, ciphertext, ret); + decapsulate_831(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_7d1( +static tuple_21 encapsulate_951( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_361(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_661(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d1(uu____0, copy_of_randomness); + return encapsulate_951(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_081( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_d11( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_911(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_081(copy_of_randomness); + return generate_keypair_d11(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_501( +static KRML_MUSTINLINE bool validate_private_key_da1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ed(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_ae(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_501( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_501(private_key, ciphertext); + return validate_private_key_da1(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_931(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f71(public_key); +static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_bf1(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_931(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_931(public_key->value); + return validate_public_key_e91(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index fa38f9693..1ab4a88d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 2c452d78b..ca35791e9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index a285e9e59..ca848abb4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_ee(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_0b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_ee(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_ee(private_key, ciphertext, ret); + decapsulate_51(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_37( +static tuple_ec encapsulate_d1( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c2(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a1(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_37(uu____0, copy_of_randomness); + return encapsulate_d1(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_20( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b8( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_20(copy_of_randomness); + return generate_keypair_b8(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_5f( +static KRML_MUSTINLINE bool validate_private_key_65( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_c6(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_5f( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_5f(private_key, ciphertext); + return validate_private_key_65(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_4a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2e(public_key); +static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_4a(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_4a(public_key->value); + return validate_public_key_3e(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 13b581872..d116b682f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 25be9d68b..cd3750a98 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_c80( +static void decapsulate_830( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_390(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_190(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_c80( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_c80(private_key, ciphertext, ret); + decapsulate_830(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_7d0( +static tuple_ec encapsulate_950( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_360(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_660(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d0(uu____0, copy_of_randomness); + return encapsulate_950(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_080( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d10( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_080(copy_of_randomness); + return generate_keypair_d10(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_500( +static KRML_MUSTINLINE bool validate_private_key_da0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_d8(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_b4(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_500( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_500(private_key, ciphertext); + return validate_private_key_da0(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_930(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f70(public_key); +static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_bf0(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_930(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_930(public_key->value); + return validate_public_key_e90(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 71cbfb6fe..594ed03d2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 537ec47e9..0556cf23a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 282d5e8f3..4975abb16 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_ee1( +static void decapsulate_511( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_0b1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_ee1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ee1(private_key, ciphertext, ret); + decapsulate_511(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_371( +static tuple_3c encapsulate_d11( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_c21(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a11(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_371(uu____0, copy_of_randomness); + return encapsulate_d11(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_201( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_b81( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_dd1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0b1(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_201(copy_of_randomness); + return generate_keypair_b81(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_5f1( +static KRML_MUSTINLINE bool validate_private_key_651( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_c61(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_5f1( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_5f1(private_key, ciphertext); + return validate_private_key_651(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_4a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_2e1(public_key); +static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_4a1(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_4a1(public_key->value); + return validate_public_key_3e1(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 36ab7426f..25e02719b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index fae5cc397..ac4156303 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_c8( +static void decapsulate_83( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_39(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_19(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_c8( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c8(private_key, ciphertext, ret); + decapsulate_83(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_7d( +static tuple_3c encapsulate_95( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_36(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_66(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_7d(uu____0, copy_of_randomness); + return encapsulate_95(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_08( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_08(copy_of_randomness); + return generate_keypair_d1(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_50( +static KRML_MUSTINLINE bool validate_private_key_da( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_c3(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_33(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_50( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_50(private_key, ciphertext); + return validate_private_key_da(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_93(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_f7(public_key); +static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_bf(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_93(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_93(public_key->value); + return validate_public_key_e9(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ff60c10cb..2ac8e4939 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 97b6fd741..b89434a12 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1040,7 +1040,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_7d(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_ef_05(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1068,8 +1068,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_to_reduced_ring_element_dc(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1088,7 +1088,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -1102,7 +1102,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_dc(ring_element); deserialized_pk[i0] = uu____0; } } @@ -1113,13 +1113,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_7d();); - deserialize_ring_elements_reduced_fb1(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_ef_05();); + deserialize_ring_elements_reduced_531(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1130,7 +1130,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_e4(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_65(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1143,8 +1143,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_92(__m256i vector) { - return shift_right_e4(vector); +static __m256i shift_right_09_85(__m256i vector) { + return shift_right_65(vector); } /** @@ -1153,8 +1153,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_b5(__m256i a) { - __m256i t = shift_right_09_92(a); +static __m256i to_unsigned_representative_3f(__m256i a) { + __m256i t = shift_right_09_85(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1166,8 +1166,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_88(__m256i a) { - return to_unsigned_representative_b5(a); +static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_7b(__m256i a) { + return to_unsigned_representative_3f(a); } /** @@ -1176,13 +1176,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b8( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_field_modulus_88(re->coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_7b(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1202,7 +1202,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_051( +static KRML_MUSTINLINE void serialize_secret_key_991( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1220,7 +1220,7 @@ static KRML_MUSTINLINE void serialize_secret_key_051( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_b8(&re, ret0); + serialize_uncompressed_ring_element_2c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -1235,13 +1235,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_7b1( +static KRML_MUSTINLINE void serialize_public_key_mut_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_051(t_as_ntt, ret); + serialize_secret_key_991(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1258,11 +1258,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_f71( +static KRML_MUSTINLINE void serialize_public_key_ca1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_7b1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -1276,15 +1276,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2e1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_bf1( + deserialize_ring_elements_reduced_out_cc1( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_f71( + serialize_public_key_ca1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1302,7 +1302,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_161(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_411(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -1314,11 +1314,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c61( +bool libcrux_ml_kem_ind_cca_validate_private_key_701( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_a9_161(Eurydice_array_to_subslice2( + H_a9_411(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -1350,11 +1350,11 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_a0 default_1a_191(void) { +static IndCpaPrivateKeyUnpacked_a0 default_1a_3c1(void) { IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = ZERO_ef_7d(); - lit.secret_as_ntt[1U] = ZERO_ef_7d(); - lit.secret_as_ntt[2U] = ZERO_ef_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_05(); + lit.secret_as_ntt[1U] = ZERO_ef_05(); + lit.secret_as_ntt[2U] = ZERO_ef_05(); return lit; } @@ -1381,25 +1381,25 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_a0 default_8d_801(void) { +static IndCpaPublicKeyUnpacked_a0 default_8d_891(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_ef_7d();); + uu____0[i] = ZERO_ef_05();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_a0 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_7d(); - lit.A[0U][1U] = ZERO_ef_7d(); - lit.A[0U][2U] = ZERO_ef_7d(); - lit.A[1U][0U] = ZERO_ef_7d(); - lit.A[1U][1U] = ZERO_ef_7d(); - lit.A[1U][2U] = ZERO_ef_7d(); - lit.A[2U][0U] = ZERO_ef_7d(); - lit.A[2U][1U] = ZERO_ef_7d(); - lit.A[2U][2U] = ZERO_ef_7d(); + lit.A[0U][0U] = ZERO_ef_05(); + lit.A[0U][1U] = ZERO_ef_05(); + lit.A[0U][2U] = ZERO_ef_05(); + lit.A[1U][0U] = ZERO_ef_05(); + lit.A[1U][1U] = ZERO_ef_05(); + lit.A[1U][2U] = ZERO_ef_05(); + lit.A[2U][0U] = ZERO_ef_05(); + lit.A[2U][1U] = ZERO_ef_05(); + lit.A[2U][2U] = ZERO_ef_05(); return lit; } @@ -1412,7 +1412,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_671(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_9f1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1426,7 +1426,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_751( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -1437,7 +1437,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e1( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_a9_671(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_9f1(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -1448,7 +1448,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_2a1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_961(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -1470,11 +1470,11 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_1c1(uint8_t input[3U][34U]) { +shake128_init_absorb_final_a9_c11(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_2a1(copy_of_input); + return shake128_init_absorb_final_961(copy_of_input); } /** @@ -1483,7 +1483,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_081( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1517,9 +1517,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e1( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_7a1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_0c1(self, ret); + shake128_squeeze_first_three_blocks_081(self, ret); } /** @@ -1570,7 +1570,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_743( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe3( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1608,7 +1608,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_4a1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_011( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1642,9 +1642,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d1( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_9f1( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_4a1(self, ret); + shake128_squeeze_next_block_011(self, ret); } /** @@ -1695,7 +1695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_744( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe4( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1739,8 +1739,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_ef_14(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); +from_i16_array_ef_ef(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1757,9 +1757,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e41( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b41( int16_t s[272U]) { - return from_i16_array_ef_14( + return from_i16_array_ef_ef( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -1769,7 +1769,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_671( +static KRML_MUSTINLINE void sample_from_xof_901( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -1778,25 +1778,25 @@ static KRML_MUSTINLINE void sample_from_xof_671( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_1c1(copy_of_seeds); + shake128_init_absorb_final_a9_c11(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_a9_2e1(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_7a1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_743( + bool done = sample_from_uniform_distribution_next_fe3( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_a9_1d1(&xof_state, randomness); + shake128_squeeze_next_block_a9_9f1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_744( + done = sample_from_uniform_distribution_next_fe4( copy_of_randomness, sampled_coefficients, out); } } @@ -1805,7 +1805,7 @@ static KRML_MUSTINLINE void sample_from_xof_671( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_e41(copy_of_out[i]);); + ret0[i] = closure_b41(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1817,7 +1817,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_341( +static KRML_MUSTINLINE void sample_matrix_A_ee1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( @@ -1834,7 +1834,7 @@ static KRML_MUSTINLINE void sample_matrix_A_341( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_671(copy_of_seeds, sampled); + sample_from_xof_901(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -1860,7 +1860,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_082(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_fb2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1898,9 +1898,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_162(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_b22(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_082(input, ret); + PRFxN_fb2(input, ret); } /** @@ -1910,7 +1910,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_4a(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -1944,7 +1944,7 @@ sample_from_binomial_distribution_2_80(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_14( + return from_i16_array_ef_ef( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1955,7 +1955,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -1988,7 +1988,7 @@ sample_from_binomial_distribution_3_05(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_14( + return from_i16_array_ef_ef( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -1999,8 +1999,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_73(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_80(randomness); +sample_from_binomial_distribution_d7(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_4a(randomness); } /** @@ -2009,7 +2009,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_64( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2034,7 +2034,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_a2(__m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_5f(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -2045,8 +2045,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_5d(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_a2(b, zeta_r); +ntt_layer_int_vec_step_97(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_5f(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2059,7 +2059,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_1d( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_ca( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2072,7 +2072,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_1d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_5d( + ntt_layer_int_vec_step_97( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2089,7 +2089,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_ae( +static KRML_MUSTINLINE void ntt_at_layer_3_ba( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2105,7 +2105,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_53( +static KRML_MUSTINLINE void ntt_at_layer_2_89( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2123,7 +2123,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_09( +static KRML_MUSTINLINE void ntt_at_layer_1_d7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2148,7 +2148,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_09( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2164,17 +2164,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_5c( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_64(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ae(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_ef_09(re); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ba(&zeta_i, re); + ntt_at_layer_2_89(&zeta_i, re); + ntt_at_layer_1_d7(&zeta_i, re); + poly_barrett_reduce_ef_a9(re); } /** @@ -2185,7 +2185,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_071( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -2199,12 +2199,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_071( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_162(prf_inputs, prf_outputs); + PRFxN_a9_b22(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_73( + re_as_ntt[i0] = sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); return domain_separator; } @@ -2227,16 +2227,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_7d();); + re_as_ntt[i] = ZERO_ef_05();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_071(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b01(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2262,9 +2262,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_b2(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2292,7 +2292,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_311( +static KRML_MUSTINLINE void add_to_ring_element_ef_4f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2312,7 +2312,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_c1(__m256i v) { +static __m256i to_standard_domain_79(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2328,14 +2328,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_c1(self->coefficients[j]); + to_standard_domain_79(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2348,7 +2348,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_671( +static KRML_MUSTINLINE void compute_As_plus_e_2d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -2362,7 +2362,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_05(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -2375,10 +2375,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_311(&t_as_ntt[i0], &product); + ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_4f1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2391,12 +2391,12 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_4a1( +static void generate_keypair_unpacked_a41( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_0e1(key_generation_seed, hashed); + cpa_keygen_seed_d8_751(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2406,7 +2406,7 @@ static void generate_keypair_unpacked_4a1( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_341(uu____1, ret, true); + sample_matrix_A_ee1(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -2416,17 +2416,17 @@ static void generate_keypair_unpacked_4a1( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_071(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b01(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_811(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_671(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_2d1(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -2447,18 +2447,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_1e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_191(); - IndCpaPublicKeyUnpacked_a0 public_key = default_8d_801(); - generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1(); + IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891(); + generate_keypair_unpacked_a41(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_f71( + serialize_public_key_ca1( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_051(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_991(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2482,7 +2482,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7b1( +static KRML_MUSTINLINE void serialize_kem_secret_key_1f1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2508,7 +2508,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_7b1( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_161(public_key, ret0); + H_a9_411(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -2538,7 +2538,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2547,13 +2547,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_1e1(ind_cpa_keypair_randomness); + generate_keypair_6a1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_7b1( + serialize_kem_secret_key_1f1( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2562,13 +2562,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f60( - uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee0( + uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key)); } /** @@ -2581,7 +2581,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_441(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_641(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2598,10 +2598,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2d1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_7d();); + error_1[i] = ZERO_ef_05();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2613,11 +2613,11 @@ sample_ring_element_cbd_2d1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_162(prf_inputs, prf_outputs); + PRFxN_a9_b22(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_73( + sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -2638,7 +2638,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_d10(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_960(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -2655,9 +2655,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_424(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_164(Eurydice_slice input, uint8_t ret[128U]) { - PRF_d10(input, ret); + PRF_960(input, ret); } /** @@ -2666,7 +2666,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_92( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2687,7 +2687,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_7a( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_98( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2706,7 +2706,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_2e( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_fe( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2723,11 +2723,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_57(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_75(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = montgomery_multiply_fe_a2(a_minus_b, zeta_r); + b = montgomery_multiply_fe_5f(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2738,7 +2738,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2753,7 +2753,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_57( + inv_ntt_layer_int_vec_step_reduce_75( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2770,18 +2770,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_0c1( +static KRML_MUSTINLINE void invert_ntt_montgomery_8f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_92(&zeta_i, re); - invert_ntt_at_layer_2_7a(&zeta_i, re); - invert_ntt_at_layer_3_2e(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_09(re); + invert_ntt_at_layer_1_f7(&zeta_i, re); + invert_ntt_at_layer_2_98(&zeta_i, re); + invert_ntt_at_layer_3_fe(&zeta_i, re); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_a9(re); } /** @@ -2795,7 +2795,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_a2( +static KRML_MUSTINLINE void add_error_reduce_ef_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2816,14 +2816,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_7f1( +static KRML_MUSTINLINE void compute_vector_u_dd1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_7d();); + result0[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2843,11 +2843,11 @@ static KRML_MUSTINLINE void compute_vector_u_7f1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_311(&result0[i1], &product); + ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_4f1(&result0[i1], &product); } - invert_ntt_montgomery_0c1(&result0[i1]); - add_error_reduce_ef_a2(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8f1(&result0[i1]); + add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( @@ -2864,7 +2864,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_46(__m256i vec) { +static __m256i decompress_1_08(__m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, @@ -2878,8 +2878,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_4f(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = @@ -2887,7 +2887,7 @@ deserialize_then_decompress_message_4f(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_46(coefficient_compressed);); + re.coefficients[i0] = decompress_1_08(coefficient_compressed);); return re; } @@ -2903,7 +2903,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_ef_df( +add_message_error_reduce_ef_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2930,18 +2930,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_ac1( +compute_ring_element_v_771( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_311(&result, &product);); - invert_ntt_montgomery_0c1(&result); - result = add_message_error_reduce_ef_df(error_2, message, result); + ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_4f1(&result, &product);); + invert_ntt_montgomery_8f1(&result); + result = add_message_error_reduce_ef_79(error_2, message, result); return result; } @@ -2952,7 +2952,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_b6(__m256i vector) { +compress_ciphertext_coefficient_43(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2999,8 +2999,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_46(__m256i vector) { - return compress_ciphertext_coefficient_b6(vector); +static __m256i compress_09_76(__m256i vector) { + return compress_ciphertext_coefficient_43(vector); } /** @@ -3009,14 +3009,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_6b0( +static KRML_MUSTINLINE void compress_then_serialize_10_2b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_46(to_unsigned_field_modulus_88(re->coefficients[i0])); + compress_09_76(to_unsigned_field_modulus_7b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3036,7 +3036,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_b60(__m256i vector) { +compress_ciphertext_coefficient_430(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3083,8 +3083,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_460(__m256i vector) { - return compress_ciphertext_coefficient_b60(vector); +static __m256i compress_09_760(__m256i vector) { + return compress_ciphertext_coefficient_430(vector); } /** @@ -3094,10 +3094,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_430( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_6b0(re, uu____0); + compress_then_serialize_10_2b0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3110,7 +3110,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_6d1( +static void compress_then_serialize_u_421( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3126,7 +3126,7 @@ static void compress_then_serialize_u_6d1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_430(&re, ret); + compress_then_serialize_ring_element_u_9e0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3139,7 +3139,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_b61(__m256i vector) { +compress_ciphertext_coefficient_431(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3186,8 +3186,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_461(__m256i vector) { - return compress_ciphertext_coefficient_b61(vector); +static __m256i compress_09_761(__m256i vector) { + return compress_ciphertext_coefficient_431(vector); } /** @@ -3196,14 +3196,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_85( +static KRML_MUSTINLINE void compress_then_serialize_4_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_461(to_unsigned_field_modulus_88(re.coefficients[i0])); + compress_09_761(to_unsigned_field_modulus_7b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3220,7 +3220,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_b62(__m256i vector) { +compress_ciphertext_coefficient_432(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3267,8 +3267,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_462(__m256i vector) { - return compress_ciphertext_coefficient_b62(vector); +static __m256i compress_09_762(__m256i vector) { + return compress_ciphertext_coefficient_432(vector); } /** @@ -3277,14 +3277,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_c3( +static KRML_MUSTINLINE void compress_then_serialize_5_03( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_462(to_unsigned_representative_b5(re.coefficients[i0])); + compress_09_762(to_unsigned_representative_3f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3301,9 +3301,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_610( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_85(re, out); + compress_then_serialize_4_a4(re, out); } /** @@ -3323,7 +3323,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_721(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -3332,7 +3332,7 @@ static void encrypt_unpacked_721(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_811(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3342,7 +3342,7 @@ static void encrypt_unpacked_721(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_2d1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a01(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3350,31 +3350,31 @@ static void encrypt_unpacked_721(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_424(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_164(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_73( + sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7f1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_dd1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4f(copy_of_message); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_ac1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_771(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_6d1( + compress_then_serialize_u_421( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_610( + compress_then_serialize_ring_element_v_d10( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3397,10 +3397,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_801(); - deserialize_ring_elements_reduced_fb1( + IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891(); + deserialize_ring_elements_reduced_531( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -3409,13 +3409,13 @@ static void encrypt_691(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_341(uu____0, ret0, false); + sample_matrix_A_ee1(uu____0, ret0, false); IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_721(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_a41(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3430,7 +3430,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_541(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_161(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3457,11 +3457,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c21( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_441( + entropy_preprocess_d8_641( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3470,14 +3470,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c21( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_161(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), + H_a9_411(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_9f1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -3485,29 +3485,28 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_c21( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_691(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_1f1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_451(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_541(shared_secret, shared_secret_array); + kdf_d8_161(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -3517,8 +3516,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_59(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_to_uncompressed_ring_element_6c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3535,12 +3534,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_181( +static KRML_MUSTINLINE void deserialize_secret_key_541( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_7d();); + secret_as_ntt[i] = ZERO_ef_05();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -3552,7 +3551,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_181( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_59(secret_bytes); + deserialize_to_uncompressed_ring_element_6c(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3571,7 +3570,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_74(__m256i vector) { +decompress_ciphertext_coefficient_79(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3615,8 +3614,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_da(__m256i vector) { - return decompress_ciphertext_coefficient_74(vector); +static __m256i decompress_ciphertext_coefficient_09_c6(__m256i vector) { + return decompress_ciphertext_coefficient_79(vector); } /** @@ -3626,8 +3625,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_3d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_10_c7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -3639,7 +3638,7 @@ deserialize_then_decompress_10_3d(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_da(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c6(coefficient); } return re; } @@ -3651,7 +3650,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_740(__m256i vector) { +decompress_ciphertext_coefficient_790(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3695,8 +3694,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_da0(__m256i vector) { - return decompress_ciphertext_coefficient_740(vector); +static __m256i decompress_ciphertext_coefficient_09_c60(__m256i vector) { + return decompress_ciphertext_coefficient_790(vector); } /** @@ -3706,15 +3705,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_1a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_11_d5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_da0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c60(coefficient); } return re; } @@ -3726,8 +3725,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_880(Eurydice_slice serialized) { - return deserialize_then_decompress_10_3d(serialized); +deserialize_then_decompress_ring_element_u_790(Eurydice_slice serialized) { + return deserialize_then_decompress_10_c7(serialized); } /** @@ -3736,17 +3735,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2c0( +static KRML_MUSTINLINE void ntt_vector_u_b70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ae(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_ef_09(re); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ba(&zeta_i, re); + ntt_at_layer_2_89(&zeta_i, re); + ntt_at_layer_1_d7(&zeta_i, re); + poly_barrett_reduce_ef_a9(re); } /** @@ -3757,12 +3756,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( +static KRML_MUSTINLINE void deserialize_then_decompress_u_251( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_7d();); + u_as_ntt[i] = ZERO_ef_05();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -3780,8 +3779,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a81( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_880(u_bytes); - ntt_vector_u_2c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes); + ntt_vector_u_b70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3795,7 +3794,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_741(__m256i vector) { +decompress_ciphertext_coefficient_791(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3839,8 +3838,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_da1(__m256i vector) { - return decompress_ciphertext_coefficient_741(vector); +static __m256i decompress_ciphertext_coefficient_09_c61(__m256i vector) { + return decompress_ciphertext_coefficient_791(vector); } /** @@ -3850,15 +3849,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_f1(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_4_75(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_da1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c61(coefficient); } return re; } @@ -3870,7 +3869,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_742(__m256i vector) { +decompress_ciphertext_coefficient_792(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3914,8 +3913,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_da2(__m256i vector) { - return decompress_ciphertext_coefficient_742(vector); +static __m256i decompress_ciphertext_coefficient_09_c62(__m256i vector) { + return decompress_ciphertext_coefficient_792(vector); } /** @@ -3925,8 +3924,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_7e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_7d(); +deserialize_then_decompress_5_f8(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3934,7 +3933,7 @@ deserialize_then_decompress_5_7e(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_da2(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_c62(re.coefficients[i0]); } return re; } @@ -3946,8 +3945,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_050(Eurydice_slice serialized) { - return deserialize_then_decompress_4_f1(serialized); +deserialize_then_decompress_ring_element_v_b90(Eurydice_slice serialized) { + return deserialize_then_decompress_4_75(serialized); } /** @@ -3962,7 +3961,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_ef_27(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_da(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3984,17 +3983,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a41( +compute_message_7d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_311(&result, &product);); - invert_ntt_montgomery_0c1(&result); - result = subtract_reduce_ef_27(v, result); + ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_4f1(&result, &product);); + invert_ntt_montgomery_8f1(&result); + result = subtract_reduce_ef_da(v, result); return result; } @@ -4004,12 +4003,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_d2( +static KRML_MUSTINLINE void compress_then_serialize_message_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_field_modulus_88(re.coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_7b(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4034,18 +4033,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e51(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_9d1(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_a81(ciphertext, u_as_ntt); + deserialize_then_decompress_u_251(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_050( + deserialize_then_decompress_ring_element_v_b90( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a41(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d2(message, ret0); + compress_then_serialize_message_dd(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4059,10 +4058,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_981(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_181(secret_key, secret_as_ntt); + deserialize_secret_key_541(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4073,7 +4072,7 @@ static void decrypt_981(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_e51(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_9d1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4082,7 +4081,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_d1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_96(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -4099,8 +4098,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_423(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); +static KRML_MUSTINLINE void PRF_a9_163(Eurydice_slice input, uint8_t ret[32U]) { + PRF_96(input, ret); } /** @@ -4125,7 +4124,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b1( +void libcrux_ml_kem_ind_cca_decapsulate_7f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4143,7 +4142,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_981(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_751(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4153,7 +4152,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_671(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_9f1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4165,27 +4164,27 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_491(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_423(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_691(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_541(Eurydice_array_to_slice( + kdf_d8_161(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_541(shared_secret0, shared_secret1); + kdf_d8_161(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_491(ciphertext), + libcrux_ml_kem_types_as_ref_00_401(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4200,7 +4199,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -4214,7 +4213,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_dc(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4225,13 +4224,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_7d();); - deserialize_ring_elements_reduced_fb(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_ef_05();); + deserialize_ring_elements_reduced_53(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4244,7 +4243,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_05( +static KRML_MUSTINLINE void serialize_secret_key_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4262,7 +4261,7 @@ static KRML_MUSTINLINE void serialize_secret_key_05( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_b8(&re, ret0); + serialize_uncompressed_ring_element_2c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4277,13 +4276,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_7b( +static KRML_MUSTINLINE void serialize_public_key_mut_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_05(t_as_ntt, ret); + serialize_secret_key_99(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4300,11 +4299,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_f7( +static KRML_MUSTINLINE void serialize_public_key_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_7b(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -4318,15 +4317,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2e0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_bf0( + deserialize_ring_elements_reduced_out_cc0( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_f7( + serialize_public_key_ca( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4344,7 +4343,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_16(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_41(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4356,11 +4355,11 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c60( +bool libcrux_ml_kem_ind_cca_validate_private_key_700( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; - H_a9_16(Eurydice_array_to_subslice2( + H_a9_41(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)4U, (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); @@ -4392,12 +4391,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_01 default_1a_19(void) { +static IndCpaPrivateKeyUnpacked_01 default_1a_3c(void) { IndCpaPrivateKeyUnpacked_01 lit; - lit.secret_as_ntt[0U] = ZERO_ef_7d(); - lit.secret_as_ntt[1U] = ZERO_ef_7d(); - lit.secret_as_ntt[2U] = ZERO_ef_7d(); - lit.secret_as_ntt[3U] = ZERO_ef_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_05(); + lit.secret_as_ntt[1U] = ZERO_ef_05(); + lit.secret_as_ntt[2U] = ZERO_ef_05(); + lit.secret_as_ntt[3U] = ZERO_ef_05(); return lit; } @@ -4424,32 +4423,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_01 default_8d_80(void) { +static IndCpaPublicKeyUnpacked_01 default_8d_89(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_ef_7d();); + uu____0[i] = ZERO_ef_05();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_01 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_7d(); - lit.A[0U][1U] = ZERO_ef_7d(); - lit.A[0U][2U] = ZERO_ef_7d(); - lit.A[0U][3U] = ZERO_ef_7d(); - lit.A[1U][0U] = ZERO_ef_7d(); - lit.A[1U][1U] = ZERO_ef_7d(); - lit.A[1U][2U] = ZERO_ef_7d(); - lit.A[1U][3U] = ZERO_ef_7d(); - lit.A[2U][0U] = ZERO_ef_7d(); - lit.A[2U][1U] = ZERO_ef_7d(); - lit.A[2U][2U] = ZERO_ef_7d(); - lit.A[2U][3U] = ZERO_ef_7d(); - lit.A[3U][0U] = ZERO_ef_7d(); - lit.A[3U][1U] = ZERO_ef_7d(); - lit.A[3U][2U] = ZERO_ef_7d(); - lit.A[3U][3U] = ZERO_ef_7d(); + lit.A[0U][0U] = ZERO_ef_05(); + lit.A[0U][1U] = ZERO_ef_05(); + lit.A[0U][2U] = ZERO_ef_05(); + lit.A[0U][3U] = ZERO_ef_05(); + lit.A[1U][0U] = ZERO_ef_05(); + lit.A[1U][1U] = ZERO_ef_05(); + lit.A[1U][2U] = ZERO_ef_05(); + lit.A[1U][3U] = ZERO_ef_05(); + lit.A[2U][0U] = ZERO_ef_05(); + lit.A[2U][1U] = ZERO_ef_05(); + lit.A[2U][2U] = ZERO_ef_05(); + lit.A[2U][3U] = ZERO_ef_05(); + lit.A[3U][0U] = ZERO_ef_05(); + lit.A[3U][1U] = ZERO_ef_05(); + lit.A[3U][2U] = ZERO_ef_05(); + lit.A[3U][3U] = ZERO_ef_05(); return lit; } @@ -4462,7 +4461,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_67(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_9f(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4476,7 +4475,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_75( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4487,7 +4486,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_9f(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4498,7 +4497,7 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_2a(uint8_t input[4U][34U]) { +shake128_init_absorb_final_96(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -4520,11 +4519,11 @@ generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_1c(uint8_t input[4U][34U]) { +shake128_init_absorb_final_a9_c1(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_2a(copy_of_input); + return shake128_init_absorb_final_96(copy_of_input); } /** @@ -4533,7 +4532,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_08( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4570,9 +4569,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_7a( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_0c(self, ret); + shake128_squeeze_first_three_blocks_08(self, ret); } /** @@ -4623,7 +4622,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_74( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4661,7 +4660,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_4a( +static KRML_MUSTINLINE void shake128_squeeze_next_block_01( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4698,9 +4697,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_9f( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_4a(self, ret); + shake128_squeeze_next_block_01(self, ret); } /** @@ -4751,7 +4750,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_740( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe0( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4789,9 +4788,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e4( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b4( int16_t s[272U]) { - return from_i16_array_ef_14( + return from_i16_array_ef_ef( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -4801,7 +4800,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_67( +static KRML_MUSTINLINE void sample_from_xof_90( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -4810,25 +4809,25 @@ static KRML_MUSTINLINE void sample_from_xof_67( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_1c(copy_of_seeds); + shake128_init_absorb_final_a9_c1(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_a9_2e(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_7a(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_74( + bool done = sample_from_uniform_distribution_next_fe( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_a9_1d(&xof_state, randomness); + shake128_squeeze_next_block_a9_9f(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_740( + done = sample_from_uniform_distribution_next_fe0( copy_of_randomness, sampled_coefficients, out); } } @@ -4837,7 +4836,7 @@ static KRML_MUSTINLINE void sample_from_xof_67( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_e4(copy_of_out[i]);); + ret0[i] = closure_b4(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -4849,7 +4848,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_34( +static KRML_MUSTINLINE void sample_matrix_A_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( @@ -4866,7 +4865,7 @@ static KRML_MUSTINLINE void sample_matrix_A_34( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_67(copy_of_seeds, sampled); + sample_from_xof_90(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4892,7 +4891,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_08(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_fb(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -4933,9 +4932,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_16(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_b2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_08(input, ret); + PRFxN_fb(input, ret); } /** @@ -4946,7 +4945,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_07( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4960,12 +4959,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_07( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_16(prf_inputs, prf_outputs); + PRFxN_a9_b2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_73( + re_as_ntt[i0] = sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); return domain_separator; } @@ -4988,16 +4987,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_7d();); + re_as_ntt[i] = ZERO_ef_05();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_07(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b0(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5022,7 +5021,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_31( +static KRML_MUSTINLINE void add_to_ring_element_ef_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5042,7 +5041,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_67( +static KRML_MUSTINLINE void compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -5056,7 +5055,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_05(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5069,10 +5068,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_31(&t_as_ntt[i0], &product); + ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_4f(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5085,12 +5084,12 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_4a( +static void generate_keypair_unpacked_a4( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_0e(key_generation_seed, hashed); + cpa_keygen_seed_d8_75(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5100,7 +5099,7 @@ static void generate_keypair_unpacked_4a( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_34(uu____1, ret, true); + sample_matrix_A_ee(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -5110,17 +5109,17 @@ static void generate_keypair_unpacked_4a( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_07(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b0(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_81(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_67(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_2d(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -5141,18 +5140,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_1e0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_01 private_key = default_1a_19(); - IndCpaPublicKeyUnpacked_01 public_key = default_8d_80(); - generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c(); + IndCpaPublicKeyUnpacked_01 public_key = default_8d_89(); + generate_keypair_unpacked_a4(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_f7( + serialize_public_key_ca( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5176,7 +5175,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7b0( +static KRML_MUSTINLINE void serialize_kem_secret_key_1f0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5202,7 +5201,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_7b0( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_16(public_key, ret0); + H_a9_41(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5232,7 +5231,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5241,13 +5240,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_1e0(ind_cpa_keypair_randomness); + generate_keypair_6a0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_7b0( + serialize_kem_secret_key_1f0( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5256,13 +5255,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f61( - uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee1( + uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key)); } /** @@ -5275,7 +5274,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_440(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_640(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5292,10 +5291,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_2d(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_7d();); + error_1[i] = ZERO_ef_05();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -5307,11 +5306,11 @@ sample_ring_element_cbd_2d(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_16(prf_inputs, prf_outputs); + PRFxN_a9_b2(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_73( + sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -5337,9 +5336,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_420(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_160(Eurydice_slice input, uint8_t ret[128U]) { - PRF_d10(input, ret); + PRF_960(input, ret); } /** @@ -5348,18 +5347,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_0c( +static KRML_MUSTINLINE void invert_ntt_montgomery_8f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_92(&zeta_i, re); - invert_ntt_at_layer_2_7a(&zeta_i, re); - invert_ntt_at_layer_3_2e(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_09(re); + invert_ntt_at_layer_1_f7(&zeta_i, re); + invert_ntt_at_layer_2_98(&zeta_i, re); + invert_ntt_at_layer_3_fe(&zeta_i, re); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_a9(re); } /** @@ -5368,14 +5367,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_7f( +static KRML_MUSTINLINE void compute_vector_u_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_7d();); + result0[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5395,11 +5394,11 @@ static KRML_MUSTINLINE void compute_vector_u_7f( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_31(&result0[i1], &product); + ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_4f(&result0[i1], &product); } - invert_ntt_montgomery_0c(&result0[i1]); - add_error_reduce_ef_a2(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8f(&result0[i1]); + add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( @@ -5417,18 +5416,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_ac( +compute_ring_element_v_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_31(&result, &product);); - invert_ntt_montgomery_0c(&result); - result = add_message_error_reduce_ef_df(error_2, message, result); + ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_4f(&result, &product);); + invert_ntt_montgomery_8f(&result); + result = add_message_error_reduce_ef_79(error_2, message, result); return result; } @@ -5438,14 +5437,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_99( +static KRML_MUSTINLINE void compress_then_serialize_11_17( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_460(to_unsigned_representative_b5(re->coefficients[i0])); + compress_09_760(to_unsigned_representative_3f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5463,10 +5462,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_43( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_99(re, uu____0); + compress_then_serialize_11_17(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5479,7 +5478,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_6d( +static void compress_then_serialize_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5495,7 +5494,7 @@ static void compress_then_serialize_u_6d( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_43(&re, ret); + compress_then_serialize_ring_element_u_9e(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5508,9 +5507,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_61( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_c3(re, out); + compress_then_serialize_5_03(re, out); } /** @@ -5530,7 +5529,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_72(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5538,7 +5537,7 @@ static void encrypt_unpacked_72(IndCpaPublicKeyUnpacked_01 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_81(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5548,7 +5547,7 @@ static void encrypt_unpacked_72(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_2d(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -5556,31 +5555,31 @@ static void encrypt_unpacked_72(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_420(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_160(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_73( + sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7f(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_dd(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4f(copy_of_message); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_ac(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_77(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_6d( + compress_then_serialize_u_42( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_61( + compress_then_serialize_ring_element_v_d1( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5603,10 +5602,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_80(); - deserialize_ring_elements_reduced_fb( + IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89(); + deserialize_ring_elements_reduced_53( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5615,13 +5614,13 @@ static void encrypt_690(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_34(uu____0, ret0, false); + sample_matrix_A_ee(uu____0, ret0, false); IndCpaPublicKeyUnpacked_01 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_72(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_a4(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5636,7 +5635,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_540(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_160(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5663,11 +5662,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c20( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_440( + entropy_preprocess_d8_640( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5676,14 +5675,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c20( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_16(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), + H_a9_41(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_9f(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5691,29 +5690,28 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_c20( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_690(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_1f(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_45(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_540(shared_secret, shared_secret_array); + kdf_d8_160(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -5722,12 +5720,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_180( +static KRML_MUSTINLINE void deserialize_secret_key_540( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_7d();); + secret_as_ntt[i] = ZERO_ef_05();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5739,7 +5737,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_180( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_59(secret_bytes); + deserialize_to_uncompressed_ring_element_6c(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -5758,8 +5756,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_88(Eurydice_slice serialized) { - return deserialize_then_decompress_11_1a(serialized); +deserialize_then_decompress_ring_element_u_79(Eurydice_slice serialized) { + return deserialize_then_decompress_11_d5(serialized); } /** @@ -5768,17 +5766,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2c( +static KRML_MUSTINLINE void ntt_vector_u_b7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ae(&zeta_i, re); - ntt_at_layer_2_53(&zeta_i, re); - ntt_at_layer_1_09(&zeta_i, re); - poly_barrett_reduce_ef_09(re); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_ba(&zeta_i, re); + ntt_at_layer_2_89(&zeta_i, re); + ntt_at_layer_1_d7(&zeta_i, re); + poly_barrett_reduce_ef_a9(re); } /** @@ -5789,12 +5787,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( +static KRML_MUSTINLINE void deserialize_then_decompress_u_25( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_7d();); + u_as_ntt[i] = ZERO_ef_05();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -5812,8 +5810,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a8( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_88(u_bytes); - ntt_vector_u_2c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_79(u_bytes); + ntt_vector_u_b7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5827,8 +5825,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_05(Eurydice_slice serialized) { - return deserialize_then_decompress_5_7e(serialized); +deserialize_then_decompress_ring_element_v_b9(Eurydice_slice serialized) { + return deserialize_then_decompress_5_f8(serialized); } /** @@ -5838,17 +5836,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a4( +compute_message_7d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_31(&result, &product);); - invert_ntt_montgomery_0c(&result); - result = subtract_reduce_ef_27(v, result); + ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_4f(&result, &product);); + invert_ntt_montgomery_8f(&result); + result = subtract_reduce_ef_da(v, result); return result; } @@ -5862,18 +5860,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e5(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_9d(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_a8(ciphertext, u_as_ntt); + deserialize_then_decompress_u_25(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_05( + deserialize_then_decompress_ring_element_v_b9( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a4(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d2(message, ret0); + compress_then_serialize_message_dd(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5887,10 +5885,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_980(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_180(secret_key, secret_as_ntt); + deserialize_secret_key_540(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5901,7 +5899,7 @@ static void decrypt_980(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_e5(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_9d(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5915,8 +5913,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_42(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); +static KRML_MUSTINLINE void PRF_a9_16(Eurydice_slice input, uint8_t ret[32U]) { + PRF_96(input, ret); } /** @@ -5941,7 +5939,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b0( +void libcrux_ml_kem_ind_cca_decapsulate_7f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5959,7 +5957,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_980(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_750(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5969,7 +5967,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_67(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_9f(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5981,27 +5979,27 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_42(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_690(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_540(Eurydice_array_to_slice( + kdf_d8_160(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_540(shared_secret0, shared_secret1); + kdf_d8_160(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_49(ciphertext), + libcrux_ml_kem_types_as_ref_00_40(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6016,7 +6014,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6030,7 +6028,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_fb0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_dc(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6041,13 +6039,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_bf( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_7d();); - deserialize_ring_elements_reduced_fb0(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_ef_05();); + deserialize_ring_elements_reduced_530(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6060,7 +6058,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_050( +static KRML_MUSTINLINE void serialize_secret_key_990( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6078,7 +6076,7 @@ static KRML_MUSTINLINE void serialize_secret_key_050( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_b8(&re, ret0); + serialize_uncompressed_ring_element_2c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -6093,13 +6091,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_7b0( +static KRML_MUSTINLINE void serialize_public_key_mut_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_050(t_as_ntt, ret); + serialize_secret_key_990(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6116,11 +6114,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_f70( +static KRML_MUSTINLINE void serialize_public_key_ca0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_7b0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -6134,15 +6132,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_2e(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_bf( + deserialize_ring_elements_reduced_out_cc( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_f70( + serialize_public_key_ca0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6160,7 +6158,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_160(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_410(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -6172,11 +6170,11 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c6( +bool libcrux_ml_kem_ind_cca_validate_private_key_70( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_a9_160(Eurydice_array_to_subslice2( + H_a9_410(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)2U, (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); @@ -6208,10 +6206,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_d6 default_1a_190(void) { +static IndCpaPrivateKeyUnpacked_d6 default_1a_3c0(void) { IndCpaPrivateKeyUnpacked_d6 lit; - lit.secret_as_ntt[0U] = ZERO_ef_7d(); - lit.secret_as_ntt[1U] = ZERO_ef_7d(); + lit.secret_as_ntt[0U] = ZERO_ef_05(); + lit.secret_as_ntt[1U] = ZERO_ef_05(); return lit; } @@ -6238,20 +6236,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_d6 default_8d_800(void) { +static IndCpaPublicKeyUnpacked_d6 default_8d_890(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_ef_7d();); + uu____0[i] = ZERO_ef_05();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_d6 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_7d(); - lit.A[0U][1U] = ZERO_ef_7d(); - lit.A[1U][0U] = ZERO_ef_7d(); - lit.A[1U][1U] = ZERO_ef_7d(); + lit.A[0U][0U] = ZERO_ef_05(); + lit.A[0U][1U] = ZERO_ef_05(); + lit.A[1U][0U] = ZERO_ef_05(); + lit.A[1U][1U] = ZERO_ef_05(); return lit; } @@ -6264,7 +6262,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_670(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_9f0(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6278,7 +6276,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e0( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_750( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6289,7 +6287,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_0e0( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_a9_9f0(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -6300,7 +6298,7 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_2a0(uint8_t input[2U][34U]) { +shake128_init_absorb_final_960(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -6322,11 +6320,11 @@ generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_final_a9_1c0(uint8_t input[2U][34U]) { +shake128_init_absorb_final_a9_c10(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_2a0(copy_of_input); + return shake128_init_absorb_final_960(copy_of_input); } /** @@ -6335,7 +6333,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_0c0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_080( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6366,9 +6364,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_first_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_2e0( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_a9_7a0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_0c0(self, ret); + shake128_squeeze_first_three_blocks_080(self, ret); } /** @@ -6419,7 +6417,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_741( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6457,7 +6455,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_4a0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_010( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -6488,9 +6486,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_next_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_1d0( +static KRML_MUSTINLINE void shake128_squeeze_next_block_a9_9f0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_4a0(self, ret); + shake128_squeeze_next_block_010(self, ret); } /** @@ -6541,7 +6539,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_742( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fe2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6579,9 +6577,9 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_e40( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_b40( int16_t s[272U]) { - return from_i16_array_ef_14( + return from_i16_array_ef_ef( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -6591,7 +6589,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_670( +static KRML_MUSTINLINE void sample_from_xof_900( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -6600,25 +6598,25 @@ static KRML_MUSTINLINE void sample_from_xof_670( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_final_a9_1c0(copy_of_seeds); + shake128_init_absorb_final_a9_c10(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_a9_2e0(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_a9_7a0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_741( + bool done = sample_from_uniform_distribution_next_fe1( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_a9_1d0(&xof_state, randomness); + shake128_squeeze_next_block_a9_9f0(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_742( + done = sample_from_uniform_distribution_next_fe2( copy_of_randomness, sampled_coefficients, out); } } @@ -6627,7 +6625,7 @@ static KRML_MUSTINLINE void sample_from_xof_670( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_e40(copy_of_out[i]);); + ret0[i] = closure_b40(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -6639,7 +6637,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_340( +static KRML_MUSTINLINE void sample_matrix_A_ee0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( @@ -6656,7 +6654,7 @@ static KRML_MUSTINLINE void sample_matrix_A_340( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_670(copy_of_seeds, sampled); + sample_from_xof_900(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6682,7 +6680,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_080(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_fb0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -6717,9 +6715,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_160(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_b20(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_080(input, ret); + PRFxN_fb0(input, ret); } /** @@ -6729,8 +6727,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_730(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_05(randomness); +sample_from_binomial_distribution_d70(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_20(randomness); } /** @@ -6741,7 +6739,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_070( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6755,12 +6753,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_070( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_160(prf_inputs, prf_outputs); + PRFxN_a9_b20(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_730( + re_as_ntt[i0] = sample_from_binomial_distribution_d70( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); return domain_separator; } @@ -6783,16 +6781,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_7d();); + re_as_ntt[i] = ZERO_ef_05();); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_070(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b00(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6817,7 +6815,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_310( +static KRML_MUSTINLINE void add_to_ring_element_ef_4f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6837,7 +6835,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_670( +static KRML_MUSTINLINE void compute_As_plus_e_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -6851,7 +6849,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = ZERO_ef_05(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6864,10 +6862,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_310(&t_as_ntt[i0], &product); + ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_4f0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6880,12 +6878,12 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_4a0( +static void generate_keypair_unpacked_a40( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_0e0(key_generation_seed, hashed); + cpa_keygen_seed_d8_750(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6895,7 +6893,7 @@ static void generate_keypair_unpacked_4a0( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_340(uu____1, ret, true); + sample_matrix_A_ee0(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -6905,17 +6903,17 @@ static void generate_keypair_unpacked_4a0( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_070(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b00(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_810(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_670(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_2d0(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6936,18 +6934,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_1e( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_190(); - IndCpaPublicKeyUnpacked_d6 public_key = default_8d_800(); - generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0(); + IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890(); + generate_keypair_unpacked_a40(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_f70( + serialize_public_key_ca0( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_050(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_990(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6971,7 +6969,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_7b( +static KRML_MUSTINLINE void serialize_kem_secret_key_1f( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6997,7 +6995,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_7b( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_a9_160(public_key, ret0); + H_a9_410(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -7026,7 +7024,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7036,13 +7034,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_1e(ind_cpa_keypair_randomness); + generate_keypair_6a(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_7b( + serialize_kem_secret_key_1f( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7051,13 +7049,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_dd( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f6( - uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee( + uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); } /** @@ -7070,7 +7068,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7084,7 +7082,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_081(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_fb1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7119,9 +7117,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_161(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_b21(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_081(input, ret); + PRFxN_fb1(input, ret); } /** @@ -7133,10 +7131,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_2d0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_a00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_7d();); + error_1[i] = ZERO_ef_05();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -7148,11 +7146,11 @@ sample_ring_element_cbd_2d0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_161(prf_inputs, prf_outputs); + PRFxN_a9_b21(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_73( + sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -7178,9 +7176,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_422(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_162(Eurydice_slice input, uint8_t ret[128U]) { - PRF_d10(input, ret); + PRF_960(input, ret); } /** @@ -7189,18 +7187,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_0c0( +static KRML_MUSTINLINE void invert_ntt_montgomery_8f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_92(&zeta_i, re); - invert_ntt_at_layer_2_7a(&zeta_i, re); - invert_ntt_at_layer_3_2e(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_09(re); + invert_ntt_at_layer_1_f7(&zeta_i, re); + invert_ntt_at_layer_2_98(&zeta_i, re); + invert_ntt_at_layer_3_fe(&zeta_i, re); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_a9(re); } /** @@ -7209,14 +7207,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_7f0( +static KRML_MUSTINLINE void compute_vector_u_dd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_7d();); + result0[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7236,11 +7234,11 @@ static KRML_MUSTINLINE void compute_vector_u_7f0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_310(&result0[i1], &product); + ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_4f0(&result0[i1], &product); } - invert_ntt_montgomery_0c0(&result0[i1]); - add_error_reduce_ef_a2(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8f0(&result0[i1]); + add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( @@ -7258,18 +7256,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_ac0( +compute_ring_element_v_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_310(&result, &product);); - invert_ntt_montgomery_0c0(&result); - result = add_message_error_reduce_ef_df(error_2, message, result); + ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_4f0(&result, &product);); + invert_ntt_montgomery_8f0(&result); + result = add_message_error_reduce_ef_79(error_2, message, result); return result; } @@ -7282,7 +7280,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_6d0( +static void compress_then_serialize_u_420( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7298,7 +7296,7 @@ static void compress_then_serialize_u_6d0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_430(&re, ret); + compress_then_serialize_ring_element_u_9e0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7321,7 +7319,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_720(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7329,7 +7327,7 @@ static void encrypt_unpacked_720(IndCpaPublicKeyUnpacked_d6 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_810(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7339,7 +7337,7 @@ static void encrypt_unpacked_720(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_2d0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_a00(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7347,31 +7345,31 @@ static void encrypt_unpacked_720(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_422(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_a9_162(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_73( + sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7f0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_dd0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_4f(copy_of_message); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_ac0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_770(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_6d0( + compress_then_serialize_u_420( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_610( + compress_then_serialize_ring_element_v_d10( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7394,10 +7392,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_800(); - deserialize_ring_elements_reduced_fb0( + IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890(); + deserialize_ring_elements_reduced_530( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -7406,13 +7404,13 @@ static void encrypt_69(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_340(uu____0, ret0, false); + sample_matrix_A_ee0(uu____0, ret0, false); IndCpaPublicKeyUnpacked_d6 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_720(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_a40(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7427,7 +7425,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_54(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_16(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7454,11 +7452,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c2( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_44( + entropy_preprocess_d8_64( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7467,14 +7465,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c2( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_a9_160(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), + H_a9_410(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_a9_9f0(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7482,29 +7480,28 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_c2( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_69(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_1f0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_450(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_54(shared_secret, shared_secret_array); + kdf_d8_16(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -7513,12 +7510,12 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_18( +static KRML_MUSTINLINE void deserialize_secret_key_54( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_7d();); + secret_as_ntt[i] = ZERO_ef_05();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7530,7 +7527,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_18( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_59(secret_bytes); + deserialize_to_uncompressed_ring_element_6c(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -7550,12 +7547,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( +static KRML_MUSTINLINE void deserialize_then_decompress_u_250( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_7d();); + u_as_ntt[i] = ZERO_ef_05();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -7573,8 +7570,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_a80( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_880(u_bytes); - ntt_vector_u_2c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes); + ntt_vector_u_b70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7588,17 +7585,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a40( +compute_message_7d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_7d(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_310(&result, &product);); - invert_ntt_montgomery_0c0(&result); - result = subtract_reduce_ef_27(v, result); + ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_4f0(&result, &product);); + invert_ntt_montgomery_8f0(&result); + result = subtract_reduce_ef_da(v, result); return result; } @@ -7612,18 +7609,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e50(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_9d0(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_a80(ciphertext, u_as_ntt); + deserialize_then_decompress_u_250(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_050( + deserialize_then_decompress_ring_element_v_b90( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a40(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_d2(message, ret0); + compress_then_serialize_message_dd(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7637,10 +7634,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_98(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_18(secret_key, secret_as_ntt); + deserialize_secret_key_54(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7651,7 +7648,7 @@ static void decrypt_98(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_e50(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_9d0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7665,8 +7662,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_421(Eurydice_slice input, uint8_t ret[32U]) { - PRF_d1(input, ret); +static KRML_MUSTINLINE void PRF_a9_161(Eurydice_slice input, uint8_t ret[32U]) { + PRF_96(input, ret); } /** @@ -7691,7 +7688,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_0b( +void libcrux_ml_kem_ind_cca_decapsulate_7f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7709,7 +7706,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_98(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7719,7 +7716,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_670(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_a9_9f0(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7731,26 +7728,26 @@ void libcrux_ml_kem_ind_cca_decapsulate_0b( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_490(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_421(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_69(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_54(Eurydice_array_to_slice((size_t)32U, + kdf_d8_16(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_54(shared_secret0, shared_secret1); + kdf_d8_16(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_490(ciphertext), + libcrux_ml_kem_types_as_ref_00_400(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 705b94d1c..42cc1517c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 65f4405d5..9c539cfa1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "internal/libcrux_mlkem_portable.h" @@ -2290,7 +2290,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_19(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_ef_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2318,8 +2318,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_8a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_to_reduced_ring_element_a5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2340,7 +2340,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2354,7 +2354,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_8a(ring_element); + deserialize_to_reduced_ring_element_a5(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2365,13 +2365,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_611( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_531( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_19();); - deserialize_ring_elements_reduced_bb(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_ef_1b();); + deserialize_ring_elements_reduced_da(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2383,7 +2383,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_3c(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2402,8 +2402,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_3e(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_3c(v); +shift_right_0d_9d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_95(v); } /** @@ -2413,10 +2413,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_9f( +to_unsigned_representative_7c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_3e(a); + shift_right_0d_9d(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2430,10 +2430,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_field_modulus_c4( +to_unsigned_field_modulus_b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - to_unsigned_representative_9f(a); + to_unsigned_representative_7c(a); return result; } @@ -2443,14 +2443,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_field_modulus_c4(re->coefficients[i0]); + to_unsigned_field_modulus_b0(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2470,7 +2470,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_1d( +static KRML_MUSTINLINE void serialize_secret_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2488,7 +2488,7 @@ static KRML_MUSTINLINE void serialize_secret_key_1d( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c6(&re, ret0); + serialize_uncompressed_ring_element_8b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -2503,13 +2503,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_0d( +static KRML_MUSTINLINE void serialize_public_key_mut_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_1d(t_as_ntt, ret); + serialize_secret_key_5a(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2526,11 +2526,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_8c( +static KRML_MUSTINLINE void serialize_public_key_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_0d(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -2544,15 +2544,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f71(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_611( + deserialize_ring_elements_reduced_out_531( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_8c( + serialize_public_key_07( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2570,7 +2570,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_c6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_d5(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -2582,11 +2582,11 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ed( +bool libcrux_ml_kem_ind_cca_validate_private_key_ae( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; - H_f1_c6(Eurydice_array_to_subslice2( + H_f1_d5(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)4U, (size_t)768U * (size_t)4U + (size_t)32U, uint8_t), t); @@ -2618,12 +2618,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPrivateKeyUnpacked_42 default_1a_a3(void) { +static IndCpaPrivateKeyUnpacked_42 default_1a_e9(void) { IndCpaPrivateKeyUnpacked_42 lit; - lit.secret_as_ntt[0U] = ZERO_ef_19(); - lit.secret_as_ntt[1U] = ZERO_ef_19(); - lit.secret_as_ntt[2U] = ZERO_ef_19(); - lit.secret_as_ntt[3U] = ZERO_ef_19(); + lit.secret_as_ntt[0U] = ZERO_ef_1b(); + lit.secret_as_ntt[1U] = ZERO_ef_1b(); + lit.secret_as_ntt[2U] = ZERO_ef_1b(); + lit.secret_as_ntt[3U] = ZERO_ef_1b(); return lit; } @@ -2650,32 +2650,32 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static IndCpaPublicKeyUnpacked_42 default_8d_6b(void) { +static IndCpaPublicKeyUnpacked_42 default_8d_d1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - uu____0[i] = ZERO_ef_19();); + uu____0[i] = ZERO_ef_1b();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_42 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_19(); - lit.A[0U][1U] = ZERO_ef_19(); - lit.A[0U][2U] = ZERO_ef_19(); - lit.A[0U][3U] = ZERO_ef_19(); - lit.A[1U][0U] = ZERO_ef_19(); - lit.A[1U][1U] = ZERO_ef_19(); - lit.A[1U][2U] = ZERO_ef_19(); - lit.A[1U][3U] = ZERO_ef_19(); - lit.A[2U][0U] = ZERO_ef_19(); - lit.A[2U][1U] = ZERO_ef_19(); - lit.A[2U][2U] = ZERO_ef_19(); - lit.A[2U][3U] = ZERO_ef_19(); - lit.A[3U][0U] = ZERO_ef_19(); - lit.A[3U][1U] = ZERO_ef_19(); - lit.A[3U][2U] = ZERO_ef_19(); - lit.A[3U][3U] = ZERO_ef_19(); + lit.A[0U][0U] = ZERO_ef_1b(); + lit.A[0U][1U] = ZERO_ef_1b(); + lit.A[0U][2U] = ZERO_ef_1b(); + lit.A[0U][3U] = ZERO_ef_1b(); + lit.A[1U][0U] = ZERO_ef_1b(); + lit.A[1U][1U] = ZERO_ef_1b(); + lit.A[1U][2U] = ZERO_ef_1b(); + lit.A[1U][3U] = ZERO_ef_1b(); + lit.A[2U][0U] = ZERO_ef_1b(); + lit.A[2U][1U] = ZERO_ef_1b(); + lit.A[2U][2U] = ZERO_ef_1b(); + lit.A[2U][3U] = ZERO_ef_1b(); + lit.A[3U][0U] = ZERO_ef_1b(); + lit.A[3U][1U] = ZERO_ef_1b(); + lit.A[3U][2U] = ZERO_ef_1b(); + lit.A[3U][3U] = ZERO_ef_1b(); return lit; } @@ -2688,7 +2688,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_07(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_87(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2702,7 +2702,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_39( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_57( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2713,7 +2713,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_39( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)4U; uint8_t ret0[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_87(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -2733,7 +2733,7 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_37(uint8_t input[4U][34U]) { +shake128_init_absorb_final_24(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2764,11 +2764,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_final_f1_17(uint8_t input[4U][34U]) { +shake128_init_absorb_final_f1_31(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_37(copy_of_input); + return shake128_init_absorb_final_24(copy_of_input); } /** @@ -2777,7 +2777,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_72( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_63( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2798,9 +2798,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_75( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_2f( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_first_three_blocks_72(self, ret); + shake128_squeeze_first_three_blocks_63(self, ret); } /** @@ -2851,7 +2851,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_71( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2889,7 +2889,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_e6( +static KRML_MUSTINLINE void shake128_squeeze_next_block_11( PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2910,9 +2910,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_48( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c4( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_next_block_e6(self, ret); + shake128_squeeze_next_block_11(self, ret); } /** @@ -2963,7 +2963,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_710( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -3007,8 +3007,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_ef_bb(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); +from_i16_array_ef_54(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3028,9 +3028,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_eb( int16_t s[272U]) { - return from_i16_array_ef_bb( + return from_i16_array_ef_54( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3041,7 +3041,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_49( +static KRML_MUSTINLINE void sample_from_xof_bf( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -3049,25 +3049,25 @@ static KRML_MUSTINLINE void sample_from_xof_49( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_final_f1_17(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_final_f1_31(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_first_three_blocks_f1_75(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_2f(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_fb( + bool done = sample_from_uniform_distribution_next_71( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_next_block_f1_48(&xof_state, randomness); + shake128_squeeze_next_block_f1_c4(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_fb0( + done = sample_from_uniform_distribution_next_710( copy_of_randomness, sampled_coefficients, out); } } @@ -3076,7 +3076,7 @@ static KRML_MUSTINLINE void sample_from_xof_49( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_ba(copy_of_out[i]);); + ret0[i] = closure_eb(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -3089,7 +3089,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_ae( +static KRML_MUSTINLINE void sample_matrix_A_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[4U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR4( @@ -3106,7 +3106,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_49(copy_of_seeds, sampled); + sample_from_xof_bf(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -3132,7 +3132,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d5(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_af(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4( @@ -3153,9 +3153,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_13(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_d5(input, ret); + PRFxN_af(input, ret); } /** @@ -3165,7 +3165,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_48(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { @@ -3199,7 +3199,7 @@ sample_from_binomial_distribution_2_1b(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_bb( + return from_i16_array_ef_54( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3210,7 +3210,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_3a(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { @@ -3243,7 +3243,7 @@ sample_from_binomial_distribution_3_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_ef_bb( + return from_i16_array_ef_54( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3254,8 +3254,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_ce(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_1b(randomness); +sample_from_binomial_distribution_6b(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_48(randomness); } /** @@ -3264,7 +3264,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_73( +static KRML_MUSTINLINE void ntt_at_layer_7_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3292,7 +3292,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_5e( +montgomery_multiply_fe_ad( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3306,12 +3306,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d1( + ntt_layer_int_vec_step_57( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_5e(b, zeta_r); + montgomery_multiply_fe_ad(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3325,7 +3325,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_bf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3338,7 +3338,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d1( + ntt_layer_int_vec_step_57( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3355,7 +3355,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_1b( +static KRML_MUSTINLINE void ntt_at_layer_3_d0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3373,7 +3373,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_ea( +static KRML_MUSTINLINE void ntt_at_layer_2_76( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3392,7 +3392,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_21( +static KRML_MUSTINLINE void ntt_at_layer_1_5d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3418,7 +3418,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_0a( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3436,17 +3436,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b3( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_73(re); + ntt_at_layer_7_97(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_1b(&zeta_i, re); - ntt_at_layer_2_ea(&zeta_i, re); - ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_ef_0a(re); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_d0(&zeta_i, re); + ntt_at_layer_2_76(&zeta_i, re); + ntt_at_layer_1_5d(&zeta_i, re); + poly_barrett_reduce_ef_17(re); } /** @@ -3458,7 +3458,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3472,12 +3472,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_13(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_ce( + re_as_ntt[i0] = sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); return domain_separator; } @@ -3501,16 +3501,16 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_19();); + re_as_ntt[i] = ZERO_ef_1b();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_3c(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b1(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3536,9 +3536,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_45(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3568,7 +3568,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_3a( +static KRML_MUSTINLINE void add_to_ring_element_ef_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3593,7 +3593,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_73( +to_standard_domain_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3610,14 +3610,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_73(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3632,7 +3632,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_f0( +static KRML_MUSTINLINE void compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -3646,7 +3646,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_1b(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -3659,10 +3659,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); + ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_5d(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3675,12 +3675,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_86( +static void generate_keypair_unpacked_e9( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_39(key_generation_seed, hashed); + cpa_keygen_seed_d8_57(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3690,7 +3690,7 @@ static void generate_keypair_unpacked_86( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_ae(uu____1, ret, true); + sample_matrix_A_0d(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -3700,17 +3700,17 @@ static void generate_keypair_unpacked_86( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_3c(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b1(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_c7(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -3731,18 +3731,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_791( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_42 private_key = default_1a_a3(); - IndCpaPublicKeyUnpacked_42 public_key = default_8d_6b(); - generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9(); + IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1(); + generate_keypair_unpacked_e9(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_8c( + serialize_public_key_07( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3766,7 +3766,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_64( +static KRML_MUSTINLINE void serialize_kem_secret_key_d4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3792,7 +3792,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_64( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c6(public_key, ret0); + H_f1_d5(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -3822,7 +3822,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3831,13 +3831,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_791(ind_cpa_keypair_randomness); + generate_keypair_501(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_64( + serialize_kem_secret_key_d4( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3846,13 +3846,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_911(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_8c1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f61( - uu____2, libcrux_ml_kem_types_from_5a_451(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee1( + uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key)); } /** @@ -3865,7 +3865,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_8d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3883,10 +3883,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_f9(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_ef_19();); + error_1[i] = ZERO_ef_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3898,11 +3898,11 @@ sample_ring_element_cbd_f9(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_9f(prf_inputs, prf_outputs); + PRFxN_f1_13(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_ce( + sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3923,7 +3923,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_440(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_f70(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); @@ -3940,9 +3940,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_440(input, ret); + PRF_f70(input, ret); } /** @@ -3951,7 +3951,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9d( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_08( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3972,7 +3972,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_82( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_91( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3991,7 +3991,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_be( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_41( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4011,7 +4011,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_66( + inv_ntt_layer_int_vec_step_reduce_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4019,7 +4019,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_5e(a_minus_b, zeta_r); + b = montgomery_multiply_fe_ad(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4031,7 +4031,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4046,7 +4046,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_8c( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_66( + inv_ntt_layer_int_vec_step_reduce_13( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4063,18 +4063,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_45( +static KRML_MUSTINLINE void invert_ntt_montgomery_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9d(&zeta_i, re); - invert_ntt_at_layer_2_82(&zeta_i, re); - invert_ntt_at_layer_3_be(&zeta_i, re); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_0a(re); + invert_ntt_at_layer_1_08(&zeta_i, re); + invert_ntt_at_layer_2_91(&zeta_i, re); + invert_ntt_at_layer_3_41(&zeta_i, re); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_17(re); } /** @@ -4088,7 +4088,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_bd( +static KRML_MUSTINLINE void add_error_reduce_ef_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4112,14 +4112,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_cc( +static KRML_MUSTINLINE void compute_vector_u_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_19();); + result0[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4139,11 +4139,11 @@ static KRML_MUSTINLINE void compute_vector_u_cc( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_3a(&result0[i1], &product); + ntt_multiply_ef_45(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_5d(&result0[i1], &product); } - invert_ntt_montgomery_45(&result0[i1]); - add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_55(&result0[i1]); + add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( @@ -4161,7 +4161,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_a4(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +decompress_1_78(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = @@ -4179,8 +4179,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_52(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4190,7 +4190,7 @@ deserialize_then_decompress_message_52(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_a4(coefficient_compressed); + decompress_1_78(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4207,7 +4207,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_ef_42( +add_message_error_reduce_ef_21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4237,18 +4237,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_14( +compute_ring_element_v_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_3a(&result, &product);); - invert_ntt_montgomery_45(&result); - result = add_message_error_reduce_ef_42(error_2, message, result); + ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_5d(&result, &product);); + invert_ntt_montgomery_55(&result); + result = add_message_error_reduce_ef_21(error_2, message, result); return result; } @@ -4258,7 +4258,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_c5(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_61(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4279,9 +4279,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_4f( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_c5(a); + return compress_61(a); } /** @@ -4290,7 +4290,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_c50(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_610(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4312,8 +4312,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_4f0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_c50(a); +compress_0d_fe0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_610(a); } /** @@ -4322,14 +4322,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_8b( +static KRML_MUSTINLINE void compress_then_serialize_11_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_4f0(to_unsigned_representative_9f(re->coefficients[i0])); + compress_0d_fe0(to_unsigned_representative_7c(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4347,10 +4347,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_03( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_8b(re, uu____0); + compress_then_serialize_11_a9(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4363,7 +4363,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_7a( +static void compress_then_serialize_u_cd( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4379,7 +4379,7 @@ static void compress_then_serialize_u_7a( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_03(&re, ret); + compress_then_serialize_ring_element_u_b5(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4391,7 +4391,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_c51(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_611(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4413,8 +4413,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_4f1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_c51(a); +compress_0d_fe1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_611(a); } /** @@ -4423,14 +4423,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_51( +static KRML_MUSTINLINE void compress_then_serialize_4_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_4f1(to_unsigned_field_modulus_c4(re.coefficients[i0])); + compress_0d_fe1(to_unsigned_field_modulus_b0(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4446,7 +4446,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_c52(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_612(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4468,8 +4468,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_4f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_c52(a); +compress_0d_fe2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_612(a); } /** @@ -4478,14 +4478,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_32( +static KRML_MUSTINLINE void compress_then_serialize_5_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_4f2(to_unsigned_representative_9f(re.coefficients[i0])); + compress_0d_fe2(to_unsigned_representative_7c(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4502,9 +4502,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_32(re, out); + compress_then_serialize_5_69(re, out); } /** @@ -4525,7 +4525,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ad(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4533,7 +4533,7 @@ static void encrypt_unpacked_ad(IndCpaPublicKeyUnpacked_42 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4543,7 +4543,7 @@ static void encrypt_unpacked_ad(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_f9(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_7f(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4551,31 +4551,31 @@ static void encrypt_unpacked_ad(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9f0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_ce( + sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_cc(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_14(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1e(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_7a( + compress_then_serialize_u_cd( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_8f( + compress_then_serialize_ring_element_v_cf( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4599,10 +4599,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f41(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_6b(); - deserialize_ring_elements_reduced_bb( + IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1(); + deserialize_ring_elements_reduced_da( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4611,13 +4611,13 @@ static void encrypt_f41(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae(uu____0, ret0, false); + sample_matrix_A_0d(uu____0, ret0, false); IndCpaPublicKeyUnpacked_42 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_ad(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_c3(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4632,7 +4632,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_f0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_19(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4659,11 +4659,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_361( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_8d( + entropy_preprocess_d8_62( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4672,14 +4672,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_361( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c6(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), + H_f1_d5(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_87(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -4687,29 +4687,28 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_361( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_cf(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_4b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_1f(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_45(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_f0(shared_secret, shared_secret_array); + kdf_d8_19(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -4719,8 +4718,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_7a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_to_uncompressed_ring_element_07(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -4739,12 +4738,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_a71( +static KRML_MUSTINLINE void deserialize_secret_key_121( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_19();); + secret_as_ntt[i] = ZERO_ef_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4756,7 +4755,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a71( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7a(secret_bytes); + deserialize_to_uncompressed_ring_element_07(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -4775,7 +4774,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b4( +decompress_ciphertext_coefficient_4a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4800,9 +4799,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c( +decompress_ciphertext_coefficient_0d_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b4(v); + return decompress_ciphertext_coefficient_4a(v); } /** @@ -4812,8 +4811,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_58(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_10_5c(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -4829,7 +4828,7 @@ deserialize_then_decompress_10_58(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c(coefficient); + decompress_ciphertext_coefficient_0d_ea(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4842,7 +4841,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b40( +decompress_ciphertext_coefficient_4a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4867,9 +4866,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c0( +decompress_ciphertext_coefficient_0d_ea0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b40(v); + return decompress_ciphertext_coefficient_4a0(v); } /** @@ -4879,8 +4878,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_5c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_11_77(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -4889,7 +4888,7 @@ deserialize_then_decompress_11_5c(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c0(coefficient); + decompress_ciphertext_coefficient_0d_ea0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4902,8 +4901,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_9c(Eurydice_slice serialized) { - return deserialize_then_decompress_11_5c(serialized); +deserialize_then_decompress_ring_element_u_cd(Eurydice_slice serialized) { + return deserialize_then_decompress_11_77(serialized); } /** @@ -4912,17 +4911,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_72( +static KRML_MUSTINLINE void ntt_vector_u_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_1b(&zeta_i, re); - ntt_at_layer_2_ea(&zeta_i, re); - ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_ef_0a(re); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_d0(&zeta_i, re); + ntt_at_layer_2_76(&zeta_i, re); + ntt_at_layer_1_5d(&zeta_i, re); + poly_barrett_reduce_ef_17(re); } /** @@ -4933,12 +4932,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( +static KRML_MUSTINLINE void deserialize_then_decompress_u_bb( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_19();); + u_as_ntt[i] = ZERO_ef_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), @@ -4956,8 +4955,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c(u_bytes); - ntt_vector_u_72(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd(u_bytes); + ntt_vector_u_2c(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4971,7 +4970,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b41( +decompress_ciphertext_coefficient_4a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4996,9 +4995,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c1( +decompress_ciphertext_coefficient_0d_ea1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b41(v); + return decompress_ciphertext_coefficient_4a1(v); } /** @@ -5008,8 +5007,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_6c(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_4_b1(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -5018,7 +5017,7 @@ deserialize_then_decompress_4_6c(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_4c1(coefficient); + decompress_ciphertext_coefficient_0d_ea1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5031,7 +5030,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b42( +decompress_ciphertext_coefficient_4a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5056,9 +5055,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_4c2( +decompress_ciphertext_coefficient_0d_ea2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b42(v); + return decompress_ciphertext_coefficient_4a2(v); } /** @@ -5068,8 +5067,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_96(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_19(); +deserialize_then_decompress_5_7b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -5078,7 +5077,7 @@ deserialize_then_decompress_5_96(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_4c2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_ea2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5091,8 +5090,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_ad(Eurydice_slice serialized) { - return deserialize_then_decompress_5_96(serialized); +deserialize_then_decompress_ring_element_v_ce(Eurydice_slice serialized) { + return deserialize_then_decompress_5_7b(serialized); } /** @@ -5107,7 +5106,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_ef_87(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_92(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5132,17 +5131,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7e( +compute_message_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_3a(&result, &product);); - invert_ntt_montgomery_45(&result); - result = subtract_reduce_ef_87(v, result); + ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_5d(&result, &product);); + invert_ntt_montgomery_55(&result); + result = subtract_reduce_ef_92(v, result); return result; } @@ -5152,13 +5151,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_4f( +static KRML_MUSTINLINE void compress_then_serialize_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_field_modulus_c4(re.coefficients[i0]); + to_unsigned_field_modulus_b0(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5184,18 +5183,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_81(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_c9(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_1e(ciphertext, u_as_ntt); + deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ad( + deserialize_then_decompress_ring_element_v_ce( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7e(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_82(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_4f(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5209,10 +5208,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_411(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_a71(secret_key, secret_as_ntt); + deserialize_secret_key_121(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5223,7 +5222,7 @@ static void decrypt_411(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_81(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_c9(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5232,7 +5231,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_44(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_f7(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); @@ -5249,8 +5248,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); +static KRML_MUSTINLINE void PRF_f1_9f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_f7(input, ret); } /** @@ -5275,7 +5274,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_391( +void libcrux_ml_kem_ind_cca_decapsulate_191( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5293,7 +5292,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_391( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_411(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_dc1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5303,7 +5302,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_391( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_07(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_87(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -5315,27 +5314,27 @@ void libcrux_ml_kem_ind_cca_decapsulate_391( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_49(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f41(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_4b1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_f0(Eurydice_array_to_slice((size_t)32U, + kdf_d8_19(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_f0(shared_secret0, shared_secret1); + kdf_d8_19(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_49(ciphertext), + libcrux_ml_kem_types_as_ref_00_40(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5350,7 +5349,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5364,7 +5363,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_8a(ring_element); + deserialize_to_reduced_ring_element_a5(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5375,13 +5374,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_610( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_530( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_19();); - deserialize_ring_elements_reduced_bb0(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_ef_1b();); + deserialize_ring_elements_reduced_da0(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5394,7 +5393,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_1d0( +static KRML_MUSTINLINE void serialize_secret_key_5a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5412,7 +5411,7 @@ static KRML_MUSTINLINE void serialize_secret_key_1d0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c6(&re, ret0); + serialize_uncompressed_ring_element_8b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5427,13 +5426,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_0d0( +static KRML_MUSTINLINE void serialize_public_key_mut_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_1d0(t_as_ntt, ret); + serialize_secret_key_5a0(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5450,11 +5449,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_8c0( +static KRML_MUSTINLINE void serialize_public_key_070( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_0d0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_3c0(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -5468,15 +5467,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f70(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_610( + deserialize_ring_elements_reduced_out_530( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_8c0( + serialize_public_key_070( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5494,7 +5493,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_c60(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_d50(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5506,11 +5505,11 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_d8( +bool libcrux_ml_kem_ind_cca_validate_private_key_b4( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; - H_f1_c60(Eurydice_array_to_subslice2( + H_f1_d50(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)2U, (size_t)768U * (size_t)2U + (size_t)32U, uint8_t), t); @@ -5542,10 +5541,10 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPrivateKeyUnpacked_ae default_1a_a30(void) { +static IndCpaPrivateKeyUnpacked_ae default_1a_e90(void) { IndCpaPrivateKeyUnpacked_ae lit; - lit.secret_as_ntt[0U] = ZERO_ef_19(); - lit.secret_as_ntt[1U] = ZERO_ef_19(); + lit.secret_as_ntt[0U] = ZERO_ef_1b(); + lit.secret_as_ntt[1U] = ZERO_ef_1b(); return lit; } @@ -5572,20 +5571,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static IndCpaPublicKeyUnpacked_ae default_8d_6b0(void) { +static IndCpaPublicKeyUnpacked_ae default_8d_d10(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - uu____0[i] = ZERO_ef_19();); + uu____0[i] = ZERO_ef_1b();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_ae lit; memcpy( lit.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_19(); - lit.A[0U][1U] = ZERO_ef_19(); - lit.A[1U][0U] = ZERO_ef_19(); - lit.A[1U][1U] = ZERO_ef_19(); + lit.A[0U][0U] = ZERO_ef_1b(); + lit.A[0U][1U] = ZERO_ef_1b(); + lit.A[1U][0U] = ZERO_ef_1b(); + lit.A[1U][1U] = ZERO_ef_1b(); return lit; } @@ -5598,7 +5597,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_070(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_870(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5612,7 +5611,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_eb( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_36( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5623,7 +5622,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_eb( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)2U; uint8_t ret0[64U]; - G_f1_070(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_870(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5643,7 +5642,7 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_370(uint8_t input[2U][34U]) { +shake128_init_absorb_final_240(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5674,11 +5673,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_final_f1_170(uint8_t input[2U][34U]) { +shake128_init_absorb_final_f1_310(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_370(copy_of_input); + return shake128_init_absorb_final_240(copy_of_input); } /** @@ -5687,7 +5686,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_720( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_630( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5708,9 +5707,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_750( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_2f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_first_three_blocks_720(self, ret); + shake128_squeeze_first_three_blocks_630(self, ret); } /** @@ -5761,7 +5760,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_711( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5799,7 +5798,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_e60( +static KRML_MUSTINLINE void shake128_squeeze_next_block_110( PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5820,9 +5819,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_480( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c40( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_next_block_e60(self, ret); + shake128_squeeze_next_block_110(self, ret); } /** @@ -5873,7 +5872,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_712( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5912,9 +5911,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba0( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_eb0( int16_t s[272U]) { - return from_i16_array_ef_bb( + return from_i16_array_ef_54( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -5925,7 +5924,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_490( +static KRML_MUSTINLINE void sample_from_xof_bf0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5933,25 +5932,25 @@ static KRML_MUSTINLINE void sample_from_xof_490( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_final_f1_170(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_final_f1_310(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_first_three_blocks_f1_750(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_2f0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_fb1( + bool done = sample_from_uniform_distribution_next_711( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_next_block_f1_480(&xof_state, randomness); + shake128_squeeze_next_block_f1_c40(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_fb2( + done = sample_from_uniform_distribution_next_712( copy_of_randomness, sampled_coefficients, out); } } @@ -5960,7 +5959,7 @@ static KRML_MUSTINLINE void sample_from_xof_490( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_ba0(copy_of_out[i]);); + ret0[i] = closure_eb0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5973,7 +5972,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_ae0( +static KRML_MUSTINLINE void sample_matrix_A_0d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[2U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR2( @@ -5990,7 +5989,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae0( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_490(copy_of_seeds, sampled); + sample_from_xof_bf0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6016,7 +6015,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_d50(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_af0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6037,9 +6036,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_9f0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_130(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_d50(input, ret); + PRFxN_af0(input, ret); } /** @@ -6049,8 +6048,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_ce0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_ee(randomness); +sample_from_binomial_distribution_6b0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_3a(randomness); } /** @@ -6062,7 +6061,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6076,12 +6075,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c0( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_9f0(prf_inputs, prf_outputs); + PRFxN_f1_130(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_ce0( + re_as_ntt[i0] = sample_from_binomial_distribution_6b0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); return domain_separator; } @@ -6105,16 +6104,16 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_19();); + re_as_ntt[i] = ZERO_ef_1b();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_3c0(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b10(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6139,7 +6138,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( +static KRML_MUSTINLINE void add_to_ring_element_ef_5d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6163,7 +6162,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_f00( +static KRML_MUSTINLINE void compute_As_plus_e_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -6177,7 +6176,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_1b(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -6190,10 +6189,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); + ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_5d0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6206,12 +6205,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_860( +static void generate_keypair_unpacked_e90( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_eb(key_generation_seed, hashed); + cpa_keygen_seed_d8_36(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6221,7 +6220,7 @@ static void generate_keypair_unpacked_860( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_ae0(uu____1, ret, true); + sample_matrix_A_0d0(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -6231,17 +6230,17 @@ static void generate_keypair_unpacked_860( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_3c0(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b10(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_c70(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6262,18 +6261,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_790( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_ae private_key = default_1a_a30(); - IndCpaPublicKeyUnpacked_ae public_key = default_8d_6b0(); - generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90(); + IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10(); + generate_keypair_unpacked_e90(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_8c0( + serialize_public_key_070( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_1d0(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_5a0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6297,7 +6296,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_ee( +static KRML_MUSTINLINE void serialize_kem_secret_key_a1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6323,7 +6322,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_ee( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c60(public_key, ret0); + H_f1_d50(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -6353,7 +6352,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6362,13 +6361,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_790(ind_cpa_keypair_randomness); + generate_keypair_500(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_ee( + serialize_kem_secret_key_a1( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6377,13 +6376,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f6( - uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee( + uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); } /** @@ -6396,7 +6395,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_91(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_89(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6410,7 +6409,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_af1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6431,9 +6430,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_131(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_d51(input, ret); + PRFxN_af1(input, ret); } /** @@ -6446,10 +6445,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_f90(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_ef_19();); + error_1[i] = ZERO_ef_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6461,11 +6460,11 @@ sample_ring_element_cbd_f90(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_9f1(prf_inputs, prf_outputs); + PRFxN_f1_131(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_ce( + sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6491,9 +6490,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_440(input, ret); + PRF_f70(input, ret); } /** @@ -6502,18 +6501,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_450( +static KRML_MUSTINLINE void invert_ntt_montgomery_550( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9d(&zeta_i, re); - invert_ntt_at_layer_2_82(&zeta_i, re); - invert_ntt_at_layer_3_be(&zeta_i, re); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_0a(re); + invert_ntt_at_layer_1_08(&zeta_i, re); + invert_ntt_at_layer_2_91(&zeta_i, re); + invert_ntt_at_layer_3_41(&zeta_i, re); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_17(re); } /** @@ -6522,14 +6521,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_cc0( +static KRML_MUSTINLINE void compute_vector_u_b80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_19();); + result0[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6549,11 +6548,11 @@ static KRML_MUSTINLINE void compute_vector_u_cc0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_3a0(&result0[i1], &product); + ntt_multiply_ef_45(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_5d0(&result0[i1], &product); } - invert_ntt_montgomery_450(&result0[i1]); - add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_550(&result0[i1]); + add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; memcpy( @@ -6571,18 +6570,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_140( +compute_ring_element_v_1e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_3a0(&result, &product);); - invert_ntt_montgomery_450(&result); - result = add_message_error_reduce_ef_42(error_2, message, result); + ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_5d0(&result, &product);); + invert_ntt_montgomery_550(&result); + result = add_message_error_reduce_ef_21(error_2, message, result); return result; } @@ -6592,14 +6591,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_630( +static KRML_MUSTINLINE void compress_then_serialize_10_470( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_4f(to_unsigned_field_modulus_c4(re->coefficients[i0])); + compress_0d_fe(to_unsigned_field_modulus_b0(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6619,10 +6618,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_030( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_630(re, uu____0); + compress_then_serialize_10_470(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6635,7 +6634,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_7a0( +static void compress_then_serialize_u_cd0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6651,7 +6650,7 @@ static void compress_then_serialize_u_7a0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_030(&re, ret); + compress_then_serialize_ring_element_u_b50(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6664,9 +6663,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_8f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_51(re, out); + compress_then_serialize_4_06(re, out); } /** @@ -6687,7 +6686,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ad0(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6696,7 +6695,7 @@ static void encrypt_unpacked_ad0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6706,7 +6705,7 @@ static void encrypt_unpacked_ad0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_f90(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_7f0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6714,31 +6713,31 @@ static void encrypt_unpacked_ad0(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9f2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_ce( + sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_cc0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_140(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1e0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_7a0( + compress_then_serialize_u_cd0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_8f0( + compress_then_serialize_ring_element_v_cf0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6762,10 +6761,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f40(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_6b0(); - deserialize_ring_elements_reduced_bb0( + IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10(); + deserialize_ring_elements_reduced_da0( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6774,13 +6773,13 @@ static void encrypt_f40(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae0(uu____0, ret0, false); + sample_matrix_A_0d0(uu____0, ret0, false); IndCpaPublicKeyUnpacked_ae *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_ad0(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_c30(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -6795,7 +6794,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_3b(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_ab(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6822,11 +6821,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_360( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_91( + entropy_preprocess_d8_89( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6835,14 +6834,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_360( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c60(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), + H_f1_d50(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_870(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -6850,29 +6849,28 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_360( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_cf0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_4b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_1f0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_450(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_3b(shared_secret, shared_secret_array); + kdf_d8_ab(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -6881,12 +6879,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_a70( +static KRML_MUSTINLINE void deserialize_secret_key_120( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_19();); + secret_as_ntt[i] = ZERO_ef_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -6898,7 +6896,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a70( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7a(secret_bytes); + deserialize_to_uncompressed_ring_element_07(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -6917,8 +6915,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_9c0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_58(serialized); +deserialize_then_decompress_ring_element_u_cd0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_5c(serialized); } /** @@ -6927,17 +6925,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_720( +static KRML_MUSTINLINE void ntt_vector_u_2c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_1b(&zeta_i, re); - ntt_at_layer_2_ea(&zeta_i, re); - ntt_at_layer_1_21(&zeta_i, re); - poly_barrett_reduce_ef_0a(re); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_d0(&zeta_i, re); + ntt_at_layer_2_76(&zeta_i, re); + ntt_at_layer_1_5d(&zeta_i, re); + poly_barrett_reduce_ef_17(re); } /** @@ -6948,12 +6946,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_19();); + u_as_ntt[i] = ZERO_ef_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), @@ -6971,8 +6969,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c0(u_bytes); - ntt_vector_u_720(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes); + ntt_vector_u_2c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6986,8 +6984,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_ad0(Eurydice_slice serialized) { - return deserialize_then_decompress_4_6c(serialized); +deserialize_then_decompress_ring_element_v_ce0(Eurydice_slice serialized) { + return deserialize_then_decompress_4_b1(serialized); } /** @@ -6997,17 +6995,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7e0( +compute_message_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_3a0(&result, &product);); - invert_ntt_montgomery_450(&result); - result = subtract_reduce_ef_87(v, result); + ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_5d0(&result, &product);); + invert_ntt_montgomery_550(&result); + result = subtract_reduce_ef_92(v, result); return result; } @@ -7021,18 +7019,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_810(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_c90(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_1e0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_bb0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ad0( + deserialize_then_decompress_ring_element_v_ce0( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7e0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_820(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_4f(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7046,10 +7044,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_410(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_a70(secret_key, secret_as_ntt); + deserialize_secret_key_120(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7060,7 +7058,7 @@ static void decrypt_410(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_810(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_c90(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7074,8 +7072,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); +static KRML_MUSTINLINE void PRF_f1_9f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_f7(input, ret); } /** @@ -7100,7 +7098,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_390( +void libcrux_ml_kem_ind_cca_decapsulate_190( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7118,7 +7116,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_390( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_410(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_dc0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7128,7 +7126,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_390( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_070(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_870(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -7140,27 +7138,27 @@ void libcrux_ml_kem_ind_cca_decapsulate_390( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_490(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f40(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_4b0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_3b(Eurydice_array_to_slice((size_t)32U, + kdf_d8_ab(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_3b(shared_secret0, shared_secret1); + kdf_d8_ab(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_490(ciphertext), + libcrux_ml_kem_types_as_ref_00_400(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7175,7 +7173,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -7189,7 +7187,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_bb1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_8a(ring_element); + deserialize_to_reduced_ring_element_a5(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7200,13 +7198,13 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_61( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_53( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_ef_19();); - deserialize_ring_elements_reduced_bb1(public_key, deserialized_pk); + deserialized_pk[i] = ZERO_ef_1b();); + deserialize_ring_elements_reduced_da1(public_key, deserialized_pk); memcpy( ret, deserialized_pk, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7219,7 +7217,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_1d1( +static KRML_MUSTINLINE void serialize_secret_key_5a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7237,7 +7235,7 @@ static KRML_MUSTINLINE void serialize_secret_key_1d1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_c6(&re, ret0); + serialize_uncompressed_ring_element_8b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -7252,13 +7250,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_0d1( +static KRML_MUSTINLINE void serialize_public_key_mut_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_1d1(t_as_ntt, ret); + serialize_secret_key_5a1(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7275,11 +7273,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_8c1( +static KRML_MUSTINLINE void serialize_public_key_071( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_0d1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_3c1(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -7293,15 +7291,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_f7(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_61( + deserialize_ring_elements_reduced_out_53( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_8c1( + serialize_public_key_071( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7319,7 +7317,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_c61(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_d51(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -7331,11 +7329,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_c3( +bool libcrux_ml_kem_ind_cca_validate_private_key_33( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - H_f1_c61(Eurydice_array_to_subslice2( + H_f1_d51(Eurydice_array_to_subslice2( private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), t); @@ -7367,11 +7365,11 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPrivateKeyUnpacked_f8 default_1a_a31(void) { +static IndCpaPrivateKeyUnpacked_f8 default_1a_e91(void) { IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = ZERO_ef_19(); - lit.secret_as_ntt[1U] = ZERO_ef_19(); - lit.secret_as_ntt[2U] = ZERO_ef_19(); + lit.secret_as_ntt[0U] = ZERO_ef_1b(); + lit.secret_as_ntt[1U] = ZERO_ef_1b(); + lit.secret_as_ntt[2U] = ZERO_ef_1b(); return lit; } @@ -7398,25 +7396,25 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static IndCpaPublicKeyUnpacked_f8 default_8d_6b1(void) { +static IndCpaPublicKeyUnpacked_f8 default_8d_d11(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - uu____0[i] = ZERO_ef_19();); + uu____0[i] = ZERO_ef_1b();); uint8_t uu____1[32U] = {0U}; IndCpaPublicKeyUnpacked_f8 lit; memcpy( lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = ZERO_ef_19(); - lit.A[0U][1U] = ZERO_ef_19(); - lit.A[0U][2U] = ZERO_ef_19(); - lit.A[1U][0U] = ZERO_ef_19(); - lit.A[1U][1U] = ZERO_ef_19(); - lit.A[1U][2U] = ZERO_ef_19(); - lit.A[2U][0U] = ZERO_ef_19(); - lit.A[2U][1U] = ZERO_ef_19(); - lit.A[2U][2U] = ZERO_ef_19(); + lit.A[0U][0U] = ZERO_ef_1b(); + lit.A[0U][1U] = ZERO_ef_1b(); + lit.A[0U][2U] = ZERO_ef_1b(); + lit.A[1U][0U] = ZERO_ef_1b(); + lit.A[1U][1U] = ZERO_ef_1b(); + lit.A[1U][2U] = ZERO_ef_1b(); + lit.A[2U][0U] = ZERO_ef_1b(); + lit.A[2U][1U] = ZERO_ef_1b(); + lit.A[2U][2U] = ZERO_ef_1b(); return lit; } @@ -7429,7 +7427,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_071(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_871(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7443,7 +7441,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_99( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7454,7 +7452,7 @@ static KRML_MUSTINLINE void cpa_keygen_seed_d8_99( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); + G_f1_871(Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -7474,7 +7472,7 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_371(uint8_t input[3U][34U]) { +shake128_init_absorb_final_241(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7505,11 +7503,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_final_f1_171(uint8_t input[3U][34U]) { +shake128_init_absorb_final_f1_311(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_final_371(copy_of_input); + return shake128_init_absorb_final_241(copy_of_input); } /** @@ -7518,7 +7516,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_721( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_631( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7539,9 +7537,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_first_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_751( +static KRML_MUSTINLINE void shake128_squeeze_first_three_blocks_f1_2f1( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_first_three_blocks_721(self, ret); + shake128_squeeze_first_three_blocks_631(self, ret); } /** @@ -7592,7 +7590,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_713( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7630,7 +7628,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_e61( +static KRML_MUSTINLINE void shake128_squeeze_next_block_111( PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7651,9 +7649,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_next_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_481( +static KRML_MUSTINLINE void shake128_squeeze_next_block_f1_c41( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_next_block_e61(self, ret); + shake128_squeeze_next_block_111(self, ret); } /** @@ -7704,7 +7702,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_fb4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_714( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -7743,9 +7741,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_ba1( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_eb1( int16_t s[272U]) { - return from_i16_array_ef_bb( + return from_i16_array_ef_54( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -7756,7 +7754,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_491( +static KRML_MUSTINLINE void sample_from_xof_bf1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -7764,25 +7762,25 @@ static KRML_MUSTINLINE void sample_from_xof_491( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_final_f1_171(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_final_f1_311(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_first_three_blocks_f1_751(&xof_state, randomness0); + shake128_squeeze_first_three_blocks_f1_2f1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_fb3( + bool done = sample_from_uniform_distribution_next_713( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_next_block_f1_481(&xof_state, randomness); + shake128_squeeze_next_block_f1_c41(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_fb4( + done = sample_from_uniform_distribution_next_714( copy_of_randomness, sampled_coefficients, out); } } @@ -7791,7 +7789,7 @@ static KRML_MUSTINLINE void sample_from_xof_491( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_ba1(copy_of_out[i]);); + ret0[i] = closure_eb1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7804,7 +7802,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_ae1( +static KRML_MUSTINLINE void sample_matrix_A_0d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { KRML_MAYBE_FOR3( @@ -7821,7 +7819,7 @@ static KRML_MUSTINLINE void sample_matrix_A_ae1( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_491(copy_of_seeds, sampled); + sample_from_xof_bf1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7847,7 +7845,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_d52(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_af2(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7868,9 +7866,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_9f2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_132(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_d52(input, ret); + PRFxN_af2(input, ret); } /** @@ -7882,7 +7880,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -7896,12 +7894,12 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_3c1( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_132(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_ce( + re_as_ntt[i0] = sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); return domain_separator; } @@ -7925,16 +7923,16 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_ef_19();); + re_as_ntt[i] = ZERO_ef_1b();); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_3c1(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_b11(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -7959,7 +7957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( +static KRML_MUSTINLINE void add_to_ring_element_ef_5d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7983,7 +7981,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_f01( +static KRML_MUSTINLINE void compute_As_plus_e_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -7997,7 +7995,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = ZERO_ef_1b(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -8010,10 +8008,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); + ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_5d1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8026,12 +8024,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_861( +static void generate_keypair_unpacked_e91( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_99(key_generation_seed, hashed); + cpa_keygen_seed_d8_d1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8041,7 +8039,7 @@ static void generate_keypair_unpacked_861( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_A, ret); - sample_matrix_A_ae1(uu____1, ret, true); + sample_matrix_A_0d1(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_secret_and_error, prf_input); @@ -8051,17 +8049,17 @@ static void generate_keypair_unpacked_861( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_3c1(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_b11(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_c71(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -8082,18 +8080,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_79( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50( Eurydice_slice key_generation_seed) { - IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_a31(); - IndCpaPublicKeyUnpacked_f8 public_key = default_8d_6b1(); - generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); + IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91(); + IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11(); + generate_keypair_unpacked_e91(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_8c1( + serialize_public_key_071( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_1d1(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_5a1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8117,7 +8115,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( +static KRML_MUSTINLINE void serialize_kem_secret_key_b0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8143,7 +8141,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_d8( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - H_f1_c61(public_key, ret0); + H_f1_d51(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -8173,7 +8171,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8182,13 +8180,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_79(ind_cpa_keypair_randomness); + generate_keypair_50(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d8( + serialize_kem_secret_key_b0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8197,13 +8195,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_8c0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f60( - uu____2, libcrux_ml_kem_types_from_5a_450(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee0( + uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key)); } /** @@ -8216,7 +8214,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_03(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_a9(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8234,10 +8232,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_f91(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_ef_19();); + error_1[i] = ZERO_ef_1b();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8249,11 +8247,11 @@ sample_ring_element_cbd_f91(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_9f2(prf_inputs, prf_outputs); + PRFxN_f1_132(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_ce( + sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8279,9 +8277,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_9d4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_9f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_440(input, ret); + PRF_f70(input, ret); } /** @@ -8290,18 +8288,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_451( +static KRML_MUSTINLINE void invert_ntt_montgomery_551( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9d(&zeta_i, re); - invert_ntt_at_layer_2_82(&zeta_i, re); - invert_ntt_at_layer_3_be(&zeta_i, re); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_8c(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_0a(re); + invert_ntt_at_layer_1_08(&zeta_i, re); + invert_ntt_at_layer_2_91(&zeta_i, re); + invert_ntt_at_layer_3_41(&zeta_i, re); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_17(re); } /** @@ -8310,14 +8308,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_cc1( +static KRML_MUSTINLINE void compute_vector_u_b81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_19();); + result0[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8337,11 +8335,11 @@ static KRML_MUSTINLINE void compute_vector_u_cc1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_3a1(&result0[i1], &product); + ntt_multiply_ef_45(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_5d1(&result0[i1], &product); } - invert_ntt_montgomery_451(&result0[i1]); - add_error_reduce_ef_bd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_551(&result0[i1]); + add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( @@ -8359,18 +8357,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_141( +compute_ring_element_v_1e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_3a1(&result, &product);); - invert_ntt_montgomery_451(&result); - result = add_message_error_reduce_ef_42(error_2, message, result); + ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_5d1(&result, &product);); + invert_ntt_montgomery_551(&result); + result = add_message_error_reduce_ef_21(error_2, message, result); return result; } @@ -8383,7 +8381,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_7a1( +static void compress_then_serialize_u_cd1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8399,7 +8397,7 @@ static void compress_then_serialize_u_7a1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_030(&re, ret); + compress_then_serialize_ring_element_u_b50(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8423,7 +8421,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_ad1(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -8433,7 +8431,7 @@ static void encrypt_unpacked_ad1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8443,7 +8441,7 @@ static void encrypt_unpacked_ad1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_f91(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_7f1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8451,31 +8449,31 @@ static void encrypt_unpacked_ad1(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_9d4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + PRF_f1_9f4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_ce( + sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_cc1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_52(copy_of_message); + deserialize_then_decompress_message_e3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_141(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1e1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_7a1( + compress_then_serialize_u_cd1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_8f0( + compress_then_serialize_ring_element_v_cf0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8499,10 +8497,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f4(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_6b1(); - deserialize_ring_elements_reduced_bb1( + IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11(); + deserialize_ring_elements_reduced_da1( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -8511,13 +8509,13 @@ static void encrypt_f4(Eurydice_slice public_key, uint8_t message[32U], unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_422(seed, ret0); - sample_matrix_A_ae1(uu____0, ret0, false); + sample_matrix_A_0d1(uu____0, ret0, false); IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_ad1(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_c31(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8532,7 +8530,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_b2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_b7(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8559,11 +8557,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_36( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_03( + entropy_preprocess_d8_a9( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8572,14 +8570,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_36( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - H_f1_c61(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), + H_f1_d51(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + G_f1_871(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8587,29 +8585,28 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_36( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_cf1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_4b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_1f1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_451(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_b2(shared_secret, shared_secret_array); + kdf_d8_b7(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -8618,12 +8615,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_a7( +static KRML_MUSTINLINE void deserialize_secret_key_12( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_ef_19();); + secret_as_ntt[i] = ZERO_ef_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8635,7 +8632,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_a7( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_7a(secret_bytes); + deserialize_to_uncompressed_ring_element_07(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -8655,12 +8652,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_ef_19();); + u_as_ntt[i] = ZERO_ef_1b();); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), @@ -8678,8 +8675,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1e1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_9c0(u_bytes); - ntt_vector_u_720(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes); + ntt_vector_u_2c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8693,17 +8690,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7e1( +compute_message_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_19(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_3a1(&result, &product);); - invert_ntt_montgomery_451(&result); - result = subtract_reduce_ef_87(v, result); + ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_5d1(&result, &product);); + invert_ntt_montgomery_551(&result); + result = subtract_reduce_ef_92(v, result); return result; } @@ -8717,18 +8714,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_811(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_c91(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_1e1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_bb1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ad0( + deserialize_then_decompress_ring_element_v_ce0( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7e1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_821(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_4f(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8742,10 +8739,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_41(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_a7(secret_key, secret_as_ntt); + deserialize_secret_key_12(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8756,7 +8753,7 @@ static void decrypt_41(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_811(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_c91(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8770,8 +8767,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_9d3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_44(input, ret); +static KRML_MUSTINLINE void PRF_f1_9f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_f7(input, ret); } /** @@ -8796,7 +8793,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_39( +void libcrux_ml_kem_ind_cca_decapsulate_19( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8814,7 +8811,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_39( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_41(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_dc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8824,7 +8821,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_39( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_071(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + G_f1_871(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, @@ -8836,26 +8833,26 @@ void libcrux_ml_kem_ind_cca_decapsulate_39( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_491(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_9d3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_4b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_b2(Eurydice_array_to_slice((size_t)32U, + kdf_d8_b7(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_b2(shared_secret0, shared_secret1); + kdf_d8_b7(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_491(ciphertext), + libcrux_ml_kem_types_as_ref_00_401(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 850ef79ff..c9875da03 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 3c9d12e58..6e2ab7015 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index b246030f2..d854d460d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index ae63d5635..7da61a71e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1ccb6aef7..1e2de3251 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e84736e6c..5cf30d99e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index dcf61fdac..362ca6ad1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index e4e28910d..dc4e2de87 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 +Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 167e6f0ec..dcf4fd6fe 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_e2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_76( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -245,7 +245,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_5a_45(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_5a_67(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -279,7 +279,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_3a_f6(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_3a_ee(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -295,7 +295,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_7f_8c(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_7f_af(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -359,7 +359,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_6e(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_8c(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -376,7 +376,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_0e( +static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_02( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_b6( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index be254be76..898681bb4 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_ct_ops_H @@ -21,17 +21,11 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; - uint16_t result = (((uint32_t)value0 | - (uint32_t)core_num__u16_7__wrapping_add(~value0, 1U)) & - 0xFFFFU) >> - 8U & - 1U; - return (uint8_t)result; + uint8_t result = + (uint8_t)((uint32_t)core_num__u16_7__wrapping_add(~value0, 1U) >> 8U); + return (uint32_t)result & 1U; } static KRML_NOINLINE uint8_t @@ -39,18 +33,15 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; - r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + uint8_t nr = (uint32_t)r | + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + r = nr; } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } @@ -61,10 +52,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { @@ -74,10 +61,12 @@ static inline void libcrux_ml_kem_constant_time_ops_select_ct( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & - (uint32_t)~mask); + uint8_t outi = + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); + out[i0] = outi; } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 31e79d8fb..053e1683b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1207,7 +1207,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_ef_7d(void) { +libcrux_ml_kem_polynomial_ZERO_ef_05(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_09(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_09(); @@ -1236,8 +1236,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_b0(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_23(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -1248,10 +1248,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_60( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -1269,12 +1269,12 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_33( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -1287,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_33( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_60( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1310,8 +1310,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_e9(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -1322,7 +1322,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1374,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_75( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( vector); } @@ -1388,10 +1388,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_86( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, re.coefficients, __m256i), @@ -1404,7 +1404,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d9( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_75( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( coefficient); } return re; @@ -1418,7 +1418,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1470,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_750( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( vector); } @@ -1484,10 +1484,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -1495,7 +1495,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_5d( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_750( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( coefficient); } return re; @@ -1509,9 +1509,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_75( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d9(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1526,7 +1526,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09(v, fer); } @@ -1539,9 +1539,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_5d(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_09(a, &t); a = libcrux_ml_kem_vector_avx2_add_09(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1555,7 +1555,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1568,7 +1568,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_5d( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_97( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -1586,7 +1586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ba( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1605,7 +1605,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_53( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_89( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1625,7 +1625,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1652,7 +1652,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1669,24 +1669,24 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_88( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ae(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_ba(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_89(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); } /** @@ -1699,12 +1699,12 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -1724,9 +1724,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_75( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_88(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_96(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1741,7 +1741,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1793,9 +1793,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_751( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( vector); } @@ -1807,10 +1807,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_2e( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -1818,7 +1818,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_2e( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_751( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( coefficient); } return re; @@ -1832,7 +1832,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1884,9 +1884,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_752( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_3e2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( vector); } @@ -1898,10 +1898,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -1909,7 +1909,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_d5( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_752( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( re.coefficients[i0]); } return re; @@ -1923,9 +1923,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized); } /** @@ -1941,11 +1941,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_ef_63( +libcrux_ml_kem_polynomial_ntt_multiply_ef_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -1974,7 +1974,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -1995,7 +1995,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ee( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2019,7 +2019,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2041,7 +2041,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2062,13 +2062,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e3(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a2(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5f(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2081,7 +2081,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2096,7 +2096,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_e3( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2114,22 +2114,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ee(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_9c(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_2f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_7c(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); } /** @@ -2145,7 +2145,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_ef_6f( +libcrux_ml_kem_polynomial_subtract_reduce_ef_23( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,21 +2169,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_74( +libcrux_ml_kem_matrix_compute_message_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_6f(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_23(v, result); return result; } @@ -2194,7 +2194,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2208,9 +2208,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_16( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_c1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_d4(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(vector); } /** @@ -2221,8 +2221,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_16(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_c1(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2236,8 +2236,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(__m256i a) { - return libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(a); +libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(__m256i a) { + return libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(a); } /** @@ -2248,12 +2248,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_bc( +libcrux_ml_kem_serialize_compress_then_serialize_message_db( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2280,20 +2280,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_69( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_37(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_51( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_74(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_ee(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_bc(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2308,11 +2308,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_2a(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_33(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2324,7 +2324,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_2a(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_69(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2339,7 +2339,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_67( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2350,7 +2350,7 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_96( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -2369,9 +2369,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_d1(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_96(input, ret); } /** @@ -2387,10 +2387,10 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 lit; @@ -2398,15 +2398,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); return lit; } @@ -2418,10 +2418,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5a( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2442,7 +2442,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2456,7 +2456,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_5a( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( ring_element); deserialized_pk[i0] = uu____0; } @@ -2473,7 +2473,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_2a( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_96( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); @@ -2497,12 +2497,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_1c( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_c1( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_2a( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_96( copy_of_input); } @@ -2514,7 +2514,7 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_0c( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_08( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2550,9 +2550,9 @@ const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_2e( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_7a( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_0c( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_08( self, ret); } @@ -2606,7 +2606,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2649,7 +2649,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_4a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_01( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2685,9 +2685,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_1d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_9f( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_4a(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_01(self, ret); } /** @@ -2740,7 +2740,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2788,9 +2788,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_ef_14(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_ef(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2809,8 +2809,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_e4(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_14( +libcrux_ml_kem_sampling_sample_from_xof_closure_b4(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_ef_ef( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -2821,7 +2821,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_90( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2830,28 +2830,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_1c( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_final_a9_c1( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_2e( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_first_three_blocks_a9_7a( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_74( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_1d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_next_block_a9_9f( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_740( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fe0( copy_of_randomness, sampled_coefficients, out); } } @@ -2861,7 +2861,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_e4(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_b4(copy_of_out[i]); } memcpy( ret, ret0, @@ -2875,7 +2875,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2896,7 +2896,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_34( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_67(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_90(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2937,8 +2937,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_f4(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -2948,7 +2948,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_08( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_fb( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -2987,9 +2987,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_b2( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_08(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_fb(input, ret); } /** @@ -3000,7 +3000,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_4a( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3035,7 +3035,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_ef( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3047,7 +3047,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -3081,7 +3081,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_05( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_14( + return libcrux_ml_kem_polynomial_from_i16_array_ef_ef( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -3093,9 +3093,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_80( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_4a( randomness); } @@ -3106,7 +3106,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3128,23 +3128,23 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_64(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U, (size_t)11207U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_1d( + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ae( + libcrux_ml_kem_ntt_ntt_at_layer_3_ba( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_53( + libcrux_ml_kem_ntt_ntt_at_layer_2_89( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_09( + libcrux_ml_kem_ntt_ntt_at_layer_1_d7( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_09(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); } /** @@ -3157,7 +3157,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3173,13 +3173,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_b2(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_5c(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]); } return domain_separator; } @@ -3194,16 +3194,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3228,8 +3228,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_93(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_92(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -3242,11 +3242,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_66(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3261,11 +3261,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_66(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_16(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_b2(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -3288,7 +3288,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_d10( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_960( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -3307,9 +3307,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_160( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_d10(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_960(input, ret); } /** @@ -3320,8 +3320,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_83(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_matrix_compute_vector_u_closure_c6(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -3336,7 +3336,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_9e( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3358,14 +3358,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3386,12 +3386,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_38( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_9e(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3410,7 +3410,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_fd( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_06( __m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); @@ -3426,10 +3426,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = @@ -3437,7 +3437,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_fd(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_06(coefficient_compressed); } return re; } @@ -3455,7 +3455,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_c6( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3483,22 +3483,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_af( +libcrux_ml_kem_matrix_compute_ring_element_v_5b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_05(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_c6( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81( error_2, message, result); return result; } @@ -3511,7 +3511,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3566,9 +3566,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b7( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( vector); } @@ -3580,14 +3580,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_33( +libcrux_ml_kem_serialize_compress_then_serialize_10_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b7( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3609,7 +3609,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3664,9 +3664,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b70( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( vector); } @@ -3678,14 +3678,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_5d( +libcrux_ml_kem_serialize_compress_then_serialize_11_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b70( - libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3706,10 +3706,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_33(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_34(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3723,7 +3723,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_98( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3739,7 +3739,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_98( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_25(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3754,7 +3754,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3809,9 +3809,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b71( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( vector); } @@ -3823,14 +3823,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_7a( +libcrux_ml_kem_serialize_compress_then_serialize_4_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_b71( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e1( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3849,7 +3849,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3904,9 +3904,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_b72( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_8f2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( vector); } @@ -3918,14 +3918,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_15( +libcrux_ml_kem_serialize_compress_then_serialize_5_de( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_b72( - libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_4e2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -3945,9 +3945,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dc( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_7a(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_c3(re, out); } /** @@ -3968,7 +3968,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3976,7 +3976,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -3986,7 +3986,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_66( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -3995,33 +3995,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_420( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_160( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_38(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_43(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_03( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_af( + libcrux_ml_kem_matrix_compute_ring_element_v_5b( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_98( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dc( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4045,13 +4045,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_65(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4060,14 +4060,14 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_65(Eurydice_slice public_key, unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_34(uu____0, ret0, false); + libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____0, ret0, false); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4084,7 +4084,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_54( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_16( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4116,7 +4116,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_82( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4134,7 +4134,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_82( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_2a(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4145,7 +4145,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_82( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4158,10 +4158,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_82( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4169,18 +4169,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_82( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_65(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_54( + libcrux_ml_kem_variant_kdf_d8_16( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_54(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_16(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4210,10 +4210,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_63( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret); } /** @@ -4227,7 +4227,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_63(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, ciphertext, ret); } @@ -4242,7 +4242,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_44( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_64( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4260,7 +4260,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_16( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4285,11 +4285,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_86( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_44( + libcrux_ml_kem_variant_entropy_preprocess_d8_64( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4298,15 +4298,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_86( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16( + libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_0e(public_key), + libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4315,31 +4315,30 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_86( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_65(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_54(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_16(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -4361,14 +4360,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c5( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_86(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } /** @@ -4386,7 +4385,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c5( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( uu____0, copy_of_randomness); } @@ -4403,11 +4402,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_05(); return lit; } @@ -4422,7 +4421,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4433,7 +4432,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -4445,7 +4444,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_79( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4464,14 +4463,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_c1( + libcrux_ml_kem_vector_traits_to_standard_domain_79( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4486,7 +4485,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -4501,7 +4500,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_ZERO_ef_7d(); + libcrux_ml_kem_polynomial_ZERO_ef_05(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -4514,12 +4513,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4534,12 +4533,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_0e(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4549,7 +4548,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); + libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); @@ -4559,7 +4558,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4567,11 +4566,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_67( + libcrux_ml_kem_matrix_compute_As_plus_e_2d( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -4589,13 +4588,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -4617,7 +4616,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4635,7 +4634,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -4651,13 +4650,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_05(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_99(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4675,11 +4674,11 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_f7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ca( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -4700,20 +4699,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_1e(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( + libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f7( + libcrux_ml_kem_ind_cpa_serialize_public_key_ca( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4739,7 +4738,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4765,7 +4764,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_41(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -4796,7 +4795,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4805,13 +4804,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_1e(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_6a(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4820,13 +4819,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f6( - uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee( + uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); } /** @@ -4842,12 +4841,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_dd(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness); } /** @@ -4859,7 +4858,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_ff( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( copy_of_randomness); } @@ -4875,7 +4874,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_42( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -4884,15 +4883,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_42( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16( + libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_e2(ciphertext), + libcrux_ml_kem_types_as_slice_d4_76(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -4920,7 +4919,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_820( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4938,7 +4937,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_820( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_2a(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4949,7 +4948,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_820( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -4962,10 +4961,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_820( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -4973,18 +4972,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_820( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_65(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_42( + libcrux_ml_kem_variant_kdf_33_f5( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_42(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_f5(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5018,10 +5017,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_0b( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret); } /** @@ -5035,7 +5034,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_0b( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( private_key, ciphertext, ret); } @@ -5050,9 +5049,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_e7( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_16(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret); } /** @@ -5075,11 +5074,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_860( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_ad( + libcrux_ml_kem_variant_entropy_preprocess_33_e7( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5088,15 +5087,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_860( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16( + libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_0e(public_key), + libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5105,31 +5104,30 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_860( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_65(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_42(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_f5(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -5154,14 +5152,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e7( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_860(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } /** @@ -5179,7 +5177,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_e7( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( uu____0, copy_of_randomness); } @@ -5194,9 +5192,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_08( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_bc( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G_a9_67(key_generation_seed, ret); + libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret); } /** @@ -5209,12 +5207,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_08(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5224,7 +5222,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_34(uu____1, ret, true); + libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); @@ -5234,7 +5232,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_07( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5242,11 +5240,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_67( + libcrux_ml_kem_matrix_compute_As_plus_e_2d( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5270,21 +5268,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_1e0( +libcrux_ml_kem_ind_cpa_generate_keypair_6a0( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( + libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f7( + libcrux_ml_kem_ind_cpa_serialize_public_key_ca( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5317,7 +5315,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5326,13 +5324,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_1e0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_6a0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_7b( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5341,13 +5339,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_dd0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f6( - uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee( + uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); } /** @@ -5364,12 +5362,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_b1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_dd0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness); } /** @@ -5381,7 +5379,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_b1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( copy_of_randomness); } @@ -5394,11 +5392,11 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e9( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16( + libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), @@ -5420,10 +5418,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_e9(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key, ciphertext); } @@ -5436,7 +5434,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( private_key, ciphertext); } @@ -5448,9 +5446,9 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_3d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_4b( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -5461,14 +5459,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_d1( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -5484,16 +5482,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_eb( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c0( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_d1( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f7( + libcrux_ml_kem_ind_cpa_serialize_public_key_ca( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5512,9 +5510,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_91( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_eb(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key); } /** @@ -5525,7 +5523,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_91( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_91( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( public_key->value); } @@ -5551,11 +5549,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_64( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_69( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5569,7 +5567,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_64( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5585,10 +5583,10 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_64( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_42( + libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = @@ -5597,11 +5595,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_64( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5638,10 +5636,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_31( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_64(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret); } /** @@ -5655,7 +5653,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_31( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( private_key, ciphertext, ret); } @@ -5678,7 +5676,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5692,7 +5690,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_67( + libcrux_ml_kem_hash_functions_avx2_G_a9_9f( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5706,7 +5704,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_7b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5716,7 +5714,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5750,7 +5748,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ab( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5758,7 +5756,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ab( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_1d(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(uu____0, copy_of_randomness); } @@ -5779,7 +5777,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_ab( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( uu____0, copy_of_randomness); } @@ -5799,8 +5797,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_b2(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_7d(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_59(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_ef_05(); } /** @@ -5818,10 +5816,10 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_64( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_7d(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } } @@ -5838,7 +5836,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_8d_d3( +libcrux_ml_kem_polynomial_clone_8d_ae( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5865,7 +5863,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -5875,19 +5873,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_64(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_d3( + libcrux_ml_kem_polynomial_clone_8d_ae( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5900,13 +5898,13 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_f7( + libcrux_ml_kem_ind_cpa_serialize_public_key_ca( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t uu____2[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16( + libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); memcpy(out->public_key.public_key_hash, uu____2, (size_t)32U * sizeof(uint8_t)); @@ -5936,13 +5934,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_1b( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_98(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(copy_of_randomness, out); } /** @@ -5955,7 +5953,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_1b( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( copy_of_randomness, key_pair); } @@ -5972,9 +5970,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_c5(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_44(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_80(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6024,9 +6022,9 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_bb(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_2c(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_19(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -6062,7 +6060,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_c5()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_44()}); } /** @@ -6071,7 +6069,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_bb(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_2c(); } /** @@ -6080,7 +6078,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_c5(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_44(); } /** @@ -6101,10 +6099,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_7b( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_7b( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -6129,10 +6127,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_b6( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_7b( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( &self->public_key, serialized); } @@ -6144,7 +6142,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_b6(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39(key_pair, serialized); } @@ -6161,7 +6159,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_0d( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6198,11 +6196,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_56( +libcrux_ml_kem_ind_cca_unpacked_clone_28_69( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_0d(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6226,7 +6224,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_e2( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6239,8 +6237,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_56( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_e2(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_69( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9(key_pair)); pk[0U] = uu____0; } @@ -6251,7 +6249,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_7b(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99(public_key, serialized); } @@ -6269,13 +6267,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_ed( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_3b( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -6291,11 +6289,11 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_ed( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), ret); - libcrux_ml_kem_matrix_sample_matrix_A_34(uu____2, ret, false); + libcrux_ml_kem_matrix_sample_matrix_A_ee(uu____2, ret, false); uint8_t uu____3[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_16( + libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_0e(public_key), + libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -6316,11 +6314,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_ed(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(public_key, unpacked_public_key); } @@ -6332,7 +6330,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 9d502829e..1e215bec0 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 32f0d2918..3d23894e4 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_portable_H @@ -2458,7 +2458,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_ef_19(void) { +libcrux_ml_kem_polynomial_ZERO_ef_1b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2486,8 +2486,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_75(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_57(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -2497,10 +2497,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8f( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -2519,12 +2519,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len(secret_key, uint8_t) / @@ -2537,7 +2537,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5f( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_8f( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2559,8 +2559,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_ef(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -2570,7 +2570,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b4( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2595,9 +2595,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b4( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( v); } @@ -2608,10 +2608,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_38( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( Eurydice_array_to_slice( @@ -2627,7 +2627,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_38( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea( coefficient); re.coefficients[i0] = uu____0; } @@ -2641,7 +2641,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b40( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2666,9 +2666,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b40( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( v); } @@ -2679,10 +2679,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_68( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; @@ -2691,7 +2691,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_68( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0( coefficient); re.coefficients[i0] = uu____0; } @@ -2705,9 +2705,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_38(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2722,7 +2722,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2736,12 +2736,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d1( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2755,7 +2755,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2768,7 +2768,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d1( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_57( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2785,7 +2785,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_1b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2805,7 +2805,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_76( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2826,7 +2826,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_5d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2854,7 +2854,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2872,24 +2872,24 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_52( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U, (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U, (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_1b(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_d0(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_ea(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_76(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_5d(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); } /** @@ -2901,12 +2901,12 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f8( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } for (size_t i = (size_t)0U; i < Eurydice_slice_len( @@ -2926,9 +2926,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f8( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_52(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_62(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2942,7 +2942,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b41( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2967,9 +2967,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b41( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( v); } @@ -2980,10 +2980,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_87( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; @@ -2992,7 +2992,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1( coefficient); re.coefficients[i0] = uu____0; } @@ -3006,7 +3006,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b42( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3031,9 +3031,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b42( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( v); } @@ -3044,10 +3044,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_57( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_df( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; @@ -3056,7 +3056,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_57( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_4c2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,9 +3070,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_32( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_d2(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(serialized); } /** @@ -3087,11 +3087,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_ef_76( +libcrux_ml_kem_polynomial_ntt_multiply_ef_45( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3121,7 +3121,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3145,7 +3145,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ab( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3168,7 +3168,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3189,7 +3189,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_10( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3211,7 +3211,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3219,7 +3219,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_5e(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_ad(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3232,7 +3232,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3247,7 +3247,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3264,22 +3264,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_ab(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_3a(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_10(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_ce(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); } /** @@ -3294,7 +3294,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_ef_2c( +libcrux_ml_kem_polynomial_subtract_reduce_ef_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,21 +3320,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_dc( +libcrux_ml_kem_matrix_compute_message_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_2c(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result); return result; } @@ -3344,7 +3344,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_95( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3364,9 +3364,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_3e( +libcrux_ml_kem_vector_portable_shift_right_0d_9d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_3c(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v); } /** @@ -3376,10 +3376,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( +libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_3e(a); + libcrux_ml_kem_vector_portable_shift_right_0d_9d(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3393,10 +3393,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( +libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(a); + libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(a); return result; } @@ -3407,13 +3407,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_ec( +libcrux_ml_kem_serialize_compress_then_serialize_message_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3441,20 +3441,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_75( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_f8(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_32( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_dc(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_d5(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_ec(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3468,11 +3468,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_46(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_5f(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3484,7 +3484,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_46(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_75(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3498,7 +3498,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_07( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3508,7 +3508,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_44( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f7( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( @@ -3526,9 +3526,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_44(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_f7(input, ret); } /** @@ -3543,10 +3543,10 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + uu____0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } uint8_t uu____1[32U] = {0U}; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 lit; @@ -3554,15 +3554,15 @@ libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(void) { lit.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy(lit.seed_for_A, uu____1, (size_t)32U * sizeof(uint8_t)); - lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.A[0U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[0U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[0U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[1U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[1U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[1U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[2U][0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[2U][1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.A[2U][2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); return lit; } @@ -3573,10 +3573,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c7( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; @@ -3598,7 +3598,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -3612,7 +3612,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c7( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( ring_element); deserialized_pk[i0] = uu____0; } @@ -3634,7 +3634,7 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_37( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_24( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3667,12 +3667,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_17( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_31( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_37( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_24( copy_of_input); } @@ -3683,7 +3683,7 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_72( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_63( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3707,10 +3707,10 @@ with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_75( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_2f( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_72( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_63( self, ret); } @@ -3763,7 +3763,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_71( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3805,7 +3805,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e6( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_11( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3829,10 +3829,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_48( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c4( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_e6(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_11(self, ret); } @@ -3885,7 +3885,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_710( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3932,9 +3932,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_ef_bb(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_ef_54(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3955,8 +3955,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_ba(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( +libcrux_ml_kem_sampling_sample_from_xof_closure_eb(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_ef_54( Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } @@ -3967,7 +3967,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_bf( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -3976,28 +3976,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_17( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_final_f1_31( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_75( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_first_three_blocks_f1_2f( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_71( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_48( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_next_block_f1_c4( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_fb0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_710( copy_of_randomness, sampled_coefficients, out); } } @@ -4007,7 +4007,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_49( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_ba(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_eb(copy_of_out[i]); } memcpy( ret, ret0, @@ -4021,7 +4021,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_0d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*A_transpose)[3U], uint8_t seed[34U], bool transpose) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4042,7 +4042,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ae( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_49(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_bf(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4083,8 +4083,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_55(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -4093,7 +4093,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_d5( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_af( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4115,9 +4115,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_13( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_d5(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_af(input, ret); } /** @@ -4127,7 +4127,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_48( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4162,7 +4162,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_54( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4173,7 +4173,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_3a( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; @@ -4207,7 +4207,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_ee( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_ef_bb( + return libcrux_ml_kem_polynomial_from_i16_array_ef_54( Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } @@ -4218,9 +4218,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_1b( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_48( randomness); } @@ -4230,7 +4230,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_73( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4253,23 +4253,23 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_73(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_97(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U, (size_t)11207U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U, (size_t)11207U + (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_18( + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_1b( + libcrux_ml_kem_ntt_ntt_at_layer_3_d0( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_ea( + libcrux_ml_kem_ntt_ntt_at_layer_2_76( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_21( + libcrux_ml_kem_ntt_ntt_at_layer_1_5d( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_0a(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); } /** @@ -4282,7 +4282,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4298,13 +4298,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_13(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b3(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]); } return domain_separator; } @@ -4319,16 +4319,16 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4353,8 +4353,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_ed(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b7(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -4367,11 +4367,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d6(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4386,11 +4386,11 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d6(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_9f(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_13(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } @@ -4412,7 +4412,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_440( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f70( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( @@ -4430,9 +4430,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_9f0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_440(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_f70(input, ret); } /** @@ -4442,8 +4442,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_4e(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_matrix_compute_vector_u_closure_a1(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -4457,7 +4457,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_33( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4481,14 +4481,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4509,12 +4509,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_7b( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_45(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result0[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_33(&result0[i1], + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result0[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(&result0[i1], &error_1[i1]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -4533,7 +4533,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_5b( +libcrux_ml_kem_vector_traits_decompress_1_d4( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4552,10 +4552,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4565,7 +4565,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_5b(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_d4(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4583,7 +4583,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f0( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4613,22 +4613,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_43( +libcrux_ml_kem_matrix_compute_ring_element_v_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_f0( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf( error_2, message, result); return result; } @@ -4639,7 +4639,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_c5( +libcrux_ml_kem_vector_portable_compress_compress_61( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4662,9 +4662,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_4f( +libcrux_ml_kem_vector_portable_compress_0d_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_c5(a); + return libcrux_ml_kem_vector_portable_compress_compress_61(a); } /** @@ -4674,15 +4674,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_83( +libcrux_ml_kem_serialize_compress_then_serialize_10_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_4f( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( + libcrux_ml_kem_vector_portable_compress_0d_fe( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4702,7 +4702,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_c50( +libcrux_ml_kem_vector_portable_compress_compress_610( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4725,9 +4725,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_4f0( +libcrux_ml_kem_vector_portable_compress_0d_fe0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_c50(a); + return libcrux_ml_kem_vector_portable_compress_compress_610(a); } /** @@ -4737,15 +4737,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_2c( +libcrux_ml_kem_serialize_compress_then_serialize_11_63( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_4f0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( + libcrux_ml_kem_vector_portable_compress_0d_fe0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4765,10 +4765,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cf( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_83(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_9d(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4781,7 +4781,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_86( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4797,7 +4797,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_86( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_cf(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4810,7 +4810,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_c51( +libcrux_ml_kem_vector_portable_compress_compress_611( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4833,9 +4833,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_4f1( +libcrux_ml_kem_vector_portable_compress_0d_fe1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_c51(a); + return libcrux_ml_kem_vector_portable_compress_compress_611(a); } /** @@ -4845,15 +4845,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_17( +libcrux_ml_kem_serialize_compress_then_serialize_4_32( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_4f1( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( + libcrux_ml_kem_vector_portable_compress_0d_fe1( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4870,7 +4870,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_c52( +libcrux_ml_kem_vector_portable_compress_compress_612( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4893,9 +4893,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_4f2( +libcrux_ml_kem_vector_portable_compress_0d_fe2( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_c52(a); + return libcrux_ml_kem_vector_portable_compress_compress_612(a); } /** @@ -4905,15 +4905,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_b7( +libcrux_ml_kem_serialize_compress_then_serialize_5_14( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_4f2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( + libcrux_ml_kem_vector_portable_compress_0d_fe2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4932,9 +4932,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e9( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_17(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_32(re, out); } /** @@ -4955,7 +4955,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4963,7 +4963,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -4973,7 +4973,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_d6( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4982,33 +4982,33 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_9d0( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_ce( + libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_7b(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_90(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c4( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_43( + libcrux_ml_kem_matrix_compute_ring_element_v_c6( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_86( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_e9( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5032,13 +5032,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( + unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5047,14 +5047,14 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_3b(Eurydice_slice public_key, unpacked_public_key.A; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____0, ret0, false); + libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____0, ret0, false); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____1 = &unpacked_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5070,7 +5070,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b2( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b7( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5101,7 +5101,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_6b( +static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5119,7 +5119,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_46(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5130,7 +5130,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5143,10 +5143,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5154,18 +5154,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_b2( + libcrux_ml_kem_variant_kdf_d8_b7( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_b2(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_b7(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5195,10 +5195,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d5( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6b(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d5(private_key, ciphertext, ret); } /** @@ -5211,7 +5211,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d5( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d5( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( private_key, ciphertext, ret); } @@ -5225,7 +5225,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_03( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_a9( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5242,7 +5242,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5266,11 +5266,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_03( + libcrux_ml_kem_variant_entropy_preprocess_d8_a9( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5279,15 +5279,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6( + libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_0e(public_key), + libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5296,31 +5296,30 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_b2(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_b7(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -5341,14 +5340,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_28( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fd(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_49(uu____0, copy_of_randomness); } /** @@ -5365,7 +5364,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_28( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9( uu____0, copy_of_randomness); } @@ -5381,11 +5380,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(void) { +libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(void) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 lit; - lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); - lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + lit.secret_as_ntt[0U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.secret_as_ntt[1U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + lit.secret_as_ntt[2U] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); return lit; } @@ -5399,7 +5398,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_99( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5410,7 +5409,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_99( seed[LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE] = (uint8_t)(size_t)3U; uint8_t ret0[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)33U, seed, uint8_t), ret0); memcpy(ret, ret0, (size_t)64U * sizeof(uint8_t)); } @@ -5422,7 +5421,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_73( +libcrux_ml_kem_vector_traits_to_standard_domain_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5440,7 +5439,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5448,7 +5447,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_73( + libcrux_ml_kem_vector_traits_to_standard_domain_bf( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5464,7 +5463,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -5479,7 +5478,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i0]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_ZERO_ef_19(); + libcrux_ml_kem_polynomial_ZERO_ef_1b(); t_as_ntt[i0] = uu____0; for (size_t i1 = (size_t)0U; i1 < Eurydice_slice_len( @@ -5492,12 +5491,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5511,12 +5510,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_99(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5526,7 +5525,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); + libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); @@ -5536,7 +5535,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5544,11 +5543,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_f0( + libcrux_ml_kem_matrix_compute_As_plus_e_c7( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5565,14 +5564,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5593,7 +5592,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5611,7 +5610,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } @@ -5626,13 +5625,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5649,11 +5648,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_8c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -5673,20 +5672,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_79(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( + libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_8c( + libcrux_ml_kem_ind_cpa_serialize_public_key_07( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5711,7 +5710,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5737,7 +5736,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_d5(public_key, ret0); Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; @@ -5767,7 +5766,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5776,13 +5775,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_79(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_50(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5791,13 +5790,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_91(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f6( - uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee( + uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); } /** @@ -5813,12 +5812,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_08( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_91(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); } /** @@ -5829,7 +5828,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_08( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1( copy_of_randomness); } @@ -5844,7 +5843,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_44( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5853,15 +5852,15 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_44( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6( + libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_e2(ciphertext), + libcrux_ml_kem_types_as_slice_d4_76(ciphertext), uint8_t), ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5888,7 +5887,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_6b0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5906,7 +5905,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_46(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5917,7 +5916,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b0( uint8_t, size_t), ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -5930,10 +5929,10 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5941,18 +5940,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_6b0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_44( + libcrux_ml_kem_variant_kdf_33_de( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_44(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_de(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5986,10 +5985,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_c7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_6b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_d50(private_key, ciphertext, ret); } /** @@ -6002,7 +6001,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_c7( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_c7( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( private_key, ciphertext, ret); } @@ -6016,9 +6015,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_ec( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_47( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_c6(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret); } /** @@ -6040,11 +6039,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd0( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_ec( + libcrux_ml_kem_variant_entropy_preprocess_33_47( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6053,15 +6052,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6( + libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_0e(public_key), + libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t), ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6070,31 +6069,30 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fd0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_0e(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_3b(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_44(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_de(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c result; - result.fst = uu____5; - memcpy(result.snd, copy_of_shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - return result; + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; } /** @@ -6119,14 +6117,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fd0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_490(uu____0, copy_of_randomness); } /** @@ -6143,7 +6141,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_5e( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e( uu____0, copy_of_randomness); } @@ -6157,9 +6155,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_01( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_de( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_portable_G_f1_07(key_generation_seed, ret); + libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret); } /** @@ -6171,12 +6169,12 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_01(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_de(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6186,7 +6184,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( public_key->A; uint8_t ret[34U]; libcrux_ml_kem_utils_into_padded_array_421(seed_for_A, ret); - libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____1, ret, true); + libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____1, ret, true); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_422(seed_for_secret_and_error, prf_input); @@ -6196,7 +6194,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_3c( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -6204,11 +6202,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_f0( + libcrux_ml_kem_matrix_compute_As_plus_e_c7( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -6231,21 +6229,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_790( +libcrux_ml_kem_ind_cpa_generate_keypair_500( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = - libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = - libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( + libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_8c( + libcrux_ml_kem_ind_cpa_serialize_public_key_07( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6277,7 +6275,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6286,13 +6284,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_790(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_500(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_d8( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6301,13 +6299,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_910(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_8c(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_f6( - uu____2, libcrux_ml_kem_types_from_5a_45(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_ee( + uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); } /** @@ -6323,12 +6321,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_05( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_910(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); } /** @@ -6340,7 +6338,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_05( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69( copy_of_randomness); } @@ -6352,11 +6350,11 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_79( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_fd( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6( + libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_subslice2(private_key->value, (size_t)384U * (size_t)3U, (size_t)768U * (size_t)3U + (size_t)32U, uint8_t), @@ -6377,10 +6375,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_03( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_79(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key, ciphertext); } @@ -6392,7 +6390,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_03( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_03( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( private_key, ciphertext); } @@ -6404,9 +6402,9 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_8b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_bc( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -6416,14 +6414,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_7b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( public_key, deserialized_pk); memcpy( ret, deserialized_pk, @@ -6438,16 +6436,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_bb( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_7b( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_8c( + libcrux_ml_kem_ind_cpa_serialize_public_key_07( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6465,9 +6463,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_aa( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bb(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); } /** @@ -6477,7 +6475,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_aa( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_aa( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( public_key->value); } @@ -6503,11 +6501,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_75( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6521,7 +6519,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6537,10 +6535,10 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_9d( + libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -6549,11 +6547,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_b6(ciphertext), + libcrux_ml_kem_types_as_ref_00_8c(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6589,10 +6587,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_2e( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_d6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(key_pair, ciphertext, ret); } /** @@ -6606,7 +6604,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_2e( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65( private_key, ciphertext, ret); } @@ -6629,7 +6627,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_02( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6643,7 +6641,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_02( (size_t)32U, public_key->public_key_hash, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_07( + libcrux_ml_kem_hash_functions_portable_G_f1_87( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), @@ -6657,7 +6655,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_02( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_f8(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6667,7 +6665,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_02( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_6e(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6700,7 +6698,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_10( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6708,7 +6706,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_10( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_02(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(uu____0, copy_of_randomness); } @@ -6728,7 +6726,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_10( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( uu____0, copy_of_randomness); } @@ -6747,8 +6745,8 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_95(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_ef_19(); +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_42(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } /** @@ -6765,10 +6763,10 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6b( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_19(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } } @@ -6784,7 +6782,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_8d_06( +libcrux_ml_kem_polynomial_clone_8d_26( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6813,7 +6811,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6823,19 +6821,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_6b(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_06( + libcrux_ml_kem_polynomial_clone_8d_26( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6848,13 +6846,13 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_8c( + libcrux_ml_kem_ind_cpa_serialize_public_key_07( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), pk_serialized); uint8_t uu____2[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6( + libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), uu____2); memcpy(out->public_key.public_key_hash, uu____2, (size_t)32U * sizeof(uint8_t)); @@ -6883,13 +6881,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ec( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_3b(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(copy_of_randomness, out); } /** @@ -6902,7 +6900,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_ec( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3( copy_of_randomness, key_pair); } @@ -6918,9 +6916,9 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_05(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; - lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_6b(); + lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); lit.public_key_hash[0U] = 0U; lit.public_key_hash[1U] = 0U; lit.public_key_hash[2U] = 0U; @@ -6969,9 +6967,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_c3(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_35(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; - uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_a3(); + uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); uu____0.implicit_rejection_value[0U] = 0U; uu____0.implicit_rejection_value[1U] = 0U; uu____0.implicit_rejection_value[2U] = 0U; @@ -7007,7 +7005,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_05()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_6e()}); } /** @@ -7015,7 +7013,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_c3(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_35(); } /** @@ -7023,7 +7021,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_05(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(); } /** @@ -7043,10 +7041,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_0d( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_0d( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -7070,10 +7068,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6b( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_0d( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( &self->public_key, serialized); } @@ -7084,7 +7082,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_6b(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1(key_pair, serialized); } @@ -7100,7 +7098,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_25( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7136,11 +7134,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_e5( +libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_25(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7163,7 +7161,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_7e( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7175,8 +7173,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_e5( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_7e(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7(key_pair)); pk[0U] = uu____0; } @@ -7187,7 +7185,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_0d(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52(public_key, serialized); } @@ -7210,7 +7208,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_b2( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -7226,11 +7224,11 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( Eurydice_array_to_subslice_from((size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t), ret); - libcrux_ml_kem_matrix_sample_matrix_A_ae(uu____2, ret, false); + libcrux_ml_kem_matrix_sample_matrix_A_0d(uu____2, ret, false); uint8_t uu____3[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_c6( + libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_0e(public_key), + libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -7250,7 +7248,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_ee( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -7266,7 +7264,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_ee( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index b8421f790..c283eae80 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 5b77b14b3..2e9dfdbc9 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index eb7601a34..cd92309a3 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: ff16b9e8164d0fd89efabd103d4a6c874df0c127 + * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 */ #ifndef __libcrux_sha3_portable_H From d48d4d697507df5e20291a686cb910899981d1b0 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 25 Sep 2024 09:17:14 +0000 Subject: [PATCH 324/348] Make ind_cpar.rs panic-free --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 20 +++++------ .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 11 ++++--- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 2 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 33 ++++++++++--------- libcrux-ml-kem/src/invert_ntt.rs | 2 +- libcrux-ml-kem/src/ntt.rs | 2 +- 7 files changed, 37 insertions(+), 35 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 5bb6b9214..61940c321 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -297,8 +297,6 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out -#push-options "--admit_smt_queries true" - let deserialize_then_decompress_u (v_K v_CIPHERTEXT_SIZE v_U_COMPRESSION_FACTOR: usize) (#v_Vector: Type0) @@ -357,9 +355,9 @@ let deserialize_then_decompress_u in u_as_ntt) in - u_as_ntt - -#pop-options + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = u_as_ntt in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_secret_key (v_K: usize) @@ -410,7 +408,7 @@ let deserialize_secret_key let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 200" let serialize_secret_key (v_K v_OUT_LEN: usize) @@ -467,7 +465,9 @@ let serialize_secret_key <: t_Array u8 v_OUT_LEN) in - out + let result:t_Array u8 v_OUT_LEN = out in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options @@ -544,8 +544,6 @@ let serialize_public_key let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" - let decrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -577,8 +575,6 @@ let decrypt_unpacked in Libcrux_ml_kem.Serialize.compress_then_serialize_message #v_Vector message -#pop-options - let decrypt (v_K v_CIPHERTEXT_SIZE v_VECTOR_U_ENCODED_SIZE v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR: usize) @@ -610,7 +606,7 @@ let decrypt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--admit_smt_queries true" +#push-options "--z3rlimit 200" let encrypt_unpacked (v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 11fd6f8e5..3cfd73dbb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -221,7 +221,8 @@ val decrypt_unpacked (requires Spec.MLKEM.is_rank v_K /\ v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v v_VECTOR_U_ENCODED_SIZE <= v v_CIPHERTEXT_SIZE) + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE v_K) (fun _ -> Prims.l_True) val decrypt @@ -293,10 +294,12 @@ val encrypt_unpacked v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\ v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\ - v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ + v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_C2_LEN == Spec.MLKEM.v_C2_SIZE v_K /\ v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\ - v (Core.Slice.impl__len #u8 randomness) <= 33) + v_V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR v_K /\ + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K /\ + length randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE) (fun _ -> Prims.l_True) val encrypt diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index 1d5eac9f3..eaa498a6a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -30,7 +30,7 @@ let inv_ntt_layer_int_vec_step_reduce a, b <: (v_Vector & v_Vector) let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = admit() let invert_ntt_at_layer_1_ diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 994ab8eb2..99a4f437a 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -27,7 +27,7 @@ let ntt_layer_int_vec_step a, b <: (v_Vector & v_Vector) let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 Libcrux_ml_kem.Polynomial.v_ZETAS_TIMES_MONTGOMERY_R.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = admit() let ntt_at_layer_1_ diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index e00498e93..73539b09a 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -121,7 +121,8 @@ pub(crate) fn serialize_public_key_mut< /// Call [`serialize_uncompressed_ring_element`] for each ring element. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] #[hax_lib::ensures(|res| @@ -461,17 +462,19 @@ fn compress_then_serialize_u< /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank v_K /\\ - v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\\ - v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\\ - v_ETA2 == Spec.MLKEM.v_ETA2 v_K /\\ - v_ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE v_K /\\ - v_C1_LEN == Spec.MLKEM.v_C1_SIZE v_K /\\ - v_U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\\ - v v_C1_LEN <= v v_CIPHERTEXT_SIZE /\\ - v (${randomness.len()}) <= 33"))] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ + $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ + $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ + $ETA2 == Spec.MLKEM.v_ETA2 $K /\\ + $ETA2_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA2_RANDOMNESS_SIZE $K /\\ + $C1_LEN == Spec.MLKEM.v_C1_SIZE $K /\\ + $C2_LEN == Spec.MLKEM.v_C2_SIZE $K /\\ + $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE $K /\\ + $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ + length $randomness == Spec.MLKEM.v_SHARED_SECRET_SIZE"))] pub(crate) fn encrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, @@ -630,7 +633,7 @@ pub(crate) fn encrypt< /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element /// in the `ciphertext`. #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K"))] @@ -704,11 +707,11 @@ fn deserialize_secret_key( /// The NIST FIPS 203 standard can be found at /// . #[allow(non_snake_case)] -#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE $K /\\ $U_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR $K /\\ - v $VECTOR_U_ENCODED_SIZE <= v $CIPHERTEXT_SIZE"))] + $V_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_V_COMPRESSION_FACTOR $K /\\ + $VECTOR_U_ENCODED_SIZE == Spec.MLKEM.v_C1_SIZE $K"))] pub(crate) fn decrypt_unpacked< const K: usize, const CIPHERTEXT_SIZE: usize, diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 9bcf07354..4db09d55d 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -6,7 +6,7 @@ use crate::{ #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = admit()"))] #[hax_lib::requires(fstar!("v ${*zeta_i} >= 64 && v ${*zeta_i} <= 128"))] pub(crate) fn invert_ntt_at_layer_1( diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index aebcafde5..4107d8034 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -6,7 +6,7 @@ use crate::{ #[inline(always)] #[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 ${ZETAS_TIMES_MONTGOMERY_R}.[ sz i ]) = + (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = admit()"))] #[hax_lib::requires(fstar!("v ${*zeta_i} < 64"))] pub(crate) fn ntt_at_layer_1( From fc84fe88d330ea590d3d4e87d2a111996310904b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 25 Sep 2024 17:06:12 +0200 Subject: [PATCH 325/348] progress --- .../fstar-bitvec/BitVec.Intrinsics.fsti | 116 +- fstar-helpers/fstar-bitvec/BitVec.Utils.fst | 22 + .../Libcrux_intrinsics.Avx2_extract.fst | 1215 ++++++++++++++++- .../Libcrux_intrinsics.Avx2_extract.fsti | 32 +- libcrux-intrinsics/src/avx2_extract.rs | 13 + libcrux-ml-kem/hax.py | 1 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 501 ++++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 168 ++- libcrux-ml-kem/src/vector/avx2/serialize.rs | 665 ++++----- 9 files changed, 2112 insertions(+), 621 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti index 6d866e472..a101013a6 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti +++ b/fstar-helpers/fstar-bitvec/BitVec.Intrinsics.fsti @@ -8,22 +8,29 @@ open BitVec.Equality open Tactics.Utils (*** The intrinsics *) - let mm256_slli_epi16 (shift: i32 {v shift >= 0 /\ v shift <= 16}) (vec: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in - if nth_bit >= v shift - then vec (i - v shift) - else 0) + if nth_bit >= v shift then vec (i - v shift) else 0) let mm256_srli_epi16 (shift: i32 {v shift >= 0 /\ v shift <= 16}) (vec: bit_vec 256): bit_vec 256 = mk_bv (fun i -> let nth_bit = i % 16 in if nth_bit < 16 - v shift then vec (i + v shift) else 0) +let mm256_srli_epi64 (shift: i32 {v shift >= 0 /\ v shift <= 64}) (vec: bit_vec 256): bit_vec 256 + = mk_bv (fun i -> let nth_bit = i % 64 in + if nth_bit < 64 - v shift then vec (i + v shift) else 0) + let mm256_castsi256_si128 (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec i) let mm256_extracti128_si256 (control: i32{control == 1l}) (vec: bit_vec 256): bit_vec 128 = mk_bv (fun i -> vec (i + 128)) +let mm256_si256_from_two_si128 (lower upper: bit_vec 128): bit_vec 256 + = mk_bv (fun i -> if i < 128 then lower i else upper (i - 128)) + +let mm_loadu_si128 (bytes: t_Array u8 (sz 16)): bit_vec 128 + = mk_bv (fun i -> get_bit (Seq.index bytes (i / 8)) (sz (i % 8))) + let mm256_set_epi32 (x0 x1 x2 x3 x4 x5 x6 x7: i32) : bit_vec 256 = mk_bv (fun i -> @@ -43,6 +50,18 @@ let mm256_set_epi16 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: i16) | 12 -> h x3 | 13 -> h x2 | 14 -> h x1 | 15 -> h x0 ) +let mm_set_epi8 + (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: u8) + : bit_vec 128 + = mk_bv (fun i -> + let h (x: u8) = get_bit x (sz (i % 8)) in + match i / 8 with + | 0 -> h x15 | 1 -> h x14 | 2 -> h x13 | 3 -> h x12 + | 4 -> h x11 | 5 -> h x10 | 6 -> h x9 | 7 -> h x8 + | 8 -> h x7 | 9 -> h x6 | 10 -> h x5 | 11 -> h x4 + | 12 -> h x3 | 13 -> h x2 | 14 -> h x1 | 15 -> h x0 + ) + let mm256_set_epi8 (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 x18 x19 x20 x21 x22 x23 x24 x25 x26 x27 x28 x29 x30 x31: i8) : bit_vec 256 @@ -61,12 +80,11 @@ let mm256_set_epi8 val mm256_set1_epi16_no_semantics: i16 -> bit_vec 256 let mm256_set1_epi16_pow2_minus_one (n: nat): bit_vec 256 - = mk_bv (fun i -> if i <= n then 1 else 0) + = mk_bv (fun i -> if i % 16 < n then 1 else 0) let mm256_and_si256 (x y: bit_vec 256): bit_vec 256 = mk_bv (fun i -> if y i = 0 then 0 else x i) - - + let mm256_set1_epi16 (constant: i16) (#[Tactics.exact (match unify_app (quote constant) (quote (fun n -> ((1s < `(mm256_set1_epi16_pow2_minus_one (`#x)) @@ -126,7 +144,7 @@ let mm256_mullo_epi16_specialized1 (a: bit_vec 256): bit_vec 256 = let shift = if nth_i16 >= 8 then 23 - nth_i16 else 15 - nth_i16 in if nth_bit >= shift then a (i - shift) else 0 ) - + // This is a very specialized version of mm256_mullo_epi16 let mm256_mullo_epi16_specialized2 (a: bit_vec 256): bit_vec 256 = mk_bv (fun i -> @@ -136,6 +154,15 @@ let mm256_mullo_epi16_specialized2 (a: bit_vec 256): bit_vec 256 = if nth_bit >= shift then a (i - shift) else 0 ) +// This is a very specialized version of mm256_mullo_epi16 +let mm256_mullo_epi16_specialized3 (a: bit_vec 256): bit_vec 256 = + mk_bv (fun i -> + let nth_bit = i % 16 in + let nth_i16 = i / 16 in + let shift = 6 - (nth_i16 % 4) * 2 in + if nth_bit >= shift then a (i - shift) else 0 + ) + // This term will be stuck, we don't know anything about it val mm256_mullo_epi16_no_semantics (a count: bit_vec 256): bit_vec 256 @@ -161,7 +188,15 @@ let mm256_mullo_epi16 | _ -> false then Tactics.exact (quote (mm256_mullo_epi16_specialized2 a)) else - Tactics.exact (quote (mm256_mullo_epi16_no_semantics a count)) + if match unify_app (quote count) (quote (fun x -> mm256_set_epi16 (1s < unquote x = 1s + | _ -> false + then Tactics.exact (quote (mm256_mullo_epi16_specialized3 a)) + else + Tactics.exact (quote (mm256_mullo_epi16_no_semantics a count)) )]result: bit_vec 256): bit_vec 256 = result let madd_rhs (n: nat {n < 16}) = @@ -212,12 +247,45 @@ let mm256_madd_epi16_specialized' (x: bit_vec 256) (n: nat {n < 16}): bit_vec 25 // the bit from `b` is in the second item of the pair `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` x (i - n + 16) ) - + +let mm256_concat_pairs_n + (n: u8 {v n < 16}) + (x: bit_vec 256 {forall (i: nat {i < 256}). i % 16 < v n || x i = 0}) = + mm256_madd_epi16_specialized' x (v n) + let mm256_madd_epi16_specialized (x: bit_vec 256) (n: nat {n < 16}) = if forall_bool (fun (i: nat {i < 256}) -> i % 16 < n || x i = 0) then mm256_madd_epi16_specialized' x n else mm256_madd_epi16_no_semantic x (madd_rhs n) +val mm_shuffle_epi8_no_semantics (a b: bit_vec 128): bit_vec 128 +let mm_shuffle_epi8_u8 (a: bit_vec 128) (b: list int {List.Tot.length b == 16}): bit_vec 128 = + mk_bv (fun i -> + let nth = i / 8 in + let index = List.Tot.index b (15 - nth) in + if index < 0 then 0 + else let index = index % 16 in + a (index * 8 + i % 8 + i / 128 * 128)) + +let mm_shuffle_epi8 + (x y: bit_vec 128) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 -> + mm_set_epi8 + (UInt8.uint_to_t x0 ) (UInt8.uint_to_t x1 ) (UInt8.uint_to_t x2 ) (UInt8.uint_to_t x3 ) (UInt8.uint_to_t x4 ) (UInt8.uint_to_t x5 ) (UInt8.uint_to_t x6 ) (UInt8.uint_to_t x7 ) + (UInt8.uint_to_t x8 ) (UInt8.uint_to_t x9 ) (UInt8.uint_to_t x10) (UInt8.uint_to_t x11) (UInt8.uint_to_t x12) (UInt8.uint_to_t x13) (UInt8.uint_to_t x14) (UInt8.uint_to_t x15))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15] -> + `(mm_shuffle_epi8_u8 (`@x) + (mk_list_16 + (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ) + (`#x8 ) (`#x9 ) (`#x10) (`#x11) (`#x12) (`#x13) (`#x14) (`#x15))) + | _ -> quote (mm_shuffle_epi8_no_semantics x y) in + exact t + )]result: bit_vec 128) + : bit_vec 128 + = result + val mm256_shuffle_epi8_no_semantics (a b: bit_vec 256): bit_vec 256 let mm256_shuffle_epi8_i8 (a: bit_vec 256) (b: list _ {List.Tot.length b == 32}): bit_vec 256 = mk_bv (fun i -> @@ -274,6 +342,30 @@ let mm256_permutevar8x32_epi32 : bit_vec 256 = result +val mm256_sllv_epi32_no_semantics (x y: bit_vec 256): bit_vec 256 +let mm256_sllv_epi32_i32 (vec: bit_vec 256) (counts: list _ {List.Tot.length counts == 8}): bit_vec 256 + = mk_bv (fun i -> let nth_bit = i % 32 in + let shift = List.Tot.index counts (7 - i / 32) in + if shift >= 0 && nth_bit >= shift then vec (i - shift) else 0) + +let mm256_sllv_epi32 + (x y: bit_vec 256) + (#[( + let t = match unify_app (quote y) + (quote (fun x0 x1 x2 x3 x4 x5 x6 x7 -> + mm256_set_epi32 + (Int32.int_to_t x0) (Int32.int_to_t x1) (Int32.int_to_t x2) (Int32.int_to_t x3) + (Int32.int_to_t x4) (Int32.int_to_t x5) (Int32.int_to_t x6) (Int32.int_to_t x7))) [] with + | Some [x0;x1;x2;x3;x4;x5;x6;x7] -> + `(mm256_sllv_epi32_i32 (`@x) + (mk_list_8 (`#x0 ) (`#x1 ) (`#x2 ) (`#x3 ) (`#x4 ) (`#x5 ) (`#x6 ) (`#x7 ))) + | _ -> quote (mm256_sllv_epi32_no_semantics x y) in + exact t + )]result: bit_vec 256) + : bit_vec 256 + = result + + let mm256_madd_epi16 (x y: bit_vec 256) (#[( @@ -285,7 +377,9 @@ let mm256_madd_epi16 : bit_vec 256 = result -val mm_storeu_bytes_si128 (_output: t_Slice u8) (vec: bit_vec 128): t_Slice u8 +val mm_storeu_bytes_si128 (_output: t_Slice u8) (vec: bit_vec 128) + // : r: t_Array u8 (sz 16) {forall i. vec i == get_bit (Seq.index r (i / 8)) (sz (i % 8))} + : r: t_Array u8 (sz 16) {forall i. vec i == bit_vec_of_int_t_array r 8 i} open FStar.Stubs.Tactics.V2.Builtins open FStar.Stubs.Tactics.V2 diff --git a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst index 360b2424e..d5fc1de31 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst +++ b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst @@ -13,6 +13,12 @@ let mk_list_32 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15 x16 x17 assert_norm (List.Tot.length l == 32); l +let mk_list_16 #a (x0 x1 x2 x3 x4 x5 x6 x7 x8 x9 x10 x11 x12 x13 x14 x15: a) + : (l:list a {List.Tot.length l == 16}) + = let l = [x0;x1;x2;x3;x4;x5;x6;x7;x8;x9;x10;x11;x12;x13;x14;x15] in + assert_norm (List.Tot.length l == 16); + l + let mk_list_8 #a (x0 x1 x2 x3 x4 x5 x6 x7: a) : (l:list a {List.Tot.length l == 8}) = let l = [x0;x1;x2;x3;x4;x5;x6;x7] in @@ -35,3 +41,19 @@ let rw_get_bit_shr #t #u (x: int_t t) (y: int_t u) (i: usize {v i < bits t}) then get_bit x (mk_int (bits t - 1)) else 0)) = () + +unfold type forall_sig (n: nat) = pred: ((i:nat{i < n}) -> bool) + -> r: bool {r <==> (forall i. pred i)} + +let forall8: forall_sig 8 = fun pred -> pred 0 && pred 1 && pred 2 && pred 3 + && pred 4 && pred 5 && pred 6 && pred 7 + +#push-options "--z3rlimit 400" +let forall16: forall_sig 16 = fun pred -> forall8 pred && forall8 (fun i -> pred (i + 8)) +let forall32: forall_sig 32 = fun pred -> forall16 pred && forall16 (fun i -> pred (i + 16)) +let forall64: forall_sig 64 = fun pred -> forall32 pred && forall32 (fun i -> pred (i + 32)) +let forall128: forall_sig 128 = fun pred -> forall64 pred && forall64 (fun i -> pred (i + 64)) +let forall256: forall_sig 256 = fun pred -> forall128 pred && forall128 (fun i -> pred (i + 128)) +#pop-options + +let forall_n (n:nat{n <= 256}): forall_sig n = fun pred -> forall256 (fun i -> if i < n then pred i else true) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst index 0428a32bc..167d0b324 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fst @@ -3,9 +3,1212 @@ module Libcrux_intrinsics.Avx2_extract open Core open FStar.Mul -include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} -val lemma_mm256_set1_epi16 lhs rhs - : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) - == Spec.Utils.map2 (&.) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs) - ) - [SMTPat (vec256_as_i16x16 (mm256_and_si256 lhs rhs))] +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3091; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3091; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3091; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3091; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_and_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3580; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_castsi128_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3681; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_extracti128_si256"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 2293; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_madd_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 2613; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_mullo_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3439; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_slli_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3378; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm256_srli_epi16"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3719; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm_movemask_epi8"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 3630; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm_packs_epi16"); disambiguator = 0 + } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) + +(* item error backend: (TransformHaxLibInline) Fatal error: something we considered as impossible occurred! Please report this by submitting an issue on GitHub! +Details: Malformed `Quote` item: `quote_of_expr` failed. Expression was: +{ Ast.Make.e = + Ast.Make.App { + f = + { Ast.Make.e = + (Ast.Make.GlobalVar + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "failure"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value })); + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + (Ast.Make.TArrow ([Ast.Make.TStr; Ast.Make.TStr], + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + )) + }; + args = + [{ Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "(AST import) Fatal error: something we considered as impossible occurred! \027[1mPlease report this by submitting an issue on GitHub!\027[0m\nDetails: [import_thir:literal] got an error literal: this means the Rust compiler or Hax's frontend probably reported errors above.")); + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr }; + { Ast.Make.e = + (Ast.Make.Literal + (Ast.String + "{ Types.attributes = [];\n contents =\n Types.Literal {\n lit =\n { Types.node =\n (Types.Err Types.ErrorGuaranteed {todo = \"ErrorGuaranteed(())\"});\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/lib.rs\"));\n hi = { Types.col = \"0\"; line = \"1\" };\n lo = { Types.col = \"0\"; line = \"1\" } }\n };\n neg = false};\n hir_id = None;\n span =\n { Types.filename =\n (Types.Real (Types.LocalPath \"libcrux-intrinsics/src/avx2_extract.rs\"));\n hi = { Types.col = \"14\"; line = \"50\" };\n lo = { Types.col = \"12\"; line = \"39\" } };\n ty = Types.Never }")); + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath + "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = Ast.Make.TStr } + ]; + generic_args = []; bounds_impls = []; trait = None}; + span = + { Span.id = 1423; + data = + [{ Span.Imported.filename = + (Span.Imported.Real + (Span.Imported.LocalPath "libcrux-intrinsics/src/avx2_extract.rs")); + hi = { Span.Imported.col = 14; line = 50 }; + lo = { Span.Imported.col = 12; line = 39 } } + ] + }; + typ = + Ast.Make.TApp { + ident = + `Concrete ({ Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "rust_primitives"; + path = + [{ Concrete_ident.Imported.data = (Concrete_ident.Imported.TypeNs "hax"); + disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "Never"); disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Type }); + args = []} + } + +Last AST: +/** print_rust: pitem: not implemented (item: { Concrete_ident.T.def_id = + { Concrete_ident.Imported.krate = "libcrux_intrinsics"; + path = + [{ Concrete_ident.Imported.data = + (Concrete_ident.Imported.TypeNs "avx2_extract"); disambiguator = 0 }; + { Concrete_ident.Imported.data = + (Concrete_ident.Imported.ValueNs "mm_storeu_bytes_si128"); + disambiguator = 0 } + ] + }; + kind = Concrete_ident.Kind.Value }) */ +const _: () = (); + *) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 272f5a4f3..2e260a6be 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -67,28 +67,22 @@ val mm256_permute2x128_si256 (v_IMM8: i32) (a b: t_Vec256) val mm256_permute4x64_epi64 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_permutevar8x32_epi32 (vector control: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_permutevar8x32_epi32} val mm256_set1_epi32 (constant: i32) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_set_epi32 (input7 input6 input5 input4 input3 input2 input1 input0: i32) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi32} -val mm256_set_epi8 - (byte31 byte30 byte29 byte28 byte27 byte26 byte25 byte24 byte23 byte22 byte21 byte20 byte19 byte18 byte17 byte16 byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - i8) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_set_epi8} val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_shuffle_epi8 (vector control: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_shuffle_epi8} val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -96,8 +90,7 @@ val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_slli_epi64 (v_LEFT: i32) (x: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_sllv_epi32 (vector counts: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_sllv_epi32} val mm256_srai_epi16 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 @@ -114,9 +107,6 @@ val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) -val mm256_srli_epi64 (v_SHIFT_BY: i32) (vector: t_Vec256) - : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) - val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: t_Vec256) : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) @@ -154,7 +144,7 @@ val mm_add_epi16 (lhs rhs: t_Vec128) vec128_as_i16x8 result == Spec.Utils.map2 ( +. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) -val mm_loadu_si128 (input: t_Slice u8) : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_loadu_si128} val mm_mulhi_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 @@ -184,13 +174,9 @@ val mm_set1_epi16 (constant: i16) let result:t_Vec128 = result in vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant) -val mm_set_epi8 - (byte15 byte14 byte13 byte12 byte11 byte10 byte9 byte8 byte7 byte6 byte5 byte4 byte3 byte2 byte1 byte0: - u8) - : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_set_epi8} -val mm_shuffle_epi8 (vector control: t_Vec128) - : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm_shuffle_epi8} include BitVec.Intrinsics {mm_storeu_bytes_si128} @@ -248,6 +234,8 @@ include BitVec.Intrinsics {mm256_slli_epi16 as mm256_slli_epi16} include BitVec.Intrinsics {mm256_srli_epi16 as mm256_srli_epi16} +include BitVec.Intrinsics {mm256_srli_epi64 as mm256_srli_epi64} + include BitVec.Intrinsics {mm_movemask_epi8 as mm_movemask_epi8} include BitVec.Intrinsics {mm_packs_epi16 as mm_packs_epi16} diff --git a/libcrux-intrinsics/src/avx2_extract.rs b/libcrux-intrinsics/src/avx2_extract.rs index 5710c9675..1ff39a14c 100644 --- a/libcrux-intrinsics/src/avx2_extract.rs +++ b/libcrux-intrinsics/src/avx2_extract.rs @@ -54,6 +54,7 @@ pub fn mm_storeu_bytes_si128(output: &mut [u8], vector: Vec128) { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_loadu_si128}")] pub fn mm_loadu_si128(input: &[u8]) -> Vec128 { debug_assert_eq!(input.len(), 16); unimplemented!() @@ -73,6 +74,7 @@ pub fn mm256_setzero_si256() -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_set_epi8}")] pub fn mm_set_epi8( byte15: u8, byte14: u8, @@ -94,6 +96,7 @@ pub fn mm_set_epi8( unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_set_epi8}")] pub fn mm256_set_epi8( byte31: i8, byte30: i8, @@ -188,6 +191,8 @@ pub fn mm_set1_epi16(constant: i16) -> Vec128 { pub fn mm256_set1_epi32(constant: i32) -> Vec256 { unimplemented!() } + +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_set_epi32}")] pub fn mm256_set_epi32( input7: i32, input6: i32, @@ -324,6 +329,10 @@ pub fn mm256_srli_epi32(vector: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_srli_epi64 as ${mm256_srli_epi64::<0>}}" +)] pub fn mm256_srli_epi64(vector: Vec256) -> Vec256 { debug_assert!(SHIFT_BY >= 0 && SHIFT_BY < 64); unimplemented!() @@ -343,9 +352,11 @@ pub fn mm256_slli_epi32(vector: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm_shuffle_epi8}")] pub fn mm_shuffle_epi8(vector: Vec128, control: Vec128) -> Vec128 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_shuffle_epi8}")] pub fn mm256_shuffle_epi8(vector: Vec256, control: Vec256) -> Vec256 { unimplemented!() } @@ -424,10 +435,12 @@ pub fn mm_movemask_epi8(vector: Vec128) -> i32 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_permutevar8x32_epi32}")] pub fn mm256_permutevar8x32_epi32(vector: Vec256, control: Vec256) -> Vec256 { unimplemented!() } +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_sllv_epi32}")] pub fn mm256_sllv_epi32(vector: Vec256, counts: Vec256) -> Vec256 { unimplemented!() } diff --git a/libcrux-ml-kem/hax.py b/libcrux-ml-kem/hax.py index 062f62026..d5f025639 100755 --- a/libcrux-ml-kem/hax.py +++ b/libcrux-ml-kem/hax.py @@ -98,6 +98,7 @@ def __call__(self, parser, args, values, option_string=None) -> None: "simd128,simd256,pre-verification", ";", "into", + "-vv", "-i", include_str, "fstar", diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index b0c0cc4cb..17a177cf7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -9,17 +9,10 @@ let _ = let open Libcrux_ml_kem.Vector.Portable in () -let deserialize_1_ (bytes: t_Slice u8) = +[@@"opaque_to_smt"] +let deserialize_1___deserialize_1_i16s (a b: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 1 ] <: u8) <: i16) - (cast (bytes.[ sz 1 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) (cast (bytes.[ sz 0 ] <: u8) <: i16) - (cast (bytes.[ sz 0 ] <: u8) <: i16) + Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b b b b b b b b a a a a a a a a in let coefficients_in_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients @@ -30,178 +23,21 @@ let deserialize_1_ (bytes: t_Slice u8) = <: Libcrux_intrinsics.Avx2_extract.t_Vec256) in - let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb - in - let _:Prims.unit = - let bv = bit_vec_of_int_t_array (bytes <: t_Array _ (sz 2)) 8 in - FStar.Tactics.Effect.assert_by_tactic (forall (i: nat{i < 256}). - (if i % 16 = 0 then bv i else 0) == result i) - (fun _ -> - (); - (let open FStar.Tactics in - let open Tactics.Utils in - let light_norm () = - norm [ - iota; - primops; - delta_namespace [ - `%cast; - `%cast_tc_integers; - `%bit_vec_of_int_t_array; - `%Rust_primitives.Hax.array_of_list; - "FStar.FunctionalExtensionality"; - `%bits; - `%Lib.IntTypes.bits - ] - ] - in - light_norm (); - prove_forall_nat_pointwise (print_time "SMT query succeeded in " - (fun _ -> - light_norm (); - Tactics.Seq.norm_index (); - norm [ - iota; - primops; - zeta_full; - delta_namespace ["FStar"; "BitVec"]; - unascribe - ]; - (let open Tactics.MachineInts in transform norm_machine_int_term); - norm [iota; primops; zeta; delta]; - dump' "Goal:"; - smt_sync ())))) - in - result + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb -let deserialize_10_ (bytes: t_Slice u8) = - let shift_lsbs_to_msbs:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < - (); - (let open FStar.Tactics in - let open Tactics.Utils in - let light_norm () = - norm [ - iota; - primops; - delta_namespace [ - `%cast; - `%cast_tc_integers; - `%bit_vec_of_int_t_array; - `%Rust_primitives.Hax.array_of_list; - "FStar.FunctionalExtensionality"; - `%bits; - `%Lib.IntTypes.bits - ] - ] - in - light_norm (); - prove_forall_nat_pointwise (print_time "SMT query succeeded in " - (fun _ -> - light_norm (); - Tactics.Seq.norm_index (); - norm [ - iota; - primops; - zeta_full; - delta_namespace ["FStar"; "BitVec"]; - unascribe - ]; - (let open Tactics.MachineInts in transform norm_machine_int_term); - norm [ - iota; - primops; - zeta_full; - delta_namespace ["FStar"; "BitVec"]; - unascribe - ]; - dump' "Goal:"; - smt_sync ())))) - in - result + Libcrux_intrinsics.Avx2_extract.mm256_and_si256 coefficients_in_lsb + (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 ((1s < lower_8_ i = vector ((i / 10) * 16 + i % 10)) && + BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))) + in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } @@ -720,6 +500,189 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) +[@@"opaque_to_smt"] +let deserialize_10___deserialize_10_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 9uy 8uy 8uy 7uy 7uy 6uy 6uy 5uy 4uy 3uy 3uy 2uy + 2uy 1uy 1uy 0uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 15uy 14uy 14uy 13uy 13uy 12uy 12uy 11uy 10uy 9uy + 9uy 8uy 8uy 7uy 7uy 6uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 lower_coefficients upper_coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + coefficients i = + (if i % 16 < 10 + then + let j = (i / 16) * 10 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32) + else 0))) + in + coefficients + +let deserialize_10_ (bytes: t_Slice u8) = + let lower_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } + <: + Core.Ops.Range.t_Range usize ] + in + let upper_coefficients:t_Slice u8 = + bytes.[ { Core.Ops.Range.f_start = sz 4; Core.Ops.Range.f_end = sz 20 } + <: + Core.Ops.Range.t_Range usize ] + in + let coefficients = deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients + + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) in + coefficients + + // assert ( + // forall (i: nat{i < 256}). + // coefficients i = + // (if i % 16 >= 10 then 0 + // elsex + // let j = (i / 16) * 10 + i % 16 in + // if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32))) + +[@@"opaque_to_smt"] +let deserialize_12___deserialize_12_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 lower_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 11uy 10uy 10uy 9uy 8uy 7uy 7uy 6uy 5uy 4uy 4uy + 3uy 2uy 1uy 1uy 0uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_shuffle_epi8 upper_coefficients0 + (Libcrux_intrinsics.Avx2_extract.mm_set_epi8 15uy 14uy 14uy 13uy 12uy 11uy 11uy 10uy 9uy 8uy + 8uy 7uy 6uy 5uy 5uy 4uy + <: + Libcrux_intrinsics.Avx2_extract.t_Vec128) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 lower_coefficients upper_coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + coefficients i = + (if i % 16 < 12 + then + let j = (i / 16) * 12 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 64) + else 0))) + in + coefficients + +let deserialize_12_ (bytes: t_Slice u8) = + let lower_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (bytes.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = sz 16 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let upper_coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 (bytes.[ { + Core.Ops.Range.f_start = sz 8; + Core.Ops.Range.f_end = sz 24 + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + deserialize_12___deserialize_12_vec lower_coefficients upper_coefficients + +let deserialize_5_ (bytes: t_Slice u8) = + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm_set_epi8 (bytes.[ sz 9 ] <: u8) (bytes.[ sz 8 ] <: u8) + (bytes.[ sz 8 ] <: u8) (bytes.[ sz 7 ] <: u8) (bytes.[ sz 7 ] <: u8) (bytes.[ sz 6 ] <: u8) + (bytes.[ sz 6 ] <: u8) (bytes.[ sz 5 ] <: u8) (bytes.[ sz 4 ] <: u8) (bytes.[ sz 3 ] <: u8) + (bytes.[ sz 3 ] <: u8) (bytes.[ sz 2 ] <: u8) (bytes.[ sz 2 ] <: u8) (bytes.[ sz 1 ] <: u8) + (bytes.[ sz 1 ] <: u8) (bytes.[ sz 0 ] <: u8) + in + let coefficients_loaded:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_si256_from_two_si128 coefficients coefficients + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 coefficients_loaded + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 15y 14y 15y 14y 13y 12y 13y 12y 11y 10y 11y + 10y 9y 8y 9y 8y 7y 6y 7y 6y 5y 4y 5y 4y 3y 2y 3y 2y 1y 0y 1y 0y + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_mullo_epi16 coefficients + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 1 + then 0 + else + let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit a (sz j) else get_bit b (sz (j - 8)))) + +val deserialize_1___deserialize_1_u8s (a b: u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 1 + then 0 + else + let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit a (sz j) else get_bit b (sz (j - 8)))) + val deserialize_1_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 2) + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 1 + then 0 + else + let j = (i / 16) * 1 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 2)) 8 j)) -val deserialize_10_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 < 4 + then + let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit b0 (sz j) + | 1 -> get_bit b1 (sz (j - 8)) + | 2 -> get_bit b2 (sz (j - 16)) + | 3 -> get_bit b3 (sz (j - 24)) + | 4 -> get_bit b4 (sz (j - 32)) + | 5 -> get_bit b5 (sz (j - 40)) + | 6 -> get_bit b6 (sz (j - 48)) + | 7 -> get_bit b7 (sz (j - 56))) + else 0)) -val deserialize_12_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 < 4 + then + let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit b0 (sz j) + | 1 -> get_bit b1 (sz (j - 8)) + | 2 -> get_bit b2 (sz (j - 16)) + | 3 -> get_bit b3 (sz (j - 24)) + | 4 -> get_bit b4 (sz (j - 32)) + | 5 -> get_bit b5 (sz (j - 40)) + | 6 -> get_bit b6 (sz (j - 48)) + | 7 -> get_bit b7 (sz (j - 56))) + else 0)) val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 (requires (Core.Slice.impl__len #u8 bytes <: usize) =. sz 8) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + forall (i: nat{i < 256}). + result i = + (if i % 16 >= 4 + then 0 + else + let j = (i / 16) * 4 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 8)) 8 j)) -val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_concat_pairs_n} val serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 20)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 20)) + (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (sz 20) = r in + forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) @@ -43,6 +133,66 @@ val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) (requires BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || vector i = 0)) (fun _ -> Prims.l_True) +include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} + +val deserialize_10___deserialize_10_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 10 then 0 + else + let j = (i / 16) * 10 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32))) + +val deserialize_10_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 20) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + forall (i: nat{i < 256}). + result i = + (if i % 16 >= 10 + then 0 + else + let j = (i / 16) * 10 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 20)) 8 j)) + +val deserialize_12___deserialize_12_vec + (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + Prims.l_True + (ensures + fun coefficients -> + let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in + forall (i: nat{i < 256}). + coefficients i = + (if i % 16 >= 12 then 0 + else let j = (i / 16) * 12 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 64))) + +val deserialize_12_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 24) + (ensures + fun result -> + let result:Libcrux_intrinsics.Avx2_extract.t_Vec256 = result in + forall (i: nat{i < 256}). + result i = + (if i % 16 >= 12 + then 0 + else + let j = (i / 16) * 12 + i % 16 in + bit_vec_of_int_t_array (bytes <: t_Array _ (sz 24)) 8 j)) + +val deserialize_5_ (bytes: t_Slice u8) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 03d042950..25384cb65 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -102,113 +102,101 @@ assert (forall (i: nat {i < 16}). bv i == ${vector} (i * 16)) by ( } #[inline(always)] +#[hax_lib::requires(bytes.len() == 2)] +#[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 >= 1 then 0 + else let j = (i / 16) * 1 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 2)) 8 j)) +"# +))] +#[hax_lib::fstar::before("#restart-solver")] pub(crate) fn deserialize_1(bytes: &[u8]) -> Vec256 { - // We need to take each bit from the 2 bytes of input and put them - // into their own 16-bit lane. Ideally, we'd load the two bytes into the vector, - // duplicate them, and right-shift the 0th element by 0 bits, - // the first element by 1 bit, the second by 2 bits and so on before AND-ing - // with 0x1 to leave only the least signifinicant bit. - // But since |_mm256_srlv_epi16| does not exist, so we have to resort to a - // workaround. - // - // Rather than shifting each element by a different amount, we'll multiply - // each element by a value such that the bit we're interested in becomes the most - // significant bit. - - // The coefficients are loaded as follows: - let coefficients = mm256_set_epi16( - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - bytes[0] as i16, - ); - - // And this vector, when multiplied with the previous one, ensures that the - // bit we'd like to keep in each lane becomes the most significant bit upon - // multiplication. - let coefficients_in_msb = mm256_mullo_epi16( - coefficients, - mm256_set_epi16( - 1 << 8, - 1 << 9, - 1 << 10, - 1 << 11, - 1 << 12, - 1 << 13, - 1 << 14, - -32768, - 1 << 8, - 1 << 9, - 1 << 10, - 1 << 11, - 1 << 12, - 1 << 13, - 1 << 14, - -32768, - ), - ); - - // Now that they're all in the most significant bit position, shift them - // down to the least significant bit. - let result = mm256_srli_epi16::<15>(coefficients_in_msb); - - hax_lib::fstar!( - r#" -let bv = bit_vec_of_int_t_array (${bytes} <: t_Array _ (sz 2)) 8 in -assert (forall (i: nat {i < 256}). (if i % 16 = 0 then bv i else 0) == result i) by ( - let open FStar.Tactics in - let open Tactics.Utils in - let light_norm () = - // simplify the term: compute `+/*+` on ints, remove cast/array_of_list/funext indirections - norm [ iota; primops - ; delta_namespace [ - `%cast; `%cast_tc_integers - ; `%bit_vec_of_int_t_array - ; `%Rust_primitives.Hax.array_of_list - ; "FStar.FunctionalExtensionality" - ; `%bits;`%Lib.IntTypes.bits - ] - ] in - light_norm (); - // instantiate the forall with concrete values, and run a tactic for each possible values - prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> - light_norm (); - // norm index rewrites `Seq.index (Seq.seq_of_list ...) N` or - // `List.Tot.index ... N` when we have list literals - Tactics.Seq.norm_index (); - // Reduce more aggressively - norm [iota; primops; zeta_full; - delta_namespace [ - "FStar"; - "BitVec"; - ]; unascribe - ]; - // Rewrite and normalize machine integers, hopefully in ints - Tactics.MachineInts.(transform norm_machine_int_term); - // norm: primops to get rid of >=, <=, +, *, -, etc. - // zeta delta iota: normalize bitvectors - norm [iota; primops; zeta; delta]; - dump' "Goal:"; - // ask the smt to solve now - smt_sync () - )) -) + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 >= 1 then 0 + else let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit $a (sz j) else get_bit $b (sz (j - 8))) "# - ); + ))] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + #[inline(always)] + pub(crate) fn deserialize_1_u8s(a: u8, b: u8) -> Vec256 { + deserialize_1_i16s(a as i16, b as i16) + } + + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 >= 1 then 0 + else let j = (i / 16) * 1 + i % 16 in + if i < 128 then get_bit $a (sz j) else get_bit $b (sz (j - 8))) +"# + ))] + #[inline(always)] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + pub(crate) fn deserialize_1_i16s(a: i16, b: i16) -> Vec256 { + // We need to take each bit from the 2 bytes of input and put them + // into their own 16-bit lane. Ideally, we'd load the two bytes into the vector, + // duplicate them, and right-shift the 0th element by 0 bits, + // the first element by 1 bit, the second by 2 bits and so on before AND-ing + // with 0x1 to leave only the least signifinicant bit. + // But since |_mm256_srlv_epi16| does not exist, so we have to resort to a + // workaround. + // + // Rather than shifting each element by a different amount, we'll multiply + // each element by a value such that the bit we're interested in becomes the most + // significant bit. + // The coefficients are loaded as follows: + let coefficients = mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + + // And this vector, when multiplied with the previous one, ensures that the + // bit we'd like to keep in each lane becomes the most significant bit upon + // multiplication. + let coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 8, + 1 << 9, + 1 << 10, + 1 << 11, + 1 << 12, + 1 << 13, + 1 << 14, + -32768, + 1 << 8, + 1 << 9, + 1 << 10, + 1 << 11, + 1 << 12, + 1 << 13, + 1 << 14, + -32768, + ), + ); + + // Now that they're all in the most significant bit position, shift them + // down to the least significant bit. + mm256_srli_epi16::<15>(coefficients_in_msb) + } + + deserialize_1_u8s(bytes[0], bytes[1]) +} - result +/// `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets +/// of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of +/// 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last +/// `n` bits are non-zero). +#[hax_lib::fstar::replace(interface, "include BitVec.Intrinsics {mm256_concat_pairs_n}")] +#[inline(always)] +fn mm256_concat_pairs_n(n: u8, x: Vec256) -> Vec256 { + let n = 1 << n; + mm256_madd_epi16( + x, + mm256_set_epi16(n, 1, n, 1, n, 1, n, 1, n, 1, n, 1, n, 1, n, 1), + ) } #[hax_lib::requires( @@ -318,112 +306,119 @@ assert (forall (i: nat {i < 64}). serialized[0..8].try_into().unwrap() } -#[hax_lib::requires(bytes.len() == 8)] #[inline(always)] +#[hax_lib::requires(bytes.len() == 8)] +#[hax_lib::ensures(|result| fstar!(r#"forall (i: nat{i < 256}). + $result i = (if i % 16 >= 4 then 0 + else let j = (i / 16) * 4 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 8)) 8 j)"#))] +#[hax_lib::fstar::before("#restart-solver")] pub(crate) fn deserialize_4(bytes: &[u8]) -> Vec256 { - // Every 4 bits from each byte of input should be put into its own 16-bit lane. - // Since |_mm256_srlv_epi16| does not exist, we have to resort to a workaround. - // - // Rather than shifting each element by a different amount, we'll multiply - // each element by a value such that the bits we're interested in become the most - // significant bits (of an 8-bit value). - let coefficients = mm256_set_epi16( - // In this lane, the 4 bits we need to put are already the most - // significant bits of |bytes[7]|. - bytes[7] as i16, - // In this lane, the 4 bits we need to put are the least significant bits, - // so we need to shift the 4 least-significant bits of |bytes[7]| to the - // most significant bits (of an 8-bit value). - bytes[7] as i16, - // and so on ... - bytes[6] as i16, - bytes[6] as i16, - bytes[5] as i16, - bytes[5] as i16, - bytes[4] as i16, - bytes[4] as i16, - bytes[3] as i16, - bytes[3] as i16, - bytes[2] as i16, - bytes[2] as i16, - bytes[1] as i16, - bytes[1] as i16, - bytes[0] as i16, - bytes[0] as i16, - ); - - let coefficients_in_msb = mm256_mullo_epi16( - coefficients, - mm256_set_epi16( - // These constants are chosen to shift the bits of the values - // that we loaded into |coefficients|. - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - ), - ); - - // Once the 4-bit coefficients are in the most significant positions (of - // an 8-bit value), shift them all down by 4. - let coefficients_in_lsb = mm256_srli_epi16::<4>(coefficients_in_msb); - - // Zero the remaining bits. - let result = mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16((1 << 4) - 1)); - - hax_lib::fstar!( - r#" -let bv = bit_vec_of_int_t_array (${bytes} <: t_Array _ (sz 8)) 8 in -assert (forall (i: nat {i < 64}). bv i == ${result} ((i / 4) * 16 + i % 4)) by ( - let open FStar.Tactics in - let open Tactics.Utils in - let light_norm () = - norm [ iota; primops - ; delta_namespace [ - `%cast; `%cast_tc_integers - ; `%bit_vec_of_int_t_array - ; `%Rust_primitives.Hax.array_of_list - ; "FStar.FunctionalExtensionality" - ; `%bits;`%Lib.IntTypes.bits - ] - ] in - light_norm (); - prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> - light_norm (); - Tactics.Seq.norm_index (); - norm [iota; primops; zeta_full; - delta_namespace [ - "FStar"; - "BitVec"; - ]; unascribe - ]; - Tactics.MachineInts.(transform norm_machine_int_term); - norm [iota; primops; zeta_full; - delta_namespace [ - "FStar"; - "BitVec"; - ]; unascribe - ]; - dump' "Goal:"; - smt_sync () - )) -) + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 < 4 + then let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit $b0 (sz j) + | 1 -> get_bit $b1 (sz (j - 8)) + | 2 -> get_bit $b2 (sz (j - 16)) + | 3 -> get_bit $b3 (sz (j - 24)) + | 4 -> get_bit $b4 (sz (j - 32)) + | 5 -> get_bit $b5 (sz (j - 40)) + | 6 -> get_bit $b6 (sz (j - 48)) + | 7 -> get_bit $b7 (sz (j - 56))) + else 0) "# - ); - - result + ))] + #[inline(always)] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_4_u8s(b0: u8, b1: u8, b2: u8, b3: u8, b4: u8, b5: u8, b6: u8, b7: u8) -> Vec256 { + deserialize_4_i16s( + b0 as i16, b1 as i16, b2 as i16, b3 as i16, b4 as i16, b5 as i16, b6 as i16, b7 as i16, + ) + } + + #[hax_lib::ensures(|coefficients| fstar!( + r#"forall (i:nat{i < 256}). + $coefficients i + = ( if i % 16 < 4 + then let j = (i / 16) * 4 + i % 16 in + (match i / 32 with + | 0 -> get_bit $b0 (sz j) + | 1 -> get_bit $b1 (sz (j - 8)) + | 2 -> get_bit $b2 (sz (j - 16)) + | 3 -> get_bit $b3 (sz (j - 24)) + | 4 -> get_bit $b4 (sz (j - 32)) + | 5 -> get_bit $b5 (sz (j - 40)) + | 6 -> get_bit $b6 (sz (j - 48)) + | 7 -> get_bit $b7 (sz (j - 56))) + else 0) +"# + ))] + #[inline(always)] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_4_i16s( + b0: i16, + b1: i16, + b2: i16, + b3: i16, + b4: i16, + b5: i16, + b6: i16, + b7: i16, + ) -> Vec256 { + // Every 4 bits from each byte of input should be put into its own 16-bit lane. + // Since |_mm256_srlv_epi16| does not exist, we have to resort to a workaround. + // + // Rather than shifting each element by a different amount, we'll multiply + // each element by a value such that the bits we're interested in become the most + // significant bits (of an 8-bit value). + let coefficients = mm256_set_epi16( + // In this lane, the 4 bits we need to put are already the most + // significant bits of |bytes[7]| (that is, b7). + b7, + // In this lane, the 4 bits we need to put are the least significant bits, + // so we need to shift the 4 least-significant bits of |b7| to the + // most significant bits (of an 8-bit value). + b7, // and so on ... + b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0, + ); + let coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + // These constants are chosen to shift the bits of the values + // that we loaded into |coefficients|. + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + ), + ); + + // Once the 4-bit coefficients are in the most significant positions (of + // an 8-bit value), shift them all down by 4. + let coefficients_in_lsb = mm256_srli_epi16::<4>(coefficients_in_msb); + + // Zero the remaining bits. + mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16((1 << 4) - 1)) + } + + deserialize_4_u8s( + bytes[0], bytes[1], bytes[2], bytes[3], bytes[4], bytes[5], bytes[6], bytes[7], + ) } #[inline(always)] @@ -523,6 +518,22 @@ pub(crate) fn serialize_5(vector: Vec256) -> [u8; 10] { serialized[0..10].try_into().unwrap() } +/// We cannot model `mm256_inserti128_si256` on its own: it produces a +/// Vec256 where the upper 128 bits are undefined. Thus +/// `mm256_inserti128_si256` is not pure. +/// +/// Luckily, we always call `mm256_castsi128_si256` right after +/// `mm256_inserti128_si256`: this composition sets the upper bits, +/// making the whole computation pure again. +#[inline(always)] +#[hax_lib::fstar::replace( + interface, + "include BitVec.Intrinsics {mm256_si256_from_two_si128 as ${mm256_si256_from_two_si128}}" +)] +fn mm256_si256_from_two_si128(lower: Vec128, upper: Vec128) -> Vec256 { + mm256_inserti128_si256::<1>(mm256_castsi128_si256(lower), upper) +} + #[inline(always)] pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { let coefficients = mm_set_epi8( @@ -530,8 +541,7 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { bytes[3], bytes[3], bytes[2], bytes[2], bytes[1], bytes[1], bytes[0], ); - let coefficients_loaded = mm256_castsi128_si256(coefficients); - let coefficients_loaded = mm256_inserti128_si256::<1>(coefficients_loaded, coefficients); + let coefficients_loaded = mm256_si256_from_two_si128(coefficients, coefficients); let coefficients = mm256_shuffle_epi8( coefficients_loaded, @@ -566,6 +576,8 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { } #[inline(always)] +#[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))] +#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i/10) * 16 + i%10)"))] pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { let mut serialized = [0u8; 32]; @@ -582,27 +594,7 @@ pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { // 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ // 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ // .... - let adjacent_2_combined = mm256_madd_epi16( - vector, - mm256_set_epi16( - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - 1 << 10, - 1, - ), - ); + let adjacent_2_combined = mm256_concat_pairs_n(10, vector); // Shifting up the values at the even indices by 12, we get: // @@ -649,51 +641,90 @@ pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { // and 64 bits starting at position 0 in the upper 128-bit lane. let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + hax_lib::fstar!( + r#" + assert_norm ( + BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ( (i/10) * 16 + i%10)) + && BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i/10) * 16 + i%10)) + ) + "# + ); mm_storeu_bytes_si128(&mut serialized[10..26], upper_8); serialized[0..20].try_into().unwrap() } #[inline(always)] +#[hax_lib::requires(fstar!(r#"Seq.length bytes == 20"#))] +#[hax_lib::ensures(|result| fstar!(r#"forall (i: nat{i < 256}). + $result i = (if i % 16 >= 10 then 0 + else let j = (i / 16) * 10 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 20)) 8 j)"#))] pub(crate) fn deserialize_10(bytes: &[u8]) -> Vec256 { - let shift_lsbs_to_msbs = mm256_set_epi16( - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - 1 << 0, - 1 << 2, - 1 << 4, - 1 << 6, - ); - - let lower_coefficients = mm_loadu_si128(&bytes[0..16]); - let lower_coefficients = mm_shuffle_epi8( - lower_coefficients, - mm_set_epi8(9, 8, 8, 7, 7, 6, 6, 5, 4, 3, 3, 2, 2, 1, 1, 0), - ); - let upper_coefficients = mm_loadu_si128(&bytes[4..20]); - let upper_coefficients = mm_shuffle_epi8( - upper_coefficients, - mm_set_epi8(15, 14, 14, 13, 13, 12, 12, 11, 10, 9, 9, 8, 8, 7, 7, 6), - ); - - let coefficients = mm256_castsi128_si256(lower_coefficients); - let coefficients = mm256_inserti128_si256::<1>(coefficients, upper_coefficients); - - let coefficients = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - let coefficients = mm256_srli_epi16::<6>(coefficients); - let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 10) - 1)); - - coefficients + #[inline(always)] + #[hax_lib::ensures(|coefficients| fstar!(r#" +forall (i: nat {i < 256}). + $coefficients i + = ( if i % 16 >= 10 then 0 + else let j = (i / 16) * 10 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 32))) +"#))] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_10_vec(lower_coefficients0: Vec128, upper_coefficients0: Vec128) -> Vec256 { + let lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, + mm_set_epi8(9, 8, 8, 7, 7, 6, 6, 5, 4, 3, 3, 2, 2, 1, 1, 0), + ); + let upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, + mm_set_epi8(15, 14, 14, 13, 13, 12, 12, 11, 10, 9, 9, 8, 8, 7, 7, 6), + ); + + let coefficients = mm256_si256_from_two_si128(lower_coefficients, upper_coefficients); + + let coefficients = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + 1 << 0, + 1 << 2, + 1 << 4, + 1 << 6, + ), + ); + let coefficients = mm256_srli_epi16::<6>(coefficients); + // Here I can prove this `and` is not useful + let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 10) - 1)); + hax_lib::fstar!( + r#" +assert_norm(BitVec.Utils.forall256 (fun i -> + $coefficients i + = ( if i % 16 < 10 + then let j = (i / 16) * 10 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 32) + else 0))) +"# + ); + coefficients + } + + let lower_coefficients = &bytes[0..16]; + let upper_coefficients = &bytes[4..20]; + deserialize_10_vec( + mm_loadu_si128(lower_coefficients), + mm_loadu_si128(upper_coefficients), + ) } #[inline(always)] @@ -759,43 +790,69 @@ pub(crate) fn serialize_12(vector: Vec256) -> [u8; 24] { } #[inline(always)] +#[hax_lib::requires(fstar!(r#"Seq.length bytes == 24"#))] +#[hax_lib::ensures(|result| fstar!(r#"forall (i: nat{i < 256}). + $result i = (if i % 16 >= 12 then 0 + else let j = (i / 16) * 12 + i % 16 in + bit_vec_of_int_t_array ($bytes <: t_Array _ (sz 24)) 8 j)"#))] pub(crate) fn deserialize_12(bytes: &[u8]) -> Vec256 { - let shift_lsbs_to_msbs = mm256_set_epi16( - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - 1 << 0, - 1 << 4, - ); - + #[inline(always)] + #[hax_lib::ensures(|coefficients| fstar!(r#" +forall (i: nat {i < 256}). + $coefficients i + = ( if i % 16 >= 12 then 0 + else let j = (i / 16) * 12 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 64))) +"#))] + #[hax_lib::fstar::before(r#"[@@"opaque_to_smt"]"#)] + fn deserialize_12_vec(lower_coefficients0: Vec128, upper_coefficients0: Vec128) -> Vec256 { + let lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, + mm_set_epi8(11, 10, 10, 9, 8, 7, 7, 6, 5, 4, 4, 3, 2, 1, 1, 0), + ); + let upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, + mm_set_epi8(15, 14, 14, 13, 12, 11, 11, 10, 9, 8, 8, 7, 6, 5, 5, 4), + ); + + let coefficients = mm256_si256_from_two_si128(lower_coefficients, upper_coefficients); + + let coefficients = mm256_mullo_epi16( + coefficients, + mm256_set_epi16( + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + 1 << 0, + 1 << 4, + ), + ); + let coefficients = mm256_srli_epi16::<4>(coefficients); + let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 12) - 1)); + hax_lib::fstar!( + r#" +assert_norm(BitVec.Utils.forall256 (fun i -> + $coefficients i + = ( if i % 16 < 12 + then let j = (i / 16) * 12 + i % 16 in + if i < 128 then $lower_coefficients0 j else $upper_coefficients0 (j - 64) + else 0))) +"# + ); + coefficients + } let lower_coefficients = mm_loadu_si128(&bytes[0..16]); - let lower_coefficients = mm_shuffle_epi8( - lower_coefficients, - mm_set_epi8(11, 10, 10, 9, 8, 7, 7, 6, 5, 4, 4, 3, 2, 1, 1, 0), - ); let upper_coefficients = mm_loadu_si128(&bytes[8..24]); - let upper_coefficients = mm_shuffle_epi8( - upper_coefficients, - mm_set_epi8(15, 14, 14, 13, 12, 11, 11, 10, 9, 8, 8, 7, 6, 5, 5, 4), - ); - - let coefficients = mm256_castsi128_si256(lower_coefficients); - let coefficients = mm256_inserti128_si256::<1>(coefficients, upper_coefficients); - - let coefficients = mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - let coefficients = mm256_srli_epi16::<4>(coefficients); - let coefficients = mm256_and_si256(coefficients, mm256_set1_epi16((1 << 12) - 1)); - - coefficients + deserialize_12_vec(lower_coefficients, upper_coefficients) } From 2de5cca5ba4c18b8763e29bb49c0a777b3e441b9 Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 25 Sep 2024 16:02:05 +0000 Subject: [PATCH 326/348] Update ind_cpa and matrix --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 70 ++++++++++--------- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 34 +++++++-- .../extraction/Libcrux_ml_kem.Matrix.fsti | 10 ++- libcrux-ml-kem/src/ind_cpa.rs | 20 +++++- libcrux-ml-kem/src/matrix.rs | 10 ++- 5 files changed, 97 insertions(+), 47 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 61940c321..d10041393 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -421,49 +421,51 @@ let serialize_secret_key let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let out:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Folds.fold_enumerated_slice key - (fun out temp_1_ -> + (fun out i -> let out:t_Array u8 v_OUT_LEN = out in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key (v i))) out (fun out temp_1_ -> let out:t_Array u8 v_OUT_LEN = out in let i, re:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = temp_1_ in - Rust_primitives.Hax.Monomorphized_update_at.update_at_range out - ({ - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize - } - <: - Core.Ops.Range.t_Range usize) - (Core.Slice.impl__copy_from_slice #u8 - (out.[ { - Core.Ops.Range.f_start - = - i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; - Core.Ops.Range.f_end - = - (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + let out:t_Array u8 v_OUT_LEN = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range out + ({ + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (out.[ { + Core.Ops.Range.f_start + = + i *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT <: usize; + Core.Ops.Range.f_end + = + (i +! sz 1 <: usize) *! Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT + <: + usize + } <: - usize - } + Core.Ops.Range.t_Range usize ] <: - Core.Ops.Range.t_Range usize ] - <: - t_Slice u8) - (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re - <: - t_Slice u8) - <: - t_Slice u8) - <: - t_Array u8 v_OUT_LEN) + t_Slice u8) + (Libcrux_ml_kem.Serialize.serialize_uncompressed_ring_element #v_Vector re + <: + t_Slice u8) + <: + t_Slice u8) + in + out) in let result:t_Array u8 v_OUT_LEN = out in let _:Prims.unit = admit () (* Panic freedom *) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index 3cfd73dbb..34b5b8ade 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -143,7 +143,11 @@ val serialize_secret_key {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (key: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) : Prims.Pure (t_Array u8 v_OUT_LEN) - (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K) + (requires + Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE v_K /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index key i))) (ensures fun res -> let res:t_Array u8 v_OUT_LEN = res in @@ -163,7 +167,10 @@ val serialize_public_key_mut (requires Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i))) (ensures fun serialized_future -> let serialized_future:t_Array u8 v_PUBLIC_KEY_SIZE = serialized_future in @@ -183,7 +190,10 @@ val serialize_public_key (requires Spec.MLKEM.is_rank v_K /\ v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32 /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index tt_as_ntt i))) (ensures fun res -> let res:t_Array u8 v_PUBLIC_KEY_SIZE = res in @@ -379,7 +389,23 @@ val generate_keypair_unpacked Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun temp_0_ -> + let private_key_future, public_key_future:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked + v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = + temp_0_ + in + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index private_key_future + .f_secret_as_ntt + i)) /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index public_key_future + .f_t_as_ntt + i))) val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index 6947cb795..0520e4a48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -54,7 +54,7 @@ val compute_ring_element_v let res_spec = to_spec_poly_t res in res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #v_K tt_spec r_spec) e2_spec) - m_spec)) + m_spec) /\ Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res) /// Compute u := InvertNTT(Aᵀ ◦ r\u{302}) + e₁ val compute_vector_u @@ -75,7 +75,10 @@ val compute_vector_u let e_spec = to_spec_vector_t error_1_ in let res_spec = to_spec_vector_t res in res_spec == - Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)) + Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index res i))) /// The following functions compute various expressions involving /// vectors and matrices. The computation of these expressions has been @@ -99,7 +102,8 @@ val compute_message let v_spec = to_spec_poly_t v in to_spec_poly_t res == Spec.MLKEM.(poly_sub v_spec - (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec)))) + (poly_inv_ntt (vector_dot_product_ntt #v_K secret_spec u_spec))) /\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range res) val sample_matrix_A (v_K: usize) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 73539b09a..1dcb0d4c1 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -64,7 +64,9 @@ use unpacked::*; #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - length $seed_for_a == sz 32"))] + length $seed_for_a == sz 32 /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))] #[hax_lib::ensures(|res| fstar!("$res == Seq.append (Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $t_as_ntt)) @@ -94,7 +96,9 @@ pub(crate) fn serialize_public_key< #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT $K /\\ $PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE $K /\\ - length $seed_for_a == sz 32"))] + length $seed_for_a == sz 32 /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $t_as_ntt i))"))] #[hax_lib::ensures(|res| fstar!("${serialized}_future == Seq.append (Spec.MLKEM.vector_encode_12 #$K @@ -124,7 +128,9 @@ pub(crate) fn serialize_public_key_mut< #[hax_lib::fstar::options("--z3rlimit 200")] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ - $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K"))] + $OUT_LEN == Spec.MLKEM.v_CPA_PRIVATE_KEY_SIZE $K /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key i))"))] #[hax_lib::ensures(|res| fstar!("$res == Spec.MLKEM.vector_encode_12 #$K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #$K #$:Vector $key)") @@ -136,6 +142,8 @@ pub(crate) fn serialize_secret_key + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $key (v $i))") }); out[i * BYTES_PER_RING_ELEMENT..(i + 1) * BYTES_PER_RING_ELEMENT] .copy_from_slice(&serialize_uncompressed_ring_element(&re)); } @@ -291,6 +299,12 @@ fn sample_vector_cbd_then_ntt_out< $ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA1 == Spec.MLKEM.v_ETA1 $K /\\ length $key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE"))] +#[hax_lib::ensures(|_| fstar!(" + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${private_key}_future.f_secret_as_ntt i)) /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index ${public_key}_future.f_t_as_ntt i)) +"))] pub(crate) fn generate_keypair_unpacked< const K: usize, const ETA1: usize, diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index fb15a7e99..881c86d4f 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -53,7 +53,8 @@ pub(crate) fn sample_matrix_A( v: &PolynomialRingElement, @@ -84,7 +85,8 @@ pub(crate) fn compute_message( let e2_spec = to_spec_poly_t $error_2 in let m_spec = to_spec_poly_t $message in let res_spec = to_spec_poly_t $res in - res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec)") + res_spec == Spec.MLKEM.(poly_add (poly_add (vector_dot_product_ntt #$K tt_spec r_spec) e2_spec) m_spec) /\\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range $res") )] pub(crate) fn compute_ring_element_v( t_as_ntt: &[PolynomialRingElement; K], @@ -115,7 +117,9 @@ pub(crate) fn compute_ring_element_v( let r_spec = to_spec_vector_t $r_as_ntt in let e_spec = to_spec_vector_t $error_1 in let res_spec = to_spec_vector_t $res in - res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec)") + res_spec == Spec.MLKEM.(vector_add (vector_inv_ntt (matrix_vector_mul_ntt a_spec r_spec)) e_spec) /\\ + (forall (i:nat). i < v $K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index $res i))") )] pub(crate) fn compute_vector_u( a_as_ntt: &[[PolynomialRingElement; K]; K], From 772653d17c2e324ae37ff2c021cd6756e2978b5c Mon Sep 17 00:00:00 2001 From: mamonet Date: Wed, 25 Sep 2024 16:39:14 +0000 Subject: [PATCH 327/348] Update serialize.rs --- .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst | 6 +++++- .../proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti | 7 ++++++- libcrux-ml-kem/src/serialize.rs | 5 +++++ 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index 3d92db16f..3d527ad48 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -820,7 +820,11 @@ let deserialize_ring_elements_reduced_out let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = deserialize_ring_elements_reduced v_K #v_Vector public_key deserialized_pk in - deserialized_pk + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialized_pk + in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_to_uncompressed_ring_element (#v_Vector: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 2d1d64184..129fd3ced 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -212,7 +212,12 @@ val deserialize_ring_elements_reduced_out (requires Spec.MLKEM.is_rank v_K /\ Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + result + in + forall (i: nat). i < v v_K ==> coefficients_field_modulus_range (Seq.index result i)) val deserialize_to_uncompressed_ring_element (#v_Vector: Type0) diff --git a/libcrux-ml-kem/src/serialize.rs b/libcrux-ml-kem/src/serialize.rs index c8aa0a6f1..9e059baf7 100644 --- a/libcrux-ml-kem/src/serialize.rs +++ b/libcrux-ml-kem/src/serialize.rs @@ -135,10 +135,15 @@ fn deserialize_to_reduced_ring_element( /// /// This function MUST NOT be used on secret inputs. #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::requires( fstar!("Spec.MLKEM.is_rank v_K /\\ Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)") )] +#[hax_lib::ensures(|result| + fstar!("forall (i:nat). i < v $K ==> + coefficients_field_modulus_range (Seq.index $result i)") +)] pub(super) fn deserialize_ring_elements_reduced_out< const K: usize, Vector: Operations, From 096b016abae8cc59e1a2bccea1dec27d2e8852d9 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 25 Sep 2024 18:39:43 +0200 Subject: [PATCH 328/348] progress --- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 148 +++--------------- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 18 ++- libcrux-ml-kem/src/vector/avx2/serialize.rs | 86 +++------- 3 files changed, 56 insertions(+), 196 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 17a177cf7..f092e34e3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -80,6 +80,8 @@ let deserialize_4_ (bytes: t_Slice u8) = (bytes.[ sz 6 ] <: u8) (bytes.[ sz 7 ] <: u8) +#push-options "--ext context_pruning --compat_pre_core 0" + let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lsb_to_msb:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_slli_epi16 15l vector @@ -93,6 +95,16 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let msbs:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm_packs_epi16 low_msbs high_msbs in + let _:Prims.unit = + let bits_packed' = BitVec.Intrinsics.mm_movemask_epi8_bv msbs in + FStar.Tactics.Effect.assert_by_tactic (forall (i: nat{i < 16}). + bits_packed' i = vector ((i / 1) * 16 + i % 1)) + (fun _ -> + (); + (Tactics.Utils.prove_forall_nat_pointwise (fun _ -> + Tactics.compute (); + Tactics.smt_sync ()))) + in let bits_packed:i32 = Libcrux_intrinsics.Avx2_extract.mm_movemask_epi8 msbs in let result:t_Array u8 (sz 2) = let list = [cast (bits_packed <: i32) <: u8; cast (bits_packed >>! 8l <: i32) <: u8] in @@ -100,55 +112,12 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Rust_primitives.Hax.array_of_list 2 list in let _:Prims.unit = - let bv = bit_vec_of_int_t_array result 8 in - FStar.Tactics.Effect.assert_by_tactic (forall (i: nat{i < 16}). bv i == vector (i * 16)) - (fun _ -> - (); - (let open FStar.Tactics in - let open Tactics.Utils in - prove_forall_nat_pointwise (print_time "SMT query succeeded in " - (fun _ -> - let light_norm () = - norm [ - iota; - primops; - delta_only [ - `%cast; - `%cast_tc_integers; - `%bit_vec_of_int_t_array; - `%Rust_primitives.Hax.array_of_list; - `%FunctionalExtensionality.on; - `%bits; - `%Lib.IntTypes.bits - ] - ] - in - light_norm (); - Tactics.Seq.norm_index (); - let _ = - repeatn 3 - (fun _ -> - l_to_r [ - `BitVec.Utils.rw_get_bit_cast; - `bit_vec_to_int_t_lemma; - `BitVec.Utils.rw_get_bit_shr - ]; - light_norm (); - (let open Tactics.MachineInts in transform norm_machine_int_term); - norm [ - primops; - iota; - zeta_full; - delta_only [`%BitVec.Intrinsics.mm_movemask_epi8] - ]) - in - norm [primops; iota; zeta_full; delta_namespace ["BitVec"; "FStar"]]; - smt_sync (); - smt ())))) + assert (forall (i: nat{i < 8}). + get_bit (bits_packed >>! 8l <: i32) (sz i) == get_bit bits_packed (sz (i + 8))) in result -#restart-solver +#pop-options #push-options "--ext context_pruning" @@ -218,6 +187,7 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in + let _:Prims.unit = admit () in Core.Result.impl__unwrap #(t_Array u8 (sz 20)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) @@ -231,6 +201,8 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 20)) Core.Array.t_TryFromSliceError) +#pop-options + let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -397,12 +369,7 @@ let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < - (); - (let open FStar.Tactics in - let open Tactics.Utils in - norm [ - primops; - iota; - zeta; - delta_namespace [ - `%BitVec.Intrinsics.mm256_shuffle_epi8; - `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; - `%BitVec.Intrinsics.mm256_madd_epi16; - `%BitVec.Intrinsics.mm256_castsi256_si128; - "BitVec.Utils" - ] - ]; - prove_forall_nat_pointwise (print_time "SMT query succeeded in " - (fun _ -> - let reduce t = - norm [ - primops; - iota; - zeta_full; - delta_namespace [ - "FStar.FunctionalExtensionality"; - t; - `%BitVec.Utils.mk_bv; - `%( + ); - `%op_Subtraction; - `%( / ); - `%( * ); - `%( % ) - ] - ]; - norm [ - primops; - iota; - zeta_full; - delta_namespace [ - "FStar.List.Tot"; - `%( + ); - `%op_Subtraction; - `%( / ); - `%( * ); - `%( % ) - ] - ] - in - reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); - reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); - reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); - grewrite (quote - (BitVec.Intrinsics.forall_bool #256 - (fun i -> i % 16 < 4 || op_Equality #int (vector i) 0))) - (`true); - flip (); - smt (); - reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); - trivial ())))) - in + assert_norm (BitVec.Utils.forall64 (fun i -> combined i = vector ((i / 4) * 16 + i % 4))); let serialized:t_Array u8 (sz 16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized combined in @@ -562,22 +467,13 @@ let deserialize_10_ (bytes: t_Slice u8) = <: Core.Ops.Range.t_Range usize ] in - let coefficients = deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients + deserialize_10___deserialize_10_vec (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 lower_coefficients <: Libcrux_intrinsics.Avx2_extract.t_Vec128) (Libcrux_intrinsics.Avx2_extract.mm_loadu_si128 upper_coefficients <: - Libcrux_intrinsics.Avx2_extract.t_Vec128) in - coefficients - - // assert ( - // forall (i: nat{i < 256}). - // coefficients i = - // (if i % 16 >= 10 then 0 - // elsex - // let j = (i / 16) * 10 + i % 16 in - // if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32))) + Libcrux_intrinsics.Avx2_extract.t_Vec128) [@@"opaque_to_smt"] let deserialize_12___deserialize_12_vec diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index f6c579f7a..47d08661d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -112,7 +112,12 @@ val deserialize_4_ (bytes: t_Slice u8) include BitVec.Intrinsics {mm256_concat_pairs_n} val serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 2)) + (requires forall i. i % 16 >= 1 ==> vector i == 0) + (ensures + fun result -> + let result:t_Array u8 (sz 2) = result in + forall i. bit_vec_of_int_t_array result 8 i == vector (i * 16)) val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 20)) @@ -144,7 +149,8 @@ val deserialize_10___deserialize_10_vec let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in forall (i: nat{i < 256}). coefficients i = - (if i % 16 >= 10 then 0 + (if i % 16 >= 10 + then 0 else let j = (i / 16) * 10 + i % 16 in if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 32))) @@ -172,9 +178,11 @@ val deserialize_12___deserialize_12_vec let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = coefficients in forall (i: nat{i < 256}). coefficients i = - (if i % 16 >= 12 then 0 - else let j = (i / 16) * 12 + i % 16 in - if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 64))) + (if i % 16 >= 12 + then 0 + else + let j = (i / 16) * 12 + i % 16 in + if i < 128 then lower_coefficients0 j else upper_coefficients0 (j - 64))) val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 25384cb65..0207be3fc 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -2,6 +2,9 @@ use super::*; use crate::vector::portable::PortableVector; #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning --compat_pre_core 0")] +#[hax_lib::requires(fstar!("forall i. i % 16 >= 1 ==> vector i == 0"))] +#[hax_lib::ensures(|result| fstar!("forall i. bit_vec_of_int_t_array $result 8 i == $vector (i * 16)"))] pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // Suppose |vector| is laid out as follows (superscript number indicates the // corresponding bit is duplicated that many times): @@ -43,6 +46,19 @@ pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { // 0xFF 0x00 0x00 0x00 | 0xFF 0x00 0x00 0x00 | 0x00 0x00 0x00 0x00 | 0x00 0x00 0x00 0xFF let msbs = mm_packs_epi16(low_msbs, high_msbs); + hax_lib::fstar!( + r#" +let bits_packed' = BitVec.Intrinsics.mm_movemask_epi8_bv msbs in + assert (forall (i: nat{i < 16}). bits_packed' i = $vector ((i / 1) * 16 + i % 1)) + by ( + Tactics.Utils.prove_forall_nat_pointwise (fun _ -> + Tactics.compute (); + Tactics.smt_sync () + ) + ) +"# + ); + // Now that every element is either 0xFF or 0x00, we just extract the most // significant bit from each element and collate them into two bytes. let bits_packed = mm_movemask_epi8(msbs); @@ -51,50 +67,7 @@ pub(crate) fn serialize_1(vector: Vec256) -> [u8; 2] { hax_lib::fstar!( r#" -let bv = bit_vec_of_int_t_array ${result} 8 in -assert (forall (i: nat {i < 16}). bv i == ${vector} (i * 16)) by ( - let open FStar.Tactics in - let open Tactics.Utils in - prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> - let light_norm () = - // get rid of indirections (array_of_list, funext, casts, etc.) - norm [ iota; primops - ; delta_only [ - `%cast; `%cast_tc_integers - ; `%bit_vec_of_int_t_array - ; `%Rust_primitives.Hax.array_of_list - ; `%FunctionalExtensionality.on - ; `%bits;`%Lib.IntTypes.bits - ] - ] in - light_norm (); - // normalize List.index / Seq.index when we have literals - Tactics.Seq.norm_index (); - // here, we need to take care of (1) the cast and (2) the shift - // (introduced in `list`) and (3) bv<->i16 indirection - // introduced by `bit_vec_to_int_t`. Thus, we repeat the tactic - // three times. It's basically the same thing. - let _ = repeatn 3 (fun _ -> - // Try to rewrite any subterm using the following three lemmas (corresponding to (1) (3) and (2)) - l_to_r[`BitVec.Utils.rw_get_bit_cast; `bit_vec_to_int_t_lemma; `BitVec.Utils.rw_get_bit_shr]; - // get rid of useless indirections - light_norm (); - // after using those lemmas, more mk_int and v appears, let's get rid of those - Tactics.MachineInts.(transform norm_machine_int_term); - // Special treatment for case (3) - norm [primops; iota; zeta_full; delta_only [ - `%BitVec.Intrinsics.mm_movemask_epi8; - ]] - ) in - // Now we normalize away all the FunExt / mk_bv terms - norm [primops; iota; zeta_full; delta_namespace ["BitVec"; "FStar"]]; - // Ask the SMT to solve now - // dump' "Goal:"; - smt_sync (); - // dump' "Success"; - smt () - )) -) +assert (forall (i: nat {i < 8}). get_bit ($bits_packed >>! 8l <: i32) (sz i) == get_bit $bits_packed (sz (i + 8))) "# ); @@ -205,6 +178,7 @@ fn mm256_concat_pairs_n(n: u8, x: Vec256) -> Vec256 { ) )] #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning")] pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { let mut serialized = [0u8; 16]; @@ -216,27 +190,7 @@ pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { // as follows: // // 0x00_00_00_BA 0x00_00_00_DC | 0x00_00_00_FE 0x00_00_00_HG | ... - let adjacent_2_combined = mm256_madd_epi16( - vector, - mm256_set_epi16( - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - 1 << 4, - 1, - ), - ); + let adjacent_2_combined = mm256_concat_pairs_n(4, vector); // Recall that |adjacent_2_combined| goes as follows: // @@ -576,6 +530,7 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning")] #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))] #[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i/10) * 16 + i%10)"))] pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { @@ -651,6 +606,7 @@ pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { ); mm_storeu_bytes_si128(&mut serialized[10..26], upper_8); + hax_lib::fstar!("admit()"); serialized[0..20].try_into().unwrap() } From 99cef83208c2c336b209210c34b231bd37eba387 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Wed, 25 Sep 2024 19:30:59 +0200 Subject: [PATCH 329/348] progress --- fstar-helpers/fstar-bitvec/BitVec.Utils.fst | 8 +++ .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 37 +++++++++++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 7 ++- libcrux-ml-kem/src/vector/avx2/serialize.rs | 49 ++++--------------- 4 files changed, 53 insertions(+), 48 deletions(-) diff --git a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst index d5fc1de31..3d2d19c98 100644 --- a/fstar-helpers/fstar-bitvec/BitVec.Utils.fst +++ b/fstar-helpers/fstar-bitvec/BitVec.Utils.fst @@ -57,3 +57,11 @@ let forall256: forall_sig 256 = fun pred -> forall128 pred && forall128 (fun i - #pop-options let forall_n (n:nat{n <= 256}): forall_sig n = fun pred -> forall256 (fun i -> if i < n then pred i else true) + +let bit_vec_to_int_t_lemma + #t (d: num_bits t) (bv: bit_vec d) + i + : Lemma (get_bit (bit_vec_to_int_t d bv) (sz i) == bv i) + [SMTPat (get_bit (bit_vec_to_int_t d bv) (sz i))] + = bit_vec_to_int_t_lemma d bv i + diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index f092e34e3..e887f5ffe 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -119,7 +119,7 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options -#push-options "--ext context_pruning" +#push-options "--ext context_pruning --split_queries always --z3rlimit 300" let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in @@ -166,10 +166,6 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined in - let _:Prims.unit = - assert_norm (BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ((i / 10) * 16 + i % 10)) && - BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))) - in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } @@ -187,7 +183,24 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - let _:Prims.unit = admit () in + assert (forall (i: nat{i < 80}). lower_8_ i == bit_vec_of_int_t_array serialized 8 i); + assert (forall (i: nat{i < 80}). upper_8_ i == bit_vec_of_int_t_array serialized 8 (80 + i)); + introduce forall (i: nat {i < 80}). lower_8_ i = vector ((i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ((i / 10) * 16 + i % 10))); + introduce forall (i: nat {i < 160}). i >= 80 ==> upper_8_ (i - 80) = vector ((i / 10) * 16 + i % 10) + with + introduce forall (i: nat {i < 80}). upper_8_ i = vector (128 + (i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))); + assert (forall (i: nat{i < 160}). + bit_vec_of_int_t_array serialized 8 i == (if i < 80 then lower_8_ i else upper_8_ (i - 80)) + ); + // forall (i: nat{i < 160}). + // bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10) + assert (forall (i: nat{i < 160}). + bit_vec_of_int_t_array serialized 8 i == vector ((i / 10) * 16 + i % 10) + ); + admit () + admit (); Core.Result.impl__unwrap #(t_Array u8 (sz 20)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) @@ -366,6 +379,8 @@ let serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 10)) Core.Array.t_TryFromSliceError) +#push-options "--ext context_pruning --split_queries always" + let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 16) = Rust_primitives.Hax.repeat 0uy (sz 16) in let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -388,10 +403,16 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let combined:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 combined in - assert_norm (BitVec.Utils.forall64 (fun i -> combined i = vector ((i / 4) * 16 + i % 4))); let serialized:t_Array u8 (sz 16) = Libcrux_intrinsics.Avx2_extract.mm_storeu_bytes_si128 serialized combined in + let _:Prims.unit = + assert (forall (i: nat{i < 64}). combined i == bit_vec_of_int_t_array serialized 8 i); + introduce forall (i: nat{i < 64}) . combined i = vector ((i / 4) * 16 + i % 4) + with assert_norm (BitVec.Utils.forall64 (fun i -> combined i = vector ((i / 4) * 16 + i % 4))); + assert (forall (i: nat{i < 64}). + bit_vec_of_int_t_array serialized 8 i == vector ((i / 4) * 16 + i % 4)) + in Core.Result.impl__unwrap #(t_Array u8 (sz 8)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) @@ -405,6 +426,8 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: Core.Result.t_Result (t_Array u8 (sz 8)) Core.Array.t_TryFromSliceError) +#pop-options + [@@"opaque_to_smt"] let deserialize_10___deserialize_10_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 47d08661d..4fb38cf2f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -135,8 +135,11 @@ val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) val serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 8)) - (requires BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || vector i = 0)) - (fun _ -> Prims.l_True) + (requires forall (i: nat{i < 256}). i % 16 < 4 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (sz 8) = r in + forall (i: nat{i < 64}). bit_vec_of_int_t_array r 8 i == vector ((i / 4) * 16 + i % 4)) include BitVec.Intrinsics {mm256_si256_from_two_si128 as mm256_si256_from_two_si128} diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 0207be3fc..6cb724263 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -172,13 +172,14 @@ fn mm256_concat_pairs_n(n: u8, x: Vec256) -> Vec256 { ) } +#[hax_lib::fstar::options("--ext context_pruning --split_queries always")] #[hax_lib::requires( fstar!( - r#"BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || vector i = 0)"# + r#"forall (i: nat{i < 256}). i % 16 < 4 || $vector i = 0"# ) )] +#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 64}). bit_vec_of_int_t_array $r 8 i == $vector ((i/4) * 16 + i%4)"))] #[inline(always)] -#[hax_lib::fstar::options("--ext context_pruning")] pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { let mut serialized = [0u8; 16]; @@ -215,48 +216,18 @@ pub(crate) fn serialize_4(vector: Vec256) -> [u8; 8] { mm256_permutevar8x32_epi32(adjacent_8_combined, mm256_set_epi32(0, 0, 0, 0, 0, 0, 4, 0)); let combined = mm256_castsi256_si128(combined); + // ... so that we can read them out in one go. + mm_storeu_bytes_si128(&mut serialized, combined); + hax_lib::fstar!( r#" -assert (forall (i: nat {i < 64}). - ${combined} i == ${vector} ((i / 4) * 16 + i % 4) -) by ( - let open FStar.Tactics in - let open Tactics.Utils in - // unfold wrappers - norm [primops; iota; zeta; delta_namespace [ - `%BitVec.Intrinsics.mm256_shuffle_epi8; - `%BitVec.Intrinsics.mm256_permutevar8x32_epi32; - `%BitVec.Intrinsics.mm256_madd_epi16; - `%BitVec.Intrinsics.mm256_castsi256_si128; - "BitVec.Utils"; - ]]; - prove_forall_nat_pointwise (print_time "SMT query succeeded in " (fun _ -> - let reduce t = - norm [primops; iota; zeta_full; delta_namespace [ - "FStar.FunctionalExtensionality"; - t; - `%BitVec.Utils.mk_bv; - `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) - ]]; - norm [primops; iota; zeta_full; delta_namespace [ - "FStar.List.Tot"; `%( + ); `%op_Subtraction; `%( / ); `%( * ); `%( % ) - ]] - in - reduce (`%BitVec.Intrinsics.mm256_permutevar8x32_epi32_i32); - reduce (`%BitVec.Intrinsics.mm256_shuffle_epi8_i8); - reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized); - grewrite (quote (BitVec.Intrinsics.forall_bool #256 (fun i -> i % 16 < 4 || op_Equality #int (${vector} i) 0))) (`true); - flip (); smt (); - reduce (`%BitVec.Intrinsics.mm256_madd_epi16_specialized'); - trivial () - )) -) +assert (forall (i: nat{i < 64}). $combined i == bit_vec_of_int_t_array serialized 8 i); + introduce forall (i: nat {i < 64}). $combined i = vector ((i / 4) * 16 + i % 4) + with assert_norm (BitVec.Utils.forall64 (fun i -> $combined i = $vector ((i / 4) * 16 + i % 4))); + assert (forall (i: nat{i < 64}). bit_vec_of_int_t_array serialized 8 i == $vector ((i / 4) * 16 + i % 4)) "# ); - // ... so that we can read them out in one go. - mm_storeu_bytes_si128(&mut serialized, combined); - serialized[0..8].try_into().unwrap() } From 89cc0d57afcaa654ba29bf5a8ad2b48414de5b6d Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Thu, 26 Sep 2024 11:05:35 +0200 Subject: [PATCH 330/348] wip --- Cargo.lock | 10 +++++----- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst | 2 ++ ...ux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 2 ++ ...rux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst | 2 ++ ...ux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 2 ++ ...ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst | 2 ++ ...l_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti | 2 ++ .../Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst | 2 ++ ...Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti | 2 ++ .../Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst | 1 + .../Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti | 1 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 1 + 35 files changed, 51 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e09691d28..1384219f6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -702,7 +702,7 @@ dependencies = [ [[package]] name = "hax-lib" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" +source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72" dependencies = [ "hax-lib-macros", "num-bigint", @@ -712,7 +712,7 @@ dependencies = [ [[package]] name = "hax-lib-macros" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" +source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72" dependencies = [ "hax-lib-macros-types", "paste", @@ -725,7 +725,7 @@ dependencies = [ [[package]] name = "hax-lib-macros-types" version = "0.1.0-pre.1" -source = "git+https://github.com/hacspec/hax/?branch=main#c2093b4963099522c65f5cd42b96d6433afb0617" +source = "git+https://github.com/hacspec/hax/?branch=main#a3875a77e66411d3e4837851938a76819d78da72" dependencies = [ "proc-macro2", "quote", @@ -889,9 +889,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.158" +version = "0.2.159" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" +checksum = "561d97a539a36e26a9a5fad1ea11a3039a67714694aaa379433e580854bc3dc5" [[package]] name = "libcrux" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst index eb61caf4a..d1d2f4389 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti index 8bfe18d17..262eebc4e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.Unpacked.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index aa7ed17dd..c5f3a6c69 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index e9318afb7..2d0031d3b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst index 8efcffac2..930ccd9aa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti index 439a0aa0c..89e95e7d4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.Unpacked.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index c3b934ab1..dca261dd4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index cb0a837dd..e244a6ece 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst index 34e9c1232..a866771ed 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti index 104a43991..074e3d77e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.Unpacked.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Unpacked encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 0b6792e08..333f8fbbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let validate_private_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 38a2b4ebf..b62f5b8f2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable private key validation diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst index ffac6fd7d..f7f20bea3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti index 49c1dbd11..23a9ceb02 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst index d6f64c7c4..561f10648 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti index fcf1e160b..57a9fbcbf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst index 8f88b6c36..acfa9cb43 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti index 819b8ca9b..57f7005f1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst index f9b6fbea2..666bc08a2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti index 4587380a4..1751d34e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst index 66e80f606..a46c591a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti index 5e2097b02..8526e6637 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst index 663560c06..1cdaff422 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti index 50cd5de83..f4f9bd770 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst index b61a81021..9d4c2330b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti index 6a568c323..c337caec7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.Unpacked.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst index 34abe3ab9..4473ed5a3 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti index 69be1a61e..272b816b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.Unpacked.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Neon.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst index 4a0e3212a..f5ca7487b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fst @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let encapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti index b3944bd97..9a7f4ddd5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.Unpacked.fsti @@ -9,6 +9,7 @@ let _ = let open Libcrux_ml_kem.Ind_cca.Unpacked in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in () let _ = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 2ebd27fbd..cbcca6519 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (bytes: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 259bbee63..38500864f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (bytes: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 27e5827cd..5fddc0daa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (a: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti index 5e9cf2737..0edca8f25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (a: t_Slice u8) From c52ef6e0b82110820d1b0a0ba0c976c55d9dc5b8 Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 26 Sep 2024 15:05:22 +0200 Subject: [PATCH 331/348] progress --- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 2 + ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 2 + ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 2 + ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 2 + ...ml_kem.Ind_cca.Instantiations.Portable.fst | 2 + ...l_kem.Ind_cca.Instantiations.Portable.fsti | 2 + .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 66 +++++--- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 18 ++- .../Libcrux_ml_kem.Vector.Avx2.fsti | 21 +-- .../Libcrux_ml_kem.Vector.Neon.Serialize.fst | 1 + .../Libcrux_ml_kem.Vector.Neon.Serialize.fsti | 1 + .../proofs/fstar/extraction/Makefile | 1 - libcrux-ml-kem/src/vector/avx2.rs | 21 +-- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 73 +++++---- libcrux-ml-kem/src/vector/avx2/serialize.rs | 146 ++++++++++-------- 15 files changed, 221 insertions(+), 139 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index fef0d96bb..d20d346d7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Ind_cca in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () let decapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index 60d996386..a56b7409d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in let open Libcrux_ml_kem.Ind_cca in let open Libcrux_ml_kem.Vector.Avx2 in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable decapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 1b25322d3..2434aff97 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Ind_cca in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () let decapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index 72a311393..ebed5369f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in let open Libcrux_ml_kem.Ind_cca in let open Libcrux_ml_kem.Vector.Neon in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable decapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index bea8567f3..7e5da18eb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Ind_cca in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let decapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 6ba23785d..7dde62899 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -6,9 +6,11 @@ open FStar.Mul let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in let open Libcrux_ml_kem.Ind_cca in let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () /// Portable decapsulate diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index e887f5ffe..51a1a9da7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -7,9 +7,11 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () [@@"opaque_to_smt"] + let deserialize_1___deserialize_1_i16s (a b: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b b b b b b b b a a a a a a a a @@ -26,6 +28,7 @@ let deserialize_1___deserialize_1_i16s (a b: i16) = Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb [@@"opaque_to_smt"] + let deserialize_1___deserialize_1_u8s (a b: u8) = deserialize_1___deserialize_1_i16s (cast (a <: u8) <: i16) (cast (b <: u8) <: i16) @@ -35,6 +38,7 @@ let deserialize_1_ (bytes: t_Slice u8) = deserialize_1___deserialize_1_u8s (bytes.[ sz 0 ] <: u8) (bytes.[ sz 1 ] <: u8) [@@"opaque_to_smt"] + let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b7 b7 b6 b6 b5 b5 b4 b4 b3 b3 b2 b2 b1 b1 b0 b0 @@ -58,6 +62,7 @@ let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) = Libcrux_intrinsics.Avx2_extract.t_Vec256) [@@"opaque_to_smt"] + let deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) = deserialize_4___deserialize_4_i16s (cast (b0 <: u8) <: i16) (cast (b1 <: u8) <: i16) @@ -119,10 +124,9 @@ let serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options -#push-options "--ext context_pruning --split_queries always --z3rlimit 300" +#push-options "--ext context_pruning --split_queries always" -let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = - let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in +let serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = mm256_concat_pairs_n 10uy vector in @@ -146,6 +150,31 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lower_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_8_combined in + let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined + in + let _:Prims.unit = + introduce forall (i: nat{i < 80}) . lower_8_ i = vector ((i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 + (fun i -> lower_8_ i = vector ((i / 10) * 16 + i % 10))); + introduce forall (i: nat{i < 80}) . upper_8_ i = vector (128 + (i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 + (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))) + in + lower_8_, upper_8_ + <: + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + +#pop-options + +#push-options "--ext context_pruning --split_queries always" + +let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + serialize_10___serialize_10_vec vector + in + let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 16 } @@ -163,9 +192,6 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = - Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined - in let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 10; Core.Ops.Range.f_end = sz 26 } @@ -183,24 +209,6 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: t_Slice u8) in - assert (forall (i: nat{i < 80}). lower_8_ i == bit_vec_of_int_t_array serialized 8 i); - assert (forall (i: nat{i < 80}). upper_8_ i == bit_vec_of_int_t_array serialized 8 (80 + i)); - introduce forall (i: nat {i < 80}). lower_8_ i = vector ((i / 10) * 16 + i % 10) - with assert_norm (BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ((i / 10) * 16 + i % 10))); - introduce forall (i: nat {i < 160}). i >= 80 ==> upper_8_ (i - 80) = vector ((i / 10) * 16 + i % 10) - with - introduce forall (i: nat {i < 80}). upper_8_ i = vector (128 + (i / 10) * 16 + i % 10) - with assert_norm (BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))); - assert (forall (i: nat{i < 160}). - bit_vec_of_int_t_array serialized 8 i == (if i < 80 then lower_8_ i else upper_8_ (i - 80)) - ); - // forall (i: nat{i < 160}). - // bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10) - assert (forall (i: nat{i < 160}). - bit_vec_of_int_t_array serialized 8 i == vector ((i / 10) * 16 + i % 10) - ); - admit () - admit (); Core.Result.impl__unwrap #(t_Array u8 (sz 20)) #Core.Array.t_TryFromSliceError (Core.Convert.f_try_into #(t_Slice u8) @@ -429,6 +437,7 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options [@@"opaque_to_smt"] + let deserialize_10___deserialize_10_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) = @@ -499,6 +508,7 @@ let deserialize_10_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec128) [@@"opaque_to_smt"] + let deserialize_12___deserialize_12_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) = @@ -602,6 +612,8 @@ let deserialize_5_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 11l coefficients +#push-options "--admit_smt_queries true" + let deserialize_11_ (bytes: t_Slice u8) = let output:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Traits.f_deserialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -615,6 +627,10 @@ let deserialize_11_ (bytes: t_Slice u8) = in Libcrux_intrinsics.Avx2_extract.mm256_loadu_si256_i16 (array <: t_Slice i16) +#pop-options + +#push-options "--admit_smt_queries true" + let serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let array:t_Array i16 (sz 16) = Rust_primitives.Hax.repeat 0s (sz 16) in let array:t_Array i16 (sz 16) = @@ -628,3 +644,5 @@ let serialize_11_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = Libcrux_ml_kem.Vector.Traits.f_serialize_11_ #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector #FStar.Tactics.Typeclasses.solve input + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti index 4fb38cf2f..c71e3d37b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1___deserialize_1_i16s (a b: i16) @@ -119,6 +120,19 @@ val serialize_1_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) let result:t_Array u8 (sz 2) = result in forall i. bit_vec_of_int_t_array result 8 i == vector (i * 16)) +val serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) + : Prims.Pure + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) + (ensures + fun temp_0_ -> + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + temp_0_ + in + forall (i: nat{i < 160}). + vector ((i / 10) * 16 + i % 10) == (if i < 80 then lower_8_ i else upper_8_ (i - 80))) + val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 20)) (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) @@ -202,7 +216,9 @@ val deserialize_12_ (bytes: t_Slice u8) bit_vec_of_int_t_array (bytes <: t_Array _ (sz 24)) 8 j)) val deserialize_5_ (bytes: t_Slice u8) - : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 + (requires Seq.length bytes == 10) + (fun _ -> Prims.l_True) val deserialize_11_ (bytes: t_Slice u8) : Prims.Pure Libcrux_intrinsics.Avx2_extract.t_Vec256 Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 9c2b8909f..0596f5482 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -10,7 +10,6 @@ let _ = () noeq - type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 } let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements @@ -173,6 +172,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_cond_subtract_3329_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Arithmetic.cond_subtract_3329_ vector.f_elements } <: t_SIMD256Vector); @@ -273,6 +273,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -292,6 +293,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_2_step vector.f_elements zeta0 zeta1 } @@ -309,6 +311,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.ntt_layer_3_step vector.f_elements zeta } <: t_SIMD256Vector); @@ -332,6 +335,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_1_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) (zeta2: i16) (zeta3: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -355,6 +359,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_2_step = (fun (vector: t_SIMD256Vector) (zeta0: i16) (zeta1: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -373,6 +378,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_inv_ntt_layer_3_step = (fun (vector: t_SIMD256Vector) (zeta: i16) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Ntt.inv_ntt_layer_3_step vector.f_elements zeta } <: t_SIMD256Vector); @@ -412,6 +418,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = (zeta2: i16) (zeta3: i16) -> + let _:Prims.unit = admit () in { f_elements = @@ -435,7 +442,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in + admit (); Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); f_deserialize_1_pre = @@ -447,7 +454,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_1_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in + admit (); { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); @@ -462,7 +469,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_4_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_4_ vector.f_elements); f_deserialize_4_pre = @@ -474,7 +480,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_4_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_4_ bytes } <: t_SIMD256Vector); @@ -483,6 +488,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_5_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_5_ vector.f_elements); f_deserialize_5_pre = @@ -491,6 +497,7 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_5_ = (fun (bytes: t_Slice u8) -> + let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_5_ bytes } <: t_SIMD256Vector); @@ -505,7 +512,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_10_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_10_ vector.f_elements); f_deserialize_10_pre = @@ -517,7 +523,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_10_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_10_ bytes } <: t_SIMD256Vector); @@ -548,7 +553,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_12_ = (fun (vector: t_SIMD256Vector) -> - let _:Prims.unit = admit () in Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_12_ vector.f_elements); f_deserialize_12_pre = @@ -560,7 +564,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_12_ = (fun (bytes: t_Slice u8) -> - let _:Prims.unit = admit () in { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_12_ bytes } <: t_SIMD256Vector); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst index 27e5827cd..5fddc0daa 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fst @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () let deserialize_1_ (a: t_Slice u8) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti index 5e9cf2737..0edca8f25 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Neon.Serialize.fsti @@ -7,6 +7,7 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Vector.Portable in + let open Libcrux_ml_kem.Vector.Traits in () val deserialize_1_ (a: t_Slice u8) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 28ef09d36..463318ece 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,5 +1,4 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst -SLOW_MODULES += Libcrux_ml_kem.Vector.Avx2.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ Libcrux_ml_kem.Invert_ntt.fst \ diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 2649ab808..9482fdaff 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -8,7 +8,7 @@ mod sampling; mod serialize; #[derive(Clone, Copy)] -#[hax_lib::fstar::before(interface,"noeq")] +#[hax_lib::fstar::before(interface, "noeq")] #[hax_lib::fstar::after(interface,"let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements")] pub struct SIMD256Vector { elements: Vec256, @@ -23,7 +23,6 @@ fn vec_zero() -> SIMD256Vector { } } - #[inline(always)] #[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::ensures(|result| fstar!("${result} == repr ${v}"))] @@ -120,6 +119,7 @@ impl Operations for SIMD256Vector { #[requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (impl.f_repr $vector)"))] #[ensures(|out| fstar!("impl.f_repr out == Spec.Utils.map_array (fun x -> if x >=. 3329s then x -! 3329s else x) (impl.f_repr $vector)"))] fn cond_subtract_3329(vector: Self) -> Self { + hax_lib::fstar!("admit()"); Self { elements: arithmetic::cond_subtract_3329(vector.elements), } @@ -170,6 +170,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (impl.f_repr $out)"))] fn ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } @@ -179,6 +180,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (impl.f_repr $out)"))] fn ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_layer_2_step(vector.elements, zeta0, zeta1), } @@ -188,6 +190,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (11207+3*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (impl.f_repr $out)"))] fn ntt_layer_3_step(vector: Self, zeta: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_layer_3_step(vector.elements, zeta), } @@ -198,6 +201,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array (4*3328) (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_1_step(vector: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::inv_ntt_layer_1_step(vector.elements, zeta0, zeta1, zeta2, zeta3), } @@ -207,6 +211,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_2_step(vector: Self, zeta0: i16, zeta1: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::inv_ntt_layer_2_step(vector.elements, zeta0, zeta1), } @@ -216,6 +221,7 @@ impl Operations for SIMD256Vector { Spec.Utils.is_i16b_array 3328 (impl.f_repr ${vector})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn inv_ntt_layer_3_step(vector: Self, zeta: i16) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::inv_ntt_layer_3_step(vector.elements, zeta), } @@ -234,6 +240,7 @@ impl Operations for SIMD256Vector { zeta2: i16, zeta3: i16, ) -> Self { + hax_lib::fstar!("admit()"); Self { elements: ntt::ntt_multiply(lhs.elements, rhs.elements, zeta0, zeta1, zeta2, zeta3), } @@ -243,7 +250,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $vector) $out"))] fn serialize_1(vector: Self) -> [u8; 2] { - hax_lib::fstar!("admit()"); serialize::serialize_1(vector.elements) } @@ -251,7 +257,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $bytes (impl.f_repr $out)"))] fn deserialize_1(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_1(bytes), } @@ -261,7 +266,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $vector) $out"))] fn serialize_4(vector: Self) -> [u8; 8] { - hax_lib::fstar!("admit()"); serialize::serialize_4(vector.elements) } @@ -269,18 +273,19 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $bytes (impl.f_repr $out)"))] fn deserialize_4(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_4(bytes), } } fn serialize_5(vector: Self) -> [u8; 10] { + hax_lib::fstar!("admit()"); serialize::serialize_5(vector.elements) } #[requires(bytes.len() == 10)] fn deserialize_5(bytes: &[u8]) -> Self { + hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_5(bytes), } @@ -290,7 +295,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $vector) $out"))] fn serialize_10(vector: Self) -> [u8; 20] { - hax_lib::fstar!("admit()"); serialize::serialize_10(vector.elements) } @@ -298,7 +302,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $bytes (impl.f_repr $out)"))] fn deserialize_10(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_10(bytes), } @@ -319,7 +322,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $vector) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $vector) $out"))] fn serialize_12(vector: Self) -> [u8; 24] { - hax_lib::fstar!("admit()"); serialize::serialize_12(vector.elements) } @@ -327,7 +329,6 @@ impl Operations for SIMD256Vector { // Output name has be `out` https://github.com/hacspec/hax/issues/832 #[ensures(|out| fstar!("sz (Seq.length $bytes) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $bytes (impl.f_repr $out)"))] fn deserialize_12(bytes: &[u8]) -> Self { - hax_lib::fstar!("admit()"); Self { elements: serialize::deserialize_12(bytes), } diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 3dd5be929..11749144a 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -3,13 +3,15 @@ use crate::vector::{traits::INVERSE_OF_MODULUS_MOD_MONTGOMERY_R, FIELD_MODULUS}; use super::*; #[inline(always)] -#[hax_lib::fstar::before(interface,"open Libcrux_intrinsics.Avx2_extract")] -#[hax_lib::fstar::before(" +#[hax_lib::fstar::before(interface, "open Libcrux_intrinsics.Avx2_extract")] +#[hax_lib::fstar::before( + " let lemma_add_i (lhs rhs: t_Vec256) (i:nat): Lemma (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) + v (get_lane rhs i)))) (ensures (v (add_mod (get_lane lhs i) (get_lane rhs i)) == (v (get_lane lhs i) + v (get_lane rhs i)))) - [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] + [SMTPat (v (add_mod (get_lane lhs i) (get_lane rhs i)))] = ()" +)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) + v (get_lane $rhs i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> @@ -22,12 +24,14 @@ pub(crate) fn add(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::before(" +#[hax_lib::fstar::before( + " let lemma_sub_i (lhs rhs: t_Vec256) (i:nat): Lemma (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) - v (get_lane rhs i)))) (ensures (v (sub_mod (get_lane lhs i) (get_lane rhs i)) == (v (get_lane lhs i) - v (get_lane rhs i)))) - [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()")] + [SMTPat (v (sub_mod (get_lane lhs i) (get_lane rhs i)))] = ()" +)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $lhs i) - v (get_lane $rhs i))"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> @@ -40,12 +44,14 @@ pub(crate) fn sub(lhs: Vec256, rhs: Vec256) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::before(" +#[hax_lib::fstar::before( + " let lemma_mul_i (lhs: t_Vec256) (i:nat) (c:i16): Lemma (requires (i < 16 /\\ Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane lhs i) * v c))) (ensures (v (mul_mod (get_lane lhs i) c) == (v (get_lane lhs i) * v c))) - [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()")] + [SMTPat (v (mul_mod (get_lane lhs i) c))] = ()" +)] #[hax_lib::requires(fstar!("forall i. i < 16 ==> Spec.Utils.is_intb (pow2 15 - 1) (v (get_lane $vector i) * v constant)"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> @@ -55,7 +61,7 @@ pub(crate) fn multiply_by_constant(vector: Vec256, constant: i16) -> Vec256 { let result = mm256_mullo_epi16(vector, cv); hax_lib::fstar!("Seq.lemma_eq_intro (vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x *. $constant) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); - + hax_lib::fstar!("assert (forall i. get_lane result i == get_lane vector i *. constant); assert (forall i. v (get_lane vector i *. constant) == v (get_lane vector i) * v constant); assert (forall i. v (get_lane result i) == v (get_lane vector i) * v constant)"); @@ -77,12 +83,14 @@ pub(crate) fn bitwise_and_with_constant(vector: Vec256, constant: i16) -> Vec256 #[hax_lib::requires(SHIFT_BY >= 0 && SHIFT_BY < 16)] #[hax_lib::ensures(|result| fstar!("(v_SHIFT_BY >=. 0l /\\ v_SHIFT_BY <. 16l) ==> Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result == - Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] + Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] pub(crate) fn shift_right(vector: Vec256) -> Vec256 { let result = mm256_srai_epi16::<{ SHIFT_BY }>(vector); - hax_lib::fstar!("Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) + hax_lib::fstar!( + "Seq.lemma_eq_intro (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) (Spec.Utils.map_array (fun x -> x >>! ${SHIFT_BY}) - (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))"); + (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector))" + ); result } @@ -96,17 +104,21 @@ pub(crate) fn shift_right(vector: Vec256) -> Vec256 { #[hax_lib::requires(fstar!("Spec.Utils.is_i16b_array (pow2 12 - 1) (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $vector)"))] #[hax_lib::ensures(|result| fstar!("forall i. i < 16 ==> get_lane $result i == - (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))] + (if (get_lane $vector i) >=. 3329s then get_lane $vector i -! 3329s else get_lane $vector i)"))] pub(crate) fn cond_subtract_3329(vector: Vec256) -> Vec256 { let field_modulus = mm256_set1_epi16(FIELD_MODULUS); hax_lib::fstar!("assert (forall i. get_lane $field_modulus i == 3329s)"); // Compute v_i - Q and crate a mask from the sign bit of each of these // quantities. let v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); - hax_lib::fstar!("assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)"); + hax_lib::fstar!( + "assert (forall i. get_lane $v_minus_field_modulus i == get_lane $vector i -. 3329s)" + ); let sign_mask = mm256_srai_epi16::<15>(v_minus_field_modulus); - hax_lib::fstar!("assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))"); + hax_lib::fstar!( + "assert (forall i. get_lane $sign_mask i == (get_lane $v_minus_field_modulus i >>! 15l))" + ); // If v_i - Q < 0 then add back Q to (v_i - Q). let conditional_add_field_modulus = mm256_and_si256(sign_mask, field_modulus); @@ -136,10 +148,14 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { let t1 = mm256_add_epi16(t0, mm256_set1_epi16(512)); hax_lib::fstar!("assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"); let quotient = mm256_srai_epi16::<10>(t1); - hax_lib::fstar!("assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))"); + hax_lib::fstar!( + "assert (forall i. get_lane $quotient i == (((get_lane $t1 i) <: i16) >>! (10l <: i32)))" + ); let quotient_times_field_modulus = mm256_mullo_epi16(quotient, mm256_set1_epi16(FIELD_MODULUS)); - hax_lib::fstar!("assert (forall i. get_lane $quotient_times_field_modulus i == - get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)"); + hax_lib::fstar!( + "assert (forall i. get_lane $quotient_times_field_modulus i == + get_lane $quotient i *. Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS)" + ); let result = mm256_sub_epi16(vector, quotient_times_field_modulus); hax_lib::fstar!("assert (forall i. get_lane $result i == get_lane $vector i -. get_lane $quotient_times_field_modulus i); @@ -203,14 +219,16 @@ pub(crate) fn montgomery_multiply_by_constant(vector: Vec256, constant: i16) -> ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))")))] pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) -> Vec256 { let value_low = mm256_mullo_epi16(vec, constants); - hax_lib::fstar!("assert (forall i. get_lane $value_low i == get_lane $vec i *. get_lane $constants i)"); - + hax_lib::fstar!( + "assert (forall i. get_lane $value_low i == get_lane $vec i *. get_lane $constants i)" + ); + let k = mm256_mullo_epi16( value_low, mm256_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); hax_lib::fstar!("assert (forall i. get_lane $k i == get_lane $value_low i *. (neg 3327s))"); - + let modulus = mm256_set1_epi16(FIELD_MODULUS); hax_lib::fstar!("assert (forall i. get_lane $modulus i == 3329s)"); @@ -222,7 +240,6 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - assert (forall i. get_lane $k_times_modulus i == (cast (((cast (get_lane $k i) <: i32) *. (cast (get_lane $modulus i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm256_mulhi_epi16(vec, constants); hax_lib::fstar!("assert (forall i. get_lane $value_high i == (cast (((cast (get_lane $vec i) <: i32) *. (cast (get_lane $constants i) <: i32)) >>! 16l) <: i16))"); @@ -237,7 +254,7 @@ pub(crate) fn montgomery_multiply_by_constants(vec: Vec256, constants: Vec256) - assert (forall i. Spec.Utils.is_i16b 3328 (get_lane $result i)); assert (forall (i:nat). i < 16 ==> Spec.Utils.is_i16b 3328 (get_lane $result i)); assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 $result)); - assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); + assert (forall i. v (get_lane $result i) % 3329 == ((v (get_lane $vec i) * v (get_lane $constants i) * 169) % 3329))"); result } @@ -274,14 +291,15 @@ pub(crate) fn montgomery_reduce_i32s(vec: Vec256) -> Vec256 { pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec128) -> Vec128 { let value_low = mm_mullo_epi16(vec, constants); hax_lib::fstar!("assert (forall i. get_lane128 $value_low i == get_lane128 $vec i *. get_lane128 $constants i)"); - let k = mm_mullo_epi16( value_low, mm_set1_epi16(INVERSE_OF_MODULUS_MOD_MONTGOMERY_R as i16), ); - hax_lib::fstar!("assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))"); - + hax_lib::fstar!( + "assert (forall i. get_lane128 $k i == get_lane128 $value_low i *. (neg 3327s))" + ); + let modulus = mm_set1_epi16(FIELD_MODULUS); hax_lib::fstar!("assert (forall i. get_lane128 $modulus i == 3329s)"); @@ -293,7 +311,6 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec assert (forall i. get_lane128 $k_times_modulus i == (cast (((cast (get_lane128 $k i) <: i32) *. (cast (get_lane128 $modulus i) <: i32)) >>! 16l) <: i16))"); - let value_high = mm_mulhi_epi16(vec, constants); hax_lib::fstar!("assert (forall i. get_lane128 $value_high i == (cast (((cast (get_lane128 $vec i) <: i32) *. (cast (get_lane128 $constants i) <: i32)) >>! 16l) <: i16))"); @@ -308,7 +325,7 @@ pub(crate) fn montgomery_multiply_m128i_by_constants(vec: Vec128, constants: Vec assert (forall i. Spec.Utils.is_i16b 3328 (get_lane128 $result i)); assert (forall (i:nat). i < 8 ==> Spec.Utils.is_i16b 3328 (get_lane128 $result i)); assert (Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec128_as_i16x8 $result)); - assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); - + assert (forall i. v (get_lane128 $result i) % 3329 == ((v (get_lane128 $vec i) * v (get_lane128 $constants i) * 169) % 3329))"); + result } diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index 6cb724263..a3d8e361b 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -460,6 +460,7 @@ fn mm256_si256_from_two_si128(lower: Vec128, upper: Vec128) -> Vec256 { } #[inline(always)] +#[hax_lib::requires(fstar!(r#"Seq.length bytes == 10"#))] pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { let coefficients = mm_set_epi8( bytes[9], bytes[8], bytes[8], bytes[7], bytes[7], bytes[6], bytes[6], bytes[5], bytes[4], @@ -501,83 +502,94 @@ pub(crate) fn deserialize_5(bytes: &[u8]) -> Vec256 { } #[inline(always)] -#[hax_lib::fstar::options("--ext context_pruning")] +#[hax_lib::fstar::options("--ext context_pruning --split_queries always")] #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))] #[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i/10) * 16 + i%10)"))] pub(crate) fn serialize_10(vector: Vec256) -> [u8; 20] { - let mut serialized = [0u8; 32]; + #[hax_lib::fstar::options("--ext context_pruning --split_queries always")] + #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0"))] + #[hax_lib::ensures(|(lower_8, upper_8)| fstar!( + r#" + forall (i: nat{i < 160}). + vector ((i/10) * 16 + i%10) == (if i < 80 then $lower_8 i else $upper_8 (i - 80)) + ) + "# + ))] + fn serialize_10_vec(vector: Vec256) -> (Vec128, Vec128) { + // If |vector| is laid out as follows (superscript number indicates the + // corresponding bit is duplicated that many times): + // + // 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ + // 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ + // ... + // + // |adjacent_2_combined| will be laid out as a series of 32-bit integers, + // as follows: + // + // 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ + // 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ + // .... + let adjacent_2_combined = mm256_concat_pairs_n(10, vector); - // If |vector| is laid out as follows (superscript number indicates the - // corresponding bit is duplicated that many times): - // - // 0⁶a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0⁶b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀ 0⁶c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ 0⁶d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀ | ↩ - // 0⁶e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0⁶f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀ 0⁶g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ 0⁶h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀ | ↩ - // ... - // - // |adjacent_2_combined| will be laid out as a series of 32-bit integers, - // as follows: - // - // 0¹²b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ - // 0¹²f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ - // .... - let adjacent_2_combined = mm256_concat_pairs_n(10, vector); + // Shifting up the values at the even indices by 12, we get: + // + // b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ + // f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ + // ... + let adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32(0, 12, 0, 12, 0, 12, 0, 12), + ); - // Shifting up the values at the even indices by 12, we get: - // - // b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀ | ↩ - // f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀ | ↩ - // ... - let adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32(0, 12, 0, 12, 0, 12, 0, 12), - ); + // Viewing this as a set of 64-bit integers we get: + // + // 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² | ↩ + // 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² | ↩ + // ... + // + // Shifting down by 12 gives us: + // + // 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ | ↩ + // 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ | ↩ + // ... + let adjacent_4_combined = mm256_srli_epi64::<12>(adjacent_4_combined); - // Viewing this as a set of 64-bit integers we get: - // - // 0¹²d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀0¹² | ↩ - // 0¹²h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀0¹² | ↩ - // ... - // - // Shifting down by 12 gives us: - // - // 0²⁴d₉d₈d₇d₆d₅d₄d₃d₂d₁d₀c₉c₈c₇c₆c₅c₄c₃c₂c₁c₀b₉b₈b₇b₆b₅b₄b₃b₂b₁b₀a₉a₈a₇a₆a₅a₄a₃a₂a₁a₀ | ↩ - // 0²⁴h₉h₈h₇h₆h₅h₄h₃h₂h₁h₀g₉g₈g₇g₆g₅g₄g₃g₂g₁g₀f₉f₈f₇f₆f₅f₄f₃f₂f₁f₀e₉e₈e₇e₆e₅e₄e₃e₂e₁e₀ | ↩ - // ... - let adjacent_4_combined = mm256_srli_epi64::<12>(adjacent_4_combined); + // |adjacent_4_combined|, when the bottom and top 128 bit-lanes are grouped + // into bytes, looks like: + // + // 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ + // 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ + // + // In each 128-bit lane, we want to put bytes 8, 9, 10, 11, 12 after + // bytes 0, 1, 2, 3 to allow for sequential reading. + let adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined, + mm256_set_epi8( + -1, -1, -1, -1, -1, -1, 12, 11, 10, 9, 8, 4, 3, 2, 1, 0, -1, -1, -1, -1, -1, -1, + 12, 11, 10, 9, 8, 4, 3, 2, 1, 0, + ), + ); + // We now have 64 bits starting at position 0 in the lower 128-bit lane, ... + let lower_8 = mm256_castsi256_si128(adjacent_8_combined); + // and 64 bits starting at position 0 in the upper 128-bit lane. + let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + hax_lib::fstar!( + r#" + introduce forall (i:nat{i < 80}). lower_8_ i = vector ((i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ((i / 10) * 16 + i % 10))); + introduce forall (i:nat{i < 80}). upper_8_ i = vector (128 + (i / 10) * 16 + i % 10) + with assert_norm (BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i / 10) * 16 + i % 10))) + "# + ); + (lower_8, upper_8) + } - // |adjacent_4_combined|, when the bottom and top 128 bit-lanes are grouped - // into bytes, looks like: - // - // 0₇0₆0₅B₄B₃B₂B₁B₀ | ↩ - // 0₁₅0₁₄0₁₃B₁₂B₁₁B₁₀B₉B₈ | ↩ - // - // In each 128-bit lane, we want to put bytes 8, 9, 10, 11, 12 after - // bytes 0, 1, 2, 3 to allow for sequential reading. - let adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined, - mm256_set_epi8( - -1, -1, -1, -1, -1, -1, 12, 11, 10, 9, 8, 4, 3, 2, 1, 0, -1, -1, -1, -1, -1, -1, 12, - 11, 10, 9, 8, 4, 3, 2, 1, 0, - ), - ); + let (lower_8, upper_8) = serialize_10_vec(vector); - // We now have 64 bits starting at position 0 in the lower 128-bit lane, ... - let lower_8 = mm256_castsi256_si128(adjacent_8_combined); + let mut serialized = [0u8; 32]; mm_storeu_bytes_si128(&mut serialized[0..16], lower_8); - - // and 64 bits starting at position 0 in the upper 128-bit lane. - let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); - hax_lib::fstar!( - r#" - assert_norm ( - BitVec.Utils.forall_n 80 (fun i -> lower_8_ i = vector ( (i/10) * 16 + i%10)) - && BitVec.Utils.forall_n 80 (fun i -> upper_8_ i = vector (128 + (i/10) * 16 + i%10)) - ) - "# - ); mm_storeu_bytes_si128(&mut serialized[10..26], upper_8); - hax_lib::fstar!("admit()"); serialized[0..20].try_into().unwrap() } @@ -655,6 +667,7 @@ assert_norm(BitVec.Utils.forall256 (fun i -> } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { let mut array = [0i16; 16]; mm256_storeu_si256_i16(&mut array, vector); @@ -663,6 +676,7 @@ pub(crate) fn serialize_11(vector: Vec256) -> [u8; 22] { } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 { let output = PortableVector::deserialize_11(bytes); let array = PortableVector::to_i16_array(output); From 232fbde4219f5607ea7a1ce2773f4dcc50852f2b Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 26 Sep 2024 15:28:25 +0200 Subject: [PATCH 332/348] avx2: proofs: spec + proof for `serialize_12` --- libcrux-ml-kem/src/vector/avx2/serialize.rs | 75 +++++++++++---------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/libcrux-ml-kem/src/vector/avx2/serialize.rs b/libcrux-ml-kem/src/vector/avx2/serialize.rs index a3d8e361b..693bb1bf8 100644 --- a/libcrux-ml-kem/src/vector/avx2/serialize.rs +++ b/libcrux-ml-kem/src/vector/avx2/serialize.rs @@ -684,46 +684,49 @@ pub(crate) fn deserialize_11(bytes: &[u8]) -> Vec256 { } #[inline(always)] +#[hax_lib::fstar::options("--ext context_pruning --split_queries always")] +#[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"))] +#[hax_lib::ensures(|r| fstar!("forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i/12) * 16 + i%12)"))] pub(crate) fn serialize_12(vector: Vec256) -> [u8; 24] { - let mut serialized = [0u8; 32]; - - let adjacent_2_combined = mm256_madd_epi16( - vector, - mm256_set_epi16( - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - 1 << 12, - 1, - ), - ); - - let adjacent_4_combined = - mm256_sllv_epi32(adjacent_2_combined, mm256_set_epi32(0, 8, 0, 8, 0, 8, 0, 8)); - let adjacent_4_combined = mm256_srli_epi64::<8>(adjacent_4_combined); + #[inline(always)] + #[hax_lib::fstar::options("--ext context_pruning --split_queries always")] + #[hax_lib::requires(fstar!("forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0"))] + #[hax_lib::ensures(|(lower_8, upper_8)| fstar!( + r#" + forall (i: nat{i < 192}). + vector ((i/12) * 16 + i%12) == (if i < 96 then $lower_8 i else $upper_8 (i - 96)) + ) + "# + ))] + fn serialize_12_vec(vector: Vec256) -> (Vec128, Vec128) { + let adjacent_2_combined = mm256_concat_pairs_n(12, vector); + let adjacent_4_combined = + mm256_sllv_epi32(adjacent_2_combined, mm256_set_epi32(0, 8, 0, 8, 0, 8, 0, 8)); + let adjacent_4_combined = mm256_srli_epi64::<8>(adjacent_4_combined); - let adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined, - mm256_set_epi8( - -1, -1, -1, -1, 13, 12, 11, 10, 9, 8, 5, 4, 3, 2, 1, 0, -1, -1, -1, -1, 13, 12, 11, 10, - 9, 8, 5, 4, 3, 2, 1, 0, - ), - ); + let adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined, + mm256_set_epi8( + -1, -1, -1, -1, 13, 12, 11, 10, 9, 8, 5, 4, 3, 2, 1, 0, -1, -1, -1, -1, 13, 12, 11, + 10, 9, 8, 5, 4, 3, 2, 1, 0, + ), + ); - let lower_8 = mm256_castsi256_si128(adjacent_8_combined); - let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + let lower_8 = mm256_castsi256_si128(adjacent_8_combined); + let upper_8 = mm256_extracti128_si256::<1>(adjacent_8_combined); + hax_lib::fstar!( + r#" + introduce forall (i:nat{i < 96}). lower_8_ i = vector ((i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 (fun i -> lower_8_ i = vector ((i / 12) * 16 + i % 12))); + introduce forall (i:nat{i < 96}). upper_8_ i = vector (128 + (i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 (fun i -> upper_8_ i = vector (128 + (i / 12) * 16 + i % 12))) + "# + ); + (lower_8, upper_8) + } + let mut serialized = [0u8; 32]; + let (lower_8, upper_8) = serialize_12_vec(vector); mm_storeu_bytes_si128(&mut serialized[0..16], lower_8); mm_storeu_bytes_si128(&mut serialized[12..28], upper_8); From a089e8609d2bf2df5c165076a79e3fd30dbf87cf Mon Sep 17 00:00:00 2001 From: Lucas Franceschino Date: Thu, 26 Sep 2024 15:31:23 +0200 Subject: [PATCH 333/348] chore: regenerate F* files --- .../Libcrux_intrinsics.Avx2_extract.fsti | 76 +++- .../Libcrux_ml_kem.Constant_time_ops.fst | 163 +++++++- .../Libcrux_ml_kem.Constant_time_ops.fsti | 42 +- ...rux_ml_kem.Ind_cca.Instantiations.Avx2.fst | 59 +-- ...ux_ml_kem.Ind_cca.Instantiations.Avx2.fsti | 44 +- ...rux_ml_kem.Ind_cca.Instantiations.Neon.fst | 59 +-- ...ux_ml_kem.Ind_cca.Instantiations.Neon.fsti | 46 +-- ...ml_kem.Ind_cca.Instantiations.Portable.fst | 60 +-- ...l_kem.Ind_cca.Instantiations.Portable.fsti | 46 +-- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fst | 43 +- .../Libcrux_ml_kem.Ind_cca.Multiplexing.fsti | 30 +- .../Libcrux_ml_kem.Ind_cca.Unpacked.fst | 380 ++++++++++++++++-- .../Libcrux_ml_kem.Ind_cca.Unpacked.fsti | 170 +++++++- .../extraction/Libcrux_ml_kem.Ind_cca.fst | 134 ++++-- .../extraction/Libcrux_ml_kem.Ind_cca.fsti | 183 ++------- .../Libcrux_ml_kem.Ind_cpa.Unpacked.fsti | 64 +++ .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 323 ++++++++++----- .../extraction/Libcrux_ml_kem.Ind_cpa.fsti | 77 +++- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 2 +- .../extraction/Libcrux_ml_kem.Matrix.fst | 126 +++--- .../extraction/Libcrux_ml_kem.Matrix.fsti | 26 +- .../Libcrux_ml_kem.Mlkem1024.Avx2.fst | 53 +-- .../Libcrux_ml_kem.Mlkem1024.Avx2.fsti | 52 +-- .../Libcrux_ml_kem.Mlkem1024.Neon.fst | 53 +-- .../Libcrux_ml_kem.Mlkem1024.Neon.fsti | 54 +-- .../Libcrux_ml_kem.Mlkem1024.Portable.fst | 53 +-- .../Libcrux_ml_kem.Mlkem1024.Portable.fsti | 54 +-- .../extraction/Libcrux_ml_kem.Mlkem1024.fst | 31 +- .../extraction/Libcrux_ml_kem.Mlkem1024.fsti | 19 +- .../Libcrux_ml_kem.Mlkem512.Avx2.fst | 50 +-- .../Libcrux_ml_kem.Mlkem512.Avx2.fsti | 50 +-- .../Libcrux_ml_kem.Mlkem512.Neon.fst | 50 +-- .../Libcrux_ml_kem.Mlkem512.Neon.fsti | 52 +-- .../Libcrux_ml_kem.Mlkem512.Portable.fst | 51 +-- .../Libcrux_ml_kem.Mlkem512.Portable.fsti | 52 +-- .../extraction/Libcrux_ml_kem.Mlkem512.fst | 29 +- .../extraction/Libcrux_ml_kem.Mlkem512.fsti | 19 +- .../Libcrux_ml_kem.Mlkem768.Avx2.fst | 53 +-- .../Libcrux_ml_kem.Mlkem768.Avx2.fsti | 50 +-- .../Libcrux_ml_kem.Mlkem768.Neon.fst | 53 +-- .../Libcrux_ml_kem.Mlkem768.Neon.fsti | 52 +-- .../Libcrux_ml_kem.Mlkem768.Portable.fst | 53 +-- .../Libcrux_ml_kem.Mlkem768.Portable.fsti | 52 +-- .../extraction/Libcrux_ml_kem.Mlkem768.fst | 31 +- .../extraction/Libcrux_ml_kem.Mlkem768.fsti | 19 +- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 4 +- .../extraction/Libcrux_ml_kem.Polynomial.fst | 22 +- .../extraction/Libcrux_ml_kem.Polynomial.fsti | 18 +- .../extraction/Libcrux_ml_kem.Sampling.fst | 6 +- .../extraction/Libcrux_ml_kem.Serialize.fst | 171 +++++--- .../extraction/Libcrux_ml_kem.Serialize.fsti | 80 +++- .../fstar/extraction/Libcrux_ml_kem.Types.fst | 30 +- .../extraction/Libcrux_ml_kem.Types.fsti | 89 ++-- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 84 ++-- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fsti | 20 +- .../Libcrux_ml_kem.Vector.Avx2.fsti | 31 +- ...ibcrux_ml_kem.Vector.Portable.Compress.fst | 184 ++++++--- ...bcrux_ml_kem.Vector.Portable.Compress.fsti | 29 +- ...bcrux_ml_kem.Vector.Portable.Serialize.fst | 12 + ...crux_ml_kem.Vector.Portable.Serialize.fsti | 12 + .../Libcrux_ml_kem.Vector.Portable.fsti | 40 +- .../Libcrux_ml_kem.Vector.Traits.fst | 25 +- .../Libcrux_ml_kem.Vector.Traits.fsti | 45 ++- 63 files changed, 2302 insertions(+), 1838 deletions(-) diff --git a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti index 2e260a6be..16d93fb14 100644 --- a/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti +++ b/libcrux-intrinsics/proofs/fstar/extraction/Libcrux_intrinsics.Avx2_extract.fsti @@ -3,6 +3,8 @@ module Libcrux_intrinsics.Avx2_extract open Core open FStar.Mul +val mm256_movemask_ps (a: u8) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + unfold type t_Vec128 = bit_vec 128 val vec128_as_i16x8 (x: bit_vec 128) : t_Array i16 (sz 8) let get_lane128 (v: bit_vec 128) (i:nat{i < 8}) = Seq.index (vec128_as_i16x8 v) i @@ -11,6 +13,8 @@ unfold type t_Vec256 = bit_vec 256 val vec256_as_i16x16 (x: bit_vec 256) : t_Array i16 (sz 16) let get_lane (v: bit_vec 256) (i:nat{i < 16}) = Seq.index (vec256_as_i16x16 v) i +val mm256_abs_epi32 (a: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_add_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True @@ -22,16 +26,30 @@ val mm256_add_epi16 (lhs rhs: t_Vec256) val mm256_add_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_add_epi64 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_andnot_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_blend_epi16 (v_CONTROL: i32) (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_blend_epi32 (v_CONTROL: i32) (lhs rhs: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_bsrli_epi128 (v_SHIFT_BY: i32) (x: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_castsi128_si256 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_castsi256_ps (a: t_Vec256) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_cmpeq_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_cmpgt_epi16 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_cmpgt_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_cvtepi16_epi32 (vector: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -41,9 +59,14 @@ val mm256_inserti128_si256 (v_CONTROL: i32) (vector: t_Vec256) (vector_i128: t_V val mm256_loadu_si256_i16 (input: t_Slice i16) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_loadu_si256_i32 (input: t_Slice i32) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_loadu_si256_u8 (input: t_Slice u8) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_mul_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_mul_epu32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_mulhi_epi16 (lhs rhs: t_Vec256) @@ -59,6 +82,8 @@ val mm256_mulhi_epi16 (lhs rhs: t_Vec256) val mm256_mullo_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_or_si256 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_packs_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_permute2x128_si256 (v_IMM8: i32) (a b: t_Vec256) @@ -75,8 +100,13 @@ val mm256_set1_epi64x (a: i64) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prim include BitVec.Intrinsics {mm256_set_epi32} +val mm256_set_epi64x (input3 input2 input1 input0: i64) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + include BitVec.Intrinsics {mm256_set_epi8} +val mm256_set_m128i (hi lo: t_Vec128) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_setzero_si256: Prims.unit -> Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) @@ -84,6 +114,8 @@ val mm256_shuffle_epi32 (v_CONTROL: i32) (vector: t_Vec256) include BitVec.Intrinsics {mm256_shuffle_epi8} +val mm256_sign_epi32 (a b: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_slli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -107,8 +139,23 @@ val mm256_srai_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) val mm256_srli_epi32 (v_SHIFT_BY: i32) (vector: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) +val mm256_srlv_epi32 (vector counts: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_srlv_epi64 (vector counts: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + val mm256_storeu_si256_i16 (output: t_Slice i16) (vector: t_Vec256) - : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Slice i16) + Prims.l_True + (ensures + fun output_future -> + let output_future:t_Slice i16 = output_future in + (Core.Slice.impl__len #i16 output_future <: usize) =. + (Core.Slice.impl__len #i16 output <: usize)) + +val mm256_storeu_si256_i32 (output: t_Slice i32) (vector: t_Vec256) + : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) val mm256_storeu_si256_u8 (output: t_Slice u8) (vector: t_Vec256) : Prims.Pure (t_Slice u8) Prims.l_True (fun _ -> Prims.l_True) @@ -122,6 +169,10 @@ val mm256_sub_epi16 (lhs rhs: t_Vec256) vec256_as_i16x16 result == Spec.Utils.map2 ( -. ) (vec256_as_i16x16 lhs) (vec256_as_i16x16 rhs)) +val mm256_sub_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + +val mm256_testz_si256 (lhs rhs: t_Vec256) : Prims.Pure i32 Prims.l_True (fun _ -> Prims.l_True) + val mm256_unpackhi_epi32 (lhs rhs: t_Vec256) : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) @@ -174,20 +225,26 @@ val mm_set1_epi16 (constant: i16) let result:t_Vec128 = result in vec128_as_i16x8 result == Spec.Utils.create (sz 8) constant) +val mm_set_epi32 (input3 input2 input1 input0: i32) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) + include BitVec.Intrinsics {mm_set_epi8} include BitVec.Intrinsics {mm_shuffle_epi8} +val mm_sllv_epi32 (vector counts: t_Vec128) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) + +val mm_srli_epi64 (v_SHIFT_BY: i32) (vector: t_Vec128) + : Prims.Pure t_Vec128 Prims.l_True (fun _ -> Prims.l_True) + include BitVec.Intrinsics {mm_storeu_bytes_si128} val mm_storeu_si128 (output: t_Slice i16) (vector: t_Vec128) - : Prims.Pure (t_Slice i16) - Prims.l_True - (ensures - fun output_future -> - let output_future:t_Slice i16 = output_future in - (Core.Slice.impl__len #i16 output_future <: usize) =. - (Core.Slice.impl__len #i16 output <: usize)) + : Prims.Pure (t_Slice i16) Prims.l_True (fun _ -> Prims.l_True) + +val mm_storeu_si128_i32 (output: t_Slice i32) (vector: t_Vec128) + : Prims.Pure (t_Slice i32) Prims.l_True (fun _ -> Prims.l_True) val mm_sub_epi16 (lhs rhs: t_Vec128) : Prims.Pure t_Vec128 @@ -198,6 +255,9 @@ val mm_sub_epi16 (lhs rhs: t_Vec128) vec128_as_i16x8 result == Spec.Utils.map2 ( -. ) (vec128_as_i16x8 lhs) (vec128_as_i16x8 rhs)) +val vec256_blendv_epi32 (a b mask: t_Vec256) + : Prims.Pure t_Vec256 Prims.l_True (fun _ -> Prims.l_True) + include BitVec.Intrinsics {mm256_and_si256 as mm256_and_si256} val lemma_mm256_and_si256 lhs rhs : Lemma ( vec256_as_i16x16 (mm256_and_si256 lhs rhs) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst index 7a551b67a..1bff53934 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fst @@ -4,12 +4,43 @@ open Core open FStar.Mul let inz (value: u8) = + let v__orig_value:u8 = value in let value:u16 = cast (value <: u8) <: u16 in - let result:u16 = - ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) >>! 8l <: u16) &. - 1us + let result:u8 = + cast ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l <: u16) <: u8 in - cast (result <: u16) <: u8 + let res:u8 = result &. 1uy in + let _:Prims.unit = + if v v__orig_value = 0 + then + (assert (value == zero); + lognot_lemma value; + assert ((~.value +. 1us) == zero); + assert ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) == zero); + logor_lemma value zero; + assert ((value |. (Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) <: u16) == + value); + assert (v result == v ((value >>! 8l))); + assert ((v value / pow2 8) == 0); + assert (result == 0uy); + logand_lemma 1uy result; + assert (res == 0uy)) + else + (assert (v value <> 0); + lognot_lemma value; + assert (v (~.value) = pow2 16 - 1 - v value); + assert (v (~.value) + 1 = pow2 16 - v value); + assert (v (value) <= pow2 8 - 1); + assert ((v (~.value) + 1) = (pow2 16 - pow2 8) + (pow2 8 - v value)); + assert ((v (~.value) + 1) = (pow2 8 - 1) * pow2 8 + (pow2 8 - v value)); + assert ((v (~.value) + 1) / pow2 8 = (pow2 8 - 1)); + assert (v ((Core.Num.impl__u16__wrapping_add (~.value <: u16) 1us <: u16) >>! 8l) = + pow2 8 - 1); + assert (result = ones); + logand_lemma 1uy result; + assert (res = 1uy)) + in + res let is_non_zero (value: u8) = Core.Hint.black_box #u8 (inz value <: u8) @@ -18,43 +49,143 @@ let compare (lhs rhs: t_Slice u8) = let r:u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) (Core.Slice.impl__len #u8 lhs <: usize) - (fun r temp_1_ -> + (fun r i -> let r:u8 = r in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i <= Seq.length lhs /\ + (if (Seq.slice lhs 0 (v i) = Seq.slice rhs 0 (v i)) then r == 0uy else ~(r == 0uy))) r (fun r i -> let r:u8 = r in let i:usize = i in - r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <: u8) + let nr:u8 = r |. ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) in + let _:Prims.unit = + if r =. 0uy + then + (if (Seq.index lhs (v i) = Seq.index rhs (v i)) + then + (logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); + assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) = zero); + logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); + assert (nr = r); + assert (forall j. Seq.index (Seq.slice lhs 0 (v i)) j == Seq.index lhs j); + assert (forall j. Seq.index (Seq.slice rhs 0 (v i)) j == Seq.index rhs j); + eq_intro (Seq.slice lhs 0 ((v i) + 1)) (Seq.slice rhs 0 ((v i) + 1))) + else + (logxor_lemma (Seq.index lhs (v i)) (Seq.index rhs (v i)); + assert (((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8) <> zero); + logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); + assert (v nr > 0); + assert (Seq.index (Seq.slice lhs 0 ((v i) + 1)) (v i) <> + Seq.index (Seq.slice rhs 0 ((v i) + 1)) (v i)); + assert (Seq.slice lhs 0 ((v i) + 1) <> Seq.slice rhs 0 ((v i) + 1)))) + else + (logor_lemma r ((lhs.[ i ] <: u8) ^. (rhs.[ i ] <: u8) <: u8); + assert (v nr >= v r); + assert (Seq.slice lhs 0 (v i) <> Seq.slice rhs 0 (v i)); + if (Seq.slice lhs 0 ((v i) + 1) = Seq.slice rhs 0 ((v i) + 1)) + then + (assert (forall j. + j < (v i) + 1 ==> + Seq.index (Seq.slice lhs 0 ((v i) + 1)) j == + Seq.index (Seq.slice rhs 0 ((v i) + 1)) j); + eq_intro (Seq.slice lhs 0 (v i)) (Seq.slice rhs 0 (v i)); + assert (False))) + in + let r:u8 = nr in + r) in is_non_zero r let compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) = Core.Hint.black_box #u8 (compare lhs rhs <: u8) +#push-options "--ifuel 0 --z3rlimit 50" + let select_ct (lhs rhs: t_Slice u8) (selector: u8) = let mask:u8 = Core.Num.impl__u8__wrapping_sub (is_non_zero selector <: u8) 1uy in + let _:Prims.unit = + assert (if selector = 0uy then mask = ones else mask = zero); + lognot_lemma mask; + assert (if selector = 0uy then ~.mask = zero else ~.mask = ones) + in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in let out:t_Array u8 (sz 32) = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE - (fun out temp_1_ -> + (fun out i -> let out:t_Array u8 (sz 32) = out in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i <= v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE /\ + (forall j. + j < v i ==> + (if (selector =. 0uy) + then Seq.index out j == Seq.index lhs j + else Seq.index out j == Seq.index rhs j)) /\ + (forall j. j >= v i ==> Seq.index out j == 0uy)) out (fun out i -> let out:t_Array u8 (sz 32) = out in let i:usize = i in - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out - i - (((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) <: u8) - <: - t_Array u8 (sz 32)) + let _:Prims.unit = assert ((out.[ i ] <: u8) = 0uy) in + let outi:u8 = + ((lhs.[ i ] <: u8) &. mask <: u8) |. ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + in + let _:Prims.unit = + if (selector = 0uy) + then + (logand_lemma (lhs.[ i ] <: u8) mask; + assert (((lhs.[ i ] <: u8) &. mask <: u8) == (lhs.[ i ] <: u8)); + logand_lemma (rhs.[ i ] <: u8) (~.mask); + assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == zero); + logor_lemma ((lhs.[ i ] <: u8) &. mask <: u8) + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8); + assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) == + (lhs.[ i ] <: u8)); + logor_lemma (out.[ i ] <: u8) (lhs.[ i ] <: u8); + assert (((out.[ i ] <: u8) |. + (((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) + <: + u8) == + (lhs.[ i ] <: u8)); + assert (outi = (lhs.[ i ] <: u8))) + else + (logand_lemma (lhs.[ i ] <: u8) mask; + assert (((lhs.[ i ] <: u8) &. mask <: u8) == zero); + logand_lemma (rhs.[ i ] <: u8) (~.mask); + assert (((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) == (rhs.[ i ] <: u8)); + logor_lemma (rhs.[ i ] <: u8) zero; + assert ((logor zero (rhs.[ i ] <: u8)) == (rhs.[ i ] <: u8)); + assert ((((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8)) == + (rhs.[ i ] <: u8)); + logor_lemma (out.[ i ] <: u8) (rhs.[ i ] <: u8); + assert (((out.[ i ] <: u8) |. + (((lhs.[ i ] <: u8) &. mask <: u8) |. + ((rhs.[ i ] <: u8) &. (~.mask <: u8) <: u8) + <: + u8) + <: + u8) == + (rhs.[ i ] <: u8)); + assert (outi = (rhs.[ i ] <: u8))) + in + let out:t_Array u8 (sz 32) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out i outi + in + out) in + let _:Prims.unit = if (selector =. 0uy) then (eq_intro out lhs) else (eq_intro out rhs) in out +#pop-options + let select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) = Core.Hint.black_box #(t_Array u8 (sz 32)) (select_ct lhs rhs selector <: t_Array u8 (sz 32)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti index a8ac4ec4a..dc6fd2b46 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Constant_time_ops.fsti @@ -4,21 +4,39 @@ open Core open FStar.Mul /// Return 1 if `value` is not zero and 0 otherwise. -val inz (value: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val inz (value: u8) + : Prims.Pure u8 + Prims.l_True + (ensures + fun result -> + let result:u8 = result in + (value == 0uy ==> result == 0uy) /\ (value =!= 0uy ==> result == 1uy)) -val is_non_zero (value: u8) : Prims.Pure u8 Prims.l_True (fun _ -> Prims.l_True) +val is_non_zero (value: u8) + : Prims.Pure u8 + Prims.l_True + (ensures + fun result -> + let result:u8 = result in + (value == 0uy ==> result == 0uy) /\ (value =!= 0uy ==> result == 1uy)) /// Return 1 if the bytes of `lhs` and `rhs` do not exactly /// match and 0 otherwise. val compare (lhs rhs: t_Slice u8) : Prims.Pure u8 (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:u8 = result in + (lhs == rhs ==> result == 0uy) /\ (lhs =!= rhs ==> result == 1uy)) val compare_ciphertexts_in_constant_time (lhs rhs: t_Slice u8) : Prims.Pure u8 (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize)) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:u8 = result in + (lhs == rhs ==> result == 0uy) /\ (lhs =!= rhs ==> result == 1uy)) /// If `selector` is not zero, return the bytes in `rhs`; return the bytes in /// `lhs` otherwise. @@ -27,14 +45,20 @@ val select_ct (lhs rhs: t_Slice u8) (selector: u8) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + (selector == 0uy ==> result == lhs) /\ (selector =!= 0uy ==> result == rhs)) val select_shared_secret_in_constant_time (lhs rhs: t_Slice u8) (selector: u8) : Prims.Pure (t_Array u8 (sz 32)) (requires (Core.Slice.impl__len #u8 lhs <: usize) =. (Core.Slice.impl__len #u8 rhs <: usize) && (Core.Slice.impl__len #u8 lhs <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + (selector == 0uy ==> result == lhs) /\ (selector =!= 0uy ==> result == rhs)) val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s rhs_s: t_Slice u8) : Prims.Pure (t_Array u8 (sz 32)) @@ -42,4 +66,8 @@ val compare_ciphertexts_select_shared_secret_in_constant_time (lhs_c rhs_c lhs_s (Core.Slice.impl__len #u8 lhs_c <: usize) =. (Core.Slice.impl__len #u8 rhs_c <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. (Core.Slice.impl__len #u8 rhs_s <: usize) && (Core.Slice.impl__len #u8 lhs_s <: usize) =. Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) - (fun _ -> Prims.l_True) + (ensures + fun result -> + let result:t_Array u8 (sz 32) = result in + let selector = if lhs_c =. rhs_c then 0uy else 1uy in + ((selector == 0uy ==> result == lhs_s) /\ (selector =!= 0uy ==> result == rhs_s))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst index d20d346d7..c5f3a6c69 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fst @@ -8,11 +8,23 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in let open Libcrux_ml_kem.Vector.Traits in () +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash + private_key + ciphertext + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -24,7 +36,7 @@ let decapsulate v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Ind_cca.t_MlKem private_key ciphertext + #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: @@ -36,7 +48,7 @@ let encapsulate v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - #Libcrux_ml_kem.Ind_cca.t_MlKem public_key randomness + #Libcrux_ml_kem.Variant.t_MlKem public_key randomness let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: @@ -46,7 +58,7 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - randomness + #Libcrux_ml_kem.Variant.t_MlKem randomness let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -57,42 +69,3 @@ let validate_public_key v_PUBLIC_KEY_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector public_key - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector - #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash public_key randomness - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - key_pair ciphertext - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector #Libcrux_ml_kem.Hash_functions.Avx2.t_Simd256Hash - randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti index a56b7409d..2d0031d3b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.fsti @@ -8,11 +8,22 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Avx2 in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Avx2 in let open Libcrux_ml_kem.Vector.Traits in () +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) + (fun _ -> Prims.l_True) + /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -80,34 +91,3 @@ val validate_public_key v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) (fun _ -> Prims.l_True) - -/// Portable encapsualte -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Portable decapsulate -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked API -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst index 2434aff97..dca261dd4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fst @@ -8,11 +8,23 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Traits in () +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash + private_key + ciphertext + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -24,7 +36,7 @@ let decapsulate v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Ind_cca.t_MlKem private_key + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext let encapsulate @@ -37,7 +49,7 @@ let encapsulate v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Ind_cca.t_MlKem public_key + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem public_key randomness let generate_keypair @@ -48,7 +60,7 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness + #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash #Libcrux_ml_kem.Variant.t_MlKem randomness let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -59,42 +71,3 @@ let validate_public_key v_PUBLIC_KEY_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector public_key - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash public_key randomness - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash key_pair ciphertext - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector - #Libcrux_ml_kem.Hash_functions.Neon.t_Simd128Hash randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti index ebed5369f..e244a6ece 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Neon.fsti @@ -8,11 +8,22 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Neon in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Neon in let open Libcrux_ml_kem.Vector.Traits in () +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) + (fun _ -> Prims.l_True) + /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -80,36 +91,3 @@ val validate_public_key v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) (fun _ -> Prims.l_True) - -/// Portable encapsualte -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Portable decapsulate -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked API -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst index 7e5da18eb..333f8fbbd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fst @@ -8,11 +8,23 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Traits in () +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) + private_key + ciphertext + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -24,7 +36,7 @@ let decapsulate v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Ind_cca.t_MlKem + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem private_key ciphertext let encapsulate @@ -37,7 +49,7 @@ let encapsulate v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Ind_cca.t_MlKem + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem public_key randomness let generate_keypair @@ -48,7 +60,8 @@ let generate_keypair Libcrux_ml_kem.Ind_cca.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness + #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) #Libcrux_ml_kem.Variant.t_MlKem + randomness let validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -59,42 +72,3 @@ let validate_public_key v_PUBLIC_KEY_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector public_key - -let encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.encapsulate_unpacked v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE - v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR - v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) public_key randomness - -let decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - = - Libcrux_ml_kem.Ind_cca.Unpacked.decapsulate_unpacked v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE - v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE - v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 - v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) key_pair ciphertext - -let generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - = - Libcrux_ml_kem.Ind_cca.Unpacked.generate_keypair_unpacked v_K v_CPA_PRIVATE_KEY_SIZE - v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE - #Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - #(Libcrux_ml_kem.Hash_functions.Portable.t_PortableHash v_K) randomness diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti index 7dde62899..b62f5b8f2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Instantiations.Portable.fsti @@ -8,11 +8,22 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Hash_functions.Portable in - let open Libcrux_ml_kem.Ind_cca in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Portable in let open Libcrux_ml_kem.Vector.Traits in () +/// Portable private key validation +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) + (fun _ -> Prims.l_True) + /// Portable decapsulate val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: @@ -80,36 +91,3 @@ val validate_public_key v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) (fun _ -> Prims.l_True) - -/// Portable encapsualte -val encapsulate_unpacked - (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: - usize) - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Portable decapsulate -val decapsulate_unpacked - (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: - usize) - (key_pair: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Unpacked API -val generate_keypair_unpacked - (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: - usize) - (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked v_K - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst index 2ca3571c4..2fbb2ea3d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fst @@ -3,6 +3,26 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key v_K + v_SECRET_KEY_SIZE + v_CIPHERTEXT_SIZE + private_key + ciphertext + +let validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + public_key + let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -91,26 +111,3 @@ let generate_keypair v_ETA1 v_ETA1_RANDOMNESS_SIZE randomness - -let validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - = - if Libcrux_platform.Platform.simd256_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - if Libcrux_platform.Platform.simd128_support () - then - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key - else - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key v_K - v_RANKED_BYTES_PER_RING_ELEMENT - v_PUBLIC_KEY_SIZE - public_key diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti index f74dd66e8..4e231ea63 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Multiplexing.fsti @@ -3,6 +3,26 @@ module Libcrux_ml_kem.Ind_cca.Multiplexing open Core open FStar.Mul +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) + (fun _ -> Prims.l_True) + +val validate_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) + (fun _ -> Prims.l_True) + val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) @@ -57,13 +77,3 @@ val generate_keypair v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K) (fun _ -> Prims.l_True) - -val validate_public_key - (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) - (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) - : Prims.Pure bool - (requires - Spec.MLKEM.is_rank v_K /\ - v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ - v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst index 950cb476c..6b2e84009 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fst @@ -7,12 +7,63 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () -let encapsulate_unpacked +let impl__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + = + Core.Convert.f_into #(t_Array u8 v_PUBLIC_KEY_SIZE) + #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + <: + t_Array u8 v_PUBLIC_KEY_SIZE) + +let impl__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + = + let serialized:Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE = + { + serialized with + Libcrux_ml_kem.Types.f_value + = + Libcrux_ml_kem.Ind_cpa.serialize_public_key_mut v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (self.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + serialized.Libcrux_ml_kem.Types.f_value + } + <: + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE + in + serialized + +let encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -72,7 +123,194 @@ let encapsulate_unpacked <: (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) -let decapsulate_unpacked +let unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Hasher #v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + = + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K + #v_Vector + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeTo usize ] + <: + t_Slice u8) + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Libcrux_ml_kem.Utils.into_padded_array (sz 32) + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_ind_cpa_public_key + = + { + unpacked_public_key.f_ind_cpa_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) + (public_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE + } + <: + Core.Ops.Range.t_RangeFrom usize ] + <: + t_Slice u8) + <: + t_Array u8 (sz 34)) + false + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + let unpacked_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (Libcrux_ml_kem.Types.impl_20__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + in + unpacked_public_key + +let impl_2__private_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = self.f_private_key + +let impl_2__public_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = self.f_public_key + +let impl_2__serialized_private_key + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = + Rust_primitives.Hax.never_to_any (Core.Panicking.panic "not yet implemented" + <: + Rust_primitives.Hax.t_Never) + +let impl_2__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + = + impl__serialized_public_key v_K + #v_Vector + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + self.f_public_key + +let impl_2__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + = + let hax_temp_output, serialized:(Prims.unit & + Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = + (), + impl__serialized_public_key_mut v_K + #v_Vector + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + self.f_public_key + serialized + <: + (Prims.unit & Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + in + serialized + +let impl_2__new + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (_: Prims.unit) + = + Core.Default.f_default #(t_MlKemKeyPairUnpacked v_K v_Vector) #FStar.Tactics.Typeclasses.solve () + +let decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -176,17 +414,19 @@ let decapsulate_unpacked (implicit_rejection_shared_secret <: t_Slice u8) selector -let generate_keypair_unpacked +let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (randomness: t_Array u8 (sz 64)) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) = let ind_cpa_keypair_randomness:t_Slice u8 = randomness.[ { @@ -203,16 +443,41 @@ let generate_keypair_unpacked <: Core.Ops.Range.t_RangeFrom usize ] in - let ind_cpa_private_key, ind_cpa_public_key:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked - v_K v_Vector & + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = Libcrux_ml_kem.Ind_cpa.generate_keypair_unpacked v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher + #v_Scheme ind_cpa_keypair_randomness + out.f_private_key.f_ind_cpa_private_key + out.f_public_key.f_ind_cpa_public_key in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { out.f_private_key with f_ind_cpa_private_key = tmp0 } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { out.f_public_key with f_ind_cpa_public_key = tmp1 } <: t_MlKemPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + in + let _:Prims.unit = () in let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K @@ -222,7 +487,7 @@ let generate_keypair_unpacked v_K (fun v__j -> let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -270,7 +535,8 @@ let generate_keypair_unpacked (Core.Clone.f_clone #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) #FStar.Tactics.Typeclasses.solve - ((ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] + ((out.f_public_key.f_ind_cpa_public_key + .Libcrux_ml_kem.Ind_cpa.Unpacked.f_A.[ j ] <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K).[ i ] @@ -286,49 +552,77 @@ let generate_keypair_unpacked <: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) in - let ind_cpa_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = - { ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_public_key + = + { + out.f_public_key with + f_ind_cpa_public_key + = + { out.f_public_key.f_ind_cpa_public_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector + t_MlKemKeyPairUnpacked v_K v_Vector in let pk_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = Libcrux_ml_kem.Ind_cpa.serialize_public_key v_K v_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) - in - let public_key_hash:t_Array u8 (sz 32) = - Libcrux_ml_kem.Hash_functions.f_H #v_Hasher - #v_K - #FStar.Tactics.Typeclasses.solve - (pk_serialized <: t_Slice u8) - in - let (implicit_rejection_value: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - implicit_rejection_value + out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (out.f_public_key.f_ind_cpa_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + t_Slice u8) in - { - f_private_key - = + let out:t_MlKemKeyPairUnpacked v_K v_Vector = { - f_ind_cpa_private_key = ind_cpa_private_key; - f_implicit_rejection_value = implicit_rejection_value + out with + f_public_key + = + { + out.f_public_key with + f_public_key_hash + = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (pk_serialized <: t_Slice u8) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector } <: - t_MlKemPrivateKeyUnpacked v_K v_Vector; - f_public_key - = - { f_ind_cpa_public_key = ind_cpa_public_key; f_public_key_hash = public_key_hash } + t_MlKemKeyPairUnpacked v_K v_Vector + in + let out:t_MlKemKeyPairUnpacked v_K v_Vector = + { + out with + f_private_key + = + { + out.f_private_key with + f_implicit_rejection_value + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + implicit_rejection_value + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector + } <: - t_MlKemPublicKeyUnpacked v_K v_Vector - } - <: - t_MlKemKeyPairUnpacked v_K v_Vector + t_MlKemKeyPairUnpacked v_K v_Vector + in + out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti index 2e16c3c1d..b31715e29 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.Unpacked.fsti @@ -7,8 +7,10 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in let open Libcrux_ml_kem.Polynomial in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -28,7 +30,57 @@ type t_MlKemPublicKeyUnpacked f_public_key_hash:t_Array u8 (sz 32) } -val encapsulate_unpacked +/// Get the serialized public key. +val impl__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemPublicKeyUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_MlKemPublicKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_ind_cpa_public_key + = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K + v_Vector) + #FStar.Tactics.Typeclasses.solve + (); + f_public_key_hash = Rust_primitives.Hax.repeat 0uy (sz 32) + } + <: + t_MlKemPublicKeyUnpacked v_K v_Vector + } + +val encapsulate (v_K v_CIPHERTEXT_SIZE v_PUBLIC_KEY_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_VECTOR_U_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -40,6 +92,16 @@ val encapsulate_unpacked Prims.l_True (fun _ -> Prims.l_True) +/// Generate an unpacked key from a serialized key. +val unpack_public_key + (v_K v_T_AS_NTT_ENCODED_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Hasher #v_Vector: Type0) + {| i2: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + (unpacked_public_key: t_MlKemPublicKeyUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + /// An unpacked ML-KEM KeyPair type t_MlKemKeyPairUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -48,7 +110,100 @@ type t_MlKemKeyPairUnpacked f_public_key:t_MlKemPublicKeyUnpacked v_K v_Vector } -val decapsulate_unpacked +/// Get the serialized public key. +val impl_2__private_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPrivateKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__public_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (t_MlKemPublicKeyUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized private key. +val impl_2__serialized_private_key + (v_K: usize) + (#v_Vector: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPrivateKey v_K) Prims.l_True (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__serialized_public_key + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +/// Get the serialized public key. +val impl_2__serialized_public_key_mut + (v_K: usize) + (#v_Vector: Type0) + (v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (self: t_MlKemKeyPairUnpacked v_K v_Vector) + (serialized: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) + Prims.l_True + (fun _ -> Prims.l_True) + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_3 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_MlKemKeyPairUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemKeyPairUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_private_key + = + { + f_ind_cpa_private_key + = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K + v_Vector) + #FStar.Tactics.Typeclasses.solve + (); + f_implicit_rejection_value = Rust_primitives.Hax.repeat 0uy (sz 32) + } + <: + t_MlKemPrivateKeyUnpacked v_K v_Vector; + f_public_key + = + Core.Default.f_default #(t_MlKemPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + } + <: + t_MlKemKeyPairUnpacked v_K v_Vector + } + +/// Create a new empty unpacked key pair. +val impl_2__new: + v_K: usize -> + #v_Vector: Type0 -> + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> + Prims.unit + -> Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) + +val decapsulate (v_K v_SECRET_KEY_SIZE v_CPA_SECRET_KEY_SIZE v_PUBLIC_KEY_SIZE v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -58,11 +213,14 @@ val decapsulate_unpacked (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) -val generate_keypair_unpacked +/// Generate Unpacked Keys +val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (randomness: t_Array u8 (sz 64)) + (out: t_MlKemKeyPairUnpacked v_K v_Vector) : Prims.Pure (t_MlKemKeyPairUnpacked v_K v_Vector) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst index 812549884..1a64404ca 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fst @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -170,7 +171,7 @@ let validate_public_key (public_key: t_Array u8 v_PUBLIC_KEY_SIZE) = let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced_out v_K #v_Vector (public_key.[ { Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: @@ -192,7 +193,37 @@ let validate_public_key in public_key =. public_key_serialized -#push-options "--admit_smt_queries true" +let validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + = + let t:t_Array u8 (sz 32) = + Libcrux_ml_kem.Hash_functions.f_H #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (private_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = sz 384 *! v_K <: usize; + Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 32 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + in + let expected:t_Slice u8 = + private_key.Libcrux_ml_kem.Types.f_value.[ { + Core.Ops.Range.f_start = (sz 768 *! v_K <: usize) +! sz 32 <: usize; + Core.Ops.Range.f_end = (sz 768 *! v_K <: usize) +! sz 64 <: usize + } + <: + Core.Ops.Range.t_Range usize ] + in + t =. expected #push-options "--z3rlimit 500" @@ -206,10 +237,14 @@ let decapsulate (#[FStar.Tactics.Typeclasses.tcresolve ()] i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: t_Variant v_Scheme) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) = + let _:Prims.unit = + assert (v v_CIPHERTEXT_SIZE == + v v_IMPLICIT_REJECTION_HASH_INPUT_SIZE - v Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE) + in let ind_cpa_secret_key, secret_key:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (private_key.Libcrux_ml_kem.Types.f_value <: t_Slice u8) @@ -221,6 +256,20 @@ let decapsulate let ind_cpa_public_key_hash, implicit_rejection_value:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 secret_key Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE in + let _:Prims.unit = + assert (ind_cpa_secret_key == slice private_key.f_value (sz 0) v_CPA_SECRET_KEY_SIZE); + assert (ind_cpa_public_key == + slice private_key.f_value v_CPA_SECRET_KEY_SIZE (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) + ); + assert (ind_cpa_public_key_hash == + slice private_key.f_value + (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE) + (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE)); + assert (implicit_rejection_value == + slice private_key.f_value + (v_CPA_SECRET_KEY_SIZE +! v_PUBLIC_KEY_SIZE +! Spec.MLKEM.v_H_DIGEST_SIZE) + (length private_key.f_value)) + in let decrypted:t_Array u8 (sz 32) = Libcrux_ml_kem.Ind_cpa.decrypt v_K v_CIPHERTEXT_SIZE @@ -234,6 +283,7 @@ let decapsulate let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux_ml_kem.Utils.into_padded_array (sz 64) (decrypted <: t_Slice u8) in + let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) decrypted in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } @@ -249,6 +299,11 @@ let decapsulate <: t_Slice u8) in + let _:Prims.unit = + lemma_slice_append to_hash decrypted ind_cpa_public_key_hash; + assert (decrypted == Spec.MLKEM.ind_cpa_decrypt v_K ind_cpa_secret_key ciphertext.f_value); + assert (to_hash == concat decrypted ind_cpa_public_key_hash) + in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K @@ -260,11 +315,21 @@ let decapsulate (hashed <: t_Slice u8) Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE in + let _:Prims.unit = + assert ((shared_secret, pseudorandomness) == + split hashed Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE); + assert (length implicit_rejection_value = + v_SECRET_KEY_SIZE -! v_CPA_SECRET_KEY_SIZE -! v_PUBLIC_KEY_SIZE -! + Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE); + assert (length implicit_rejection_value = Spec.MLKEM.v_SHARED_SECRET_SIZE); + assert (Spec.MLKEM.v_SHARED_SECRET_SIZE <=. Spec.MLKEM.v_IMPLICIT_REJECTION_HASH_INPUT_SIZE v_K) + in let (to_hash: t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE):t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Libcrux_ml_kem.Utils.into_padded_array v_IMPLICIT_REJECTION_HASH_INPUT_SIZE implicit_rejection_value in + let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) implicit_rejection_value in let to_hash:t_Array u8 v_IMPLICIT_REJECTION_HASH_INPUT_SIZE = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE } @@ -285,8 +350,12 @@ let decapsulate <: t_Slice u8) in - let _:Prims.unit = assert (v (sz 32) < pow2 32) in - let _:Prims.unit = assert (i4.f_PRF_pre (sz 32) to_hash) in + let _:Prims.unit = + assert_norm (pow2 32 == 0x100000000); + assert (v (sz 32) < pow2 32); + assert (i4.f_PRF_pre (sz 32) to_hash); + lemma_slice_append to_hash implicit_rejection_value ciphertext.f_value + in let (implicit_rejection_shared_secret: t_Array u8 (sz 32)):t_Array u8 (sz 32) = Libcrux_ml_kem.Hash_functions.f_PRF #v_Hasher #v_K @@ -294,6 +363,10 @@ let decapsulate (sz 32) (to_hash <: t_Slice u8) in + let _:Prims.unit = + assert (implicit_rejection_shared_secret == Spec.Utils.v_PRF (sz 32) to_hash); + assert (Seq.length ind_cpa_public_key == v v_PUBLIC_KEY_SIZE) + in let expected_ciphertext:t_Array u8 v_CIPHERTEXT_SIZE = Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 @@ -301,7 +374,7 @@ let decapsulate decrypted pseudorandomness in let implicit_rejection_shared_secret:t_Array u8 (sz 32) = - f_kdf #v_Scheme + Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K v_CIPHERTEXT_SIZE @@ -310,7 +383,7 @@ let decapsulate ciphertext in let shared_secret:t_Array u8 (sz 32) = - f_kdf #v_Scheme + Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K v_CIPHERTEXT_SIZE @@ -331,8 +404,6 @@ let decapsulate #pop-options -#pop-options - #push-options "--z3rlimit 150" let encapsulate @@ -345,12 +416,12 @@ let encapsulate (#[FStar.Tactics.Typeclasses.tcresolve ()] i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: t_Variant v_Scheme) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) = let randomness:t_Array u8 (sz 32) = - f_entropy_preprocess #v_Scheme + Libcrux_ml_kem.Variant.f_entropy_preprocess #v_Scheme #FStar.Tactics.Typeclasses.solve v_K #v_Hasher @@ -359,6 +430,7 @@ let encapsulate let (to_hash: t_Array u8 (sz 64)):t_Array u8 (sz 64) = Libcrux_ml_kem.Utils.into_padded_array (sz 64) (randomness <: t_Slice u8) in + let _:Prims.unit = eq_intro (Seq.slice to_hash 0 32) randomness in let to_hash:t_Array u8 (sz 64) = Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from to_hash ({ Core.Ops.Range.f_start = Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE } @@ -373,12 +445,17 @@ let encapsulate (Libcrux_ml_kem.Hash_functions.f_H #v_Hasher #v_K #FStar.Tactics.Typeclasses.solve - (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) + (Libcrux_ml_kem.Types.impl_20__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) <: t_Slice u8) <: t_Slice u8) in + let _:Prims.unit = + assert (Seq.slice to_hash 0 (v Libcrux_ml_kem.Constants.v_H_DIGEST_SIZE) == randomness); + lemma_slice_append to_hash randomness (Spec.Utils.v_H public_key.f_value); + assert (to_hash == concat randomness (Spec.Utils.v_H public_key.f_value)) + in let hashed:t_Array u8 (sz 64) = Libcrux_ml_kem.Hash_functions.f_G #v_Hasher #v_K @@ -394,7 +471,7 @@ let encapsulate Libcrux_ml_kem.Ind_cpa.encrypt v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_SIZE v_C2_SIZE v_VECTOR_U_COMPRESSION_FACTOR v_VECTOR_V_COMPRESSION_FACTOR v_C1_BLOCK_SIZE v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher - (Libcrux_ml_kem.Types.impl_17__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness + (Libcrux_ml_kem.Types.impl_20__as_slice v_PUBLIC_KEY_SIZE public_key <: t_Slice u8) randomness pseudorandomness in let ciphertext:Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE = @@ -404,7 +481,7 @@ let encapsulate ciphertext in let shared_secret_array:t_Array u8 (sz 32) = - f_kdf #v_Scheme + Libcrux_ml_kem.Variant.f_kdf #v_Scheme #FStar.Tactics.Typeclasses.solve v_K v_CIPHERTEXT_SIZE @@ -412,26 +489,23 @@ let encapsulate shared_secret ciphertext in - let result:(Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) = - ciphertext, shared_secret_array - <: - (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) - in - let _:Prims.unit = admit () (* Panic freedom *) in - result + ciphertext, shared_secret_array + <: + (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) #pop-options let generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (randomness: t_Array u8 (sz 64)) = let ind_cpa_keypair_randomness:t_Slice u8 = @@ -451,14 +525,8 @@ let generate_keypair in let ind_cpa_private_key, public_key:(t_Array u8 v_CPA_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = - Libcrux_ml_kem.Ind_cpa.generate_keypair v_K - v_CPA_PRIVATE_KEY_SIZE - v_PUBLIC_KEY_SIZE - v_RANKED_BYTES_PER_RING_ELEMENT - v_ETA1 - v_ETA1_RANDOMNESS_SIZE - #v_Vector - #v_Hasher + Libcrux_ml_kem.Ind_cpa.generate_keypair v_K v_CPA_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE + v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher #v_Scheme ind_cpa_keypair_randomness in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = @@ -476,7 +544,7 @@ let generate_keypair #FStar.Tactics.Typeclasses.solve secret_key_serialized in - Libcrux_ml_kem.Types.impl_18__from v_PRIVATE_KEY_SIZE + Libcrux_ml_kem.Types.impl_21__from v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE private_key (Core.Convert.f_from #(Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti index 69d9a3cbd..0ae396fd2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cca.fsti @@ -8,6 +8,7 @@ let _ = (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in let open Libcrux_ml_kem.Types in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -39,13 +40,10 @@ val serialize_kem_secret_key (Seq.append public_key (Seq.append (Spec.Utils.v_H public_key) implicit_rejection_value) )) -/// Implements [`Variant`], to perform the ML-KEM-specific actions -/// during encapsulation and decapsulation. -/// Specifically, -/// * during encapsulation, the initial randomness is used without prior hashing, -/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. -type t_MlKem = | MlKem : t_MlKem - +/// Validate an ML-KEM public key. +/// This implements the Modulus check in 7.2 2. +/// Note that the size check in 7.2 1 is covered by the `PUBLIC_KEY_SIZE` in the +/// `public_key` type. val validate_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) @@ -58,153 +56,21 @@ val validate_public_key v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CCA_PUBLIC_KEY_SIZE v_K) (fun _ -> Prims.l_True) -/// This trait collects differences in specification between ML-KEM -/// (Draft FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the -/// NIST PQ competition. -/// cf. FIPS 203 (Draft), section 1.3 -class t_Variant (v_Self: Type0) = { - f_kdf_pre: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - shared_secret: t_Slice u8 -> - ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; - f_kdf_post: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - shared_secret: t_Slice u8 -> - ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> - res: t_Array u8 (sz 32) - -> pred: Type0{pred ==> res == shared_secret}; - f_kdf: - v_K: usize -> - v_CIPHERTEXT_SIZE: usize -> - #v_Hasher: Type0 -> - {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 -> - x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE - -> Prims.Pure (t_Array u8 (sz 32)) - (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) - (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); - f_entropy_preprocess_pre: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - randomness: t_Slice u8 - -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; - f_entropy_preprocess_post: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - t_Slice u8 -> - t_Array u8 (sz 32) - -> Type0; - f_entropy_preprocess: - v_K: usize -> - #v_Hasher: Type0 -> - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> - x0: t_Slice u8 - -> Prims.Pure (t_Array u8 (sz 32)) - (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) - (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result) -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl: t_Variant t_MlKem = - { - f_kdf_pre - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - -> - (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); - f_kdf_post - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - (out: t_Array u8 (sz 32)) - -> - out == shared_secret); - f_kdf - = - (fun - (v_K: usize) - (v_CIPHERTEXT_SIZE: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (shared_secret: t_Slice u8) - (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) - -> - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - shared_secret - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError)); - f_entropy_preprocess_pre - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - -> - (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); - f_entropy_preprocess_post - = - (fun - (v_K: usize) - (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - (out: t_Array u8 (sz 32)) - -> - true); - f_entropy_preprocess - = - fun - (v_K: usize) +/// Validate an ML-KEM private key. +/// This implements the Hash check in 7.3 3. +/// Note that the size checks in 7.2 1 and 2 are covered by the `SECRET_KEY_SIZE` +/// and `CIPHERTEXT_SIZE` in the `private_key` and `ciphertext` types. +val validate_private_key + (v_K v_SECRET_KEY_SIZE v_CIPHERTEXT_SIZE: usize) (#v_Hasher: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: - Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) - (randomness: t_Slice u8) - -> - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - randomness - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - } + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) + (v__ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + : Prims.Pure bool + (requires + Spec.MLKEM.is_rank v_K /\ v_SECRET_KEY_SIZE == Spec.MLKEM.v_CCA_PRIVATE_KEY_SIZE v_K /\ + v_CIPHERTEXT_SIZE == Spec.MLKEM.v_CPA_CIPHERTEXT_SIZE v_K) + (fun _ -> Prims.l_True) /// This code verifies on some machines, runs out of memory on others val decapsulate @@ -213,7 +79,7 @@ val decapsulate (#v_Vector #v_Hasher #v_Scheme: Type0) {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: t_Variant v_Scheme |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey v_SECRET_KEY_SIZE) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) : Prims.Pure (t_Array u8 (sz 32)) @@ -245,7 +111,7 @@ val encapsulate (#v_Vector #v_Hasher #v_Scheme: Type0) {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} - {| i5: t_Variant v_Scheme |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey v_PUBLIC_KEY_SIZE) (randomness: t_Array u8 (sz 32)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE & t_Array u8 (sz 32)) @@ -276,9 +142,10 @@ val encapsulate val generate_keypair (v_K v_CPA_PRIVATE_KEY_SIZE v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (randomness: t_Array u8 (sz 64)) : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) (requires diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti index f386e8df7..a0ce84565 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.Unpacked.fsti @@ -14,6 +14,32 @@ type t_IndCpaPrivateKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} = { f_secret_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K } +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_IndCpaPrivateKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPrivateKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_secret_as_ntt + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + } + <: + t_IndCpaPrivateKeyUnpacked v_K v_Vector + } + /// An unpacked ML-KEM IND-CPA Private Key type t_IndCpaPublicKeyUnpacked (v_K: usize) (v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -22,3 +48,41 @@ type t_IndCpaPublicKeyUnpacked f_seed_for_A:t_Array u8 (sz 32); f_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + : Core.Default.t_Default (t_IndCpaPublicKeyUnpacked v_K v_Vector) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_IndCpaPublicKeyUnpacked v_K v_Vector) -> true); + f_default + = + fun (_: Prims.unit) -> + { + f_t_as_ntt + = + Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K; + f_seed_for_A = Rust_primitives.Hax.repeat 0uy (sz 32); + f_A + = + Rust_primitives.Hax.repeat (Rust_primitives.Hax.repeat (Libcrux_ml_kem.Polynomial.impl_2__ZERO + #v_Vector + () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + <: + t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + v_K + } + <: + t_IndCpaPublicKeyUnpacked v_K v_Vector + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index 7aff6f7ed..5bb6b9214 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -7,6 +7,8 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -27,7 +29,7 @@ let sample_ring_element_cbd v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -108,18 +110,10 @@ let sample_vector_cbd_then_ntt (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) = - let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in let prf_inputs:t_Array (t_Array u8 (sz 33)) v_K = Rust_primitives.Hax.repeat prf_input v_K in let v__domain_separator_init:u8 = domain_separator in let domain_separator, prf_inputs:(u8 & t_Array (t_Array u8 (sz 33)) v_K) = @@ -189,6 +183,46 @@ let sample_vector_cbd_then_ntt in re_as_ntt) in + let result:u8 = domain_separator in + let _:Prims.unit = admit () (* Panic freedom *) in + let hax_temp_output:u8 = result in + re_as_ntt, hax_temp_output + <: + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + +let sample_vector_cbd_then_ntt_out + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i2: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + = + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + sample_vector_cbd_then_ntt v_K + v_ETA + v_ETA_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + re_as_ntt + prf_input + domain_separator + in + let re_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = tmp0 in + let domain_separator:u8 = out in let result:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = re_as_ntt, domain_separator <: @@ -197,8 +231,6 @@ let sample_vector_cbd_then_ntt let _:Prims.unit = admit () (* Panic freedom *) in result -#push-options "--z3rlimit 200" - let compress_then_serialize_u (v_K v_OUT_LEN v_COMPRESSION_FACTOR v_BLOCK_LEN: usize) (#v_Vector: Type0) @@ -219,7 +251,9 @@ let compress_then_serialize_u (fun out i -> let out:t_Slice u8 = out in let i:usize = i in - (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN <: bool) + v i < v v_K ==> + (Seq.length out == v v_OUT_LEN /\ + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index input (v i)))) out (fun out temp_1_ -> let out:t_Slice u8 = out in @@ -263,8 +297,6 @@ let compress_then_serialize_u let hax_temp_output:Prims.unit = result in out -#pop-options - #push-options "--admit_smt_queries true" let deserialize_then_decompress_u @@ -280,7 +312,7 @@ let deserialize_then_decompress_u v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -342,7 +374,7 @@ let deserialize_secret_key v_K (fun temp_0_ -> let _:usize = temp_0_ in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -439,7 +471,7 @@ let serialize_secret_key #pop-options -let serialize_public_key +let serialize_public_key_mut (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -447,17 +479,15 @@ let serialize_public_key Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (seed_for_a: t_Slice u8) + (serialized: t_Array u8 v_PUBLIC_KEY_SIZE) = - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE - in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range public_key_serialized + let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range serialized ({ Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_Range usize) (Core.Slice.impl__copy_from_slice #u8 - (public_key_serialized.[ { + (serialized.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = v_RANKED_BYTES_PER_RING_ELEMENT } @@ -471,13 +501,13 @@ let serialize_public_key <: t_Slice u8) in - let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = - Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from public_key_serialized + let serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range_from serialized ({ Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize) (Core.Slice.impl__copy_from_slice #u8 - (public_key_serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } + (serialized.[ { Core.Ops.Range.f_start = v_RANKED_BYTES_PER_RING_ELEMENT } <: Core.Ops.Range.t_RangeFrom usize ] <: @@ -486,6 +516,30 @@ let serialize_public_key <: t_Slice u8) in + let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in + serialized + +let serialize_public_key + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) + = + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + Rust_primitives.Hax.repeat 0uy v_PUBLIC_KEY_SIZE + in + let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = + serialize_public_key_mut v_K + v_RANKED_BYTES_PER_RING_ELEMENT + v_PUBLIC_KEY_SIZE + #v_Vector + tt_as_ntt + seed_for_a + public_key_serialized + in let result:t_Array u8 v_PUBLIC_KEY_SIZE = public_key_serialized in let _:Prims.unit = admit () (* Panic freedom *) in result @@ -578,7 +632,13 @@ let encrypt_unpacked let r_as_ntt, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy + sample_vector_cbd_then_ntt_out v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + prf_input + 0uy in let error_1_, domain_separator:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & @@ -675,42 +735,44 @@ let encrypt (message: t_Array u8 (sz 32)) (randomness: t_Slice u8) = - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K - #v_Vector - (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Serialize.deserialize_ring_elements_reduced v_K + #v_Vector + (public_key.[ { Core.Ops.Range.f_end = v_T_AS_NTT_ENCODED_SIZE } + <: + Core.Ops.Range.t_RangeTo usize ] <: - Core.Ops.Range.t_RangeTo usize ] - <: - t_Slice u8) + t_Slice u8) + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector in let seed:t_Slice u8 = public_key.[ { Core.Ops.Range.f_start = v_T_AS_NTT_ENCODED_SIZE } <: Core.Ops.Range.t_RangeFrom usize ] in - let v_A:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) - false - in - let (seed_for_A: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - seed - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - in - let public_key_unpacked:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + let unpacked_public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = { - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt = tt_as_ntt; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = seed_for_A + unpacked_public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + unpacked_public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed <: t_Array u8 (sz 34)) + false } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector @@ -718,50 +780,72 @@ let encrypt let result:t_Array u8 v_CIPHERTEXT_SIZE = encrypt_unpacked v_K v_CIPHERTEXT_SIZE v_T_AS_NTT_ENCODED_SIZE v_C1_LEN v_C2_LEN v_U_COMPRESSION_FACTOR v_V_COMPRESSION_FACTOR v_BLOCK_LEN v_ETA1 v_ETA1_RANDOMNESS_SIZE v_ETA2 - v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher public_key_unpacked message randomness + v_ETA2_RANDOMNESS_SIZE #v_Vector #v_Hasher unpacked_public_key message randomness in let _:Prims.unit = admit () (* Panic freedom *) in result let generate_keypair_unpacked (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (key_generation_seed: t_Slice u8) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = let hashed:t_Array u8 (sz 64) = - Libcrux_ml_kem.Hash_functions.f_G #v_Hasher - #v_K + Libcrux_ml_kem.Variant.f_cpa_keygen_seed #v_Scheme #FStar.Tactics.Typeclasses.solve + v_K + #v_Hasher key_generation_seed in let seed_for_A, seed_for_secret_and_error:(t_Slice u8 & t_Slice u8) = Core.Slice.impl__split_at #u8 (hashed <: t_Slice u8) (sz 32) in - let v_A_transpose:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Libcrux_ml_kem.Matrix.sample_matrix_A v_K - #v_Vector - #v_Hasher - (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) - true + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + = + Libcrux_ml_kem.Matrix.sample_matrix_A v_K + #v_Vector + #v_Hasher + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + (Libcrux_ml_kem.Utils.into_padded_array (sz 34) seed_for_A <: t_Array u8 (sz 34)) + true + } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector in let (prf_input: t_Array u8 (sz 33)):t_Array u8 (sz 33) = Libcrux_ml_kem.Utils.into_padded_array (sz 33) seed_for_secret_and_error in - let secret_as_ntt, domain_separator:(t_Array - (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & - u8) = - sample_vector_cbd_then_ntt v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher prf_input 0uy + let tmp0, out:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = + sample_vector_cbd_then_ntt v_K + v_ETA1 + v_ETA1_RANDOMNESS_SIZE + #v_Vector + #v_Hasher + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + prf_input + 0uy + in + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + { private_key with Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = tmp0 } + <: + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector in + let domain_separator:u8 = out in let error_as_ntt, _:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8 ) = - sample_vector_cbd_then_ntt v_K + sample_vector_cbd_then_ntt_out v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector @@ -769,77 +853,96 @@ let generate_keypair_unpacked prf_input domain_separator in - let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Libcrux_ml_kem.Matrix.compute_As_plus_e v_K #v_Vector v_A_transpose secret_as_ntt error_as_ntt - in - let (seed_for_A: t_Array u8 (sz 32)):t_Array u8 (sz 32) = - Core.Result.impl__unwrap #(t_Array u8 (sz 32)) - #Core.Array.t_TryFromSliceError - (Core.Convert.f_try_into #(t_Slice u8) - #(t_Array u8 (sz 32)) - #FStar.Tactics.Typeclasses.solve - seed_for_A - <: - Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) - in - let pk:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = { - Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt = tt_as_ntt; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_A = v_A_transpose; - Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A = seed_for_A + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + = + Libcrux_ml_kem.Matrix.compute_As_plus_e v_K + #v_Vector + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_A + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + error_as_ntt } <: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector in - let sk:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = - { Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt = secret_as_ntt } - <: - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector - in - let result:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = - sk, pk + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + { + public_key with + Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A + = + Core.Result.impl__unwrap #(t_Array u8 (sz 32)) + #Core.Array.t_TryFromSliceError + (Core.Convert.f_try_into #(t_Slice u8) + #(t_Array u8 (sz 32)) + #FStar.Tactics.Typeclasses.solve + seed_for_A + <: + Core.Result.t_Result (t_Array u8 (sz 32)) Core.Array.t_TryFromSliceError) + } <: - (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & - Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector in - let _:Prims.unit = admit () (* Panic freedom *) in - result + let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in + private_key, public_key + <: + (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) let generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) + (#v_Vector #v_Hasher #v_Scheme: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: + i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (#[FStar.Tactics.Typeclasses.tcresolve ()] - i3: + i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme) (key_generation_seed: t_Slice u8) = - let sk, pk:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector + ) + #FStar.Tactics.Typeclasses.solve + () + in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = + Core.Default.f_default #(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) + #FStar.Tactics.Typeclasses.solve + () + in + let tmp0, tmp1:(Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) = generate_keypair_unpacked v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE #v_Vector #v_Hasher + #v_Scheme key_generation_seed + private_key + public_key in + let private_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector = tmp0 in + let public_key:Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector = tmp1 in + let _:Prims.unit = () in let public_key_serialized:t_Array u8 v_PUBLIC_KEY_SIZE = serialize_public_key v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE #v_Vector - pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt - (pk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) + public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_t_as_ntt + (public_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_seed_for_A <: t_Slice u8) in let secret_key_serialized:t_Array u8 v_PRIVATE_KEY_SIZE = serialize_secret_key v_K v_PRIVATE_KEY_SIZE #v_Vector - sk.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt + private_key.Libcrux_ml_kem.Ind_cpa.Unpacked.f_secret_as_ntt in let result:(t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) = secret_key_serialized, public_key_serialized diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti index edacb43f3..11fd6f8e5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fsti @@ -7,6 +7,8 @@ let _ = (* This module has implicit dependencies, here we make them explicit. *) (* The implicit dependencies arise from typeclasses instances. *) let open Libcrux_ml_kem.Hash_functions in + let open Libcrux_ml_kem.Ind_cpa.Unpacked in + let open Libcrux_ml_kem.Variant in let open Libcrux_ml_kem.Vector.Traits in () @@ -31,6 +33,7 @@ val sample_vector_cbd_then_ntt (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (re_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (prf_input: t_Array u8 (sz 33)) (domain_separator: u8) : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) @@ -40,12 +43,37 @@ val sample_vector_cbd_then_ntt range (v domain_separator + v v_K) u8_inttype) (ensures fun temp_0_ -> - let x, ds:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + let re_as_ntt_future, ds:(t_Array + (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & + u8) = + temp_0_ + in + v ds == v domain_separator + v v_K /\ + Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re_as_ntt_future == + Spec.MLKEM.sample_vector_cbd_then_ntt #v_K + (Seq.slice prf_input 0 32) + (sz (v domain_separator))) + +val sample_vector_cbd_then_ntt_out + (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) + (#v_Vector #v_Hasher: Type0) + {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (prf_input: t_Array u8 (sz 33)) + (domain_separator: u8) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) + (requires + Spec.MLKEM.is_rank v_K /\ v_ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ + v_ETA == Spec.MLKEM.v_ETA1 v_K /\ v domain_separator < 2 * v v_K /\ + range (v domain_separator + v v_K) u8_inttype) + (ensures + fun temp_0_ -> + let re, ds:(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) = temp_0_ in v ds == v domain_separator + v v_K /\ - Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector x == + Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector re == Spec.MLKEM.sample_vector_cbd_then_ntt #v_K (Seq.slice prf_input 0 32) (sz (v domain_separator))) @@ -61,7 +89,10 @@ val compress_then_serialize_u (requires Spec.MLKEM.is_rank v_K /\ v_OUT_LEN == Spec.MLKEM.v_C1_SIZE v_K /\ v_COMPRESSION_FACTOR == Spec.MLKEM.v_VECTOR_U_COMPRESSION_FACTOR v_K /\ - v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ Core.Slice.impl__len #u8 out == v_OUT_LEN) + v_BLOCK_LEN == Spec.MLKEM.v_C1_BLOCK_SIZE v_K /\ Core.Slice.impl__len #u8 out == v_OUT_LEN /\ + (forall (i: nat). + i < v v_K ==> + Libcrux_ml_kem.Serialize.coefficients_field_modulus_range (Seq.index input i))) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in @@ -120,6 +151,27 @@ val serialize_secret_key Spec.MLKEM.vector_encode_12 #v_K (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector key)) +/// Concatenate `t` and `ρ` into the public key. +val serialize_public_key_mut + (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (seed_for_a: t_Slice u8) + (serialized: t_Array u8 v_PUBLIC_KEY_SIZE) + : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) + (requires + Spec.MLKEM.is_rank v_K /\ + v_RANKED_BYTES_PER_RING_ELEMENT == Spec.MLKEM.v_RANKED_BYTES_PER_RING_ELEMENT v_K /\ + v_PUBLIC_KEY_SIZE == Spec.MLKEM.v_CPA_PUBLIC_KEY_SIZE v_K /\ length seed_for_a == sz 32) + (ensures + fun serialized_future -> + let serialized_future:t_Array u8 v_PUBLIC_KEY_SIZE = serialized_future in + serialized_future == + Seq.append (Spec.MLKEM.vector_encode_12 #v_K + (Libcrux_ml_kem.Polynomial.to_spec_vector_t #v_K #v_Vector tt_as_ntt)) + seed_for_a) + /// Concatenate `t` and `ρ` into the public key. val serialize_public_key (v_K v_RANKED_BYTES_PER_RING_ELEMENT v_PUBLIC_KEY_SIZE: usize) @@ -310,24 +362,29 @@ val encrypt /// . val generate_keypair_unpacked (v_K v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (key_generation_seed: t_Slice u8) + (private_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector) + (public_key: Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) : Prims.Pure (Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPrivateKeyUnpacked v_K v_Vector & Libcrux_ml_kem.Ind_cpa.Unpacked.t_IndCpaPublicKeyUnpacked v_K v_Vector) (requires Spec.MLKEM.is_rank v_K /\ v_ETA1_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE v_K /\ - v_ETA1 == Spec.MLKEM.v_ETA1 v_K) + v_ETA1 == Spec.MLKEM.v_ETA1 v_K /\ + length key_generation_seed == Spec.MLKEM.v_CPA_KEY_GENERATION_SEED_SIZE) (fun _ -> Prims.l_True) val generate_keypair (v_K v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE v_RANKED_BYTES_PER_RING_ELEMENT v_ETA1 v_ETA1_RANDOMNESS_SIZE: usize) - (#v_Vector #v_Hasher: Type0) - {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} - {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (#v_Vector #v_Hasher #v_Scheme: Type0) + {| i3: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + {| i5: Libcrux_ml_kem.Variant.t_Variant v_Scheme |} (key_generation_seed: t_Slice u8) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE & t_Array u8 v_PUBLIC_KEY_SIZE) (requires diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index fc12208e9..49cb21598 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -315,7 +315,7 @@ let invert_ntt_montgomery let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl_1__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index d407bc44c..276b16735 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -16,94 +16,94 @@ let compute_As_plus_e (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Folds.fold_enumerated_slice (matrix_A <: t_Slice (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K)) - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + tt_as_ntt in let _:usize = temp_1_ in true) - result - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + tt_as_ntt in let i, row:(usize & t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = temp_1_ in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt + i + (Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Folds.fold_enumerated_slice (row <: t_Slice (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector)) - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + tt_as_ntt in let _:usize = temp_1_ in true) - result - (fun result temp_1_ -> - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + tt_as_ntt + (fun tt_as_ntt temp_1_ -> + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - result + tt_as_ntt in let j, matrix_element:(usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector matrix_element (s_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt i - (Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K - (result.[ i ] + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) product <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - result) + tt_as_ntt) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result + let tt_as_ntt:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize tt_as_ntt i - (Libcrux_ml_kem.Polynomial.impl_1__add_standard_error_reduce #v_Vector - (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + (Libcrux_ml_kem.Polynomial.impl_2__add_standard_error_reduce #v_Vector + (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in - result) + tt_as_ntt) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in + let result:Prims.unit = () <: Prims.unit in let _:Prims.unit = admit () (* Panic freedom *) in - result + let hax_temp_output:Prims.unit = result in + tt_as_ntt let compute_ring_element_v (v_K: usize) @@ -115,7 +115,7 @@ let compute_ring_element_v (error_2_ message: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -129,12 +129,12 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector (tt_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (r_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector v_K result product + Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product in result) in @@ -142,7 +142,7 @@ let compute_ring_element_v Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__add_message_error_reduce #v_Vector error_2_ message result + Libcrux_ml_kem.Polynomial.impl_2__add_message_error_reduce #v_Vector error_2_ message result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let _:Prims.unit = admit () (* Panic freedom *) in @@ -163,7 +163,7 @@ let compute_vector_u v_K (fun v__i -> let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -208,7 +208,7 @@ let compute_vector_u temp_1_ in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector a_element (r_as_ntt.[ j ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -216,7 +216,7 @@ let compute_vector_u v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K (result.[ i ] <: @@ -239,7 +239,7 @@ let compute_vector_u let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize result i - (Libcrux_ml_kem.Polynomial.impl_1__add_error_reduce #v_Vector + (Libcrux_ml_kem.Polynomial.impl_2__add_error_reduce #v_Vector (result.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (error_1_.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) <: @@ -262,7 +262,7 @@ let compute_message t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -276,12 +276,12 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let i:usize = i in let product:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ntt_multiply #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__ntt_multiply #v_Vector (secret_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (u_as_ntt.[ i ] <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__add_to_ring_element #v_Vector v_K result product + Libcrux_ml_kem.Polynomial.impl_2__add_to_ring_element #v_Vector v_K result product in result) in @@ -289,7 +289,7 @@ let compute_message Libcrux_ml_kem.Invert_ntt.invert_ntt_montgomery v_K #v_Vector result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__subtract_reduce #v_Vector v result + Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result in let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in let _:Prims.unit = admit () (* Panic freedom *) in @@ -304,25 +304,11 @@ let sample_matrix_A (#[FStar.Tactics.Typeclasses.tcresolve ()] i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (v_A_transpose: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (seed: t_Array u8 (sz 34)) (transpose: bool) = - let v_A_transpose:t_Array - (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = - Core.Array.from_fn #(t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K - (fun v__i -> - let v__i:usize = v__i in - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__j -> - let v__j:usize = v__j in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - <: - t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - in let v_A_transpose:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -431,9 +417,7 @@ let sample_matrix_A in v_A_transpose)) in - let result:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K - = - v_A_transpose - in + let result:Prims.unit = () <: Prims.unit in let _:Prims.unit = admit () (* Panic freedom *) in - result + let hax_temp_output:Prims.unit = result in + v_A_transpose diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti index ac11905d4..6947cb795 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fsti @@ -15,6 +15,7 @@ val compute_As_plus_e (v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (tt_as_ntt: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (matrix_A: t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (s_as_ntt error_as_ntt: @@ -22,10 +23,13 @@ val compute_As_plus_e : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) (requires Spec.MLKEM.is_rank v_K) (ensures - fun res -> - let res:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = res in + fun tt_as_ntt_future -> + let tt_as_ntt_future:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K = + tt_as_ntt_future + in let open Libcrux_ml_kem.Polynomial in - to_spec_vector_t res = + to_spec_vector_t tt_as_ntt_future = Spec.MLKEM.compute_As_plus_e_ntt (to_spec_matrix_t matrix_A) (to_spec_vector_t s_as_ntt) (to_spec_vector_t error_as_ntt)) @@ -102,21 +106,23 @@ val sample_matrix_A (#v_Vector #v_Hasher: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} + (v_A_transpose: + t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (seed: t_Array u8 (sz 34)) (transpose: bool) : Prims.Pure (t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K) (requires Spec.MLKEM.is_rank v_K) (ensures - fun res -> - let res:t_Array (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) - v_K = - res + fun v_A_transpose_future -> + let v_A_transpose_future:t_Array + (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) v_K = + v_A_transpose_future in let matrix_A, valid = Spec.MLKEM.sample_matrix_A_ntt (Seq.slice seed 0 32) in valid ==> (if transpose - then Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == matrix_A + then Libcrux_ml_kem.Polynomial.to_spec_matrix_t v_A_transpose_future == matrix_A else - Libcrux_ml_kem.Polynomial.to_spec_matrix_t res == Spec.MLKEM.matrix_transpose matrix_A - )) + Libcrux_ml_kem.Polynomial.to_spec_matrix_t v_A_transpose_future == + Spec.MLKEM.matrix_transpose matrix_A)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst index 3becfc426..1ed6cc3c1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -29,46 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate_unpacked (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate_unpacked (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair_unpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 4) (sz 1536) - (sz 3168) (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti index 176cc9784..4f57bcb17 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Avx2.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Avx2 open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -29,47 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// https://github.com/hacspec/hax/issues/770 -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst index 2c782f7a5..8cab7c870 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -29,46 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate_unpacked (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate_unpacked (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair_unpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 4) (sz 1536) - (sz 3168) (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti index ab4413e4d..d71f032a7 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Neon.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Neon open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -29,49 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// https://github.com/hacspec/hax/issues/770 -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst index 92509e13b..60a05dcc1 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -29,46 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate_unpacked (sz 4) (sz 1568) (sz 1568) - (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate_unpacked (sz 4) (sz 3168) (sz 1536) - (sz 1568) (sz 1568) (sz 1536) (sz 1408) (sz 160) (sz 11) (sz 5) (sz 352) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1600) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair_unpacked (sz 4) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 4) (sz 1536) - (sz 3168) (sz 1568) - (sz 1536) - (sz 2) - (sz 128) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti index 8397ad5eb..9ce6a597e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.Portable.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem1024.Portable open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -29,49 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 1024 (unpacked) -/// Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem1024PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -/// TODO: The F* prefix opens required modules, it should go away when the following issue is resolved: -/// https://github.com/hacspec/hax/issues/770 -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 1024 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem1024KeyPairUnpacked`] -/// and an [`MlKem1024Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 1024 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 4) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst index ae991e1ab..c06297797 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fst @@ -3,6 +3,22 @@ module Libcrux_ml_kem.Mlkem1024 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 4) + (sz 3168) + (sz 1568) + private_key + ciphertext + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) + (sz 1536) + (sz 1568) + public_key.Libcrux_ml_kem.Types.f_value + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) @@ -39,18 +55,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = in let _:Prims.unit = admit () (* Panic freedom *) in result - -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 4) - (sz 1536) - (sz 1568) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti index fd793d70a..fa7a134dd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem1024.fsti @@ -62,6 +62,18 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_1024_: usize = v_C1_SIZE_1024_ +! v_C2_SIZE_1024_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_1024_ +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 3168)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 1024 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem1024PrivateKey`] and an [`MlKem1024Ciphertext`]. @@ -110,10 +122,3 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Spec.MLKEM.Instances.mlkem1024_generate_keypair randomness in valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) - -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1568))) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst index 84c164f5d..d84c15890 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -29,43 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate_unpacked (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate_unpacked (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair_unpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 2) (sz 768) - (sz 1632) (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti index 222fdaf4d..79530147b 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Avx2.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Avx2 open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -29,45 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst index 103a0efc1..58b2f0dc4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -29,43 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate_unpacked (sz 2) (sz 768) (sz 800) (sz 768) - (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate_unpacked (sz 2) (sz 1632) (sz 768) (sz 800) - (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) - (sz 800) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair_unpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 2) (sz 768) - (sz 1632) (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti index 0bb4a418a..3d846ac51 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Neon.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Neon open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -29,47 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst index d71d18276..97dccb937 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -29,44 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate_unpacked (sz 2) (sz 768) (sz 800) - (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate_unpacked (sz 2) (sz 1632) (sz 768) - (sz 800) (sz 768) (sz 768) (sz 640) (sz 128) (sz 10) (sz 4) (sz 320) (sz 3) (sz 192) (sz 2) - (sz 128) (sz 800) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair_unpacked (sz 2) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 2) (sz 768) - (sz 1632) (sz 800) - (sz 768) - (sz 3) - (sz 192) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti index f238d623b..eee7fb43d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.Portable.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem512.Portable open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -29,47 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 512 (unpacked) -/// Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem512PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 512 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem512KeyPairUnpacked`] -/// and an [`MlKem512Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 512 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 2) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst index 3e97c4564..db5293cf8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fst @@ -3,6 +3,22 @@ module Libcrux_ml_kem.Mlkem512 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 2) + (sz 1632) + (sz 768) + private_key + ciphertext + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) + (sz 768) + (sz 800) + public_key.Libcrux_ml_kem.Types.f_value + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) @@ -39,16 +55,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = in let _:Prims.unit = admit () (* Panic freedom *) in result - -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 2) - (sz 768) - (sz 800) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - else - Core.Option.Option_None <: Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti index ef6a7c30f..40a174dcb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem512.fsti @@ -37,6 +37,18 @@ let v_VECTOR_U_COMPRESSION_FACTOR_512_: usize = sz 10 let v_VECTOR_V_COMPRESSION_FACTOR_512_: usize = sz 4 +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 1632)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 768)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 512 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem512PrivateKey`] and an [`MlKem512Ciphertext`]. @@ -85,10 +97,3 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Spec.MLKEM.Instances.mlkem512_generate_keypair randomness in valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) - -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 800))) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst index aa6931d6c..3ec064b3f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -29,46 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.encapsulate_unpacked (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.decapsulate_unpacked (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.generate_keypair_unpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Instantiations.Avx2.validate_public_key (sz 3) (sz 1152) - (sz 2400) (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti index dbf416647..0b2855263 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Avx2.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Avx2 open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -29,45 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Avx2.t_SIMD256Vector) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst index 2846f5a89..4608a3923 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -29,46 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.encapsulate_unpacked (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.decapsulate_unpacked (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Neon.generate_keypair_unpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Instantiations.Neon.validate_public_key (sz 3) (sz 1152) - (sz 2400) (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti index d9968514d..1b4e3414d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Neon.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Neon open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -29,47 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Neon.Vector_type.t_SIMD128Vector) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst index 2f77deb3b..d98e44837 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fst @@ -3,6 +3,16 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -29,46 +39,7 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = randomness let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - -let encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.encapsulate_unpacked (sz 3) (sz 1088) (sz 1184) - (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) (sz 128) public_key - randomness - -let decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.decapsulate_unpacked (sz 3) (sz 2400) (sz 1152) - (sz 1184) (sz 1088) (sz 1152) (sz 960) (sz 128) (sz 10) (sz 4) (sz 320) (sz 2) (sz 128) (sz 2) - (sz 128) (sz 1120) private_key ciphertext - -let generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) = - Libcrux_ml_kem.Ind_cca.Instantiations.Portable.generate_keypair_unpacked (sz 3) + Libcrux_ml_kem.Ind_cca.Instantiations.Portable.validate_public_key (sz 3) (sz 1152) - (sz 2400) (sz 1184) - (sz 1152) - (sz 2) - (sz 128) - randomness + public_key.Libcrux_ml_kem.Types.f_value diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti index 0edff9a45..c14954e5d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.Portable.fsti @@ -3,6 +3,13 @@ module Libcrux_ml_kem.Mlkem768.Portable open Core open FStar.Mul +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -29,47 +36,6 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) (fun _ -> Prims.l_True) /// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. +/// Returns `true` if valid, and `false` otherwise. val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) - -let _ = - (* This module has implicit dependencies, here we make them explicit. *) - (* The implicit dependencies arise from typeclasses instances. *) - let open Libcrux_ml_kem.Vector.Portable in - let open Libcrux_ml_kem.Vector.Neon in - () - -/// Encapsulate ML-KEM 768 (unpacked) -/// Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. -/// The input is a reference to an unpacked public key of type [`MlKem768PublicKeyUnpacked`], -/// the SHA3-256 hash of this public key, and [`SHARED_SECRET_SIZE`] bytes of `randomness`. -val encapsulate_unpacked - (public_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemPublicKeyUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (randomness: t_Array u8 (sz 32)) - : Prims.Pure (Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088) & t_Array u8 (sz 32)) - Prims.l_True - (fun _ -> Prims.l_True) - -/// Decapsulate ML-KEM 768 (unpacked) -/// Generates an [`MlKemSharedSecret`]. -/// The input is a reference to an unpacked key pair of type [`MlKem768KeyPairUnpacked`] -/// and an [`MlKem768Ciphertext`]. -val decapsulate_unpacked - (private_key: - Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) - -/// Generate ML-KEM 768 Key Pair in "unpacked" form -val generate_key_pair_unpacked (randomness: t_Array u8 (sz 64)) - : Prims.Pure - (Libcrux_ml_kem.Ind_cca.Unpacked.t_MlKemKeyPairUnpacked (sz 3) - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) - Prims.l_True - (fun _ -> Prims.l_True) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst index 3fa153282..235881a7e 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fst @@ -3,6 +3,22 @@ module Libcrux_ml_kem.Mlkem768 open Core open FStar.Mul +let validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_private_key (sz 3) + (sz 2400) + (sz 1088) + private_key + ciphertext + +let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = + Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) + (sz 1152) + (sz 1184) + public_key.Libcrux_ml_kem.Types.f_value + let decapsulate (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) @@ -39,18 +55,3 @@ let generate_key_pair (randomness: t_Array u8 (sz 64)) = in let _:Prims.unit = admit () (* Panic freedom *) in result - -let validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) = - if - Libcrux_ml_kem.Ind_cca.Multiplexing.validate_public_key (sz 3) - (sz 1152) - (sz 1184) - public_key.Libcrux_ml_kem.Types.f_value - then - Core.Option.Option_Some public_key - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - else - Core.Option.Option_None - <: - Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti index 9e2339b6f..34bfea335 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Mlkem768.fsti @@ -62,6 +62,18 @@ let v_CPA_PKE_CIPHERTEXT_SIZE_768_: usize = v_C1_SIZE_768_ +! v_C2_SIZE_768_ let v_IMPLICIT_REJECTION_HASH_INPUT_SIZE: usize = Libcrux_ml_kem.Constants.v_SHARED_SECRET_SIZE +! v_CPA_PKE_CIPHERTEXT_SIZE_768_ +/// Validate a private key. +/// Returns `true` if valid, and `false` otherwise. +val validate_private_key + (private_key: Libcrux_ml_kem.Types.t_MlKemPrivateKey (sz 2400)) + (ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext (sz 1088)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + +/// Validate a public key. +/// Returns `true` if valid, and `false` otherwise. +val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) + : Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) + /// Decapsulate ML-KEM 768 /// Generates an [`MlKemSharedSecret`]. /// The input is a reference to an [`MlKem768PrivateKey`] and an [`MlKem768Ciphertext`]. @@ -110,10 +122,3 @@ val generate_key_pair (randomness: t_Array u8 (sz 64)) Spec.MLKEM.Instances.mlkem768_generate_keypair randomness in valid ==> (res.f_sk.f_value == secret_key /\ res.f_pk.f_value == public_key)) - -/// Validate a public key. -/// Returns `Some(public_key)` if valid, and `None` otherwise. -val validate_public_key (public_key: Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184)) - : Prims.Pure (Core.Option.t_Option (Libcrux_ml_kem.Types.t_MlKemPublicKey (sz 1184))) - Prims.l_True - (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 702b82a42..da6a5be15 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -378,7 +378,7 @@ let ntt_binomially_sampled_ring_element let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl_1__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in @@ -437,7 +437,7 @@ let ntt_vector_u let _:Prims.unit = () in let hax_temp_output, re:(Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = - (), Libcrux_ml_kem.Polynomial.impl_1__poly_barrett_reduce #v_Vector re + (), Libcrux_ml_kem.Polynomial.impl_2__poly_barrett_reduce #v_Vector re <: (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst index 002d025eb..14065e04f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fst @@ -14,7 +14,7 @@ let get_zeta (i: usize) = let _:Prims.unit = admit () (* Panic freedom *) in result -let impl_1__ZERO +let impl_2__ZERO (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: @@ -34,7 +34,7 @@ let impl_1__ZERO <: t_PolynomialRingElement v_Vector -let impl_1__add_error_reduce +let impl_2__add_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -85,7 +85,7 @@ let impl_1__add_error_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_1__add_message_error_reduce +let impl_2__add_message_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -142,7 +142,7 @@ let impl_1__add_message_error_reduce in result -let impl_1__add_standard_error_reduce +let impl_2__add_standard_error_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -191,7 +191,7 @@ let impl_1__add_standard_error_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_1__add_to_ring_element +let impl_2__add_to_ring_element (#v_Vector: Type0) (v_K: usize) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -232,14 +232,14 @@ let impl_1__add_to_ring_element let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_1__from_i16_array +let impl_2__from_i16_array (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (a: t_Slice i16) = - let result:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in + let result:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in let result:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -277,7 +277,7 @@ let impl_1__from_i16_array in result -let impl_1__ntt_multiply +let impl_2__ntt_multiply (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -285,7 +285,7 @@ let impl_1__ntt_multiply (self rhs: t_PolynomialRingElement v_Vector) = let _:Prims.unit = admit () in - let out:t_PolynomialRingElement v_Vector = impl_1__ZERO #v_Vector () in + let out:t_PolynomialRingElement v_Vector = impl_2__ZERO #v_Vector () in let out:t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) v_VECTORS_IN_RING_ELEMENT @@ -321,7 +321,7 @@ let impl_1__ntt_multiply in out -let impl_1__poly_barrett_reduce +let impl_2__poly_barrett_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: @@ -360,7 +360,7 @@ let impl_1__poly_barrett_reduce let hax_temp_output:Prims.unit = () <: Prims.unit in self -let impl_1__subtract_reduce +let impl_2__subtract_reduce (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti index bca911ebe..ca8ac5ed8 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Polynomial.fsti @@ -60,25 +60,25 @@ let to_spec_matrix_t (#r:Spec.MLKEM.rank) (#v_Vector: Type0) (m:t_Array (t_Array (t_PolynomialRingElement v_Vector) r) r) : Spec.MLKEM.matrix r = createi r (fun i -> to_spec_vector_t #r #v_Vector (m.[i])) -val impl_1__ZERO: +val impl_2__ZERO: #v_Vector: Type0 -> {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} -> Prims.unit -> Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_1__add_error_reduce +val impl_2__add_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_1__add_message_error_reduce +val impl_2__add_message_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self message result: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_1__add_standard_error_reduce +val impl_2__add_standard_error_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self error: t_PolynomialRingElement v_Vector) @@ -86,14 +86,14 @@ val impl_1__add_standard_error_reduce /// Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise /// sum of their constituent coefficients. -val impl_1__add_to_ring_element +val impl_2__add_to_ring_element (#v_Vector: Type0) (v_K: usize) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_1__from_i16_array +val impl_2__from_i16_array (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (a: t_Slice i16) @@ -122,19 +122,19 @@ val impl_1__from_i16_array /// this function are in the Montgomery domain. /// The NIST FIPS 203 standard can be found at /// . -val impl_1__ntt_multiply +val impl_2__ntt_multiply (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self rhs: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_1__poly_barrett_reduce +val impl_2__poly_barrett_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self: t_PolynomialRingElement v_Vector) : Prims.Pure (t_PolynomialRingElement v_Vector) Prims.l_True (fun _ -> Prims.l_True) -val impl_1__subtract_reduce +val impl_2__subtract_reduce (#v_Vector: Type0) {| i2: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (self b: t_PolynomialRingElement v_Vector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst index 4436feb62..0ed1d6ebd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Sampling.fst @@ -222,7 +222,7 @@ let sample_from_binomial_distribution_2_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) #pop-options @@ -303,7 +303,7 @@ let sample_from_binomial_distribution_3_ in sampled_i16s)) in - Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) + Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (sampled_i16s <: t_Slice i16) #pop-options @@ -412,7 +412,7 @@ let sample_from_xof out (fun s -> let s:t_Array i16 (sz 272) = s in - Libcrux_ml_kem.Polynomial.impl_1__from_i16_array #v_Vector + Libcrux_ml_kem.Polynomial.impl_2__from_i16_array #v_Vector (s.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 256 } <: Core.Ops.Range.t_Range usize ] diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst index c0b67d1b7..3d92db16f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fst @@ -9,7 +9,17 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--admit_smt_queries true" +let to_unsigned_field_modulus + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (a: v_Vector) + = + let _:Prims.unit = reveal_opaque (`%field_modulus_range) (field_modulus_range #v_Vector) in + let result:v_Vector = Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector a in + let _:Prims.unit = admit () (* Panic freedom *) in + result let compress_then_serialize_10_ (v_OUT_LEN: usize) @@ -19,23 +29,29 @@ let compress_then_serialize_10_ Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + let _:Prims.unit = assert_norm (pow2 10 == 1024) in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.repeat 0uy v_OUT_LEN in let serialized:t_Array u8 v_OUT_LEN = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - (fun serialized temp_1_ -> + (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> let serialized:t_Array u8 v_OUT_LEN = serialized in let i:usize = i in + let _:Prims.unit = assert (20 * v i + 20 <= 320) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve 10l - (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -68,9 +84,9 @@ let compress_then_serialize_10_ in serialized) in - serialized - -#pop-options + let result:t_Array u8 v_OUT_LEN = serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result #push-options "--admit_smt_queries true" @@ -135,8 +151,6 @@ let compress_then_serialize_11_ #pop-options -#push-options "--admit_smt_queries true" - let compress_then_serialize_4_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -145,23 +159,29 @@ let compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = - let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in + let _:Prims.unit = assert_norm (pow2 4 == 16) in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT (fun serialized i -> let serialized:t_Slice u8 = serialized in let i:usize = i in - (Core.Slice.impl__len #u8 serialized <: usize) =. v__serialized_len <: bool) + v i >= 0 /\ v i <= 16 /\ v i < 16 ==> + (Seq.length serialized == 128 /\ coefficients_field_modulus_range re)) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in let i:usize = i in + let _:Prims.unit = assert (8 * v i + 8 <= 128) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = Libcrux_ml_kem.Vector.Traits.f_compress #v_Vector #FStar.Tactics.Typeclasses.solve 4l - (Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + (to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) <: v_Vector) @@ -194,11 +214,11 @@ let compress_then_serialize_4_ in serialized) in - let hax_temp_output:Prims.unit = () <: Prims.unit in + let result:Prims.unit = () <: Prims.unit in + let _:Prims.unit = admit () (* Panic freedom *) in + let hax_temp_output:Prims.unit = result in serialized -#pop-options - #push-options "--admit_smt_queries true" let compress_then_serialize_5_ @@ -209,14 +229,13 @@ let compress_then_serialize_5_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) = - let v__serialized_len:usize = Core.Slice.impl__len #u8 serialized in let serialized:t_Slice u8 = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - (fun serialized i -> + (fun serialized temp_1_ -> let serialized:t_Slice u8 = serialized in - let i:usize = i in - (Core.Slice.impl__len #u8 serialized <: usize) =. v__serialized_len <: bool) + let _:usize = temp_1_ in + true) serialized (fun serialized i -> let serialized:t_Slice u8 = serialized in @@ -263,8 +282,6 @@ let compress_then_serialize_5_ #pop-options -#push-options "--admit_smt_queries true" - let compress_then_serialize_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -276,16 +293,21 @@ let compress_then_serialize_message let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 16) - (fun serialized temp_1_ -> + (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> let serialized:t_Array u8 (sz 32) = serialized in let i:usize = i in + let _:Prims.unit = assert (2 * v i + 2 <= 32) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = - Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) in let coefficient_compressed:v_Vector = @@ -321,9 +343,9 @@ let compress_then_serialize_message in serialized) in - serialized - -#pop-options + let result:t_Array u8 (sz 32) = serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result let compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) @@ -335,7 +357,8 @@ let compress_then_serialize_ring_element_u = let _:Prims.unit = assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 10) \/ - (v (cast v_COMPRESSION_FACTOR <: u32) == 11)) + (v (cast v_COMPRESSION_FACTOR <: u32) == 11)); + Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR) in match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with | 10ul -> compress_then_serialize_10_ v_OUT_LEN #v_Vector re @@ -357,7 +380,8 @@ let compress_then_serialize_ring_element_v = let _:Prims.unit = assert ((v (cast v_COMPRESSION_FACTOR <: u32) == 4) \/ - (v (cast v_COMPRESSION_FACTOR <: u32) == 5)) + (v (cast v_COMPRESSION_FACTOR <: u32) == 5)); + Rust_primitives.Integers.mk_int_equiv_lemma #usize_inttype (v v_COMPRESSION_FACTOR) in let out, hax_temp_output:(t_Slice u8 & Prims.unit) = match cast (v_COMPRESSION_FACTOR <: usize) <: u32 with @@ -385,7 +409,7 @@ let deserialize_then_decompress_10_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 10) /! sz 8) == 320) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let v__coefficients_length:usize = Core.Slice.impl__len #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients <: t_Slice v_Vector) @@ -439,7 +463,7 @@ let deserialize_then_decompress_11_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 11) /! sz 8) == 352) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 22) @@ -490,7 +514,7 @@ let deserialize_then_decompress_4_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 4) /! sz 8) == 128) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 8) @@ -541,7 +565,7 @@ let deserialize_then_decompress_5_ assert (v ((Libcrux_ml_kem.Constants.v_COEFFICIENTS_IN_RING_ELEMENT *! sz 5) /! sz 8) == 160) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 10) @@ -593,8 +617,6 @@ let deserialize_then_decompress_5_ in re -#push-options "--admit_smt_queries true" - let deserialize_then_decompress_message (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -603,7 +625,7 @@ let deserialize_then_decompress_message (serialized: t_Array u8 (sz 32)) = let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -645,9 +667,9 @@ let deserialize_then_decompress_message in re) in - re - -#pop-options + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_then_decompress_ring_element_u (v_COMPRESSION_FACTOR: usize) @@ -691,8 +713,6 @@ let deserialize_then_decompress_ring_element_v <: Rust_primitives.Hax.t_Never) -#push-options "--admit_smt_queries true" - let deserialize_to_reduced_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -702,7 +722,7 @@ let deserialize_to_reduced_ring_element = let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) @@ -739,9 +759,9 @@ let deserialize_to_reduced_ring_element in re) in - re - -#pop-options + let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in + let _:Prims.unit = admit () (* Panic freedom *) in + result let deserialize_ring_elements_reduced (v_K: usize) @@ -750,16 +770,8 @@ let deserialize_ring_elements_reduced i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (public_key: t_Slice u8) + (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) = - let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = - Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - v_K - (fun v__i -> - let v__i:usize = v__i in - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () - <: - Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - in let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT public_key @@ -785,6 +797,29 @@ let deserialize_ring_elements_reduced <: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) in + let hax_temp_output:Prims.unit = () <: Prims.unit in + deserialized_pk + +let deserialize_ring_elements_reduced_out + (v_K: usize) + (#v_Vector: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) + (public_key: t_Slice u8) + = + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + Core.Array.from_fn #(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + v_K + (fun v__i -> + let v__i:usize = v__i in + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () + <: + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) + in + let deserialized_pk:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = + deserialize_ring_elements_reduced v_K #v_Vector public_key deserialized_pk + in deserialized_pk let deserialize_to_uncompressed_ring_element @@ -796,7 +831,7 @@ let deserialize_to_uncompressed_ring_element = let _:Prims.unit = assert (v Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT / 24 == 16) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = - Libcrux_ml_kem.Polynomial.impl_1__ZERO #v_Vector () + Libcrux_ml_kem.Polynomial.impl_2__ZERO #v_Vector () in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_enumerated_chunked_slice (sz 24) @@ -829,8 +864,6 @@ let deserialize_to_uncompressed_ring_element in re -#push-options "--admit_smt_queries true" - let serialize_uncompressed_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -838,20 +871,26 @@ let serialize_uncompressed_ring_element Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector) (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + let _:Prims.unit = assert_norm (pow2 12 == 4096) in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.repeat 0uy (sz 384) in let serialized:t_Array u8 (sz 384) = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT - (fun serialized temp_1_ -> + (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in - let _:usize = temp_1_ in - true) + let i:usize = i in + v i >= 0 /\ v i <= 16 /\ v i < 16 ==> coefficients_field_modulus_range re) serialized (fun serialized i -> let serialized:t_Array u8 (sz 384) = serialized in let i:usize = i in + let _:Prims.unit = assert (24 * v i + 24 <= 384) in + let _:Prims.unit = + reveal_opaque (`%coefficients_field_modulus_range) + (coefficients_field_modulus_range #v_Vector) + in let coefficient:v_Vector = - Libcrux_ml_kem.Vector.Traits.to_unsigned_representative #v_Vector + to_unsigned_field_modulus #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ i ] <: v_Vector) in let bytes:t_Array u8 (sz 24) = @@ -882,6 +921,6 @@ let serialize_uncompressed_ring_element in serialized) in - serialized - -#pop-options + let result:t_Array u8 (sz 384) = serialized in + let _:Prims.unit = admit () (* Panic freedom *) in + result diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti index 4f60485f0..2d1d64184 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Serialize.fsti @@ -9,19 +9,50 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () +[@@ "opaque_to_smt"] +let field_modulus_range (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (a: v_Vector) = + let coef = Libcrux_ml_kem.Vector.Traits.f_to_i16_array a in + forall (i:nat). i < 16 ==> v (Seq.index coef i) > -(v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) /\ + v (Seq.index coef i) < v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS + +[@@ "opaque_to_smt"] +let coefficients_field_modulus_range (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> field_modulus_range (Seq.index re.f_coefficients i) + +val to_unsigned_field_modulus + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (a: v_Vector) + : Prims.Pure v_Vector + (requires field_modulus_range a) + (ensures + fun result -> + let result:v_Vector = result in + forall (i: nat). + i < 16 ==> + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array result) i) >= 0 /\ + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array result) i) < + v Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) + val compress_then_serialize_10_ (v_OUT_LEN: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) (requires v_OUT_LEN =. sz 320) (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) + (requires v v_OUT_LEN == 320 /\ coefficients_field_modulus_range re) + (fun _ -> Prims.l_True) val compress_then_serialize_11_ (v_OUT_LEN: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 v_OUT_LEN) (requires v_OUT_LEN =. sz 352) (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 v_OUT_LEN) Prims.l_True (fun _ -> Prims.l_True) val compress_then_serialize_4_ (#v_Vector: Type0) @@ -29,8 +60,11 @@ val compress_then_serialize_4_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) - (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 128) - (fun _ -> Prims.l_True) + (requires Seq.length serialized == 128 /\ coefficients_field_modulus_range re) + (ensures + fun serialized_future -> + let serialized_future:t_Slice u8 = serialized_future in + Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized) val compress_then_serialize_5_ (#v_Vector: Type0) @@ -39,13 +73,18 @@ val compress_then_serialize_5_ (serialized: t_Slice u8) : Prims.Pure (t_Slice u8) (requires (Core.Slice.impl__len #u8 serialized <: usize) =. sz 160) - (fun _ -> Prims.l_True) + (ensures + fun serialized_future -> + let serialized_future:t_Slice u8 = serialized_future in + Core.Slice.impl__len #u8 serialized_future == Core.Slice.impl__len #u8 serialized) val compress_then_serialize_message (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 32)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 32)) + (requires coefficients_field_modulus_range re) + (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_u (v_COMPRESSION_FACTOR v_OUT_LEN: usize) @@ -54,8 +93,8 @@ val compress_then_serialize_ring_element_u (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (t_Array u8 v_OUT_LEN) (requires - (v_COMPRESSION_FACTOR =. sz 10 || v_COMPRESSION_FACTOR =. sz 11) && - v_OUT_LEN =. (sz 32 *! v_COMPRESSION_FACTOR <: usize)) + (v v_COMPRESSION_FACTOR == 10 \/ v v_COMPRESSION_FACTOR == 11) /\ + v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ coefficients_field_modulus_range re) (fun _ -> Prims.l_True) val compress_then_serialize_ring_element_v @@ -66,9 +105,9 @@ val compress_then_serialize_ring_element_v (out: t_Slice u8) : Prims.Pure (t_Slice u8) (requires - (v_COMPRESSION_FACTOR =. sz 4 || v_COMPRESSION_FACTOR =. sz 5) && - v_OUT_LEN =. (sz 32 *! v_COMPRESSION_FACTOR <: usize) && - (Core.Slice.impl__len #u8 out <: usize) =. v_OUT_LEN) + (v v_COMPRESSION_FACTOR == 4 \/ v v_COMPRESSION_FACTOR == 5) /\ + v v_OUT_LEN == 32 * v v_COMPRESSION_FACTOR /\ Seq.length out == v v_OUT_LEN /\ + coefficients_field_modulus_range re) (ensures fun out_future -> let out_future:t_Slice u8 = out_future in @@ -148,10 +187,23 @@ val deserialize_to_reduced_ring_element Libcrux_ml_kem.Constants.v_BYTES_PER_RING_ELEMENT) (fun _ -> Prims.l_True) +/// See [deserialize_ring_elements_reduced_out]. +val deserialize_ring_elements_reduced + (v_K: usize) + (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (public_key: t_Slice u8) + (deserialized_pk: t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + : Prims.Pure (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K) + (requires + Spec.MLKEM.is_rank v_K /\ + Seq.length public_key == v (Spec.MLKEM.v_T_AS_NTT_ENCODED_SIZE v_K)) + (fun _ -> Prims.l_True) + /// This function deserializes ring elements and reduces the result by the field /// modulus. /// This function MUST NOT be used on secret inputs. -val deserialize_ring_elements_reduced +val deserialize_ring_elements_reduced_out (v_K: usize) (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -176,4 +228,6 @@ val serialize_uncompressed_ring_element (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - : Prims.Pure (t_Array u8 (sz 384)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 384)) + (requires coefficients_field_modulus_range re) + (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst index 8a875c82a..75ff693ea 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fst @@ -3,25 +3,25 @@ module Libcrux_ml_kem.Types open Core open FStar.Mul -let impl_5__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_6__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_11__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_13__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_17__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE +let impl_20__len (v_SIZE: usize) (_: Prims.unit) = v_SIZE -let impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value +let impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) = self.f_value -let impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value +let impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) = self.f_value -let impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value +let impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) = self.f_value -let impl_18__from +let impl_21__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) = { f_sk = sk; f_pk = pk } <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE -let impl_18__into_parts +let impl_21__into_parts (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = @@ -29,7 +29,7 @@ let impl_18__into_parts <: (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) -let impl_18__new +let impl_21__new (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -51,22 +51,22 @@ let impl_18__new <: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE -let impl_18__pk +let impl_21__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_17__as_slice v_PUBLIC_KEY_SIZE self.f_pk + = impl_20__as_slice v_PUBLIC_KEY_SIZE self.f_pk -let impl_18__private_key +let impl_21__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = self.f_sk -let impl_18__public_key +let impl_21__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) = self.f_pk -let impl_18__sk +let impl_21__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) - = impl_11__as_slice v_PRIVATE_KEY_SIZE self.f_sk + = impl_13__as_slice v_PRIVATE_KEY_SIZE self.f_sk diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti index bdc6f41fb..4435312b0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Types.fsti @@ -4,22 +4,33 @@ open Core open FStar.Mul /// The number of bytes -val impl_5__len: v_SIZE: usize -> Prims.unit +val impl_6__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_11__len: v_SIZE: usize -> Prims.unit +val impl_13__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) /// The number of bytes -val impl_17__len: v_SIZE: usize -> Prims.unit +val impl_20__len: v_SIZE: usize -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) ///An ML-KEM Ciphertext type t_MlKemCiphertext (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl (v_SIZE: usize) : Core.Default.t_Default (t_MlKemCiphertext v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemCiphertext v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemCiphertext v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemCiphertext v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemCiphertext v_SIZE) (out: t_Slice u8) -> true); @@ -27,7 +38,7 @@ let impl (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemCiphertext v_SIZE) (t_Sl } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -35,7 +46,7 @@ let impl_1 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = +let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemCiphertext v_SIZE) -> true); @@ -48,7 +59,7 @@ let impl_2 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemCiphertext v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = +let impl_4 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCiphertext v_SIZE) = { f_from_pre = (fun (value: t_MlKemCiphertext v_SIZE) -> true); f_from_post = (fun (value: t_MlKemCiphertext v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -56,7 +67,7 @@ let impl_3 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemCip } /// A reference to the raw byte slice. -val impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) +val impl_6__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (ensures @@ -68,7 +79,18 @@ val impl_5__as_slice (v_SIZE: usize) (self: t_MlKemCiphertext v_SIZE) type t_MlKemPrivateKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_7 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPrivateKey v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPrivateKey v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPrivateKey v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_8 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPrivateKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPrivateKey v_SIZE) (out: t_Slice u8) -> true); @@ -76,7 +98,7 @@ let impl_6 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPrivateKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_7 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -84,7 +106,7 @@ let impl_7 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_10 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPrivateKey v_SIZE) -> true); @@ -97,7 +119,7 @@ let impl_8 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPrivateKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = +let impl_11 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPrivateKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPrivateKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPrivateKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -105,7 +127,7 @@ let impl_9 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPri } /// A reference to the raw byte slice. -val impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) +val impl_13__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (ensures @@ -117,7 +139,18 @@ val impl_11__as_slice (v_SIZE: usize) (self: t_MlKemPrivateKey v_SIZE) type t_MlKemPublicKey (v_SIZE: usize) = { f_value:t_Array u8 v_SIZE } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_14 (v_SIZE: usize) : Core.Default.t_Default (t_MlKemPublicKey v_SIZE) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_MlKemPublicKey v_SIZE) -> true); + f_default + = + fun (_: Prims.unit) -> + { f_value = Rust_primitives.Hax.repeat 0uy v_SIZE } <: t_MlKemPublicKey v_SIZE + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_15 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_as_ref_pre = (fun (self: t_MlKemPublicKey v_SIZE) -> true); f_as_ref_post = (fun (self: t_MlKemPublicKey v_SIZE) (out: t_Slice u8) -> true); @@ -125,7 +158,7 @@ let impl_12 (v_SIZE: usize) : Core.Convert.t_AsRef (t_MlKemPublicKey v_SIZE) (t_ } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_13 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_16 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -133,7 +166,7 @@ let impl_13 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = +let impl_17 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_Array u8 v_SIZE) = { f_from_pre = (fun (value: t_Array u8 v_SIZE) -> true); f_from_post = (fun (value: t_Array u8 v_SIZE) (out: t_MlKemPublicKey v_SIZE) -> true); @@ -146,7 +179,7 @@ let impl_14 (v_SIZE: usize) : Core.Convert.t_From (t_MlKemPublicKey v_SIZE) (t_A } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = +let impl_18 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPublicKey v_SIZE) = { f_from_pre = (fun (value: t_MlKemPublicKey v_SIZE) -> true); f_from_post = (fun (value: t_MlKemPublicKey v_SIZE) (out: t_Array u8 v_SIZE) -> true); @@ -154,7 +187,7 @@ let impl_15 (v_SIZE: usize) : Core.Convert.t_From (t_Array u8 v_SIZE) (t_MlKemPu } /// A reference to the raw byte slice. -val impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) +val impl_20__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) : Prims.Pure (t_Array u8 v_SIZE) Prims.l_True (ensures @@ -163,7 +196,7 @@ val impl_17__as_slice (v_SIZE: usize) (self: t_MlKemPublicKey v_SIZE) result == self.f_value) [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_4 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = +let impl_5 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -194,7 +227,7 @@ let impl_4 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemCiphertext v_SIZE) ( } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = +let impl_12 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -225,7 +258,7 @@ let impl_10 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPrivateKey v_SIZE) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_16 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = +let impl_19 (v_SIZE: usize) : Core.Convert.t_TryFrom (t_MlKemPublicKey v_SIZE) (t_Slice u8) = { f_Error = Core.Array.t_TryFromSliceError; f_try_from_pre = (fun (value: t_Slice u8) -> true); @@ -262,7 +295,7 @@ type t_MlKemKeyPair (v_PRIVATE_KEY_SIZE: usize) (v_PUBLIC_KEY_SIZE: usize) = { } /// Create a new [`MlKemKeyPair`] from the secret and public key. -val impl_18__from +val impl_21__from (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) (pk: t_MlKemPublicKey v_PUBLIC_KEY_SIZE) @@ -274,7 +307,7 @@ val impl_18__from result.f_sk == sk /\ result.f_pk == pk) /// Separate this key into the public and private key. -val impl_18__into_parts +val impl_21__into_parts (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE & t_MlKemPublicKey v_PUBLIC_KEY_SIZE) @@ -282,7 +315,7 @@ val impl_18__into_parts (fun _ -> Prims.l_True) /// Creates a new [`MlKemKeyPair`]. -val impl_18__new +val impl_21__new (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (sk: t_Array u8 v_PRIVATE_KEY_SIZE) (pk: t_Array u8 v_PUBLIC_KEY_SIZE) @@ -291,25 +324,25 @@ val impl_18__new (fun _ -> Prims.l_True) /// Get a reference to the raw public key bytes. -val impl_18__pk +val impl_21__pk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the [`MlKemPrivateKey`]. -val impl_18__private_key +val impl_21__private_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPrivateKey v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the [`MlKemPublicKey`]. -val impl_18__public_key +val impl_21__public_key (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_MlKemPublicKey v_PUBLIC_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) /// Get a reference to the raw private key bytes. -val impl_18__sk +val impl_21__sk (v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE: usize) (self: t_MlKemKeyPair v_PRIVATE_KEY_SIZE v_PUBLIC_KEY_SIZE) : Prims.Pure (t_Array u8 v_PRIVATE_KEY_SIZE) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 51a1a9da7..5ab43253f 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -11,7 +11,6 @@ let _ = () [@@"opaque_to_smt"] - let deserialize_1___deserialize_1_i16s (a b: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b b b b b b b b a a a a a a a a @@ -28,7 +27,6 @@ let deserialize_1___deserialize_1_i16s (a b: i16) = Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb [@@"opaque_to_smt"] - let deserialize_1___deserialize_1_u8s (a b: u8) = deserialize_1___deserialize_1_i16s (cast (a <: u8) <: i16) (cast (b <: u8) <: i16) @@ -38,7 +36,6 @@ let deserialize_1_ (bytes: t_Slice u8) = deserialize_1___deserialize_1_u8s (bytes.[ sz 0 ] <: u8) (bytes.[ sz 1 ] <: u8) [@@"opaque_to_smt"] - let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b7 b7 b6 b6 b5 b5 b4 b4 b3 b3 b2 b2 b1 b1 b0 b0 @@ -62,7 +59,6 @@ let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) = Libcrux_intrinsics.Avx2_extract.t_Vec256) [@@"opaque_to_smt"] - let deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) = deserialize_4___deserialize_4_i16s (cast (b0 <: u8) <: i16) (cast (b1 <: u8) <: i16) @@ -169,6 +165,48 @@ let serialize_10___serialize_10_vec (vector: Libcrux_intrinsics.Avx2_extract.t_V #push-options "--ext context_pruning --split_queries always" +let serialize_12___serialize_12_vec (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = + let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + mm256_concat_pairs_n 12uy vector + in + let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_sllv_epi32 adjacent_2_combined + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi32 0l 8l 0l 8l 0l 8l 0l 8l + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let adjacent_4_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_srli_epi64 8l adjacent_4_combined + in + let adjacent_8_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_shuffle_epi8 adjacent_4_combined + (Libcrux_intrinsics.Avx2_extract.mm256_set_epi8 (-1y) (-1y) (-1y) (-1y) 13y 12y 11y 10y 9y 8y + 5y 4y 3y 2y 1y 0y (-1y) (-1y) (-1y) (-1y) 13y 12y 11y 10y 9y 8y 5y 4y 3y 2y 1y 0y + <: + Libcrux_intrinsics.Avx2_extract.t_Vec256) + in + let lower_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_castsi256_si128 adjacent_8_combined + in + let upper_8_:Libcrux_intrinsics.Avx2_extract.t_Vec128 = + Libcrux_intrinsics.Avx2_extract.mm256_extracti128_si256 1l adjacent_8_combined + in + let _:Prims.unit = + introduce forall (i: nat{i < 96}) . lower_8_ i = vector ((i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 + (fun i -> lower_8_ i = vector ((i / 12) * 16 + i % 12))); + introduce forall (i: nat{i < 96}) . upper_8_ i = vector (128 + (i / 12) * 16 + i % 12) + with assert_norm (BitVec.Utils.forall_n 96 + (fun i -> upper_8_ i = vector (128 + (i / 12) * 16 + i % 12))) + in + lower_8_, upper_8_ + <: + (Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) + +#pop-options + +#push-options "--ext context_pruning --split_queries always" + let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & Libcrux_intrinsics.Avx2_extract.t_Vec128) = @@ -224,37 +262,13 @@ let serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options +#push-options "--ext context_pruning --split_queries always" + let serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let serialized:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in - let adjacent_2_combined:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_madd_epi16 vector - (Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 (1s < + let lower_8_, upper_8_:(Libcrux_intrinsics.Avx2_extract.t_Vec128 & + Libcrux_intrinsics.Avx2_extract.t_Vec128) = + temp_0_ + in + forall (i: nat{i < 192}). + vector ((i / 12) * 16 + i % 12) == (if i < 96 then lower_8_ i else upper_8_ (i - 96))) + val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 20)) (requires forall (i: nat{i < 256}). i % 16 < 10 || vector i = 0) @@ -142,7 +155,12 @@ val serialize_10_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) forall (i: nat{i < 160}). bit_vec_of_int_t_array r 8 i == vector ((i / 10) * 16 + i % 10)) val serialize_12_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) - : Prims.Pure (t_Array u8 (sz 24)) Prims.l_True (fun _ -> Prims.l_True) + : Prims.Pure (t_Array u8 (sz 24)) + (requires forall (i: nat{i < 256}). i % 16 < 12 || vector i = 0) + (ensures + fun r -> + let r:t_Array u8 (sz 24) = r in + forall (i: nat{i < 192}). bit_vec_of_int_t_array r 8 i == vector ((i / 12) * 16 + i % 12)) val serialize_5_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 0596f5482..3217ddbc2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -10,6 +10,7 @@ let _ = () noeq + type t_SIMD256Vector = { f_elements:Libcrux_intrinsics.Avx2_extract.t_Vec256 } let repr (x:t_SIMD256Vector) : t_Array i16 (sz 16) = Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 x.f_elements @@ -203,11 +204,20 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = } <: t_SIMD256Vector); - f_compress_1_pre = (fun (vector: t_SIMD256Vector) -> true); - f_compress_1_post = (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + f_compress_1_pre + = + (fun (vector: t_SIMD256Vector) -> + forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329); + f_compress_1_post + = + (fun (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1); f_compress_1_ = (fun (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in { f_elements = @@ -218,14 +228,23 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> - v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || - v_COEFFICIENT_BITS =. 11l); + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr vector) i) >= 0 /\ v (Seq.index (impl.f_repr vector) i) < 3329 + )); f_compress_post = - (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> true); + (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) (out: t_SIMD256Vector) -> + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) ==> + (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS)) + ); f_compress = (fun (v_COEFFICIENT_BITS: i32) (vector: t_SIMD256Vector) -> + let _:Prims.unit = admit () in { f_elements = @@ -442,7 +461,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_serialize_1_ = (fun (vector: t_SIMD256Vector) -> - admit (); Libcrux_ml_kem.Vector.Avx2.Serialize.serialize_1_ vector.f_elements); f_deserialize_1_pre = @@ -454,7 +472,6 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = f_deserialize_1_ = (fun (bytes: t_Slice u8) -> - admit (); { f_elements = Libcrux_ml_kem.Vector.Avx2.Serialize.deserialize_1_ bytes } <: t_SIMD256Vector); diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst index 1d8993c9e..8bda725bd 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fst @@ -22,78 +22,146 @@ let compress_message_coefficient (fe: u16) = let shifted_positive_in_range:i16 = shifted_to_positive -! 832s in cast ((shifted_positive_in_range >>! 15l <: i16) &. 1s <: i16) <: u8 +#push-options "--fuel 0 --ifuel 0 --z3rlimit 2000" + let compress (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + let _:Prims.unit = + assert (v (cast (v_COEFFICIENT_BITS) <: u8) == v v_COEFFICIENT_BITS); + assert (v (cast (v_COEFFICIENT_BITS) <: u32) == v v_COEFFICIENT_BITS) + in + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> + (cast (a.f_elements.[ sz i ]) <: u16) <. + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + in + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in + let i:usize = i in + (v i < 16 ==> + (forall (j: nat). + (j >= v i /\ j < 16) ==> + v (cast (a.f_elements.[ sz j ]) <: u16) < + v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16))) /\ + (forall (j: nat). + j < v i ==> + v (a.f_elements.[ sz j ] <: i16) >= 0 /\ + v (a.f_elements.[ sz j ] <: i16) < pow2 (v (cast (v_COEFFICIENT_BITS) <: u32)))) + a + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (compress_ciphertext_coefficient (cast (v_COEFFICIENT_BITS <: i32) <: u8) - (cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) - <: - u16) - <: - i16) + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + a with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (compress_ciphertext_coefficient (cast (v_COEFFICIENT_BITS <: i32) <: u8) + (cast (a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + <: + u16) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + let _:Prims.unit = + assert (v (a.f_elements.[ i ] <: i16) >= 0 /\ + v (a.f_elements.[ i ] <: i16) < pow2 (v (cast (v_COEFFICIENT_BITS) <: u32))) + in + a) in - v + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> + v (a.f_elements.[ sz i ] <: i16) >= 0 /\ + v (a.f_elements.[ sz i ] <: i16) < pow2 (v v_COEFFICIENT_BITS)) + in + a -let compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = +#pop-options + +#push-options "--fuel 0 --ifuel 0 --z3rlimit 2000" + +let compress_message_coefficient_range_helper (fe: u16) : Lemma + (requires fe <. (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + (ensures v (cast (compress_message_coefficient fe) <: i16) >= 0 /\ + v (cast (compress_message_coefficient fe) <: i16) < 2) = + assert (v (cast (compress_message_coefficient fe) <: i16) >= 0 /\ + v (cast (compress_message_coefficient fe) <: i16) < 2) + +let compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> + (cast (a.f_elements.[ sz i ]) <: u16) <. + (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16)) + in + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Rust_primitives.Hax.Folds.fold_range (sz 0) Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR - (fun v temp_1_ -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in - let _:usize = temp_1_ in - true) - v - (fun v i -> - let v:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = v in + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in + let i:usize = i in + (v i < 16 ==> + (forall (j: nat). + (j >= v i /\ j < 16) ==> + v (cast (a.f_elements.[ sz j ]) <: u16) < + v (cast (Libcrux_ml_kem.Vector.Traits.v_FIELD_MODULUS) <: u16))) /\ + (forall (j: nat). + j < v i ==> + v (a.f_elements.[ sz j ] <: i16) >= 0 /\ v (a.f_elements.[ sz j ] <: i16) < 2)) + a + (fun a i -> + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = a in let i:usize = i in - { - v with - Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - = - Rust_primitives.Hax.Monomorphized_update_at.update_at_usize v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i - (cast (compress_message_coefficient (cast (v - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) - <: - u16) - <: - u8) - <: - i16) + let _:Prims.unit = + compress_message_coefficient_range_helper (cast (a.f_elements.[ i ]) <: u16) + in + let a:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = + { + a with + Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements + i + (cast (compress_message_coefficient (cast (a + .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] + <: + i16) + <: + u16) + <: + u8) + <: + i16) + } <: - t_Array i16 (sz 16) - } - <: - Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + in + let _:Prims.unit = + assert (v (a.f_elements.[ i ] <: i16) >= 0 /\ v (a.f_elements.[ i ] <: i16) < 2) + in + a) in - v + let _:Prims.unit = + assert (forall (i: nat). + i < 16 ==> v (a.f_elements.[ sz i ] <: i16) >= 0 /\ v (a.f_elements.[ sz i ] <: i16) < 2) + in + a + +#pop-options let decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti index 4a89ca30f..938330976 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Compress.fsti @@ -47,15 +47,32 @@ val compress_message_coefficient (fe: u16) val compress (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> v (Seq.index a.f_elements i) >= 0 /\ v (Seq.index a.f_elements i) < 3329)) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + forall (i: nat). + i < 16 ==> + v (result.f_elements.[ sz i ] <: i16) >= 0 /\ + v (result.f_elements.[ sz i ] <: i16) < pow2 (v v_COEFFICIENT_BITS)) -val compress_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) +val compress_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - Prims.l_True - (fun _ -> Prims.l_True) + (requires + forall (i: nat). + i < 16 ==> v (Seq.index a.f_elements i) >= 0 /\ v (Seq.index a.f_elements i) < 3329) + (ensures + fun result -> + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in + forall (i: nat). + i < 16 ==> + v (result.f_elements.[ sz i ] <: i16) >= 0 /\ v (result.f_elements.[ sz i ] <: i16) < 2) val decompress_ciphertext_coefficient (v_COEFFICIENT_BITS: i32) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst index b676b472e..37ca063e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fst @@ -418,6 +418,9 @@ let deserialize_1_lemma inputs = #pop-options +let deserialize_1_bounded_lemma inputs = + admit() + let deserialize_10_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_10_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 10 } @@ -469,6 +472,9 @@ let deserialize_10_lemma inputs = #pop-options +let deserialize_10_bounded_lemma inputs = + admit() + let deserialize_12_ (bytes: t_Slice u8) = let v0_1_:(i16 & i16) = deserialize_12_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 3 } @@ -562,6 +568,9 @@ let deserialize_12_lemma inputs = #pop-options +let deserialize_12_bounded_lemma inputs = + admit() + let deserialize_4_ (bytes: t_Slice u8) = let v0_7_:(i16 & i16 & i16 & i16 & i16 & i16 & i16 & i16) = deserialize_4_int (bytes.[ { Core.Ops.Range.f_start = sz 0; Core.Ops.Range.f_end = sz 4 } @@ -613,6 +622,9 @@ let deserialize_4_lemma inputs = #pop-options +let deserialize_4_bounded_lemma inputs = + admit() + let serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = let result0:u8 = (((((((cast (v.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 0 ] <: i16) <: u8) |. diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti index 856f8399d..97118a4cc 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Serialize.fsti @@ -77,6 +77,9 @@ val deserialize_1_ (v: t_Slice u8) val deserialize_1_lemma (inputs: t_Array u8 (sz 2)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_1_ inputs).f_elements 1 == bit_vec_of_int_t_array inputs 8) +val deserialize_1_bounded_lemma (inputs: t_Array u8 (sz 2)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_1_ inputs).f_elements i) 1) + val deserialize_10_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 20) @@ -85,6 +88,9 @@ val deserialize_10_ (bytes: t_Slice u8) val deserialize_10_lemma (inputs: t_Array u8 (sz 20)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_10_ inputs).f_elements 10 == bit_vec_of_int_t_array inputs 8) +val deserialize_10_bounded_lemma (inputs: t_Array u8 (sz 20)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_10_ inputs).f_elements i) 10) + val deserialize_12_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 24) @@ -93,6 +99,9 @@ val deserialize_12_ (bytes: t_Slice u8) val deserialize_12_lemma (inputs: t_Array u8 (sz 24)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_12_ inputs).f_elements 12 == bit_vec_of_int_t_array inputs 8) +val deserialize_12_bounded_lemma (inputs: t_Array u8 (sz 24)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_12_ inputs).f_elements i) 12) + val deserialize_4_ (bytes: t_Slice u8) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires Core.Slice.impl__len #u8 bytes =. sz 8) @@ -101,6 +110,9 @@ val deserialize_4_ (bytes: t_Slice u8) val deserialize_4_lemma (inputs: t_Array u8 (sz 8)) : Lemma (ensures bit_vec_of_int_t_array (deserialize_4_ inputs).f_elements 4 == bit_vec_of_int_t_array inputs 8) +val deserialize_4_bounded_lemma (inputs: t_Array u8 (sz 8)) : Lemma + (ensures forall i. i < 16 ==> bounded (Seq.index (deserialize_4_ inputs).f_elements i) 4) + val serialize_1_ (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure (t_Array u8 (sz 2)) Prims.l_True (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 6800ca944..2c4690115 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -224,41 +224,49 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_by_constant v r); f_compress_1_pre = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + forall (i: nat). + i < 16 ==> v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329); f_compress_1_post = (fun - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) 1); f_compress_1_ = - (fun (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Compress.compress_1_ v); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> + Libcrux_ml_kem.Vector.Portable.Compress.compress_1_ a); f_compress_pre = (fun (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || - v_COEFFICIENT_BITS =. 11l); + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> + v (Seq.index (impl.f_repr a) i) >= 0 /\ v (Seq.index (impl.f_repr a) i) < 3329)); f_compress_post = (fun (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - true); + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) ==> + (forall (i: nat). i < 16 ==> bounded (Seq.index (impl.f_repr out) i) (v v_COEFFICIENT_BITS)) + ); f_compress = (fun (v_COEFFICIENT_BITS: i32) - (v: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Compress.compress v_COEFFICIENT_BITS v); + Libcrux_ml_kem.Vector.Portable.Compress.compress v_COEFFICIENT_BITS a); f_decompress_ciphertext_coefficient_pre = (fun @@ -499,6 +507,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); f_serialize_4_pre = @@ -529,6 +538,7 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); f_serialize_5_pre = @@ -577,6 +587,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + let _:Prims.unit = + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a + in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); f_serialize_11_pre = @@ -625,6 +638,9 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = = (fun (a: t_Slice u8) -> let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + let _:Prims.unit = + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a + in Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); f_rej_sample_pre = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index a4328b6ad..31c67d6b2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul -#push-options "--z3rlimit 50" +#push-options "--z3rlimit 100" let decompress_1_ (#v_T: Type0) @@ -14,20 +14,25 @@ let decompress_1_ let _:Prims.unit = assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr z) i == 0s) in - let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = assert (forall i. - Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ - Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) + let x = Seq.index (i1._super_8706949974463268012.f_repr vec) i in + ((0 - v x) == 0 \/ (0 - v x) == - 1)) in - let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in - let res:v_T = f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s in + let _:Prims.unit = + assert (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (0 - v (Seq.index (i1._super_8706949974463268012.f_repr vec) i))) + in + let s:v_T = f_sub #v_T #FStar.Tactics.Typeclasses.solve z vec in let _:Prims.unit = assert (forall i. Seq.index (i1._super_8706949974463268012.f_repr s) i == 0s \/ - Seq.index (i1._super_8706949974463268012.f_repr s) i == 1665s) + Seq.index (i1._super_8706949974463268012.f_repr s) i == (-1s)) in - res + let _:Prims.unit = assert (i1.f_bitwise_and_with_constant_pre s 1665s) in + f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve s 1665s #pop-options @@ -48,6 +53,8 @@ let to_standard_domain v v_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS +#push-options "--admit_smt_queries true" + let to_unsigned_representative (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) @@ -58,3 +65,5 @@ let to_unsigned_representative f_bitwise_and_with_constant #v_T #FStar.Tactics.Typeclasses.solve t v_FIELD_MODULUS in f_add #v_T #FStar.Tactics.Typeclasses.solve a fm + +#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index 9e1d121d7..e2a2bbbe4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -137,17 +137,32 @@ class t_Operations (v_Self: Type0) = { -> Prims.Pure v_Self (f_montgomery_multiply_by_constant_pre x0 x1) (fun result -> f_montgomery_multiply_by_constant_post x0 x1 result); - f_compress_1_pre:v: v_Self -> pred: Type0{true ==> pred}; - f_compress_1_post:v_Self -> v_Self -> Type0; + f_compress_1_pre:a: v_Self + -> pred: + Type0 + { (forall (i: nat). + i < 16 ==> v (Seq.index (f_repr a) i) >= 0 /\ v (Seq.index (f_repr a) i) < 3329) ==> + pred }; + f_compress_1_post:a: v_Self -> result: v_Self + -> pred: Type0{pred ==> (forall (i: nat). i < 16 ==> bounded (Seq.index (f_repr result) i) 1)}; f_compress_1_:x0: v_Self -> Prims.Pure v_Self (f_compress_1_pre x0) (fun result -> f_compress_1_post x0 result); - f_compress_pre:v_COEFFICIENT_BITS: i32 -> v: v_Self + f_compress_pre:v_COEFFICIENT_BITS: i32 -> a: v_Self -> pred: Type0 - { v_COEFFICIENT_BITS =. 4l || v_COEFFICIENT_BITS =. 5l || v_COEFFICIENT_BITS =. 10l || - v_COEFFICIENT_BITS =. 11l ==> + { (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) /\ + (forall (i: nat). + i < 16 ==> v (Seq.index (f_repr a) i) >= 0 /\ v (Seq.index (f_repr a) i) < 3329) ==> pred }; - f_compress_post:v_COEFFICIENT_BITS: i32 -> v_Self -> v_Self -> Type0; + f_compress_post:v_COEFFICIENT_BITS: i32 -> a: v_Self -> result: v_Self + -> pred: + Type0 + { pred ==> + (v v_COEFFICIENT_BITS == 4 \/ v v_COEFFICIENT_BITS == 5 \/ v v_COEFFICIENT_BITS == 10 \/ + v v_COEFFICIENT_BITS == 11) ==> + (forall (i: nat). i < 16 ==> bounded (Seq.index (f_repr result) i) (v v_COEFFICIENT_BITS)) + }; f_compress:v_COEFFICIENT_BITS: i32 -> x0: v_Self -> Prims.Pure v_Self (f_compress_pre v_COEFFICIENT_BITS x0) @@ -383,16 +398,6 @@ class t_Operations (v_Self: Type0) = { (fun result -> f_rej_sample_post x0 x1 result) } -/// Internal vectors. -/// Used in the unpacked API. -class t_VectorType (v_Self: Type0) = { - [@@@ FStar.Tactics.Typeclasses.no_method]_super_14104493667227926613:t_Operations v_Self -} - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Operations v_T) - : t_VectorType v_T = { _super_14104493667227926613 = FStar.Tactics.Typeclasses.solve } - let v_BARRETT_SHIFT: i32 = 26l let v_BARRETT_R: i32 = 1l < Prims.l_True) + (ensures + fun result -> + let result:v_T = result in + forall i. + (let x = Seq.index (i1._super_8706949974463268012.f_repr a) i in + let y = Seq.index (i1._super_8706949974463268012.f_repr result) i in + (v y >= 0 /\ v y <= 3328 /\ (v y % 3329 == v x % 3329)))) From ea45beaebeb965f99913f89118a7f1eab4d0f9a8 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Fri, 27 Sep 2024 04:55:16 +0000 Subject: [PATCH 334/348] fixed some hax issues, refreshed C code --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 4 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 24 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 24 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 24 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 390 ++++++++------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 58 ++- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 4 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 489 ++++++++++-------- .../cg/libcrux_mlkem768_avx2_types.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 36 +- .../cg/libcrux_mlkem768_portable_types.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +- .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 9 +- .../Libcrux_ml_kem.Vector.Avx2.Serialize.fst | 6 + .../Libcrux_ml_kem.Vector.Traits.fst | 2 +- libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 4 +- libcrux-ml-kem/src/vector/traits.rs | 2 +- 47 files changed, 713 insertions(+), 495 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index dc4e2de87..7599cb2f1 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 +F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 +Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 159a636f7..31a212a7c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 4e09fe0de..c4c213b73 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index e94b99f4e..def86cf8e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 01f450745..95df92565 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index bf6cd4dc8..a57bfa85c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d429ee70b..bad4aa323 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 53e88573a..bc1f587a2 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 2dd639ec9..63a7ab056 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 3fca09119..1028b5ac1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_mlkem1024_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_510( +static void decapsulate_0c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_510( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_510(private_key, ciphertext, ret); + decapsulate_0c0(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_d10( +static tuple_21 encapsulate_ae0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d10(uu____0, copy_of_randomness); + return encapsulate_ae0(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b80( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_5a0( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b80(copy_of_randomness); + return generate_keypair_5a0(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_650( +static KRML_MUSTINLINE bool validate_private_key_080( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_650( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_650(private_key, ciphertext); + return validate_private_key_080(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f60(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_3e0(public_key->value); + return validate_public_key_f60(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index ae31b1f2d..dede724bf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f4fbc294f..bed205e56 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1ab4a88d8..87b018021 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index ca35791e9..157226146 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index ca848abb4..8008c0304 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_mlkem512_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_0c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_51(private_key, ciphertext, ret); + decapsulate_0c(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_d1( +static tuple_ec encapsulate_ae( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d1(uu____0, copy_of_randomness); + return encapsulate_ae(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b8( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_5a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b8(copy_of_randomness); + return generate_keypair_5a(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_65( +static KRML_MUSTINLINE bool validate_private_key_08( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_65( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_65(private_key, ciphertext); + return validate_private_key_08(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f6(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_3e(public_key->value); + return validate_public_key_f6(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index d116b682f..8a66b75c4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cd3750a98..2fc5a3251 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 594ed03d2..66032c07f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 0556cf23a..85985206f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4975abb16..3fd65a30d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_mlkem768_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_511( +static void decapsulate_0c1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_511( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_511(private_key, ciphertext, ret); + decapsulate_0c1(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_d11( +static tuple_3c encapsulate_ae1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d11(uu____0, copy_of_randomness); + return encapsulate_ae1(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_b81( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_5a1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b81(copy_of_randomness); + return generate_keypair_5a1(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_651( +static KRML_MUSTINLINE bool validate_private_key_081( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_651( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_651(private_key, ciphertext); + return validate_private_key_081(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_f61(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_3e1(public_key->value); + return validate_public_key_f61(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 25e02719b..af5edca86 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index ac4156303..1794e74b4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2ac8e4939..4e8116617 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b89434a12..05520bf99 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "internal/libcrux_mlkem_avx2.h" @@ -164,7 +164,8 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); + __m256i t512 = mm256_set1_epi16((int16_t)512); + __m256i t1 = mm256_add_epi16(t0, t512); __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -522,8 +523,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = mm_movemask_epi8(msbs); - ret[0U] = (uint8_t)bits_packed; - ret[1U] = (uint8_t)(bits_packed >> 8U); + uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)}; + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** @@ -536,34 +537,35 @@ void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsb_to_msb); +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b) { + __m256i coefficients = + mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + __m256i coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768)); return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + (int16_t)a, (int16_t)b); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -572,15 +574,27 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x) { + int16_t n0 = (int16_t)1 << (uint32_t)n; + return mm256_madd_epi16( + x, mm256_set_epi16(n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1)); +} + KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector); __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_2_combined, mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, @@ -617,37 +631,47 @@ void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7) { + __m256i coefficients = mm256_set_epi16(b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, + b2, b2, b1, b1, b0, b0); + __m256i coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); __m256i coefficients_in_lsb = mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); return mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + (int16_t)b0, (int16_t)b1, (int16_t)b2, (int16_t)b3, (int16_t)b4, + (int16_t)b5, (int16_t)b6, (int16_t)b7); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -707,6 +731,22 @@ void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128(__m128i lower, + __m128i upper) { + return mm256_inserti128_si256((int32_t)1, mm256_castsi128_si256(lower), upper, + __m256i); +} + KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { __m128i coefficients = @@ -726,11 +766,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients_loaded = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + coefficients, coefficients); __m256i coefficients0 = mm256_shuffle_epi8( - coefficients_loaded0, + coefficients_loaded, mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, @@ -757,16 +797,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector); __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, @@ -783,11 +818,23 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; + uint8_t serialized[32U] = {0U}; mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), upper_8); @@ -811,31 +858,40 @@ void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, - 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, - 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); - return mm256_and_si256(coefficients2, +libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U)); + __m256i coefficients1 = mm256_srli_epi16((int32_t)6, coefficients0, __m256i); + return mm256_and_si256(coefficients1, mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + Eurydice_slice lower_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t); + Eurydice_slice upper_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + mm_loadu_si128(lower_coefficients), mm_loadu_si128(upper_coefficients)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -884,16 +940,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1)); +KRML_MUSTINLINE core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(12U, vector); __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, @@ -912,6 +963,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -937,30 +1000,39 @@ void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); + __m256i coefficients1 = mm256_srli_epi16((int32_t)4, coefficients0, __m256i); + return mm256_and_si256(coefficients1, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); +} + KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); __m128i lower_coefficients = mm_loadu_si128( Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, - 4U, 3U, 2U, 1U, 1U, 0U)); __m128i upper_coefficients = mm_loadu_si128( Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, - 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + lower_coefficients, upper_coefficients); } /** @@ -2952,7 +3024,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_43(__m256i vector) { +compress_ciphertext_coefficient_1a(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2999,8 +3071,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_76(__m256i vector) { - return compress_ciphertext_coefficient_43(vector); +static __m256i compress_09_74(__m256i vector) { + return compress_ciphertext_coefficient_1a(vector); } /** @@ -3016,7 +3088,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2b0( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_76(to_unsigned_field_modulus_7b(re->coefficients[i0])); + compress_09_74(to_unsigned_field_modulus_7b(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3036,7 +3108,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_430(__m256i vector) { +compress_ciphertext_coefficient_1a0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3083,8 +3155,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_760(__m256i vector) { - return compress_ciphertext_coefficient_430(vector); +static __m256i compress_09_740(__m256i vector) { + return compress_ciphertext_coefficient_1a0(vector); } /** @@ -3139,7 +3211,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_431(__m256i vector) { +compress_ciphertext_coefficient_1a1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3186,8 +3258,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_761(__m256i vector) { - return compress_ciphertext_coefficient_431(vector); +static __m256i compress_09_741(__m256i vector) { + return compress_ciphertext_coefficient_1a1(vector); } /** @@ -3203,7 +3275,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_a4( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_761(to_unsigned_field_modulus_7b(re.coefficients[i0])); + compress_09_741(to_unsigned_field_modulus_7b(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3220,7 +3292,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_432(__m256i vector) { +compress_ciphertext_coefficient_1a2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3267,8 +3339,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_762(__m256i vector) { - return compress_ciphertext_coefficient_432(vector); +static __m256i compress_09_742(__m256i vector) { + return compress_ciphertext_coefficient_1a2(vector); } /** @@ -3284,7 +3356,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_03( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_762(to_unsigned_representative_3f(re.coefficients[i0])); + compress_09_742(to_unsigned_representative_3f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3570,7 +3642,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_79(__m256i vector) { +decompress_ciphertext_coefficient_8e(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3614,8 +3686,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_c6(__m256i vector) { - return decompress_ciphertext_coefficient_79(vector); +static __m256i decompress_ciphertext_coefficient_09_70(__m256i vector) { + return decompress_ciphertext_coefficient_8e(vector); } /** @@ -3638,7 +3710,7 @@ deserialize_then_decompress_10_c7(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c6(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_70(coefficient); } return re; } @@ -3650,7 +3722,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_790(__m256i vector) { +decompress_ciphertext_coefficient_8e0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3694,8 +3766,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_c60(__m256i vector) { - return decompress_ciphertext_coefficient_790(vector); +static __m256i decompress_ciphertext_coefficient_09_700(__m256i vector) { + return decompress_ciphertext_coefficient_8e0(vector); } /** @@ -3713,7 +3785,7 @@ deserialize_then_decompress_11_d5(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c60(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_700(coefficient); } return re; } @@ -3794,7 +3866,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_791(__m256i vector) { +decompress_ciphertext_coefficient_8e1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3838,8 +3910,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_c61(__m256i vector) { - return decompress_ciphertext_coefficient_791(vector); +static __m256i decompress_ciphertext_coefficient_09_701(__m256i vector) { + return decompress_ciphertext_coefficient_8e1(vector); } /** @@ -3857,7 +3929,7 @@ deserialize_then_decompress_4_75(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c61(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_701(coefficient); } return re; } @@ -3869,7 +3941,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_792(__m256i vector) { +decompress_ciphertext_coefficient_8e2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3913,8 +3985,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_c62(__m256i vector) { - return decompress_ciphertext_coefficient_792(vector); +static __m256i decompress_ciphertext_coefficient_09_702(__m256i vector) { + return decompress_ciphertext_coefficient_8e2(vector); } /** @@ -3933,7 +4005,7 @@ deserialize_then_decompress_5_f8(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_c62(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_702(re.coefficients[i0]); } return re; } @@ -5444,7 +5516,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_17( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_760(to_unsigned_representative_3f(re->coefficients[i0])); + compress_09_740(to_unsigned_representative_3f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 42cc1517c..02a4b1c04 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem_avx2_H @@ -234,6 +234,12 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); @@ -243,6 +249,15 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes); +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +__m256i libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x); + void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, uint8_t ret[8U]); @@ -252,6 +267,14 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); @@ -271,6 +294,18 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, uint8_t ret[10U]); +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +__m256i libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + __m128i lower, __m128i upper); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); @@ -280,6 +315,15 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes); +typedef struct core_core_arch_x86___m128i_x2_s { + __m128i fst; + __m128i snd; +} core_core_arch_x86___m128i_x2; + +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector); + void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, uint8_t ret[20U]); @@ -290,6 +334,9 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, uint8_t ret[20U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); @@ -318,6 +365,10 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes); +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector); + void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, uint8_t ret[24U]); @@ -328,6 +379,9 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, uint8_t ret[24U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 9c539cfa1..25021f8c9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c9875da03..e36fc4ae2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 6e2ab7015..09a7923b5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index d854d460d..49d6623c3 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7da61a71e..1e2e63c96 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1e2de3251..5b4b70a94 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5cf30d99e..d84fc7126 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 362ca6ad1..bdb6771ab 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index dc4e2de87..7599cb2f1 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 +F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 +Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index dcf4fd6fe..c6916acab 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 898681bb4..2b5ee19c2 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 053e1683b..553bb0252 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_avx2_H @@ -204,8 +204,8 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16( - t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i t512 = libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512); + __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16(t0, t512); __m256i quotient = libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = @@ -636,8 +636,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( (int32_t)1, lsb_to_msb, __m128i); __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - ret[0U] = (uint8_t)bits_packed; - ret[1U] = (uint8_t)(bits_packed >> 8U); + uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)}; + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** @@ -652,35 +652,38 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + (int16_t)a, (int16_t)b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -691,16 +694,29 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x) { + int16_t n0 = (int16_t)1 << (uint32_t)n; + return libcrux_intrinsics_avx2_mm256_madd_epi16( + x, libcrux_intrinsics_avx2_mm256_set_epi16( + n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1)); +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector); __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi8( @@ -739,31 +755,19 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0); __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( @@ -771,6 +775,30 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { ((int16_t)1 << 4U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + (int16_t)b0, (int16_t)b1, (int16_t)b2, (int16_t)b3, (int16_t)b4, + (int16_t)b5, (int16_t)b6, (int16_t)b7); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -837,6 +865,24 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128(__m128i lower, + __m128i upper) { + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, libcrux_intrinsics_avx2_mm256_castsi128_si256(lower), upper, + __m256i); +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { @@ -858,11 +904,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + coefficients, coefficients); __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, + coefficients_loaded, libcrux_intrinsics_avx2_mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, @@ -892,17 +937,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } +typedef struct core_core_arch_x86___m128i_x2_s { + __m128i fst; + __m128i snd; +} core_core_arch_x86___m128i_x2; + KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); +static inline core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector); __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( @@ -921,11 +966,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; + uint8_t serialized[32U] = {0U}; libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), @@ -952,37 +1010,46 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, +libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients0, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + Eurydice_slice lower_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t); + Eurydice_slice upper_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + libcrux_intrinsics_avx2_mm_loadu_si128(lower_coefficients), + libcrux_intrinsics_avx2_mm_loadu_si128(upper_coefficients)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -1039,16 +1106,11 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); +static KRML_MUSTINLINE core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(12U, vector); __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, @@ -1068,6 +1130,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -1097,37 +1172,45 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, +libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients0, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + lower_coefficients, upper_coefficients); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -1322,7 +1405,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1457,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_53( vector); } @@ -1404,7 +1487,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_86( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb( coefficient); } return re; @@ -1418,7 +1501,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1553,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_530( vector); } @@ -1495,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb0( coefficient); } return re; @@ -1741,7 +1824,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1793,9 +1876,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_531( vector); } @@ -1818,7 +1901,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb1( coefficient); } return re; @@ -1832,7 +1915,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1884,9 +1967,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_532( vector); } @@ -1909,7 +1992,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_eb2( re.coefficients[i0]); } return re; @@ -3511,7 +3594,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3566,9 +3649,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f( vector); } @@ -3586,7 +3669,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_34( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e( libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3609,7 +3692,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3664,9 +3747,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f0( vector); } @@ -3684,7 +3767,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_47( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e0( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e0( libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3754,7 +3837,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3809,9 +3892,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f1( vector); } @@ -3829,7 +3912,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_c3( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e1( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_3e1( libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3849,7 +3932,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3904,9 +3987,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_3e2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4f2( vector); } @@ -3924,7 +4007,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_de( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_4e2( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_3e2( libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4210,7 +4293,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret); @@ -4227,7 +4310,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_0b(private_key, ciphertext, ret); } @@ -4360,7 +4443,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -4385,7 +4468,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_71( uu____0, copy_of_randomness); } @@ -4841,7 +4924,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -4858,7 +4941,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_20( copy_of_randomness); } @@ -5017,7 +5100,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret); @@ -5034,7 +5117,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_02( private_key, ciphertext, ret); } @@ -5152,7 +5235,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -5177,7 +5260,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_7a( uu____0, copy_of_randomness); } @@ -5362,7 +5445,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5379,7 +5462,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_74( copy_of_randomness); } @@ -5418,7 +5501,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key, @@ -5434,7 +5517,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_4f( private_key, ciphertext); } @@ -5510,7 +5593,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key); } @@ -5523,7 +5606,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_a4( public_key->value); } @@ -5636,7 +5719,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret); @@ -5653,7 +5736,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_e8( private_key, ciphertext, ret); } @@ -5748,7 +5831,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5777,7 +5860,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_89( uu____0, copy_of_randomness); } @@ -5934,7 +6017,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ @@ -5953,7 +6036,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_b7( copy_of_randomness, key_pair); } @@ -5970,7 +6053,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_44(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_9e(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); lit.public_key_hash[0U] = 0U; @@ -6022,7 +6105,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_2c(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6060,7 +6143,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_44()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_9e()}); } /** @@ -6069,7 +6152,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_2c(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_e2(); } /** @@ -6078,7 +6161,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_44(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_9e(); } /** @@ -6099,7 +6182,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( @@ -6127,10 +6210,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92( &self->public_key, serialized); } @@ -6142,7 +6225,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a7(key_pair, serialized); } @@ -6159,7 +6242,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6196,11 +6279,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_69( +libcrux_ml_kem_ind_cca_unpacked_clone_28_24( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_42(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6224,7 +6307,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_77( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6237,8 +6320,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_69( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_24( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_77(key_pair)); pk[0U] = uu____0; } @@ -6249,7 +6332,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_92(public_key, serialized); } @@ -6314,7 +6397,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { @@ -6330,7 +6413,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_d1( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 1e215bec0..a99ed2625 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3d23894e4..2d7b89018 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_portable_H @@ -6916,7 +6916,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_bd(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); lit.public_key_hash[0U] = 0U; @@ -6967,7 +6967,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_35(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_db(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7005,7 +7005,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_6e()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_bd()}); } /** @@ -7013,7 +7013,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_35(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_db(); } /** @@ -7021,7 +7021,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_bd(); } /** @@ -7041,7 +7041,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( @@ -7068,10 +7068,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1( &self->public_key, serialized); } @@ -7082,7 +7082,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_a4(key_pair, serialized); } @@ -7098,7 +7098,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7134,11 +7134,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( +libcrux_ml_kem_ind_cca_unpacked_clone_28_d3( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_59(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7161,7 +7161,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7173,8 +7173,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_d3( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_3d(key_pair)); pk[0U] = uu____0; } @@ -7185,7 +7185,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_a1(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index c283eae80..e305985cd 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2e9dfdbc9..6cdf64314 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index cd92309a3..cfdd6e5d5 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: a089e8609d2bf2df5c165076a79e3fd30dbf87cf */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index ac2d0d4c1..c6edc5b32 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -101,11 +101,12 @@ let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = <: i16)) in + let t512:Libcrux_intrinsics.Avx2_extract.t_Vec256 = + Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s + in + let _:Prims.unit = assert (forall i. get_lane t512 i == 512s) in let t1:Libcrux_intrinsics.Avx2_extract.t_Vec256 = - Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 - (Libcrux_intrinsics.Avx2_extract.mm256_set1_epi16 512s - <: - Libcrux_intrinsics.Avx2_extract.t_Vec256) + Libcrux_intrinsics.Avx2_extract.mm256_add_epi16 t0 t512 in let _:Prims.unit = assert (forall i. get_lane t1 i == get_lane t0 i +. 512s) in let quotient:Libcrux_intrinsics.Avx2_extract.t_Vec256 = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst index 5ab43253f..d0c07fe84 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Serialize.fst @@ -11,6 +11,7 @@ let _ = () [@@"opaque_to_smt"] + let deserialize_1___deserialize_1_i16s (a b: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b b b b b b b b a a a a a a a a @@ -27,6 +28,7 @@ let deserialize_1___deserialize_1_i16s (a b: i16) = Libcrux_intrinsics.Avx2_extract.mm256_srli_epi16 15l coefficients_in_msb [@@"opaque_to_smt"] + let deserialize_1___deserialize_1_u8s (a b: u8) = deserialize_1___deserialize_1_i16s (cast (a <: u8) <: i16) (cast (b <: u8) <: i16) @@ -36,6 +38,7 @@ let deserialize_1_ (bytes: t_Slice u8) = deserialize_1___deserialize_1_u8s (bytes.[ sz 0 ] <: u8) (bytes.[ sz 1 ] <: u8) [@@"opaque_to_smt"] + let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) = let coefficients:Libcrux_intrinsics.Avx2_extract.t_Vec256 = Libcrux_intrinsics.Avx2_extract.mm256_set_epi16 b7 b7 b6 b6 b5 b5 b4 b4 b3 b3 b2 b2 b1 b1 b0 b0 @@ -59,6 +62,7 @@ let deserialize_4___deserialize_4_i16s (b0 b1 b2 b3 b4 b5 b6 b7: i16) = Libcrux_intrinsics.Avx2_extract.t_Vec256) [@@"opaque_to_smt"] + let deserialize_4___deserialize_4_u8s (b0 b1 b2 b3 b4 b5 b6 b7: u8) = deserialize_4___deserialize_4_i16s (cast (b0 <: u8) <: i16) (cast (b1 <: u8) <: i16) @@ -453,6 +457,7 @@ let serialize_4_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options [@@"opaque_to_smt"] + let deserialize_10___deserialize_10_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) = @@ -523,6 +528,7 @@ let deserialize_10_ (bytes: t_Slice u8) = Libcrux_intrinsics.Avx2_extract.t_Vec128) [@@"opaque_to_smt"] + let deserialize_12___deserialize_12_vec (lower_coefficients0 upper_coefficients0: Libcrux_intrinsics.Avx2_extract.t_Vec128) = diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst index 31c67d6b2..cbc90050c 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fst @@ -3,7 +3,7 @@ module Libcrux_ml_kem.Vector.Traits open Core open FStar.Mul -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200 --split_queries always" let decompress_1_ (#v_T: Type0) diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 11749144a..7f6d7e6b3 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -145,7 +145,9 @@ const BARRETT_MULTIPLIER: i16 = 20159; pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { let t0 = mm256_mulhi_epi16(vector, mm256_set1_epi16(BARRETT_MULTIPLIER)); hax_lib::fstar!("assert (forall i. get_lane $t0 i == (cast (((cast (get_lane $vector i) <: i32) *. (cast v_BARRETT_MULTIPLIER <: i32)) >>! 16l) <: i16))"); - let t1 = mm256_add_epi16(t0, mm256_set1_epi16(512)); + let t512 = mm256_set1_epi16(512); + hax_lib::fstar!("assert (forall i. get_lane $t512 i == 512s)"); + let t1 = mm256_add_epi16(t0, t512); hax_lib::fstar!("assert (forall i. get_lane $t1 i == get_lane $t0 i +. 512s)"); let quotient = mm256_srai_epi16::<10>(t1); hax_lib::fstar!( diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 3dd66ac97..438ab4dd4 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -235,7 +235,7 @@ pub fn to_unsigned_representative(a: T) -> T { T::add(a, &fm) } -#[hax_lib::fstar::options("--z3rlimit 100")] +#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always")] #[hax_lib::requires(fstar!("forall i. let x = Seq.index (i1._super_8706949974463268012.f_repr ${vec}) i in (x == 0s \\/ x == 1s)"))] pub fn decompress_1(vec: T) -> T { From ebbbcbd22f7ac6dcc174bc11ac0f97506d2cb6cb Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 28 Sep 2024 12:49:21 +0200 Subject: [PATCH 335/348] proofs --- .../Libcrux_ml_kem.Vector.Avx2.fsti | 4 +- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 66 ++++++-- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 36 ++-- .../Libcrux_ml_kem.Vector.Portable.fst | 50 +++++- .../Libcrux_ml_kem.Vector.Portable.fsti | 158 +++++++++++------- .../Libcrux_ml_kem.Vector.Traits.fsti | 2 +- .../proofs/fstar/spec/Spec.Utils.fst | 4 +- libcrux-ml-kem/src/vector/avx2.rs | 4 +- libcrux-ml-kem/src/vector/portable.rs | 104 +++++++++--- libcrux-ml-kem/src/vector/portable/ntt.rs | 95 ++++++----- libcrux-ml-kem/src/vector/traits.rs | 4 +- 11 files changed, 364 insertions(+), 163 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti index 0a135cf42..ed5b74a59 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.fsti @@ -406,8 +406,8 @@ let impl_3: Libcrux_ml_kem.Vector.Traits.t_Operations t_SIMD256Vector = -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); + Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs)); f_ntt_multiply_post = (fun diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 16b31ced7..0592fca44 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -173,18 +173,24 @@ let inv_ntt_layer_3_step #pop-options -#push-options "--z3rlimit 200 --split_queries always --query_stats" +#push-options "--z3rlimit 250 --split_queries always --query_stats --ext context_prune" let ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) - (i j: usize) + (i: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = - let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in - let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] in - let aj:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in - let bj:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] in + let ai:i16 = a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in + let bi:i16 = b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ sz 2 *! i <: usize ] in + let aj:i16 = + a.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize + ] + in + let bj:i16 = + b.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ (sz 2 *! i <: usize) +! sz 1 <: usize + ] + in let _:Prims.unit = assert (Spec.Utils.is_i16b 3328 ai); assert (Spec.Utils.is_i16b 3328 bi); @@ -211,6 +217,8 @@ let ntt_multiply_binomials (v ai_bi_aj_bj * 169) % 3329; ( == ) { assert (v ai_bi_aj_bj == v ai_bi + v aj_bj_zeta) } ((v ai_bi + v aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v ai_bi == v ai * v bi) } + (((v ai * v bi) + v aj_bj_zeta) * 169) % 3329; ( == ) { assert (v aj_bj_zeta == v aj_bj * v zeta) } (((v ai * v bi) + (v aj_bj * v zeta)) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } @@ -241,6 +249,20 @@ let ntt_multiply_binomials let _:Prims.unit = assert (Spec.Utils.is_i32b (3328 * 3328 + 3328 * 3328) ai_bj_aj_bi) in let _:Prims.unit = assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15) in let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_reduce_element ai_bj_aj_bi in + let _:Prims.unit = + calc ( == ) { + v o1 % 3329; + ( == ) { () } + (v ai_bj_aj_bi * 169) % 3329; + ( == ) { assert (v ai_bj_aj_bi == v ai_bj + v aj_bi) } + ((v ai_bj + v aj_bi) * 169) % 3329; + ( == ) { assert (v ai_bj == v ai * v bj) } + ((v ai * v bj + v aj_bi) * 169) % 3329; + ( == ) { assert (v aj_bi == v aj * v bi) } + ((v ai * v bj + v aj * v bi) * 169) % 3329; + } + in + let v__out0:t_Array i16 (sz 16) = out.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { out with @@ -248,7 +270,7 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - i + (sz 2 *! i <: usize) o0 } <: @@ -261,12 +283,19 @@ let ntt_multiply_binomials = Rust_primitives.Hax.Monomorphized_update_at.update_at_usize out .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements - j + ((sz 2 *! i <: usize) +! sz 1 <: usize) o1 } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (Seq.index out.f_elements (2 * v i) == o0); + assert (Seq.index out.f_elements (2 * v i + 1) == o1); + assert (Spec.Utils.is_i16b_array 3328 out.f_elements); + assert (forall k. + (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k) + in let _:Prims.unit = admit () in out @@ -432,30 +461,35 @@ let ntt_multiply let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.zero () in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta0 (sz 0) (sz 1) out + ntt_multiply_binomials lhs rhs zeta0 (sz 0) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta0 (sz 2) (sz 3) out + ntt_multiply_binomials lhs rhs nzeta0 (sz 1) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta1 (sz 4) (sz 5) out + ntt_multiply_binomials lhs rhs zeta1 (sz 2) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta1 (sz 6) (sz 7) out + ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta2 (sz 8) (sz 9) out + ntt_multiply_binomials lhs rhs zeta2 (sz 4) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta2 (sz 10) (sz 11) out + ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs zeta3 (sz 12) (sz 13) out + ntt_multiply_binomials lhs rhs zeta3 (sz 6) out in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = - ntt_multiply_binomials lhs rhs nzeta3 (sz 14) (sz 15) out + ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out in out diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 344545f74..2608d7a54 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -56,6 +56,8 @@ val inv_ntt_layer_3_step let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in Spec.Utils.is_i16b_array 3328 result.f_elements) +[@@ "opaque_to_smt"] + /// Compute the product of two Kyber binomials with respect to the /// modulus `X² - zeta`. /// This function almost implements Algorithm 11 of the @@ -75,33 +77,27 @@ val inv_ntt_layer_3_step val ntt_multiply_binomials (a b: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) - (i j: usize) + (i: usize) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ - Spec.Utils.is_i16b_array 3228 a.f_elements /\ Spec.Utils.is_i16b_array 3228 b.f_elements) + v i < 8 /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 a.f_elements /\ + Spec.Utils.is_i16b_array 3328 b.f_elements /\ Spec.Utils.is_i16b_array 3328 out.f_elements) (ensures fun out_future -> let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in - Spec.Utils.is_i16b_array 3328 out.f_elements /\ + Spec.Utils.is_i16b_array 3328 out_future.f_elements /\ (forall k. - (k <> v i /\ k <> v j) ==> + (k < 2 * v i \/ k > 2 * v i + 1) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ - (let ai = Seq.index a.f_elements (v i) in - let aj = Seq.index a.f_elements (v j) in - let bi = Seq.index b.f_elements (v i) in - let bj = Seq.index b.f_elements (v j) in - let oi = Seq.index out_future.f_elements (v i) in - let oj = Seq.index out_future.f_elements (v j) in - let x, y = - Spec.MLKEM.Math.poly_base_case_multiply (v ai % 3329) - (v aj % 3329) - (v bi % 3329) - (v bj % 3329) - ((v zeta * 169) % 3329) - in - ((x * 169) % 3329 == v oi % 3329) /\ (y * 169) % 3329 == v oj % 3329)) + (let ai = Seq.index a.f_elements (2 * v i) in + let aj = Seq.index a.f_elements (2 * v i + 1) in + let bi = Seq.index b.f_elements (2 * v i) in + let bj = Seq.index b.f_elements (2 * v i + 1) in + let oi = Seq.index out_future.f_elements (2 * v i) in + let oj = Seq.index out_future.f_elements (2 * v i + 1) in + ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))) val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -162,7 +158,7 @@ val ntt_multiply (requires Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 lhs.f_elements /\ Spec.Utils.is_i16b_array 3228 rhs.f_elements + Spec.Utils.is_i16b_array 3328 lhs.f_elements /\ Spec.Utils.is_i16b_array 3328 rhs.f_elements ) (ensures fun result -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst index dbd72c7e0..0ca12f7ff 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -1,5 +1,5 @@ module Libcrux_ml_kem.Vector.Portable -#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" open Core open FStar.Mul @@ -10,6 +10,50 @@ let _ = let open Libcrux_ml_kem.Vector.Traits in () -#push-options "--z3rlimit 300" +let deserialize_11_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a -#pop-options +let deserialize_5_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a + +let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a + +let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a + +let deserialize_1_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a + +let deserialize_10_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a + +let deserialize_12_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a + +let deserialize_4_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a + +let serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a + +let serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a + +let serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a + +let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti index 2c4690115..064561e44 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fsti @@ -30,7 +30,91 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Libcrux_ml_kem.Vector.Portable.Vector_type.to_i16_array x } -#push-options "--z3rlimit 200" +val deserialize_11_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 22) + (fun _ -> Prims.l_True) + +val deserialize_5_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 10) + (fun _ -> Prims.l_True) + +val serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 22)) Prims.l_True (fun _ -> Prims.l_True) + +val serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 10)) Prims.l_True (fun _ -> Prims.l_True) + +val deserialize_1_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 2) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)) + +val deserialize_10_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 20) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)) + +val deserialize_12_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 24) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)) + +val deserialize_4_ (a: t_Slice u8) + : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector + (requires (Core.Slice.impl__len #u8 a <: usize) =. sz 8) + (ensures + fun out -> + let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)) + +val serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 2)) + (requires Spec.MLKEM.serialize_pre 1 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 2) = out in + Spec.MLKEM.serialize_pre 1 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr a) out) + +val serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 20)) + (requires Spec.MLKEM.serialize_pre 10 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 20) = out in + Spec.MLKEM.serialize_pre 10 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 10 (impl.f_repr a) out) + +val serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 24)) + (requires Spec.MLKEM.serialize_pre 12 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 24) = out in + Spec.MLKEM.serialize_pre 12 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 12 (impl.f_repr a) out) + +val serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) + : Prims.Pure (t_Array u8 (sz 8)) + (requires Spec.MLKEM.serialize_pre 4 (impl.f_repr a)) + (ensures + fun out -> + let out:t_Array u8 (sz 8) = out in + Spec.MLKEM.serialize_pre 4 (impl.f_repr a) ==> + Spec.MLKEM.serialize_post 4 (impl.f_repr a) out) + +#push-options "--z3rlimit 400 --split_queries always" [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1: Libcrux_ml_kem.Vector.Traits.t_Operations @@ -453,8 +537,8 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = -> Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr lhs) /\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr rhs)); + Spec.Utils.is_i16b_array 3328 (impl.f_repr lhs) /\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr rhs)); f_ntt_multiply_post = (fun @@ -492,23 +576,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 1 (impl.f_repr a) out); f_serialize_1_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = - assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) - in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_1_ a); f_deserialize_1_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 2); f_deserialize_1_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 a (impl.f_repr out)); - f_deserialize_1_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a); + f_deserialize_1_ = (fun (a: t_Slice u8) -> deserialize_1_ a); f_serialize_4_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -523,23 +597,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 4 (impl.f_repr a) out); f_serialize_4_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = - assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) - in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_4_ a); f_deserialize_4_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 8); f_deserialize_4_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 a (impl.f_repr out)); - f_deserialize_4_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a); + f_deserialize_4_ = (fun (a: t_Slice u8) -> deserialize_4_ a); f_serialize_5_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -552,15 +616,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = true); f_serialize_5_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_5_ a); f_deserialize_5_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 10); f_deserialize_5_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_deserialize_5_ - = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a); + f_deserialize_5_ = (fun (a: t_Slice u8) -> deserialize_5_ a); f_serialize_10_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -575,22 +636,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 10 (impl.f_repr a) out); f_serialize_10_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_10_ a); f_deserialize_10_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 20); f_deserialize_10_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 a (impl.f_repr out)); - f_deserialize_10_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in - let _:Prims.unit = - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a - in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a); + f_deserialize_10_ = (fun (a: t_Slice u8) -> deserialize_10_ a); f_serialize_11_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); @@ -603,15 +655,12 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = true); f_serialize_11_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_11_ a); f_deserialize_11_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 22); f_deserialize_11_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> true); - f_deserialize_11_ - = - (fun (a: t_Slice u8) -> Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a); + f_deserialize_11_ = (fun (a: t_Slice u8) -> deserialize_11_ a); f_serialize_12_pre = (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> @@ -626,22 +675,13 @@ Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = Spec.MLKEM.serialize_post 12 (impl.f_repr a) out); f_serialize_12_ = - (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in - Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a); + (fun (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> serialize_12_ a); f_deserialize_12_pre = (fun (a: t_Slice u8) -> (Core.Slice.impl__len #u8 a <: usize) =. sz 24); f_deserialize_12_post = (fun (a: t_Slice u8) (out: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) -> sz (Seq.length a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 a (impl.f_repr out)); - f_deserialize_12_ - = - (fun (a: t_Slice u8) -> - let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in - let _:Prims.unit = - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a - in - Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a); + f_deserialize_12_ = (fun (a: t_Slice u8) -> deserialize_12_ a); f_rej_sample_pre = (fun (a: t_Slice u8) (out: t_Slice i16) -> diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index e2a2bbbe4..cb32321d0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -271,7 +271,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array 3228 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3228 (f_repr rhs) ==> + Spec.Utils.is_i16b_array 3328 (f_repr lhs) /\ Spec.Utils.is_i16b_array 3328 (f_repr rhs) ==> pred }; f_ntt_multiply_post: lhs: v_Self -> diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index bfa2fcd9a..516901137 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -188,7 +188,9 @@ let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) - (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) + (ensures (range (v n1 * v n2) i32_inttype /\ + is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)) /\ + v ((cast n1 <: i32) *! (cast n2 <: i32)) == v n1 * v n2)) let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = if v n1 = 0 || v n2 = 0 diff --git a/libcrux-ml-kem/src/vector/avx2.rs b/libcrux-ml-kem/src/vector/avx2.rs index 907f14ecd..ade993f68 100644 --- a/libcrux-ml-kem/src/vector/avx2.rs +++ b/libcrux-ml-kem/src/vector/avx2.rs @@ -237,8 +237,8 @@ impl Operations for SIMD256Vector { #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, diff --git a/libcrux-ml-kem/src/vector/portable.rs b/libcrux-ml-kem/src/vector/portable.rs index 0c1d07d1e..b8e46b460 100644 --- a/libcrux-ml-kem/src/vector/portable.rs +++ b/libcrux-ml-kem/src/vector/portable.rs @@ -10,7 +10,6 @@ use arithmetic::*; use compress::*; use ntt::*; use sampling::*; -use serialize::*; use vector_type::*; pub(crate) use vector_type::PortableVector; @@ -22,7 +21,88 @@ impl crate::vector::traits::Repr for PortableVector { } } -#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 200""#)] +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> + Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] +fn serialize_1(a: PortableVector) -> [u8; 2] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); + serialize::serialize_1(a) +} + +#[hax_lib::requires(a.len() == 2)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] +fn deserialize_1(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a"); + serialize::deserialize_1(a) +} + +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] +fn serialize_4(a: PortableVector) -> [u8; 8] { + hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); + serialize::serialize_4(a) +} + +#[hax_lib::requires(a.len() == 8)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] +fn deserialize_4(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a"); + serialize::deserialize_4(a) +} + +fn serialize_5(a: PortableVector) -> [u8; 10] { + serialize::serialize_5(a) +} + +#[hax_lib::requires(a.len() == 10)] +fn deserialize_5(a: &[u8]) -> PortableVector { + serialize::deserialize_5(a) +} + +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] +fn serialize_10(a: PortableVector) -> [u8; 20] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); + serialize::serialize_10(a) +} + +#[hax_lib::requires(a.len() == 20)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] +fn deserialize_10(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a"); + serialize::deserialize_10(a) +} + +fn serialize_11(a: PortableVector) -> [u8; 22] { + serialize::serialize_11(a) +} + +#[hax_lib::requires(a.len() == 22)] +fn deserialize_11(a: &[u8]) -> PortableVector { + serialize::deserialize_11(a) +} + +#[hax_lib::requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] +#[hax_lib::ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] +fn serialize_12(a: PortableVector) -> [u8; 24] { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); + serialize::serialize_12(a) +} + +#[hax_lib::requires(a.len() == 24)] +#[hax_lib::ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] +fn deserialize_12(a: &[u8]) -> PortableVector { + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); + hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a"); + serialize::deserialize_12(a) +} + +#[hax_lib::fstar::before(interface, r#"#push-options "--z3rlimit 400 --split_queries always""#)] #[hax_lib::fstar::after(interface, r#"#pop-options"#)] #[hax_lib::attributes] impl Operations for PortableVector { @@ -171,8 +251,8 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${lhs}) /\\ - Spec.Utils.is_i16b_array 3228 (impl.f_repr ${rhs})"))] + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3328 (impl.f_repr ${rhs})"))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (impl.f_repr $out)"))] fn ntt_multiply( lhs: &Self, @@ -188,32 +268,24 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 1 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 1 (impl.f_repr $a) $out"))] fn serialize_1(a: Self) -> [u8; 2] { - hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 1)"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma $a"); serialize_1(a) } #[requires(a.len() == 2)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 2 ==> Spec.MLKEM.deserialize_post 1 $a (impl.f_repr $out)"))] fn deserialize_1(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma $a"); deserialize_1(a) } #[requires(fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 4 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 4 (impl.f_repr $a) $out"))] fn serialize_4(a: Self) -> [u8; 8] { - hax_lib::fstar!("assert (forall i. Rust_primitives.bounded (Seq.index ${a}.f_elements i) 4)"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma $a"); - serialize_4(a) + serialize_4(a) } #[requires(a.len() == 8)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 8 ==> Spec.MLKEM.deserialize_post 4 $a (impl.f_repr $out)"))] fn deserialize_4(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma $a"); deserialize_4(a) } @@ -229,15 +301,12 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 10 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 10 (impl.f_repr $a) $out"))] fn serialize_10(a: Self) -> [u8; 20] { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma $a"); serialize_10(a) } #[requires(a.len() == 20)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 20 ==> Spec.MLKEM.deserialize_post 10 $a (impl.f_repr $out)"))] fn deserialize_10(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma $a"); deserialize_10(a) } @@ -253,15 +322,12 @@ impl Operations for PortableVector { #[requires(fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a)"))] #[ensures(|out| fstar!("Spec.MLKEM.serialize_pre 12 (impl.f_repr $a) ==> Spec.MLKEM.serialize_post 12 (impl.f_repr $a) $out"))] fn serialize_12(a: Self) -> [u8; 24] { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma $a"); serialize_12(a) } #[requires(a.len() == 24)] #[ensures(|out| fstar!("sz (Seq.length $a) =. sz 24 ==> Spec.MLKEM.deserialize_post 12 $a (impl.f_repr $out)"))] fn deserialize_12(a: &[u8]) -> Self { - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma $a"); - hax_lib::fstar!("Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma $a"); deserialize_12(a) } diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 096c9fb7b..e96fac7e5 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -191,41 +191,35 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200 --split_queries always --query_stats")] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ - Spec.Utils.is_i16b_array 3228 ${a}.f_elements /\\ - Spec.Utils.is_i16b_array 3228 ${b}.f_elements "))] +#[hax_lib::fstar::options("--z3rlimit 250 --split_queries always --query_stats --ext context_prune")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] +#[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array 3328 ${a}.f_elements /\\ + Spec.Utils.is_i16b_array 3328 ${b}.f_elements /\\ + Spec.Utils.is_i16b_array 3328 ${out}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" - Spec.Utils.is_i16b_array 3328 ${out}.f_elements /\\ - (forall k. (k <> v $i /\\ k <> v $j) ==> + Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\\ + (forall k. (k < 2 * v $i \\/ k > 2 * v $i + 1) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ - (let ai = Seq.index ${a}.f_elements (v $i) in - let aj = Seq.index ${a}.f_elements (v $j) in - let bi = Seq.index ${b}.f_elements (v $i) in - let bj = Seq.index ${b}.f_elements (v $j) in - let oi = Seq.index out_future.f_elements (v $i) in - let oj = Seq.index out_future.f_elements (v $j) in - let (x,y) = - Spec.MLKEM.Math.poly_base_case_multiply - (v ai % 3329) - (v aj % 3329) - (v bi % 3329) - (v bj % 3329) - ((v zeta * 169) % 3329) in - ((x * 169) % 3329 == v oi % 3329) /\\ - (y * 169) % 3329 == v oj % 3329)))"))] + (let ai = Seq.index ${a}.f_elements (2 * v $i) in + let aj = Seq.index ${a}.f_elements (2 * v $i + 1) in + let bi = Seq.index ${b}.f_elements (2 * v $i) in + let bj = Seq.index ${b}.f_elements (2 * v $i + 1) in + let oi = Seq.index out_future.f_elements (2 * v $i) in + let oj = Seq.index out_future.f_elements (2 * v $i + 1) in + ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))"))] pub(crate) fn ntt_multiply_binomials( a: &PortableVector, b: &PortableVector, zeta: FieldElementTimesMontgomeryR, i: usize, - j: usize, out: &mut PortableVector, ) { - let ai = a.elements[i]; - let bi = b.elements[i]; - let aj = a.elements[j]; - let bj = b.elements[j]; + let ai = a.elements[2*i]; + let bi = b.elements[2*i]; + let aj = a.elements[2*i+1]; + let bj = b.elements[2*i+1]; hax_lib::fstar!("assert(Spec.Utils.is_i16b 3328 $ai); assert(Spec.Utils.is_i16b 3328 $bi); assert(Spec.Utils.is_i16b 3328 $aj); @@ -250,6 +244,8 @@ pub(crate) fn ntt_multiply_binomials( (v $ai_bi_aj_bj * 169) % 3329; ( == ) { assert(v $ai_bi_aj_bj == v $ai_bi + v $aj_bj_zeta) } ((v $ai_bi + v $aj_bj_zeta) * 169) % 3329; + ( == ) { assert (v $ai_bi == v $ai * v $bi) } + (((v $ai * v $bi) + v $aj_bj_zeta) * 169) % 3329; ( == ) { assert (v $aj_bj_zeta == v $aj_bj * v $zeta) } (((v $ai * v $bi) + (v $aj_bj * v $zeta)) * 169) % 3329; ( == ) { Math.Lemmas.lemma_mod_mul_distr_l ((v ai * v bi) + (v aj_bj * v zeta)) 169 3329 } @@ -277,8 +273,26 @@ pub(crate) fn ntt_multiply_binomials( hax_lib::fstar!("assert(Spec.Utils.is_i32b (3328*3328 + 3328*3328) ai_bj_aj_bi) "); hax_lib::fstar!("assert_norm (3328 * 3328 + 3328 * 3328 <= 3328 * pow2 15)"); let o1 = montgomery_reduce_element(ai_bj_aj_bi); - out.elements[i] = o0; - out.elements[j] = o1; + hax_lib::fstar!("calc ( == ) { + v $o1 % 3329; + ( == ) { () } + (v $ai_bj_aj_bi * 169) % 3329; + ( == ) { assert(v $ai_bj_aj_bi == v $ai_bj + v $aj_bi) } + ((v $ai_bj + v $aj_bi) * 169) % 3329; + ( == ) { assert (v ai_bj == v ai * v bj) } + ((v ai * v bj + v aj_bi) * 169) % 3329; + ( == ) { assert (v aj_bi == v aj * v bi) } + ((v ai * v bj + v aj * v bi) * 169) % 3329; + }"); + let _out0 = out.elements; + out.elements[2*i] = o0; + out.elements[2*i+1] = o1; + hax_lib::fstar!("assert (Seq.index out.f_elements (2 * v i) == o0); + assert (Seq.index out.f_elements (2 * v i + 1) == o1); + assert (Spec.Utils.is_i16b_array 3328 out.f_elements); + assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==> + Seq.index out.f_elements k == + Seq.index ${_out0} k)"); hax_lib::fstar!("admit()"); } @@ -303,8 +317,8 @@ pub(crate) fn ntt_multiply_binomials( Spec.Utils.is_i16b 1664 $zeta1 /\\ Spec.Utils.is_i16b 1664 $zeta2 /\\ Spec.Utils.is_i16b 1664 $zeta3 /\\ - Spec.Utils.is_i16b_array 3228 ${lhs}.f_elements /\\ - Spec.Utils.is_i16b_array 3228 ${rhs}.f_elements "))] + Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\\ + Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "))] #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] pub(crate) fn ntt_multiply( lhs: &PortableVector, @@ -323,14 +337,19 @@ pub(crate) fn ntt_multiply( hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta2)"); hax_lib::fstar!("assert (Spec.Utils.is_i16b 1664 nzeta3)"); let mut out = zero(); - ntt_multiply_binomials(lhs, rhs, zeta0, 0, 1, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta0, 2, 3, &mut out); - ntt_multiply_binomials(lhs, rhs, zeta1, 4, 5, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta1, 6, 7, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, zeta0, 0, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, nzeta0, 1, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, zeta1, 2, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); + ntt_multiply_binomials(lhs, rhs, nzeta1, 3, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); hax_lib::fstar!("admit()"); - ntt_multiply_binomials(lhs, rhs, zeta2, 8, 9, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta2, 10, 11, &mut out); - ntt_multiply_binomials(lhs, rhs, zeta3, 12, 13, &mut out); - ntt_multiply_binomials(lhs, rhs, nzeta3, 14, 15, &mut out); + ntt_multiply_binomials(lhs, rhs, zeta2, 4, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta2, 5, &mut out); + ntt_multiply_binomials(lhs, rhs, zeta3, 6, &mut out); + ntt_multiply_binomials(lhs, rhs, nzeta3, 7, &mut out); out } diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 3dd66ac97..61679a724 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -123,8 +123,8 @@ pub trait Operations: Copy + Clone + Repr { #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array 3228 (f_repr ${lhs}) /\\ - Spec.Utils.is_i16b_array 3228 (f_repr ${rhs}) "))] + Spec.Utils.is_i16b_array 3328 (f_repr ${lhs}) /\\ + Spec.Utils.is_i16b_array 3328 (f_repr ${rhs}) "))] #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn ntt_multiply(lhs: &Self, rhs: &Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; From 9b1f1c3f5be9024f199d3fe10a83bee0df4d60ad Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 28 Sep 2024 15:49:17 +0200 Subject: [PATCH 336/348] removed some lax --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 7 +++++-- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 8 ++++++-- libcrux-ml-kem/src/vector/portable/ntt.rs | 16 +++++++++++----- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 0592fca44..19ff0314d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -296,7 +296,7 @@ let ntt_multiply_binomials assert (forall k. (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index v__out0 k) in - let _:Prims.unit = admit () in + let hax_temp_output:Prims.unit = admit () (* Panic freedom *) in out #pop-options @@ -478,19 +478,22 @@ let ntt_multiply ntt_multiply_binomials lhs rhs nzeta1 (sz 3) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in - let _:Prims.unit = admit () in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta2 (sz 4) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs nzeta2 (sz 5) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs zeta3 (sz 6) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in let out:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out in + let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in out #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 2608d7a54..6da365a34 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -88,7 +88,7 @@ val ntt_multiply_binomials let out_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out_future in Spec.Utils.is_i16b_array 3328 out_future.f_elements /\ (forall k. - (k < 2 * v i \/ k > 2 * v i + 1) ==> + (k <> 2 * v i /\ k <> 2 * v i + 1) ==> Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\ (let ai = Seq.index a.f_elements (2 * v i) in let aj = Seq.index a.f_elements (2 * v i + 1) in @@ -104,7 +104,11 @@ val ntt_step (zeta: i16) (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector - (requires v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta) + (requires + v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\ + Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ i ] /\ + Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ j ]) (ensures fun vec_future -> let vec_future:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = vec_future in diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index e96fac7e5..9e36238f1 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -3,7 +3,10 @@ use super::vector_type::*; #[inline(always)] #[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta"))] +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ + Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\ + Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\\ + Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"))] #[hax_lib::ensures(|result| fstar!("(forall k. (k <> v i /\\ k <> v j) ==> Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ @@ -191,6 +194,7 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab /// The NIST FIPS 203 standard can be found at /// . #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::fstar::options("--z3rlimit 250 --split_queries always --query_stats --ext context_prune")] #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] #[hax_lib::requires(fstar!("v i < 8 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ @@ -199,8 +203,8 @@ pub(crate) fn inv_ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> Portab Spec.Utils.is_i16b_array 3328 ${out}.f_elements "))] #[hax_lib::ensures(|()| fstar!(" Spec.Utils.is_i16b_array 3328 ${out}_future.f_elements /\\ - (forall k. (k < 2 * v $i \\/ k > 2 * v $i + 1) ==> - Seq.index out_future.f_elements k == Seq.index out.f_elements k) /\\ + (forall k. (k <> 2 * v $i /\\ k <> 2 * v $i + 1) ==> + Seq.index ${out}_future.f_elements k == Seq.index ${out}.f_elements k) /\\ (let ai = Seq.index ${a}.f_elements (2 * v $i) in let aj = Seq.index ${a}.f_elements (2 * v $i + 1) in let bi = Seq.index ${b}.f_elements (2 * v $i) in @@ -293,7 +297,6 @@ pub(crate) fn ntt_multiply_binomials( assert (forall k. (k <> 2 * v i /\\ k <> 2 * v i + 1) ==> Seq.index out.f_elements k == Seq.index ${_out0} k)"); - hax_lib::fstar!("admit()"); } // #[inline(always)] @@ -346,10 +349,13 @@ pub(crate) fn ntt_multiply( hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, nzeta1, 3, &mut out); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); - hax_lib::fstar!("admit()"); ntt_multiply_binomials(lhs, rhs, zeta2, 4, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, nzeta2, 5, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, zeta3, 6, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); ntt_multiply_binomials(lhs, rhs, nzeta3, 7, &mut out); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array 3328 out.f_elements)"); out } From deedd5af119a03fd9c48e667bcd888d85a330e67 Mon Sep 17 00:00:00 2001 From: mamonet Date: Sat, 28 Sep 2024 19:00:50 +0000 Subject: [PATCH 337/348] Update invert_ntt --- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 75 ++++++++++------ .../extraction/Libcrux_ml_kem.Invert_ntt.fsti | 61 ++++++++++--- .../Libcrux_ml_kem.Vector.Traits.fsti | 26 +++--- .../proofs/fstar/spec/Spec.Utils.fst | 3 + libcrux-ml-kem/src/invert_ntt.rs | 88 ++++++++++++++----- libcrux-ml-kem/src/vector/traits.rs | 24 ++--- 6 files changed, 196 insertions(+), 81 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index eaa498a6a..f2af36e02 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -42,6 +42,8 @@ let invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -51,7 +53,16 @@ let invert_ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 4) + v zeta_i == v v__zeta_i_init - v round * 4 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -87,6 +98,10 @@ let invert_ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 3 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -101,6 +116,7 @@ let invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -110,7 +126,16 @@ let invert_ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round * 2) + v zeta_i == v v__zeta_i_init - v round * 2 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -142,6 +167,10 @@ let invert_ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -156,6 +185,7 @@ let invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) = + let _:Prims.unit = reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -165,7 +195,16 @@ let invert_ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init - v round) + v zeta_i == v v__zeta_i_init - v round /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -192,12 +231,16 @@ let invert_ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) -#push-options "--z3rlimit 200" +#push-options "--admit_smt_queries true" let invert_ntt_at_layer_4_plus (#v_Vector: Type0) @@ -209,30 +252,23 @@ let invert_ntt_at_layer_4_plus (layer: usize) = let step:usize = sz 1 <>! layer <: usize) - (fun temp_0_ round -> + (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - v zeta_i == v v__zeta_i_init - v round) + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in - let _:Prims.unit = - assert (v round < 8); - assert (v step >= 16 /\ v step <= 128); - assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) - in let zeta_i:usize = zeta_i -! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! Libcrux_ml_kem.Vector.Traits.v_FIELD_ELEMENTS_IN_VECTOR in @@ -248,13 +284,6 @@ let invert_ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in - let _:Prims.unit = - assume (Spec.Utils.is_i16b_array 28296 - (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add - re.f_coefficients.[ j ] - re.f_coefficients.[ j +! step_vec ]))) - in let x, y:(v_Vector & v_Vector) = inv_ntt_layer_int_vec_step_reduce #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -298,8 +327,6 @@ let invert_ntt_at_layer_4_plus #pop-options -#push-options "--z3rlimit 200" - let invert_ntt_montgomery (v_K: usize) (#v_Vector: Type0) @@ -358,5 +385,3 @@ let invert_ntt_montgomery (Prims.unit & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) in re - -#pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti index cc73de23e..d83521180 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fsti @@ -16,11 +16,35 @@ val inv_ntt_layer_int_vec_step_reduce (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) (requires - Spec.Utils.is_i16b 3328 zeta_r /\ + Spec.Utils.is_i16b 1664 zeta_r /\ + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array b) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i))) /\ + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array b) i))) /\ Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add a b))) (fun _ -> Prims.l_True) +[@@ "opaque_to_smt"] + let invert_ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + +[@@ "opaque_to_smt"] + let invert_ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + val invert_ntt_at_layer_1_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -28,8 +52,14 @@ val invert_ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i >= 64 && v zeta_i <= 128) - (fun _ -> Prims.l_True) + (requires v zeta_i == 128 /\ invert_ntt_re_range_1 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + invert_ntt_re_range_2 re_future /\ v zeta_i_future == 64) val invert_ntt_at_layer_2_ (#v_Vector: Type0) @@ -38,8 +68,14 @@ val invert_ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i >= 32 && v zeta_i <= 128) - (fun _ -> Prims.l_True) + (requires v zeta_i == 64 /\ invert_ntt_re_range_2 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + invert_ntt_re_range_2 re_future /\ v zeta_i_future == 32) val invert_ntt_at_layer_3_ (#v_Vector: Type0) @@ -48,8 +84,14 @@ val invert_ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i >= 16 && v zeta_i <= 128) - (fun _ -> Prims.l_True) + (requires v zeta_i == 32 /\ invert_ntt_re_range_2 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + invert_ntt_re_range_2 re_future /\ v zeta_i_future == 16) val invert_ntt_at_layer_4_plus (#v_Vector: Type0) @@ -58,8 +100,7 @@ val invert_ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires - v layer >= 4 /\ v layer <= 7 /\ v zeta_i - v (sz 128 >>! layer) >= 0 /\ v zeta_i <= 128) + (requires v layer >= 4 /\ v layer <= 7) (fun _ -> Prims.l_True) val invert_ntt_montgomery @@ -68,5 +109,5 @@ val invert_ntt_montgomery {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires invert_ntt_re_range_1 re) (fun _ -> Prims.l_True) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index e2a2bbbe4..0625533bb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -183,7 +183,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr a) ==> pred }; f_ntt_layer_1_step_post: a: v_Self -> @@ -192,7 +192,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 6 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) (f_repr out)}; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -201,10 +201,10 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr a) ==> pred }; f_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr out)}; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) @@ -212,10 +212,11 @@ class t_Operations (v_Self: Type0) = { f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0 - { Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (f_repr a) ==> + { Spec.Utils.is_i16b 1664 zeta /\ + Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) (f_repr a) ==> pred }; f_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr out)}; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) @@ -225,7 +226,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array (4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr a) ==> pred }; f_inv_ntt_layer_1_step_post: a: v_Self -> @@ -234,7 +235,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -243,19 +244,20 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array 3328 (f_repr a) ==> + Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> pred }; f_inv_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: - Type0{Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred}; + Type0 + {Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> pred}; f_inv_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index bfa2fcd9a..8c8b55946 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -159,6 +159,9 @@ let is_i16b_array (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i1 let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = forall i. i < v r ==> is_i16b_array l (Seq.index x i) let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) +[@ "opaque_to_smt"] +let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) + let is_i32b (l:nat) (x:i32) = is_intb l (v x) let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 4db09d55d..62d6a5947 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -5,20 +5,42 @@ use crate::{ }; #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma +#[hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = - admit()"))] -#[hax_lib::requires(fstar!("v ${*zeta_i} >= 64 && v ${*zeta_i} <= 128"))] + admit()")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let invert_ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let invert_ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 128 /\\ + invert_ntt_re_range_1 $re"))] +#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 64"))] pub(crate) fn invert_ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_1) (invert_ntt_re_range_1 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 4 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i - 1); @@ -32,22 +54,33 @@ pub(crate) fn invert_ntt_at_layer_1( get_zeta (*zeta_i - 3), ); *zeta_i -= 3; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} >= 32 && v ${*zeta_i} <= 128"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 64 /\\ + invert_ntt_re_range_2 $re "))] +#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 32"))] pub(crate) fn invert_ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round * 2 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i - 1)"); @@ -57,32 +90,53 @@ pub(crate) fn invert_ntt_at_layer_2( get_zeta (*zeta_i - 1), ); *zeta_i -= 1; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} >= 16 && v ${*zeta_i} <= 128"))] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 32 /\\ + invert_ntt_re_range_2 $re"))] +#[hax_lib::ensures(|result| fstar!("invert_ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 16"))] pub(crate) fn invert_ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, ) { + hax_lib::fstar!("reveal_opaque (`%invert_ntt_re_range_2) (invert_ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r /\\ +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i))) /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $b) i))) /\\ Spec.Utils.is_i16b_array 28296 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add $a $b))"))] pub(crate) fn inv_ntt_layer_int_vec_step_reduce( @@ -97,9 +151,8 @@ pub(crate) fn inv_ntt_layer_int_vec_step_reduce( } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200")] -#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ - v ${*zeta_i} - v (sz 128 >>! $layer) >= 0 /\\ v ${*zeta_i} <= 128"))] +#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7"))] pub(crate) fn invert_ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, @@ -107,25 +160,16 @@ pub(crate) fn invert_ntt_at_layer_4_plus( ) { let step = 1 << layer; - let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init - v $round") }); - hax_lib::fstar!("assert (v $round < 8); - assert (v $step >= 16 /\\ v $step <= 128); - assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i -= 1; let offset = round * step * 2; - hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); - hax_lib::fstar!("assume (Spec.Utils.is_i16b_array 28296 - (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (Libcrux_ml_kem.Vector.Traits.f_add re.f_coefficients.[j] re.f_coefficients.[j +! step_vec])))"); let (x, y) = inv_ntt_layer_int_vec_step_reduce( re.coefficients[j], re.coefficients[j + step_vec], @@ -139,7 +183,7 @@ pub(crate) fn invert_ntt_at_layer_4_plus( } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("invert_ntt_re_range_1 $re"))] pub(crate) fn invert_ntt_montgomery( re: &mut PolynomialRingElement, ) { diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 3dd66ac97..94a43526a 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -95,30 +95,30 @@ pub trait Operations: Copy + Clone + Repr { // NTT #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+6*3328) (f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ - Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (11207+3*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\ - Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ From 1c3c00c7ed90ef5ca81d00903118fa7f934d1adc Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sat, 28 Sep 2024 23:51:12 +0200 Subject: [PATCH 338/348] removed some lax --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 4 ++- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 25 ++++++++++++++++++- libcrux-ml-kem/src/vector/portable/ntt.rs | 13 +++++++++- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 19ff0314d..8f1101bd9 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -494,6 +494,8 @@ let ntt_multiply ntt_multiply_binomials lhs rhs nzeta3 (sz 7) out in let _:Prims.unit = assert (Spec.Utils.is_i16b_array 3328 out.f_elements) in - out + let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = out in + let _:Prims.unit = admit () (* Panic freedom *) in + result #pop-options diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 6da365a34..f6c15db23 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -167,4 +167,27 @@ val ntt_multiply (ensures fun result -> let result:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = result in - Spec.Utils.is_i16b_array 3328 result.f_elements) + Spec.Utils.is_i16b_array 3328 result.f_elements /\ + (let zetas = + Seq.seq_of_list [ + v zeta0; + - v zeta0; + v zeta1; + - v zeta1; + v zeta2; + - v zeta2; + v zeta3; + - v zeta3 + ] + in + (forall (i: nat). + i < 8 ==> + (let ai = Seq.index lhs.f_elements (2 * i) in + let aj = Seq.index lhs.f_elements (2 * i + 1) in + let bi = Seq.index rhs.f_elements (2 * i) in + let bj = Seq.index rhs.f_elements (2 * i + 1) in + let oi = Seq.index result.f_elements (2 * i) in + let oj = Seq.index result.f_elements (2 * i + 1) in + ((v oi % 3329) == + (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 9e36238f1..002203745 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -315,6 +315,7 @@ pub(crate) fn ntt_multiply_binomials( // } #[inline(always)] +#[hax_lib::fstar::verification_status(panic_free)] #[hax_lib::fstar::options("--z3rlimit 100")] #[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta0 /\\ Spec.Utils.is_i16b 1664 $zeta1 /\\ @@ -322,7 +323,17 @@ pub(crate) fn ntt_multiply_binomials( Spec.Utils.is_i16b 1664 $zeta3 /\\ Spec.Utils.is_i16b_array 3328 ${lhs}.f_elements /\\ Spec.Utils.is_i16b_array 3328 ${rhs}.f_elements "))] -#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements"))] +#[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 ${result}.f_elements /\\ + (let zetas = Seq.seq_of_list [v zeta0; - v zeta0; v zeta1; - v zeta1; v zeta2; - v zeta2; v zeta3; - v zeta3] in + (forall (i:nat). i < 8 ==> + (let ai = Seq.index lhs.f_elements (2 * i) in + let aj = Seq.index lhs.f_elements (2 * i + 1) in + let bi = Seq.index rhs.f_elements (2 * i) in + let bj = Seq.index rhs.f_elements (2 * i + 1) in + let oi = Seq.index result.f_elements (2 * i) in + let oj = Seq.index result.f_elements (2 * i + 1) in + ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * (Seq.index zetas i) * 169)) * 169) % 3329)) /\\ + ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))))"))] pub(crate) fn ntt_multiply( lhs: &PortableVector, rhs: &PortableVector, From 6a84ae46c78181a1f2d4912060c653d8eaef393e Mon Sep 17 00:00:00 2001 From: mamonet Date: Sun, 29 Sep 2024 08:11:21 +0000 Subject: [PATCH 339/348] Update generic ntt.rs --- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 85 +++++++++--- .../fstar/extraction/Libcrux_ml_kem.Ntt.fsti | 114 ++++++++++++++-- .../proofs/fstar/extraction/Makefile | 1 + libcrux-ml-kem/src/ntt.rs | 129 ++++++++++++++++-- 4 files changed, 286 insertions(+), 43 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index 99a4f437a..d5a455351 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -39,6 +39,8 @@ let ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -48,7 +50,16 @@ let ntt_at_layer_1_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 4) + v zeta_i == v v__zeta_i_init + v round * 4 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -84,6 +95,10 @@ let ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 3 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -98,6 +113,8 @@ let ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -107,7 +124,16 @@ let ntt_at_layer_2_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round * 2) + v zeta_i == v v__zeta_i_init + v round * 2 /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -139,6 +165,10 @@ let ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in @@ -153,6 +183,8 @@ let ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) = + let _:Prims.unit = reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #v_Vector) in + let _:Prims.unit = reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #v_Vector) in let v__zeta_i_init:usize = zeta_i in let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) @@ -162,7 +194,16 @@ let ntt_at_layer_3_ temp_0_ in let round:usize = round in - v zeta_i == v v__zeta_i_init + v round) + v zeta_i == v v__zeta_i_init + v round /\ + (v round < 16 ==> + (forall (i: nat). + (i >= v round /\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\ + (forall (i: nat). + i < v round ==> + Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = @@ -189,12 +230,16 @@ let ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + assert (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) in let hax_temp_output:Prims.unit = () <: Prims.unit in zeta_i, re <: (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) -#push-options "--z3rlimit 200" +#push-options "--admit_smt_queries true" let ntt_at_layer_4_plus (#v_Vector: Type0) @@ -210,26 +255,20 @@ let ntt_at_layer_4_plus let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = Rust_primitives.Hax.Folds.fold_range (sz 0) (sz 128 >>! layer <: usize) - (fun temp_0_ round -> + (fun temp_0_ temp_1_ -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in - let round:usize = round in - v zeta_i == v v__zeta_i_init + v round) + let _:usize = temp_1_ in + true) (re, zeta_i <: (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize)) (fun temp_0_ round -> let re, zeta_i:(Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector & usize) = temp_0_ in let round:usize = round in - let _:Prims.unit = - assert (v round < 8); - assert (v step >= 16 /\ v step <= 128); - assert (v (round *! step) >= 0 /\ v (round *! step) <= 112) - in let zeta_i:usize = zeta_i +! sz 1 in let offset:usize = (round *! step <: usize) *! sz 2 in - let _:Prims.unit = assert (v offset >= 0 /\ v offset <= 224) in let offset_vec:usize = offset /! sz 16 in let step_vec:usize = step /! sz 16 in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = @@ -243,7 +282,6 @@ let ntt_at_layer_4_plus (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in let x, y:(v_Vector & v_Vector) = ntt_layer_int_vec_step #v_Vector (re.Libcrux_ml_kem.Polynomial.f_coefficients.[ j ] <: v_Vector) @@ -287,6 +325,8 @@ let ntt_at_layer_4_plus #pop-options +#push-options "--admit_smt_queries true" + let ntt_at_layer_7_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -295,17 +335,22 @@ let ntt_at_layer_7_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = let step:usize = Libcrux_ml_kem.Polynomial.v_VECTORS_IN_RING_ELEMENT /! sz 2 in + let _:Prims.unit = assert (v step == 8) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Rust_primitives.Hax.Folds.fold_range (sz 0) step - (fun re temp_1_ -> + (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in - let _:usize = temp_1_ in - true) + let j:usize = j in + (v j < 8 ==> + (forall (i: nat). + (i >= v j /\ i < 8) ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))) re (fun re j -> let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = re in let j:usize = j in + let _:Prims.unit = reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #v_Vector) in let t:v_Vector = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant #v_Vector #FStar.Tactics.Typeclasses.solve @@ -353,6 +398,10 @@ let ntt_at_layer_7_ let hax_temp_output:Prims.unit = () <: Prims.unit in re +#pop-options + +#push-options "--z3rlimit 200" + let ntt_binomially_sampled_ring_element (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -408,6 +457,8 @@ let ntt_binomially_sampled_ring_element in re +#pop-options + #push-options "--z3rlimit 200" let ntt_vector_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti index 1da9107ed..487f928cf 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fsti @@ -15,9 +15,35 @@ val ntt_layer_int_vec_step (a b: v_Vector) (zeta_r: i16) : Prims.Pure (v_Vector & v_Vector) - (requires Spec.Utils.is_i16b 3328 zeta_r) + (requires + Spec.Utils.is_i16b 1664 zeta_r /\ + (let t = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe b zeta_r in + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\ + (forall i. + i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))) (fun _ -> Prims.l_True) +[@@ "opaque_to_smt"] + let ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + +[@@ "opaque_to_smt"] + let ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) + val ntt_at_layer_1_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -25,8 +51,21 @@ val ntt_at_layer_1_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i < 64) - (fun _ -> Prims.l_True) + (requires v zeta_i == 63 /\ ntt_re_range_2 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_1 re_future /\ v zeta_i_future == 127) + +[@@ "opaque_to_smt"] + let ntt_re_range_3 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) val ntt_at_layer_2_ (#v_Vector: Type0) @@ -35,8 +74,21 @@ val ntt_at_layer_2_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i < 96) - (fun _ -> Prims.l_True) + (requires v zeta_i == 31 /\ ntt_re_range_3 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_2 re_future /\ v zeta_i_future == 63) + +[@@ "opaque_to_smt"] + let ntt_re_range_4 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])) val ntt_at_layer_3_ (#v_Vector: Type0) @@ -45,8 +97,14 @@ val ntt_at_layer_3_ (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (v__layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v zeta_i < 112) - (fun _ -> Prims.l_True) + (requires v zeta_i == 15 /\ ntt_re_range_4 re) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_3 re_future /\ v zeta_i_future == 31) val ntt_at_layer_4_plus (#v_Vector: Type0) @@ -55,15 +113,46 @@ val ntt_at_layer_4_plus (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) (layer v__initial_coefficient_bound: usize) : Prims.Pure (usize & Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - (requires v layer >= 4 /\ v layer <= 7 /\ v zeta_i + v (sz 128 >>! layer) < 128) - (fun _ -> Prims.l_True) + (requires + v layer >= 4 /\ v layer <= 7 /\ + ((v layer == 4 ==> v zeta_i == 7) /\ (v layer == 5 ==> v zeta_i == 3) /\ + (v layer == 6 ==> v zeta_i == 1) /\ (v layer == 7 ==> v zeta_i == 0))) + (ensures + fun temp_0_ -> + let zeta_i_future, re_future:(usize & + Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + temp_0_ + in + ntt_re_range_4 re_future /\ (v layer == 4 ==> v zeta_i_future == 15) /\ + (v layer == 5 ==> v zeta_i_future == 7) /\ (v layer == 6 ==> v zeta_i_future == 3) /\ + (v layer == 7 ==> v zeta_i_future == 1)) + +[@@ "opaque_to_smt"] + let ntt_layer_7_pre (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re_0 re_1: v_Vector) = + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\ + (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i)))) val ntt_at_layer_7_ (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + forall i. + i < 8 ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])) (fun _ -> Prims.l_True) val ntt_binomially_sampled_ring_element @@ -71,7 +160,10 @@ val ntt_binomially_sampled_ring_element {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) : Prims.Pure (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) - Prims.l_True + (requires + forall i. + i < 8 ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])) (fun _ -> Prims.l_True) val ntt_vector_u diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Makefile b/libcrux-ml-kem/proofs/fstar/extraction/Makefile index 6f87406db..bd794d873 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Makefile +++ b/libcrux-ml-kem/proofs/fstar/extraction/Makefile @@ -1,6 +1,7 @@ SLOW_MODULES += Libcrux_ml_kem.Vector.Portable.Serialize.fst ADMIT_MODULES = Libcrux_ml_kem.Ind_cca.Unpacked.fst \ + Libcrux_ml_kem.Vector.Avx2.fsti \ Libcrux_ml_kem.Vector.Avx2.fst \ Libcrux_ml_kem.Vector.Avx2.Ntt.fst \ Libcrux_ml_kem.Vector.Avx2.Sampling.fst \ diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 4107d8034..0e190f789 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -8,18 +8,40 @@ use crate::{ #[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = admit()"))] -#[hax_lib::requires(fstar!("v ${*zeta_i} < 64"))] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_2 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_1 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 63 /\\ + ntt_re_range_2 $re"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_1 ${re}_future /\\ + v ${*zeta_i}_future == 127"))] pub(crate) fn ntt_at_layer_1( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_1) (ntt_re_range_1 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 4 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i + 1); @@ -33,23 +55,41 @@ pub(crate) fn ntt_at_layer_1( get_zeta (*zeta_i + 3), ); *zeta_i += 3; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} < 96"))] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_3 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 31 /\\ + ntt_re_range_3 $re"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_2 ${re}_future /\\ + v ${*zeta_i}_future == 63"))] pub(crate) fn ntt_at_layer_2( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_2) (ntt_re_range_2 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round * 2 /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i); zetas_b_lemma (v zeta_i + 1)"); @@ -59,33 +99,62 @@ pub(crate) fn ntt_at_layer_2( get_zeta (*zeta_i + 1), ); *zeta_i += 1; + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("v ${*zeta_i} < 112"))] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_re_range_4 (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) = + forall (i:nat). i < 16 ==> Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ]))")] +#[hax_lib::requires(fstar!("v ${*zeta_i} == 15 /\\ + ntt_re_range_4 $re"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_3 ${re}_future /\\ + v ${*zeta_i}_future == 31"))] pub(crate) fn ntt_at_layer_3( zeta_i: &mut usize, re: &mut PolynomialRingElement, _layer: usize, _initial_coefficient_bound: usize, ) { + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_4) (ntt_re_range_4 #$:Vector)"); + hax_lib::fstar!("reveal_opaque (`%ntt_re_range_3) (ntt_re_range_3 #$:Vector)"); let _zeta_i_init = *zeta_i; // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..16 { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); + hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round /\\ + (v round < 16 ==> (forall (i:nat). (i >= v round /\\ i < 16) ==> + Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))) /\\ + (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } () } #[inline(always)] -#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 3328 $zeta_r"))] +#[hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 $zeta_r /\\ + (let t = ${montgomery_multiply_fe::} $b $zeta_r in + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array $a) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))"))] fn ntt_layer_int_vec_step( mut a: Vector, mut b: Vector, @@ -98,9 +167,17 @@ fn ntt_layer_int_vec_step( } #[inline(always)] -#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("v $layer >= 4 /\\ v $layer <= 7 /\\ - v ${*zeta_i} + v (sz 128 >>! $layer) < 128"))] + ((v $layer == 4 ==> v ${*zeta_i} == 7) /\\ + (v $layer == 5 ==> v ${*zeta_i} == 3) /\\ + (v $layer == 6 ==> v ${*zeta_i} == 1) /\\ + (v $layer == 7 ==> v ${*zeta_i} == 0))"))] +#[hax_lib::ensures(|result| fstar!("ntt_re_range_4 ${re}_future /\\ + (v $layer == 4 ==> v ${*zeta_i}_future == 15) /\\ + (v $layer == 5 ==> v ${*zeta_i}_future == 7) /\\ + (v $layer == 6 ==> v ${*zeta_i}_future == 3) /\\ + (v $layer == 7 ==> v ${*zeta_i}_future == 1)"))] pub(crate) fn ntt_at_layer_4_plus( zeta_i: &mut usize, re: &mut PolynomialRingElement, @@ -113,19 +190,13 @@ pub(crate) fn ntt_at_layer_4_plus( // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for round in 0..(128 >> layer) { - hax_lib::loop_invariant!(|round: usize| { fstar!("v zeta_i == v $_zeta_i_init + v $round") }); - hax_lib::fstar!("assert (v $round < 8); - assert (v $step >= 16 /\\ v $step <= 128); - assert (v ($round *! $step) >= 0 /\\ v ($round *! $step) <= 112)"); *zeta_i += 1; let offset = round * step * 2; - hax_lib::fstar!("assert (v $offset >= 0 /\\ v $offset <= 224)"); let offset_vec = offset / 16; //FIELD_ELEMENTS_IN_VECTOR; let step_vec = step / 16; //FIELD_ELEMENTS_IN_VECTOR; for j in offset_vec..offset_vec + step_vec { - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); let (x, y) = ntt_layer_int_vec_step( re.coefficients[j], re.coefficients[j + step_vec], @@ -139,11 +210,36 @@ pub(crate) fn ntt_at_layer_4_plus( } #[inline(always)] +#[hax_lib::fstar::verification_status(lax)] +//We should make the loops inside this function `opaque_to_smt` to get it work +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] + let ntt_layer_7_pre (#v_Vector: Type0) + {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} + (re_0 re_1: v_Vector) = + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_1) i) * v (-1600s))) /\\ + (let t = Libcrux_ml_kem.Vector.Traits.f_multiply_by_constant re_1 (-1600s) in + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) - + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))) /\\ + (forall i. i < 16 ==> + Spec.Utils.is_intb (pow2 15 - 1) + (v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array re_0) i) + + v (Seq.index (Libcrux_ml_kem.Vector.Traits.f_to_i16_array t) i))))")] +#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ]) + (${re}.f_coefficients.[ sz i +! sz 8 ])"))] pub(crate) fn ntt_at_layer_7(re: &mut PolynomialRingElement) { let step = VECTORS_IN_RING_ELEMENT / 2; + hax_lib::fstar!("assert (v $step == 8)"); // The semicolon and parentheses at the end of loop are a workaround // for the following bug https://github.com/hacspec/hax/issues/720 for j in 0..step { + hax_lib::loop_invariant!(|j: usize| { fstar!("(v j < 8 ==> + (forall (i:nat). (i >= v j /\\ i < 8) ==> + ntt_layer_7_pre (re.f_coefficients.[ sz i ]) (re.f_coefficients.[ sz i +! sz 8 ])))") }); + hax_lib::fstar!("reveal_opaque (`%ntt_layer_7_pre) (ntt_layer_7_pre #$:Vector)"); let t = Vector::multiply_by_constant(re.coefficients[j + step], -1600); re.coefficients[j + step] = Vector::sub(re.coefficients[j], &t); re.coefficients[j] = Vector::add(re.coefficients[j], &t); @@ -152,6 +248,9 @@ pub(crate) fn ntt_at_layer_7(re: &mut PolynomialRingElement< } #[inline(always)] +#[hax_lib::fstar::options("--z3rlimit 200")] +#[hax_lib::requires(fstar!("forall i. i < 8 ==> ntt_layer_7_pre (${re}.f_coefficients.[ sz i ]) + (${re}.f_coefficients.[ sz i +! sz 8 ])"))] pub(crate) fn ntt_binomially_sampled_ring_element( re: &mut PolynomialRingElement, ) { From ac15d167e84c89f6a25552ba888fe36d3e984cff Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 10:40:04 +0200 Subject: [PATCH 340/348] in-ntt --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 37 +++++++++++++++---- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 12 ++++-- libcrux-ml-kem/src/vector/portable/ntt.rs | 35 ++++++++++++++++-- 3 files changed, 69 insertions(+), 15 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index 8f1101bd9..b95ef9999 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -12,18 +12,35 @@ let inv_ntt_step (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) -! (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) in - let o0:i16 = - Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element ((vec - .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] - <: - i16) +! - (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) - <: - i16) + let a_plus_b:i16 = + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ j ] <: i16) +! + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) + in + let _:Prims.unit = + assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))); + assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) in + let o0:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.barrett_reduce_element a_plus_b in let o1:i16 = Libcrux_ml_kem.Vector.Portable.Arithmetic.montgomery_multiply_fe_by_fer a_minus_b zeta in + let _:Prims.unit = + calc ( == ) { + v o0 % 3329; + ( == ) { () } + v a_plus_b % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329; + }; + calc ( == ) { + v o1 % 3329; + ( == ) { () } + (v a_minus_b * v zeta * 169) % 3329; + ( == ) { () } + ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % + 3329; + } + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -50,6 +67,10 @@ let inv_ntt_step <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (Seq.index vec.f_elements (v i) == o0); + assert (Seq.index vec.f_elements (v j) == o1) + in vec #push-options "--z3rlimit 200" diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index f6c15db23..9af9a8feb 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -9,7 +9,7 @@ val inv_ntt_step (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + v i < 16 /\ v j < 16 /\ v i <> v j /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (4 * 3328) vec.f_elements) (ensures fun vec_future -> @@ -19,7 +19,13 @@ val inv_ntt_step (k <> v i /\ k <> v j) ==> Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ - Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)))) + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j))) /\ + ((v (Seq.index vec_future.f_elements (v i)) % 3329) == + (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329) /\ + ((v (Seq.index vec_future.f_elements (v j)) % 3329) == + ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * + 169) % + 3329)) val inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) @@ -105,7 +111,7 @@ val ntt_step (i j: usize) : Prims.Pure Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector (requires - v i < 16 /\ v j < 16 /\ Spec.Utils.is_i16b 1664 zeta /\ + v i < 16 /\ v j < 16 /\ v i <> v j /\ Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\ Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ i ] /\ Spec.Utils.is_i16b (11207 + 5 * 3328) vec.f_elements.[ j ]) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index 002203745..df6fcdf98 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -3,7 +3,8 @@ use super::vector_type::*; #[inline(always)] #[hax_lib::fstar::verification_status(lax)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ + Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\ Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[i] /\\ Spec.Utils.is_i16b (11207 + 5*3328) vec.f_elements.[j]"))] @@ -78,19 +79,45 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe } #[inline(always)] -#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ Spec.Utils.is_i16b 1664 $zeta /\\ +#[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ + Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\ (forall k. (k <> v i /\\ k <> v j) ==> Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ - Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)))"))] + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j))) /\\ + ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == + (v (Seq.index ${vec}.f_elements (v j)) + v (Seq.index ${vec}.f_elements (v i))) % 3329) /\\ + ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == + ((v (Seq.index ${vec}.f_elements (v j)) - v (Seq.index ${vec}.f_elements (v i))) + * v ${zeta} * 169) % 3329)"))] pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let a_minus_b = vec.elements[j] - vec.elements[i]; - let o0 = barrett_reduce_element(vec.elements[i] + vec.elements[j]); + let a_plus_b = vec.elements[j] + vec.elements[i]; + hax_lib::fstar!("assert (v a_minus_b = v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))); + assert (v a_plus_b = v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i)))"); + let o0 = barrett_reduce_element(a_plus_b); let o1 = montgomery_multiply_fe_by_fer(a_minus_b, zeta); + hax_lib::fstar!(" + calc (==) { + v o0 % 3329; + (==) { } + v a_plus_b % 3329; + (==) { } + (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329; + }; + calc (==) { + v o1 % 3329; + (==) { } + (v a_minus_b * v zeta * 169) % 3329; + (==) { } + ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * 169) % 3329; + }"); vec.elements[i] = o0; vec.elements[j] = o1; + hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == o0); + assert (Seq.index vec.f_elements (v j) == o1)"); } #[inline(always)] From 5f23a82afe8d971fa23fa424e9675a9898e6a8e0 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 14:09:45 +0200 Subject: [PATCH 341/348] ntt --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fst | 57 +++++++++++++++++-- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 14 ++++- libcrux-ml-kem/src/vector/portable/ntt.rs | 42 ++++++++++++-- 3 files changed, 102 insertions(+), 11 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst index b95ef9999..06bc6c676 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fst @@ -322,8 +322,6 @@ let ntt_multiply_binomials #pop-options -#push-options "--admit_smt_queries true" - let ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -336,6 +334,51 @@ let ntt_step i16) zeta in + let _:Prims.unit = + assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) + in + let a_minus_t:i16 = + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t + in + let _:Prims.unit = + calc ( == ) { + v a_minus_t % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) - v t) % 3329; + ( == ) { Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v i))) (v t) 3329 } + (v (Seq.index vec.f_elements (v i)) - (v t % 3329)) % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) - + ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) % + 3329; + ( == ) { Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v i))) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169) + 3329 } + (v (Seq.index vec.f_elements (v i)) - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329; + } + in + let a_plus_t:i16 = + (vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t + in + let _:Prims.unit = + calc ( == ) { + v a_plus_t % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) + v t) % 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v i))) (v t) 3329 } + (v (Seq.index vec.f_elements (v i)) + (v t % 3329)) % 3329; + ( == ) { () } + (v (Seq.index vec.f_elements (v i)) + + ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329)) % + 3329; + ( == ) { Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v i))) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169) + 3329 } + (v (Seq.index vec.f_elements (v i)) + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329; + } + in let vec:Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector = { vec with @@ -344,7 +387,7 @@ let ntt_step Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements j - ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) -! t <: i16) + a_minus_t } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector @@ -357,15 +400,17 @@ let ntt_step Rust_primitives.Hax.Monomorphized_update_at.update_at_usize vec .Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements i - ((vec.Libcrux_ml_kem.Vector.Portable.Vector_type.f_elements.[ i ] <: i16) +! t <: i16) + a_plus_t } <: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector in + let _:Prims.unit = + assert (Seq.index vec.f_elements (v i) == a_plus_t); + assert (Seq.index vec.f_elements (v j) == a_minus_t) + in vec -#pop-options - #push-options "--z3rlimit 100" let ntt_layer_1_step diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 9af9a8feb..39df6b636 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -3,6 +3,8 @@ module Libcrux_ml_kem.Vector.Portable.Ntt open Core open FStar.Mul +[@@ "opaque_to_smt"] + val inv_ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -105,6 +107,8 @@ val ntt_multiply_binomials ((v oi % 3329) == (((v ai * v bi + (v aj * v bj * v zeta * 169)) * 169) % 3329)) /\ ((v oj % 3329) == (((v ai * v bj + v aj * v bi) * 169) % 3329)))) +[@@ "opaque_to_smt"] + val ntt_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) (zeta: i16) @@ -125,7 +129,15 @@ val ntt_step (Spec.Utils.is_i16b b vec.f_elements.[ i ] /\ Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> (Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\ - Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ]))) + Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ])) /\ + ((v (Seq.index vec_future.f_elements (v i)) % 3329) == + (v (Seq.index vec.f_elements (v i)) + + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329) /\ + ((v (Seq.index vec_future.f_elements (v j)) % 3329) == + (v (Seq.index vec.f_elements (v i)) - + (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % + 3329)) val ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index df6fcdf98..afebb9e01 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -2,7 +2,7 @@ use super::arithmetic::*; use super::vector_type::*; #[inline(always)] -#[hax_lib::fstar::verification_status(lax)] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (11207 + 6 * 3328) vec.f_elements /\\ @@ -13,11 +13,44 @@ use super::vector_type::*; (forall b. (Spec.Utils.is_i16b b ${vec}.f_elements.[i] /\\ Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\ - Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j]))"))] + Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\\ + ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == + (v (Seq.index ${vec}.f_elements (v $i)) + (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329) /\\ + ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == + (v (Seq.index ${vec}.f_elements (v $i)) - (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329)"))] pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); - vec.elements[j] = vec.elements[i] - t; - vec.elements[i] = vec.elements[i] + t; + hax_lib::fstar!("assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))"); + let a_minus_t = vec.elements[i] - t; + hax_lib::fstar!(" + calc (==) { + v $a_minus_t % 3329; + (==) {} + (v (Seq.index vec.f_elements (v i)) - v ${t}) % 3329; + (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v $t) 3329} + (v (Seq.index vec.f_elements (v $i)) - (v $t % 3329)) % 3329; + (==) {} + (v (Seq.index vec.f_elements (v i)) - ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329; + (==) {Math.Lemmas.lemma_mod_sub_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329} + (v (Seq.index vec.f_elements (v $i)) - (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329; + }"); + let a_plus_t = vec.elements[i] + t; + hax_lib::fstar!(" + calc (==) { + v a_plus_t % 3329; + (==) {} + (v (Seq.index vec.f_elements (v $i)) + v $t) % 3329; + (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v $t) 3329} + (v (Seq.index vec.f_elements (v $i)) + (v $t % 3329)) % 3329; + (==) {} + (v (Seq.index vec.f_elements (v $i)) + ((v (Seq.index vec.f_elements (v $j)) * v $zeta * 169) % 3329)) % 3329; + (==) {Math.Lemmas.lemma_mod_add_distr (v (Seq.index vec.f_elements (v $i))) (v (Seq.index vec.f_elements (v $j)) * v zeta * 169) 3329} + (v (Seq.index vec.f_elements (v $i)) + (v (Seq.index vec.f_elements (v $j)) * v $zeta * 169)) % 3329; + }"); + vec.elements[j] = a_minus_t; + vec.elements[i] = a_plus_t; + hax_lib::fstar!("assert (Seq.index vec.f_elements (v i) == a_plus_t); + assert (Seq.index vec.f_elements (v j) == a_minus_t)"); } #[inline(always)] @@ -79,6 +112,7 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe } #[inline(always)] +#[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"]")] #[hax_lib::requires(fstar!("v i < 16 /\\ v j < 16 /\\ v i <> v j /\\ Spec.Utils.is_i16b 1664 $zeta /\\ Spec.Utils.is_i16b_array (4*3328) ${vec}.f_elements"))] From 96c8bf61eefd0db931b9e1f288745608f8719353 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 15:20:45 +0200 Subject: [PATCH 342/348] ntt-spec --- .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 11 +++-------- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 17 +++++++++++++++++ libcrux-ml-kem/src/vector/portable/ntt.rs | 15 ++++----------- 3 files changed, 24 insertions(+), 19 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index 39df6b636..aac63b526 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -20,14 +20,9 @@ val inv_ntt_step (forall k. (k <> v i /\ k <> v j) ==> Seq.index vec_future.f_elements k == Seq.index vec.f_elements k) /\ - (Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ - Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j))) /\ - ((v (Seq.index vec_future.f_elements (v i)) % 3329) == - (v (Seq.index vec.f_elements (v j)) + v (Seq.index vec.f_elements (v i))) % 3329) /\ - ((v (Seq.index vec_future.f_elements (v j)) % 3329) == - ((v (Seq.index vec.f_elements (v j)) - v (Seq.index vec.f_elements (v i))) * v zeta * - 169) % - 3329)) + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v i)) /\ + Spec.Utils.is_i16b 3328 (Seq.index vec_future.f_elements (v j)) /\ + Spec.Utils.inv_ntt_spec vec.f_elements (v zeta) (v i) (v j) vec_future.f_elements) val inv_ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 516901137..37ddaf07d 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -470,3 +470,20 @@ let lemma_shift_right_15_i16 (x:i16): Rust_primitives.Integers.mk_int_v_lemma #i16_inttype 0s; Rust_primitives.Integers.mk_int_v_lemma #i16_inttype (-1s); () + +val ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len}) + (vec_out: t_Array i16 len) : Type0 +let ntt_spec vec_in zeta i j vec_out = + ((v (Seq.index vec_out i) % 3329) == + ((v (Seq.index vec_in i) + (v (Seq.index vec_in j) * zeta * 169)) % 3329)) /\ + ((v (Seq.index vec_out j) % 3329) == + ((v (Seq.index vec_in i) - (v (Seq.index vec_in j) * zeta * 169)) % 3329)) + +val inv_ntt_spec #len (vec_in: t_Array i16 len) (zeta: int) (i: nat{i < v len}) (j: nat{j < v len}) + (vec_out: t_Array i16 len) : Type0 +let inv_ntt_spec vec_in zeta i j vec_out = + ((v (Seq.index vec_out i) % 3329) == + ((v (Seq.index vec_in j) + v (Seq.index vec_in i)) % 3329)) /\ + ((v (Seq.index vec_out j) % 3329) == + (((v (Seq.index vec_in j) - v (Seq.index vec_in i)) * zeta * 169) % 3329)) + diff --git a/libcrux-ml-kem/src/vector/portable/ntt.rs b/libcrux-ml-kem/src/vector/portable/ntt.rs index afebb9e01..35abf02ce 100644 --- a/libcrux-ml-kem/src/vector/portable/ntt.rs +++ b/libcrux-ml-kem/src/vector/portable/ntt.rs @@ -14,10 +14,7 @@ use super::vector_type::*; Spec.Utils.is_i16b b ${vec}.f_elements.[j]) ==> (Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[i] /\\ Spec.Utils.is_i16b (b+3328) ${vec}_future.f_elements.[j])) /\\ - ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == - (v (Seq.index ${vec}.f_elements (v $i)) + (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329) /\\ - ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == - (v (Seq.index ${vec}.f_elements (v $i)) - (v (Seq.index ${vec}.f_elements (v $j)) * v $zeta * 169)) % 3329)"))] + Spec.Utils.ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))] pub(crate) fn ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let t = montgomery_multiply_fe_by_fer(vec.elements[j], zeta); hax_lib::fstar!("assert (v t % 3329 == ((v (Seq.index vec.f_elements (v j)) * v zeta * 169) % 3329))"); @@ -119,13 +116,9 @@ pub(crate) fn ntt_layer_3_step(mut vec: PortableVector, zeta: i16) -> PortableVe #[hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array (4*3328) ${vec}_future.f_elements /\\ (forall k. (k <> v i /\\ k <> v j) ==> Seq.index ${vec}_future.f_elements k == Seq.index ${vec}.f_elements k) /\\ - (Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ - Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j))) /\\ - ((v (Seq.index ${vec}_future.f_elements (v i)) % 3329) == - (v (Seq.index ${vec}.f_elements (v j)) + v (Seq.index ${vec}.f_elements (v i))) % 3329) /\\ - ((v (Seq.index ${vec}_future.f_elements (v j)) % 3329) == - ((v (Seq.index ${vec}.f_elements (v j)) - v (Seq.index ${vec}.f_elements (v i))) - * v ${zeta} * 169) % 3329)"))] + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v i)) /\\ + Spec.Utils.is_i16b 3328 (Seq.index ${vec}_future.f_elements (v j)) /\\ + Spec.Utils.inv_ntt_spec ${vec}.f_elements (v $zeta) (v $i) (v $j) ${vec}_future.f_elements"))] pub(crate) fn inv_ntt_step(vec: &mut PortableVector, zeta: i16, i: usize, j: usize) { let a_minus_b = vec.elements[j] - vec.elements[i]; let a_plus_b = vec.elements[j] + vec.elements[i]; From 3d6773fd2529615810907a1213ab85761ac15b4b Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 16:17:20 +0200 Subject: [PATCH 343/348] spec-utils --- libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 8c8b55946..7830cfe11 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -189,6 +189,7 @@ let lemma_mul_intb (b1 b2: nat) (n1 n2: int) = lemma_abs_bound (n1 * n2) (b1 * b2) #pop-options +#push-options "--z3rlimit 200" val lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 * b2 < pow2 31)) (ensures (range (v n1 * v n2) i32_inttype /\ is_i32b (b1 * b2) ((cast n1 <: i32) *! (cast n2 <: i32)))) @@ -204,6 +205,7 @@ let lemma_mul_i16b (b1 b2: nat) (n1 n2: i16) = lemma_mult_le_left (abs (v n1)) (abs (v n2)) b2; lemma_mult_le_right b2 (abs (v n1)) b1; lemma_abs_bound (v n1 * v n2) (b1 * b2) +#pop-options val lemma_add_i16b (b1 b2:nat) (n1 n2:i16) : Lemma (requires (is_i16b b1 n1 /\ is_i16b b2 n2 /\ b1 + b2 < pow2 15)) From 0e1943ac02e87b0a0f08a6b0dff97932b196f845 Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Sun, 29 Sep 2024 22:21:29 +0200 Subject: [PATCH 344/348] verifies --- .../extraction/Libcrux_ml_kem.Ind_cpa.fst | 8 ++-- .../extraction/Libcrux_ml_kem.Invert_ntt.fst | 37 +++++++++++++------ .../extraction/Libcrux_ml_kem.Matrix.fst | 18 ++++++--- .../fstar/extraction/Libcrux_ml_kem.Ntt.fst | 37 +++++++++++++------ .../Libcrux_ml_kem.Vector.Portable.Ntt.fsti | 9 +---- .../Libcrux_ml_kem.Vector.Traits.fsti | 26 ++++++------- .../proofs/fstar/spec/Spec.Utils.fst | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 2 +- libcrux-ml-kem/src/invert_ntt.rs | 28 +++++++++----- libcrux-ml-kem/src/matrix.rs | 6 +-- libcrux-ml-kem/src/ntt.rs | 28 +++++++++----- libcrux-ml-kem/src/variant.rs | 4 +- libcrux-ml-kem/src/vector/traits.rs | 24 ++++++------ 13 files changed, 137 insertions(+), 92 deletions(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst index d10041393..4821be2e5 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ind_cpa.fst @@ -101,6 +101,8 @@ let sample_ring_element_cbd let _:Prims.unit = admit () (* Panic freedom *) in result +#push-options "--admit_smt_queries true" + let sample_vector_cbd_then_ntt (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) @@ -183,13 +185,13 @@ let sample_vector_cbd_then_ntt in re_as_ntt) in - let result:u8 = domain_separator in - let _:Prims.unit = admit () (* Panic freedom *) in - let hax_temp_output:u8 = result in + let hax_temp_output:u8 = domain_separator in re_as_ntt, hax_temp_output <: (t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K & u8) +#pop-options + let sample_vector_cbd_then_ntt_out (v_K v_ETA v_ETA_RANDOMNESS_SIZE: usize) (#v_Vector #v_Hasher: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst index f2af36e02..7293e04c6 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Invert_ntt.fst @@ -29,10 +29,6 @@ let inv_ntt_layer_int_vec_step_reduce let b:v_Vector = Libcrux_ml_kem.Vector.Traits.montgomery_multiply_fe #v_Vector a_minus_b zeta_r in a, b <: (v_Vector & v_Vector) -let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = - admit() - let invert_ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -71,10 +67,9 @@ let invert_ntt_at_layer_1_ let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1); - zetas_b_lemma (v zeta_i - 2); - zetas_b_lemma (v zeta_i - 3) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -98,6 +93,11 @@ let invert_ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 3 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -144,8 +144,9 @@ let invert_ntt_at_layer_2_ let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -167,6 +168,11 @@ let invert_ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i -! sz 1 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -212,7 +218,11 @@ let invert_ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i -! sz 1 in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -231,6 +241,11 @@ let invert_ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst index 276b16735..227ecb785 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Matrix.fst @@ -105,6 +105,8 @@ let compute_As_plus_e let hax_temp_output:Prims.unit = result in tt_as_ntt +#push-options "--admit_smt_queries true" + let compute_ring_element_v (v_K: usize) (#v_Vector: Type0) @@ -144,10 +146,12 @@ let compute_ring_element_v let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl_2__add_message_error_reduce #v_Vector error_2_ message result in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let _:Prims.unit = admit () (* Panic freedom *) in result +#pop-options + +#push-options "--admit_smt_queries true" + let compute_vector_u (v_K: usize) (#v_Vector: Type0) @@ -247,10 +251,12 @@ let compute_vector_u in result) in - let result:t_Array (Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector) v_K = result in - let _:Prims.unit = admit () (* Panic freedom *) in result +#pop-options + +#push-options "--admit_smt_queries true" + let compute_message (v_K: usize) (#v_Vector: Type0) @@ -291,10 +297,10 @@ let compute_message let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = Libcrux_ml_kem.Polynomial.impl_2__subtract_reduce #v_Vector v result in - let result:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = result in - let _:Prims.unit = admit () (* Panic freedom *) in result +#pop-options + let sample_matrix_A (v_K: usize) (#v_Vector #v_Hasher: Type0) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst index d5a455351..5d86ce050 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Ntt.fst @@ -26,10 +26,6 @@ let ntt_layer_int_vec_step in a, b <: (v_Vector & v_Vector) -let zetas_b_lemma (i:nat{i >= 0 /\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (Libcrux_ml_kem.Polynomial.get_zeta (sz i))) = - admit() - let ntt_at_layer_1_ (#v_Vector: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -68,10 +64,9 @@ let ntt_at_layer_1_ let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1); - zetas_b_lemma (v zeta_i + 2); - zetas_b_lemma (v zeta_i + 3) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -95,6 +90,11 @@ let ntt_at_layer_1_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 3 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -142,8 +142,9 @@ let ntt_at_layer_2_ let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in let _:Prims.unit = - zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1) + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { @@ -165,6 +166,11 @@ let ntt_at_layer_2_ Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in let zeta_i:usize = zeta_i +! sz 1 in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) @@ -211,7 +217,11 @@ let ntt_at_layer_3_ in let round:usize = round in let zeta_i:usize = zeta_i +! sz 1 in - let _:Prims.unit = zetas_b_lemma (v zeta_i) in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let re:Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector = { re with @@ -230,6 +240,11 @@ let ntt_at_layer_3_ <: Libcrux_ml_kem.Polynomial.t_PolynomialRingElement v_Vector in + let _:Prims.unit = + reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) + in let _:Prims.unit = assert (Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ]))) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti index aac63b526..1b1a575e4 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.Ntt.fsti @@ -125,14 +125,7 @@ val ntt_step Spec.Utils.is_i16b b vec.f_elements.[ j ]) ==> (Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ i ] /\ Spec.Utils.is_i16b (b + 3328) vec_future.f_elements.[ j ])) /\ - ((v (Seq.index vec_future.f_elements (v i)) % 3329) == - (v (Seq.index vec.f_elements (v i)) + - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % - 3329) /\ - ((v (Seq.index vec_future.f_elements (v j)) % 3329) == - (v (Seq.index vec.f_elements (v i)) - - (v (Seq.index vec.f_elements (v j)) * v zeta * 169)) % - 3329)) + Spec.Utils.ntt_spec vec.f_elements (v zeta) (v i) (v j) vec_future.f_elements) val ntt_layer_1_step (vec: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti index fa9558579..cb32321d0 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Traits.fsti @@ -183,7 +183,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr a) ==> pred }; f_ntt_layer_1_step_post: a: v_Self -> @@ -192,7 +192,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 6 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 6 * 3328) (f_repr out)}; f_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -201,10 +201,10 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr a) ==> pred }; f_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 5 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 5 * 3328) (f_repr out)}; f_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_ntt_layer_2_step_pre x0 x1 x2) @@ -212,11 +212,10 @@ class t_Operations (v_Self: Type0) = { f_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: Type0 - { Spec.Utils.is_i16b 1664 zeta /\ - Spec.Utils.is_i16b_array_opaque (11207 + 3 * 3328) (f_repr a) ==> + { Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array (11207 + 3 * 3328) (f_repr a) ==> pred }; f_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque (11207 + 4 * 3328) (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array (11207 + 4 * 3328) (f_repr out)}; f_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_ntt_layer_3_step_pre x0 x1) @@ -226,7 +225,7 @@ class t_Operations (v_Self: Type0) = { Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ Spec.Utils.is_i16b 1664 zeta2 /\ Spec.Utils.is_i16b 1664 zeta3 /\ - Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr a) ==> + Spec.Utils.is_i16b_array (4 * 3328) (f_repr a) ==> pred }; f_inv_ntt_layer_1_step_post: a: v_Self -> @@ -235,7 +234,7 @@ class t_Operations (v_Self: Type0) = { zeta2: i16 -> zeta3: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_1_step:x0: v_Self -> x1: i16 -> x2: i16 -> x3: i16 -> x4: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_1_step_pre x0 x1 x2 x3 x4) @@ -244,20 +243,19 @@ class t_Operations (v_Self: Type0) = { -> pred: Type0 { Spec.Utils.is_i16b 1664 zeta0 /\ Spec.Utils.is_i16b 1664 zeta1 /\ - Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> + Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred }; f_inv_ntt_layer_2_step_post:a: v_Self -> zeta0: i16 -> zeta1: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_2_step:x0: v_Self -> x1: i16 -> x2: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_2_step_pre x0 x1 x2) (fun result -> f_inv_ntt_layer_2_step_post x0 x1 x2 result); f_inv_ntt_layer_3_step_pre:a: v_Self -> zeta: i16 -> pred: - Type0 - {Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array_opaque 3328 (f_repr a) ==> pred}; + Type0{Spec.Utils.is_i16b 1664 zeta /\ Spec.Utils.is_i16b_array 3328 (f_repr a) ==> pred}; f_inv_ntt_layer_3_step_post:a: v_Self -> zeta: i16 -> out: v_Self - -> pred: Type0{pred ==> Spec.Utils.is_i16b_array_opaque 3328 (f_repr out)}; + -> pred: Type0{pred ==> Spec.Utils.is_i16b_array 3328 (f_repr out)}; f_inv_ntt_layer_3_step:x0: v_Self -> x1: i16 -> Prims.Pure v_Self (f_inv_ntt_layer_3_step_pre x0 x1) diff --git a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst index 686503ffe..54fb8b3be 100644 --- a/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst +++ b/libcrux-ml-kem/proofs/fstar/spec/Spec.Utils.fst @@ -160,7 +160,7 @@ let is_i16b_vector (l:nat) (r:usize) (x:t_Array (t_Array i16 (sz 256)) r) = fora let is_i16b_matrix (l:nat) (r:usize) (x:t_Array (t_Array (t_Array i16 (sz 256)) r) r) = forall i. i < v r ==> is_i16b_vector l r (Seq.index x i) [@ "opaque_to_smt"] -let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = forall i. i < Seq.length x ==> is_i16b l (Seq.index x i) +let is_i16b_array_opaque (l:nat) (x:t_Slice i16) = is_i16b_array l x let is_i32b (l:nat) (x:i32) = is_intb l (v x) let is_i32b_array (l:nat) (x:t_Slice i32) = forall i. i < Seq.length x ==> is_i32b l (Seq.index x i) diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 1dcb0d4c1..81aa3e1e8 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -187,7 +187,7 @@ fn sample_ring_element_cbd< /// Sample a vector of ring elements from a centered binomial distribution and /// convert them into their NTT representations. #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K /\\ $ETA_RANDOMNESS_SIZE == Spec.MLKEM.v_ETA1_RANDOMNESS_SIZE $K /\\ $ETA == Spec.MLKEM.v_ETA1 $K /\\ diff --git a/libcrux-ml-kem/src/invert_ntt.rs b/libcrux-ml-kem/src/invert_ntt.rs index 62d6a5947..49fa7fea5 100644 --- a/libcrux-ml-kem/src/invert_ntt.rs +++ b/libcrux-ml-kem/src/invert_ntt.rs @@ -5,9 +5,6 @@ use crate::{ }; #[inline(always)] -#[hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = - admit()")] #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] let invert_ntt_re_range_2 (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -42,10 +39,9 @@ pub(crate) fn invert_ntt_at_layer_1( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1); - zetas_b_lemma (v zeta_i - 2); - zetas_b_lemma (v zeta_i - 3)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::inv_ntt_layer_1_step( re.coefficients[round], get_zeta (*zeta_i), @@ -54,6 +50,9 @@ pub(crate) fn invert_ntt_at_layer_1( get_zeta (*zeta_i - 3), ); *zeta_i -= 3; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -82,14 +81,18 @@ pub(crate) fn invert_ntt_at_layer_2( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i - 1)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::inv_ntt_layer_2_step( re.coefficients[round], get_zeta (*zeta_i), get_zeta (*zeta_i - 1), ); *zeta_i -= 1; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -118,9 +121,14 @@ pub(crate) fn invert_ntt_at_layer_3( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i -= 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::inv_ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque 3328 + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque 3328 (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } diff --git a/libcrux-ml-kem/src/matrix.rs b/libcrux-ml-kem/src/matrix.rs index 881c86d4f..855b45891 100644 --- a/libcrux-ml-kem/src/matrix.rs +++ b/libcrux-ml-kem/src/matrix.rs @@ -45,7 +45,7 @@ pub(crate) fn sample_matrix_A( /// Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let open Libcrux_ml_kem.Polynomial in @@ -109,7 +109,7 @@ pub(crate) fn compute_ring_element_v( /// Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ #[inline(always)] -#[hax_lib::fstar::verification_status(panic_free)] +#[hax_lib::fstar::verification_status(lax)] #[hax_lib::requires(fstar!("Spec.MLKEM.is_rank $K"))] #[hax_lib::ensures(|res| fstar!("let open Libcrux_ml_kem.Polynomial in diff --git a/libcrux-ml-kem/src/ntt.rs b/libcrux-ml-kem/src/ntt.rs index 0e190f789..b3aa4087e 100644 --- a/libcrux-ml-kem/src/ntt.rs +++ b/libcrux-ml-kem/src/ntt.rs @@ -5,9 +5,6 @@ use crate::{ }; #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::before("let zetas_b_lemma (i:nat{i >= 0 /\\ i < 128}) : Lemma - (Spec.Utils.is_i16b 1664 (${get_zeta} (sz i))) = - admit()"))] #[hax_lib::fstar::before(interface, "[@@ \"opaque_to_smt\"] let ntt_re_range_2 (#v_Vector: Type0) {| i1: Libcrux_ml_kem.Vector.Traits.t_Operations v_Vector |} @@ -43,10 +40,9 @@ pub(crate) fn ntt_at_layer_1( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+6*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1); - zetas_b_lemma (v zeta_i + 2); - zetas_b_lemma (v zeta_i + 3)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::ntt_layer_1_step( re.coefficients[round], get_zeta (*zeta_i), @@ -55,6 +51,9 @@ pub(crate) fn ntt_at_layer_1( get_zeta (*zeta_i + 3), ); *zeta_i += 3; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+6*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+6*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -91,14 +90,18 @@ pub(crate) fn ntt_at_layer_2( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+5*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i); - zetas_b_lemma (v zeta_i + 1)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::ntt_layer_2_step( re.coefficients[round], get_zeta (*zeta_i), get_zeta (*zeta_i + 1), ); *zeta_i += 1; + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+5*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+5*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } @@ -135,9 +138,14 @@ pub(crate) fn ntt_at_layer_3( (forall (i:nat). i < v $round ==> Spec.Utils.is_i16b_array_opaque (11207+4*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ sz i ])))") }); *zeta_i += 1; - hax_lib::fstar!("zetas_b_lemma (v zeta_i)"); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+3*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); re.coefficients[round] = Vector::ntt_layer_3_step(re.coefficients[round], get_zeta (*zeta_i)); + hax_lib::fstar!("reveal_opaque (`%Spec.Utils.is_i16b_array_opaque) + (Spec.Utils.is_i16b_array_opaque (11207+4*3328) + (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ round ])))"); hax_lib::fstar!("assert (Spec.Utils.is_i16b_array_opaque (11207+4*3328) (Libcrux_ml_kem.Vector.Traits.f_to_i16_array (re.f_coefficients.[ $round ])))"); } diff --git a/libcrux-ml-kem/src/variant.rs b/libcrux-ml-kem/src/variant.rs index 5ccee1f83..0ce3c7182 100644 --- a/libcrux-ml-kem/src/variant.rs +++ b/libcrux-ml-kem/src/variant.rs @@ -12,13 +12,13 @@ use crate::{constants::CPA_PKE_KEY_GENERATION_SEED_SIZE, hash_functions::Hash, M #[hax_lib::attributes] pub(crate) trait Variant { #[requires(shared_secret.len() == 32)] - #[ensures(|res| fstar!("$res == $shared_secret"))] // FIX: Only true for ML-KEM, not Kyber + #[ensures(|res| fstar!("$res == $shared_secret"))] // We only have post-conditions for ML-KEM, not Kyber fn kdf>( shared_secret: &[u8], ciphertext: &MlKemCiphertext, ) -> [u8; 32]; #[requires(randomness.len() == 32)] - #[ensures(|res| fstar!("$res == $randomness"))] // FIX: Only true for ML-KEM, not Kyber + #[ensures(|res| fstar!("$res == $randomness"))] // We only have post-conditions for ML-KEM, not Kyber fn entropy_preprocess>(randomness: &[u8]) -> [u8; 32]; #[requires(seed.len() == 32)] fn cpa_keygen_seed>(seed: &[u8]) -> [u8; 64]; diff --git a/libcrux-ml-kem/src/vector/traits.rs b/libcrux-ml-kem/src/vector/traits.rs index 26a570f59..61679a724 100644 --- a/libcrux-ml-kem/src/vector/traits.rs +++ b/libcrux-ml-kem/src/vector/traits.rs @@ -95,30 +95,30 @@ pub trait Operations: Copy + Clone + Repr { // NTT #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+6*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array (11207+5*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+6*3328) (f_repr $out)"))] fn ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+5*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array (11207+4*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+5*3328) (f_repr $out)"))] fn ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta /\\ - Spec.Utils.is_i16b_array_opaque (11207+3*3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque (11207+4*3328) (f_repr $out)"))] + Spec.Utils.is_i16b_array (11207+3*3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array (11207+4*3328) (f_repr $out)"))] fn ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ Spec.Utils.is_i16b 1664 zeta2 /\\ Spec.Utils.is_i16b 1664 zeta3 /\\ - Spec.Utils.is_i16b_array_opaque (4 * 3328) (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array (4 * 3328) (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_1_step(a: Self, zeta0: i16, zeta1: i16, zeta2: i16, zeta3: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ - Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_2_step(a: Self, zeta0: i16, zeta1: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta/\\ - Spec.Utils.is_i16b_array_opaque 3328 (f_repr ${a})"))] - #[ensures(|out| fstar!("Spec.Utils.is_i16b_array_opaque 3328 (f_repr $out)"))] + Spec.Utils.is_i16b_array 3328 (f_repr ${a})"))] + #[ensures(|out| fstar!("Spec.Utils.is_i16b_array 3328 (f_repr $out)"))] fn inv_ntt_layer_3_step(a: Self, zeta: i16) -> Self; #[requires(fstar!("Spec.Utils.is_i16b 1664 zeta0 /\\ Spec.Utils.is_i16b 1664 zeta1 /\\ From 585fd7dafa4714ffdbfb08bb7e7c71a5975a6da1 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 29 Sep 2024 20:24:42 +0000 Subject: [PATCH 345/348] c code --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 40 +- .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_mlkem_portable.h | 34 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 40 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 34 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 914 +++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1074 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 49 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- libcrux-ml-kem/cg/code_gen.txt | 4 +- libcrux-ml-kem/cg/libcrux_core.h | 18 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 655 +++++----- .../cg/libcrux_mlkem768_avx2_types.h | 4 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 799 ++++++------ .../cg/libcrux_mlkem768_portable_types.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 4 +- 42 files changed, 2096 insertions(+), 1869 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index dc4e2de87..9561d6d0d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 +F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 +Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 159a636f7..948c453a8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_core_H @@ -69,7 +69,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1( uint8_t value[1568U]); /** @@ -82,7 +82,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -95,7 +95,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61( uint8_t value[3168U]); /** @@ -107,7 +107,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0( uint8_t value[1184U]); /** @@ -120,7 +120,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -133,7 +133,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60( uint8_t value[2400U]); /** @@ -145,7 +145,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af( uint8_t value[800U]); /** @@ -158,7 +158,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6( uint8_t value[1632U]); /** @@ -182,7 +182,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_121( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -194,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1( uint8_t value[1088U]); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_401( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -228,7 +228,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_120( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -240,7 +240,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0( uint8_t value[768U]); /** @@ -252,7 +252,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_400( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** @@ -274,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe( +uint8_t *libcrux_ml_kem_types_as_slice_fd_12( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -321,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b( uint8_t value[1568U]); /** @@ -344,7 +344,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_40( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae( libcrux_ml_kem_types_MlKemCiphertext_1f *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 4e09fe0de..b6f562f22 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -41,7 +41,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -51,7 +51,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_701( +bool libcrux_ml_kem_ind_cca_validate_private_key_e11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -69,7 +69,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -90,7 +90,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -116,7 +116,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f1( +void libcrux_ml_kem_ind_cca_decapsulate_6f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -128,7 +128,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -138,7 +138,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_700( +bool libcrux_ml_kem_ind_cca_validate_private_key_e10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -156,7 +156,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -177,7 +177,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -203,7 +203,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f0( +void libcrux_ml_kem_ind_cca_decapsulate_6f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -215,7 +215,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -225,7 +225,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_70( +bool libcrux_ml_kem_ind_cca_validate_private_key_e1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -242,7 +242,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2( uint8_t randomness[64U]); /** @@ -264,7 +264,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -290,7 +290,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f( +void libcrux_ml_kem_ind_cca_decapsulate_6f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index e94b99f4e..cebf41ef3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -46,7 +46,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -56,7 +56,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ae( +bool libcrux_ml_kem_ind_cca_validate_private_key_c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext); @@ -74,7 +74,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -95,7 +95,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_191( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]); @@ -133,7 +133,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -143,7 +143,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_b4( +bool libcrux_ml_kem_ind_cca_validate_private_key_90( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext); @@ -161,7 +161,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -182,7 +182,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -208,7 +208,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_190( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -220,7 +220,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.validate_private_key @@ -230,7 +230,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_33( +bool libcrux_ml_kem_ind_cca_validate_private_key_94( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext); @@ -248,7 +248,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate @@ -269,7 +269,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_19( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 01f450745..d244bab2b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index bf6cd4dc8..c24be2163 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d429ee70b..8608e9d62 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_core.h" @@ -80,7 +80,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_671( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_5a_af1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -100,7 +100,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_ee1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_3a_781( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_af1( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_7f_e61( uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; @@ -135,7 +135,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_670( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_5a_af0( uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; @@ -155,7 +155,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_ee0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_3a_780( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -171,7 +171,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_af0( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_7f_e60( uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; @@ -190,7 +190,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_5a with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_67( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_5a_af( uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; @@ -210,7 +210,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_ee( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_3a_78( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -225,7 +225,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_7f with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_af( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_7f_e6( uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; @@ -243,7 +243,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe1( +uint8_t *libcrux_ml_kem_types_as_slice_fd_121( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -257,7 +257,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_451( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_7b1( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -276,7 +276,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_401( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae1( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -308,7 +308,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe0( +uint8_t *libcrux_ml_kem_types_as_slice_fd_120( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -322,7 +322,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_450( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_7b0( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -341,7 +341,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_400( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae0( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } @@ -373,7 +373,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_fd_fe( +uint8_t *libcrux_ml_kem_types_as_slice_fd_12( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -427,7 +427,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_45( +libcrux_ml_kem_types_MlKemCiphertext_1f libcrux_ml_kem_types_from_01_7b( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -465,7 +465,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_40( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ae( libcrux_ml_kem_types_MlKemCiphertext_1f *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 53e88573a..46b59cbf7 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 2dd639ec9..3612507c1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 3fca09119..cf2b6c42a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_510( +static void decapsulate_2c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_7f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6f0(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_510( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_510(private_key, ciphertext, ret); + decapsulate_2c0(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_d10( +static tuple_21 encapsulate_ad0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_a10(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f40(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d10(uu____0, copy_of_randomness); + return encapsulate_ad0(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b80( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c70( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b80(copy_of_randomness); + return generate_keypair_c70(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_650( +static KRML_MUSTINLINE bool validate_private_key_d10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_700(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e10(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_650( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_650(private_key, ciphertext); + return validate_private_key_d10(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_520(public_key); +static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_4a0(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e0(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_3e0(public_key->value); + return validate_public_key_e90(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index ae31b1f2d..4b70a98fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f4fbc294f..4d65cde05 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem1024_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_831( +static void decapsulate_e51( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_191(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_831( void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_831(private_key, ciphertext, ret); + decapsulate_e51(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_951( +static tuple_21 encapsulate_1f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_661(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8a1(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_951(uu____0, copy_of_randomness); + return encapsulate_1f1(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_d11( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_e31( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_281(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d11(copy_of_randomness); + return generate_keypair_e31(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_da1( +static KRML_MUSTINLINE bool validate_private_key_a41( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_ae(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_c0(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da1( bool libcrux_ml_kem_mlkem1024_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_da1(private_key, ciphertext); + return validate_private_key_a41(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bf1(public_key); +static KRML_MUSTINLINE bool validate_public_key_101(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_071(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_e91(public_key->value); + return validate_public_key_101(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 1ab4a88d8..54017b446 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index ca35791e9..b37a698b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index ca848abb4..1be10624b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem512_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_2c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_7f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6f(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_51(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_51(private_key, ciphertext, ret); + decapsulate_2c(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_d1( +static tuple_ec encapsulate_ad( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_a1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f4(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d1(uu____0, copy_of_randomness); + return encapsulate_ad(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_b8( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c7( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b8(copy_of_randomness); + return generate_keypair_c7(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_65( +static KRML_MUSTINLINE bool validate_private_key_d1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_70(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e1(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_65( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_65(private_key, ciphertext); + return validate_private_key_d1(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_52(public_key); +static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_4a(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_3e(public_key->value); + return validate_public_key_e9(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index d116b682f..cb75e6d2f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cd3750a98..5ac7cbf18 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem512_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_830( +static void decapsulate_e50( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_190(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_830( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_830(private_key, ciphertext, ret); + decapsulate_e50(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_950( +static tuple_ec encapsulate_1f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_660(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8a0(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_950(uu____0, copy_of_randomness); + return encapsulate_1f0(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d10( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_e30( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d10(copy_of_randomness); + return generate_keypair_e30(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_da0( +static KRML_MUSTINLINE bool validate_private_key_a40( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_b4(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_90(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da0( bool libcrux_ml_kem_mlkem512_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_da0(private_key, ciphertext); + return validate_private_key_a40(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bf0(public_key); +static KRML_MUSTINLINE bool validate_public_key_100(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_070(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_e90(public_key->value); + return validate_public_key_100(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 594ed03d2..1b124a20f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 0556cf23a..e4da7ff00 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 4975abb16..c00a10115 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem768_avx2.h" @@ -35,10 +35,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_511( +static void decapsulate_2c1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_7f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6f1(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_511( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_511(private_key, ciphertext, ret); + decapsulate_2c1(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_d11( +static tuple_3c encapsulate_ad1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_a11(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_f41(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_d11(uu____0, copy_of_randomness); + return encapsulate_ad1(uu____0, copy_of_randomness); } /** @@ -109,12 +109,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_b81( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c71( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d21(copy_of_randomness); } /** @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b81(copy_of_randomness); + return generate_keypair_c71(copy_of_randomness); } /** @@ -136,10 +136,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_651( +static KRML_MUSTINLINE bool validate_private_key_d11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_701(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e11(private_key, ciphertext); } @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_651( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_651(private_key, ciphertext); + return validate_private_key_d11(private_key, ciphertext); } /** @@ -162,8 +162,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_521(public_key); +static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_4a1(public_key); } /** @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_3e1(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_3e1(public_key->value); + return validate_public_key_e91(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 25e02719b..7bd1569ee 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index ac4156303..ebf808267 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_mlkem768_portable.h" @@ -35,10 +35,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_83( +static void decapsulate_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_19(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); } /** @@ -51,7 +51,7 @@ static void decapsulate_83( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_83(private_key, ciphertext, ret); + decapsulate_e5(private_key, ciphertext, ret); } /** @@ -71,14 +71,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_95( +static tuple_3c encapsulate_1f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_66(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8a(uu____0, copy_of_randomness); } /** @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_95(uu____0, copy_of_randomness); + return encapsulate_1f(uu____0, copy_of_randomness); } /** @@ -110,12 +110,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_d1( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness); } /** @@ -126,7 +126,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d1(copy_of_randomness); + return generate_keypair_e3(copy_of_randomness); } /** @@ -137,10 +137,10 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_da( +static KRML_MUSTINLINE bool validate_private_key_a4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_33(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_94(private_key, ciphertext); } @@ -152,7 +152,7 @@ static KRML_MUSTINLINE bool validate_private_key_da( bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_da(private_key, ciphertext); + return validate_private_key_a4(private_key, ciphertext); } /** @@ -163,8 +163,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_bf(public_key); +static KRML_MUSTINLINE bool validate_public_key_10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_07(public_key); } /** @@ -174,5 +174,5 @@ static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_e9(public_key->value); + return validate_public_key_10(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 2ac8e4939..c88640dc9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b89434a12..99c09a651 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1068,7 +1068,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dc(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_d7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -1088,7 +1088,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e71( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -1102,7 +1102,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_531( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dc(ring_element); + deserialize_to_reduced_ring_element_d7(ring_element); deserialized_pk[i0] = uu____0; } } @@ -1113,15 +1113,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_001( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_ef_05();); - deserialize_ring_elements_reduced_531(public_key, deserialized_pk); + deserialize_ring_elements_reduced_e71(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1130,7 +1134,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_65(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_1f(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1143,8 +1147,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_09 with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_09_85(__m256i vector) { - return shift_right_65(vector); +static __m256i shift_right_09_c7(__m256i vector) { + return shift_right_1f(vector); } /** @@ -1153,8 +1157,8 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_3f(__m256i a) { - __m256i t = shift_right_09_85(a); +static __m256i to_unsigned_representative_b5(__m256i a) { + __m256i t = shift_right_09_c7(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -1166,8 +1170,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_7b(__m256i a) { - return to_unsigned_representative_3f(a); +static KRML_MUSTINLINE __m256i to_unsigned_field_modulus_88(__m256i a) { + return to_unsigned_representative_b5(a); } /** @@ -1176,13 +1180,13 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_2c( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_field_modulus_7b(re->coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_88(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1202,7 +1206,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_991( +static KRML_MUSTINLINE void serialize_secret_key_051( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -1220,11 +1224,13 @@ static KRML_MUSTINLINE void serialize_secret_key_991( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2c(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -1235,13 +1241,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_6c1( +static KRML_MUSTINLINE void serialize_public_key_mut_071( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_991(t_as_ntt, ret); + serialize_secret_key_051(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -1258,11 +1264,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_ca1( +static KRML_MUSTINLINE void serialize_public_key_e51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_6c1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_071(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -1276,15 +1282,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_521(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_4a1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_cc1( + deserialize_ring_elements_reduced_out_001( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_ca1( + serialize_public_key_e51( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -1314,7 +1320,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_701( +bool libcrux_ml_kem_ind_cca_validate_private_key_e11( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -1426,7 +1432,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_751( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_101( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -2089,7 +2095,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_ba( +static KRML_MUSTINLINE void ntt_at_layer_3_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2105,7 +2111,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_89( +static KRML_MUSTINLINE void ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2123,7 +2129,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_d7( +static KRML_MUSTINLINE void ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2148,7 +2154,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_a9( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2164,17 +2170,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_ef( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ba(&zeta_i, re); - ntt_at_layer_2_89(&zeta_i, re); - ntt_at_layer_1_d7(&zeta_i, re); - poly_barrett_reduce_ef_a9(re); + ntt_at_layer_3_bc(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_ef_dc(re); } /** @@ -2185,7 +2191,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_081( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -2204,7 +2210,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b01( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);); return domain_separator; } @@ -2227,7 +2233,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -2236,7 +2242,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_out_811( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b01(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_081(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2262,7 +2268,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_ef_b2(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_ef_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_ef_05(); for (size_t i = (size_t)0U; @@ -2292,7 +2298,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_4f1( +static KRML_MUSTINLINE void add_to_ring_element_ef_311( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -2312,7 +2318,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_79(__m256i v) { +static __m256i to_standard_domain_c1(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2328,14 +2334,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_34( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - to_standard_domain_79(self->coefficients[j]); + to_standard_domain_c1(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, &error->coefficients[j])); @@ -2348,7 +2354,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d1( +static KRML_MUSTINLINE void compute_As_plus_e_671( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -2375,10 +2381,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_4f1(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_311(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -2391,12 +2397,12 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_a41( +static void generate_keypair_unpacked_4a1( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_a0 *private_key, IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_751(key_generation_seed, hashed); + cpa_keygen_seed_d8_101(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -2416,17 +2422,17 @@ static void generate_keypair_unpacked_a41( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b01(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_081(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_811(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_2d1(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_671(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -2447,18 +2453,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6a1( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_471( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_a0 private_key = default_1a_3c1(); IndCpaPublicKeyUnpacked_a0 public_key = default_8d_891(); - generate_keypair_unpacked_a41(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_4a1(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_ca1( + serialize_public_key_e51( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_991(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_051(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -2482,7 +2488,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_1f1( +static KRML_MUSTINLINE void serialize_kem_secret_key_711( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2538,7 +2544,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2547,13 +2553,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_6a1(ind_cpa_keypair_randomness); + generate_keypair_471(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_1f1( + serialize_kem_secret_key_711( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -2562,13 +2568,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee0( - uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_780( + uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key)); } /** @@ -2581,7 +2587,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_641(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c51(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -2666,7 +2672,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_f7( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_a3( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2687,7 +2693,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_98( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2706,7 +2712,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_fe( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_d7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16(i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; @@ -2723,7 +2729,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_75(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_2d(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(a, &b)); @@ -2738,7 +2744,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_af( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2753,7 +2759,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_bc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_75( + inv_ntt_layer_int_vec_step_reduce_2d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2770,18 +2776,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8f1( +static KRML_MUSTINLINE void invert_ntt_montgomery_801( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f7(&zeta_i, re); - invert_ntt_at_layer_2_98(&zeta_i, re); - invert_ntt_at_layer_3_fe(&zeta_i, re); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a9(re); + invert_ntt_at_layer_1_a3(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_d7(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_dc(re); } /** @@ -2795,7 +2801,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_dd( +static KRML_MUSTINLINE void add_error_reduce_ef_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -2816,14 +2822,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_dd1( +static KRML_MUSTINLINE void compute_vector_u_3c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_05();); + result[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -2843,16 +2849,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_4f1(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_311(&result[i1], &product); } - invert_ntt_montgomery_8f1(&result0[i1]); - add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_801(&result[i1]); + add_error_reduce_ef_05(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -2864,7 +2866,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_08(__m256i vec) { +static __m256i decompress_1_20(__m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09(s, @@ -2878,7 +2880,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { +deserialize_then_decompress_message_12(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -2887,7 +2889,7 @@ deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); - re.coefficients[i0] = decompress_1_08(coefficient_compressed);); + re.coefficients[i0] = decompress_1_20(coefficient_compressed);); return re; } @@ -2903,7 +2905,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_ef_79( +add_message_error_reduce_ef_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -2930,7 +2932,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_771( +compute_ring_element_v_511( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -2938,10 +2940,10 @@ compute_ring_element_v_771( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_4f1(&result, &product);); - invert_ntt_montgomery_8f1(&result); - result = add_message_error_reduce_ef_79(error_2, message, result); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); + invert_ntt_montgomery_801(&result); + result = add_message_error_reduce_ef_b9(error_2, message, result); return result; } @@ -2952,7 +2954,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_43(__m256i vector) { +compress_ciphertext_coefficient_44(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -2999,8 +3001,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_76(__m256i vector) { - return compress_ciphertext_coefficient_43(vector); +static __m256i compress_09_c6(__m256i vector) { + return compress_ciphertext_coefficient_44(vector); } /** @@ -3009,14 +3011,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_2b0( +static KRML_MUSTINLINE void compress_then_serialize_10_170( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_76(to_unsigned_field_modulus_7b(re->coefficients[i0])); + compress_09_c6(to_unsigned_field_modulus_88(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3036,7 +3038,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_430(__m256i vector) { +compress_ciphertext_coefficient_440(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3083,8 +3085,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_760(__m256i vector) { - return compress_ciphertext_coefficient_430(vector); +static __m256i compress_09_c60(__m256i vector) { + return compress_ciphertext_coefficient_440(vector); } /** @@ -3094,10 +3096,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_2b0(re, uu____0); + compress_then_serialize_10_170(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3110,7 +3112,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_421( +static void compress_then_serialize_u_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3126,7 +3128,7 @@ static void compress_then_serialize_u_421( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_9e0(&re, ret); + compress_then_serialize_ring_element_u_b00(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -3139,7 +3141,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_431(__m256i vector) { +compress_ciphertext_coefficient_441(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3186,8 +3188,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_761(__m256i vector) { - return compress_ciphertext_coefficient_431(vector); +static __m256i compress_09_c61(__m256i vector) { + return compress_ciphertext_coefficient_441(vector); } /** @@ -3196,14 +3198,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_a4( +static KRML_MUSTINLINE void compress_then_serialize_4_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_761(to_unsigned_field_modulus_7b(re.coefficients[i0])); + compress_09_c61(to_unsigned_field_modulus_88(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3220,7 +3222,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_432(__m256i vector) { +compress_ciphertext_coefficient_442(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3267,8 +3269,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_762(__m256i vector) { - return compress_ciphertext_coefficient_432(vector); +static __m256i compress_09_c62(__m256i vector) { + return compress_ciphertext_coefficient_442(vector); } /** @@ -3277,14 +3279,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_03( +static KRML_MUSTINLINE void compress_then_serialize_5_7a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_762(to_unsigned_representative_3f(re.coefficients[i0])); + compress_09_c62(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3301,9 +3303,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d10( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_a4(re, out); + compress_then_serialize_4_06(re, out); } /** @@ -3323,7 +3325,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, +static void encrypt_unpacked_031(IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -3332,7 +3334,7 @@ static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_811(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_out_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -3356,25 +3358,25 @@ static void encrypt_unpacked_a41(IndCpaPublicKeyUnpacked_a0 *public_key, sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_dd1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_3c1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_12(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_771(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_511(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_421( + compress_then_serialize_u_e81( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d10( + compress_then_serialize_ring_element_v_f20( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3397,10 +3399,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b41(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_a0 unpacked_public_key = default_8d_891(); - deserialize_ring_elements_reduced_531( + deserialize_ring_elements_reduced_e71( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -3415,7 +3417,7 @@ static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_a41(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_031(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -3430,7 +3432,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_161(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_dc1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3457,11 +3459,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_f41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_641( + entropy_preprocess_d8_c51( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -3471,7 +3473,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( size_t); uint8_t ret[32U]; H_a9_411(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -3485,19 +3487,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a11( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b41(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_451(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_161(shared_secret, shared_secret_array); + kdf_d8_dc1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3516,7 +3518,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_6c(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_fe(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -3534,7 +3536,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_541( +static KRML_MUSTINLINE void deserialize_secret_key_0d1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -3551,7 +3553,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_541( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_6c(secret_bytes); + deserialize_to_uncompressed_ring_element_fe(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; @@ -3570,7 +3572,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_79(__m256i vector) { +decompress_ciphertext_coefficient_8f(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3614,8 +3616,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_c6(__m256i vector) { - return decompress_ciphertext_coefficient_79(vector); +static __m256i decompress_ciphertext_coefficient_09_c1(__m256i vector) { + return decompress_ciphertext_coefficient_8f(vector); } /** @@ -3625,7 +3627,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_c7(Eurydice_slice serialized) { +deserialize_then_decompress_10_47(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); LowStar_Ignore_ignore( Eurydice_slice_len( @@ -3638,7 +3640,7 @@ deserialize_then_decompress_10_c7(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c6(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c1(coefficient); } return re; } @@ -3650,7 +3652,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_790(__m256i vector) { +decompress_ciphertext_coefficient_8f0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3694,8 +3696,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_c60(__m256i vector) { - return decompress_ciphertext_coefficient_790(vector); +static __m256i decompress_ciphertext_coefficient_09_c10(__m256i vector) { + return decompress_ciphertext_coefficient_8f0(vector); } /** @@ -3705,7 +3707,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_d5(Eurydice_slice serialized) { +deserialize_then_decompress_11_a8(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -3713,7 +3715,7 @@ deserialize_then_decompress_11_d5(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c60(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c10(coefficient); } return re; } @@ -3725,8 +3727,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_790(Eurydice_slice serialized) { - return deserialize_then_decompress_10_c7(serialized); +deserialize_then_decompress_ring_element_u_d30(Eurydice_slice serialized) { + return deserialize_then_decompress_10_47(serialized); } /** @@ -3735,17 +3737,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_b70( +static KRML_MUSTINLINE void ntt_vector_u_090( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ba(&zeta_i, re); - ntt_at_layer_2_89(&zeta_i, re); - ntt_at_layer_1_d7(&zeta_i, re); - poly_barrett_reduce_ef_a9(re); + ntt_at_layer_3_bc(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_ef_dc(re); } /** @@ -3756,7 +3758,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_251( +static KRML_MUSTINLINE void deserialize_then_decompress_u_411( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -3779,11 +3781,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_251( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes); - ntt_vector_u_b70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes); + ntt_vector_u_090(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -3794,7 +3800,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_791(__m256i vector) { +decompress_ciphertext_coefficient_8f1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3838,8 +3844,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_c61(__m256i vector) { - return decompress_ciphertext_coefficient_791(vector); +static __m256i decompress_ciphertext_coefficient_09_c11(__m256i vector) { + return decompress_ciphertext_coefficient_8f1(vector); } /** @@ -3849,7 +3855,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_75(Eurydice_slice serialized) { +deserialize_then_decompress_4_98(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -3857,7 +3863,7 @@ deserialize_then_decompress_4_75(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c61(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_c11(coefficient); } return re; } @@ -3869,7 +3875,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_792(__m256i vector) { +decompress_ciphertext_coefficient_8f2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3913,8 +3919,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_c62(__m256i vector) { - return decompress_ciphertext_coefficient_792(vector); +static __m256i decompress_ciphertext_coefficient_09_c12(__m256i vector) { + return decompress_ciphertext_coefficient_8f2(vector); } /** @@ -3924,7 +3930,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_f8(Eurydice_slice serialized) { +deserialize_then_decompress_5_45(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_ef_05(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -3933,7 +3939,7 @@ deserialize_then_decompress_5_f8(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_c62(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_c12(re.coefficients[i0]); } return re; } @@ -3945,8 +3951,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_b90(Eurydice_slice serialized) { - return deserialize_then_decompress_4_75(serialized); +deserialize_then_decompress_ring_element_v_860(Eurydice_slice serialized) { + return deserialize_then_decompress_4_98(serialized); } /** @@ -3961,7 +3967,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_ef_da(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_ef_73(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3983,17 +3989,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d1( +compute_message_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_4f1(&result, &product);); - invert_ntt_montgomery_8f1(&result); - result = subtract_reduce_ef_da(v, result); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_311(&result, &product);); + invert_ntt_montgomery_801(&result); + result = subtract_reduce_ef_73(v, result); return result; } @@ -4003,12 +4009,12 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_dd( +static KRML_MUSTINLINE void compress_then_serialize_message_83( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_field_modulus_7b(re.coefficients[i0]); + __m256i coefficient = to_unsigned_field_modulus_88(re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); uint8_t bytes[2U]; @@ -4033,18 +4039,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_9d1(IndCpaPrivateKeyUnpacked_a0 *secret_key, +static void decrypt_unpacked_461(IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_251(ciphertext, u_as_ntt); + deserialize_then_decompress_u_411(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_b90( + deserialize_then_decompress_ring_element_v_860( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_83(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4058,10 +4064,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_541(secret_key, secret_as_ntt); + deserialize_secret_key_0d1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4072,7 +4078,7 @@ static void decrypt_751(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_9d1(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_461(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -4124,7 +4130,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f1( +void libcrux_ml_kem_ind_cca_decapsulate_6f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4142,7 +4148,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_751(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4164,7 +4170,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_163(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4174,17 +4180,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f1( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_b41(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_161(Eurydice_array_to_slice( + kdf_d8_dc1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_161(shared_secret0, shared_secret1); + kdf_d8_dc1(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_401(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4199,7 +4205,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e7( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -4213,7 +4219,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_53( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dc(ring_element); + deserialize_to_reduced_ring_element_d7(ring_element); deserialized_pk[i0] = uu____0; } } @@ -4224,15 +4230,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_000( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_ef_05();); - deserialize_ring_elements_reduced_53(public_key, deserialized_pk); + deserialize_ring_elements_reduced_e7(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -4243,7 +4253,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_99( +static KRML_MUSTINLINE void serialize_secret_key_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -4261,11 +4271,13 @@ static KRML_MUSTINLINE void serialize_secret_key_99( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2c(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); } /** @@ -4276,13 +4288,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_6c( +static KRML_MUSTINLINE void serialize_public_key_mut_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_99(t_as_ntt, ret); + serialize_secret_key_05(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4299,11 +4311,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_ca( +static KRML_MUSTINLINE void serialize_public_key_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_6c(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_07(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -4317,15 +4329,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_520(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_4a0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_cc0( + deserialize_ring_elements_reduced_out_000( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_ca( + serialize_public_key_e5( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -4355,7 +4367,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_700( +bool libcrux_ml_kem_ind_cca_validate_private_key_e10( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -4475,7 +4487,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_75( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4945,7 +4957,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4964,7 +4976,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b0( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);); return domain_separator; } @@ -4987,7 +4999,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -4996,7 +5008,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_out_81( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b0(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_08(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5021,7 +5033,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_4f( +static KRML_MUSTINLINE void add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -5041,7 +5053,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d( +static KRML_MUSTINLINE void compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -5068,10 +5080,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_4f(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5084,12 +5096,12 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_a4( +static void generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_01 *private_key, IndCpaPublicKeyUnpacked_01 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_75(key_generation_seed, hashed); + cpa_keygen_seed_d8_10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5109,17 +5121,17 @@ static void generate_keypair_unpacked_a4( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b0(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_08(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_81(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_2d(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_67(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -5140,18 +5152,18 @@ with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6a0( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_470( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_01 private_key = default_1a_3c(); IndCpaPublicKeyUnpacked_01 public_key = default_8d_89(); - generate_keypair_unpacked_a4(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_4a(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_ca( + serialize_public_key_e5( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_99(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -5175,7 +5187,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_1f0( +static KRML_MUSTINLINE void serialize_kem_secret_key_710( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5231,7 +5243,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5240,13 +5252,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_6a0(ind_cpa_keypair_randomness); + generate_keypair_470(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_1f0( + serialize_kem_secret_key_710( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5255,13 +5267,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee1( - uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_781( + uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key)); } /** @@ -5274,7 +5286,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_640(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c50(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5347,18 +5359,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8f( +static KRML_MUSTINLINE void invert_ntt_montgomery_80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f7(&zeta_i, re); - invert_ntt_at_layer_2_98(&zeta_i, re); - invert_ntt_at_layer_3_fe(&zeta_i, re); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a9(re); + invert_ntt_at_layer_1_a3(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_d7(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_dc(re); } /** @@ -5367,14 +5379,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_dd( +static KRML_MUSTINLINE void compute_vector_u_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_05();); + result[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -5394,16 +5406,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_4f(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_31(&result[i1], &product); } - invert_ntt_montgomery_8f(&result0[i1]); - add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_80(&result[i1]); + add_error_reduce_ef_05(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5416,7 +5424,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_77( +compute_ring_element_v_51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5424,10 +5432,10 @@ compute_ring_element_v_77( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_4f(&result, &product);); - invert_ntt_montgomery_8f(&result); - result = add_message_error_reduce_ef_79(error_2, message, result); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); + invert_ntt_montgomery_80(&result); + result = add_message_error_reduce_ef_b9(error_2, message, result); return result; } @@ -5437,14 +5445,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_17( +static KRML_MUSTINLINE void compress_then_serialize_11_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_760(to_unsigned_representative_3f(re->coefficients[i0])); + compress_09_c60(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -5462,10 +5470,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_9e( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_17(re, uu____0); + compress_then_serialize_11_b8(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -5478,7 +5486,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_42( +static void compress_then_serialize_u_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -5494,7 +5502,7 @@ static void compress_then_serialize_u_42( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_9e(&re, ret); + compress_then_serialize_ring_element_u_b0(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -5507,9 +5515,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d1( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_03(re, out); + compress_then_serialize_5_7a(re, out); } /** @@ -5529,7 +5537,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, +static void encrypt_unpacked_03(IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -5537,7 +5545,7 @@ static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_81(copy_of_prf_input0, 0U); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_out_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -5561,25 +5569,25 @@ static void encrypt_unpacked_a4(IndCpaPublicKeyUnpacked_01 *public_key, sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_dd(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_3c(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_12(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_77(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_51(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_42( + compress_then_serialize_u_e8( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d1( + compress_then_serialize_ring_element_v_f2( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -5602,10 +5610,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b40(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_01 unpacked_public_key = default_8d_89(); - deserialize_ring_elements_reduced_53( + deserialize_ring_elements_reduced_e7( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5620,7 +5628,7 @@ static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_a4(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_03(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -5635,7 +5643,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_160(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_dc0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5662,11 +5670,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_f40( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_640( + entropy_preprocess_d8_c50( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5676,7 +5684,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( size_t); uint8_t ret[32U]; H_a9_41(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5690,19 +5698,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_a10( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b40(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_45(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_160(shared_secret, shared_secret_array); + kdf_d8_dc0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5720,7 +5728,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_540( +static KRML_MUSTINLINE void deserialize_secret_key_0d0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -5737,7 +5745,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_540( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_6c(secret_bytes); + deserialize_to_uncompressed_ring_element_fe(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; @@ -5756,8 +5764,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_79(Eurydice_slice serialized) { - return deserialize_then_decompress_11_d5(serialized); +deserialize_then_decompress_ring_element_u_d3(Eurydice_slice serialized) { + return deserialize_then_decompress_11_a8(serialized); } /** @@ -5766,17 +5774,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_b7( +static KRML_MUSTINLINE void ntt_vector_u_09( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_ba(&zeta_i, re); - ntt_at_layer_2_89(&zeta_i, re); - ntt_at_layer_1_d7(&zeta_i, re); - poly_barrett_reduce_ef_a9(re); + ntt_at_layer_3_bc(&zeta_i, re); + ntt_at_layer_2_c2(&zeta_i, re); + ntt_at_layer_1_09(&zeta_i, re); + poly_barrett_reduce_ef_dc(re); } /** @@ -5787,7 +5795,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_25( +static KRML_MUSTINLINE void deserialize_then_decompress_u_41( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -5810,11 +5818,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_25( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_79(u_bytes); - ntt_vector_u_b7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d3(u_bytes); + ntt_vector_u_09(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -5825,8 +5837,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_b9(Eurydice_slice serialized) { - return deserialize_then_decompress_5_f8(serialized); +deserialize_then_decompress_ring_element_v_86(Eurydice_slice serialized) { + return deserialize_then_decompress_5_45(serialized); } /** @@ -5836,17 +5848,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d( +compute_message_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_4f(&result, &product);); - invert_ntt_montgomery_8f(&result); - result = subtract_reduce_ef_da(v, result); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_31(&result, &product);); + invert_ntt_montgomery_80(&result); + result = subtract_reduce_ef_73(v, result); return result; } @@ -5860,18 +5872,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_9d(IndCpaPrivateKeyUnpacked_01 *secret_key, +static void decrypt_unpacked_46(IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_25(ciphertext, u_as_ntt); + deserialize_then_decompress_u_41(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_b9( + deserialize_then_decompress_ring_element_v_86( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_83(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5885,10 +5897,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_540(secret_key, secret_as_ntt); + deserialize_secret_key_0d0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -5899,7 +5911,7 @@ static void decrypt_750(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_9d(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_46(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5939,7 +5951,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f0( +void libcrux_ml_kem_ind_cca_decapsulate_6f0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5957,7 +5969,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_750(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5979,7 +5991,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_16(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5989,17 +6001,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_b40(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_160(Eurydice_array_to_slice( + kdf_d8_dc0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_160(shared_secret0, shared_secret1); + kdf_d8_dc0(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_40(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6014,7 +6026,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_e70( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -6028,7 +6040,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_530( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dc(ring_element); + deserialize_to_reduced_ring_element_d7(ring_element); deserialized_pk[i0] = uu____0; } } @@ -6039,15 +6051,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_cc( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_00( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_ef_05();); - deserialize_ring_elements_reduced_530(public_key, deserialized_pk); + deserialize_ring_elements_reduced_e70(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -6058,7 +6074,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_990( +static KRML_MUSTINLINE void serialize_secret_key_050( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -6076,11 +6092,13 @@ static KRML_MUSTINLINE void serialize_secret_key_990( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_2c(&re, ret0); + serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -6091,13 +6109,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_6c0( +static KRML_MUSTINLINE void serialize_public_key_mut_070( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_990(t_as_ntt, ret); + serialize_secret_key_050(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -6114,11 +6132,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_ca0( +static KRML_MUSTINLINE void serialize_public_key_e50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_6c0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_070(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -6132,15 +6150,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_52(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_4a(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_cc( + deserialize_ring_elements_reduced_out_00( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_ca0( + serialize_public_key_e50( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -6170,7 +6188,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_70( +bool libcrux_ml_kem_ind_cca_validate_private_key_e1( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -6276,7 +6294,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_750( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_100( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6739,7 +6757,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_080( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6758,7 +6776,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b00( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_d70( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]);); return domain_separator; } @@ -6781,7 +6799,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6790,7 +6808,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_out_810( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b00(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_080(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -6815,7 +6833,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_4f0( +static KRML_MUSTINLINE void add_to_ring_element_ef_310( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -6835,7 +6853,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_2d0( +static KRML_MUSTINLINE void compute_As_plus_e_670( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -6862,10 +6880,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_4f0(&t_as_ntt[i0], &product); + ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_310(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_34(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_ba(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6878,12 +6896,12 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_a40( +static void generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_d6 *private_key, IndCpaPublicKeyUnpacked_d6 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_750(key_generation_seed, hashed); + cpa_keygen_seed_d8_100(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6903,17 +6921,17 @@ static void generate_keypair_unpacked_a40( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b00(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_080(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_810(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compute_As_plus_e_2d0(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_670(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6934,18 +6952,18 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6a( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_47( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_d6 private_key = default_1a_3c0(); IndCpaPublicKeyUnpacked_d6 public_key = default_8d_890(); - generate_keypair_unpacked_a40(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_4a0(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_ca0( + serialize_public_key_e50( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_990(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_050(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6969,7 +6987,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_1f( +static KRML_MUSTINLINE void serialize_kem_secret_key_71( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7024,7 +7042,7 @@ with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_d2( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, @@ -7034,13 +7052,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_6a(ind_cpa_keypair_randomness); + generate_keypair_47(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_1f( + serialize_kem_secret_key_71( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -7049,13 +7067,13 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0b( memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -7068,7 +7086,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_64(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_c5(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7187,18 +7205,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_8f0( +static KRML_MUSTINLINE void invert_ntt_montgomery_800( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_f7(&zeta_i, re); - invert_ntt_at_layer_2_98(&zeta_i, re); - invert_ntt_at_layer_3_fe(&zeta_i, re); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_bc(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_a9(re); + invert_ntt_at_layer_1_a3(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_d7(&zeta_i, re); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_af(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_dc(re); } /** @@ -7207,14 +7225,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_dd0( +static KRML_MUSTINLINE void compute_vector_u_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_05();); + result[i] = ZERO_ef_05();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -7234,16 +7252,12 @@ static KRML_MUSTINLINE void compute_vector_u_dd0( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_4f0(&result0[i1], &product); + ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_310(&result[i1], &product); } - invert_ntt_montgomery_8f0(&result0[i1]); - add_error_reduce_ef_dd(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_800(&result[i1]); + add_error_reduce_ef_05(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7256,7 +7270,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_770( +compute_ring_element_v_510( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7264,10 +7278,10 @@ compute_ring_element_v_770( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_4f0(&result, &product);); - invert_ntt_montgomery_8f0(&result); - result = add_message_error_reduce_ef_79(error_2, message, result); + ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); + invert_ntt_montgomery_800(&result); + result = add_message_error_reduce_ef_b9(error_2, message, result); return result; } @@ -7280,7 +7294,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_420( +static void compress_then_serialize_u_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7296,7 +7310,7 @@ static void compress_then_serialize_u_420( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_9e0(&re, ret); + compress_then_serialize_ring_element_u_b00(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -7319,7 +7333,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, +static void encrypt_unpacked_030(IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7327,7 +7341,7 @@ static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_810(copy_of_prf_input0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_out_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7351,25 +7365,25 @@ static void encrypt_unpacked_a40(IndCpaPublicKeyUnpacked_d6 *public_key, sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_dd0(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_3c0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_d3(copy_of_message); + deserialize_then_decompress_message_12(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_770(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_510(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_420( + compress_then_serialize_u_e80( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_d10( + compress_then_serialize_ring_element_v_f20( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7392,10 +7406,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_b4(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_d6 unpacked_public_key = default_8d_890(); - deserialize_ring_elements_reduced_530( + deserialize_ring_elements_reduced_e70( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -7410,7 +7424,7 @@ static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_a40(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_030(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -7425,7 +7439,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_16(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_dc(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7452,11 +7466,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_f4( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_64( + entropy_preprocess_d8_c5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -7466,7 +7480,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( size_t); uint8_t ret[32U]; H_a9_410(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -7480,19 +7494,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_a1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_b4(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_450(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_16(shared_secret, shared_secret_array); + kdf_d8_dc(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7510,7 +7524,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_54( +static KRML_MUSTINLINE void deserialize_secret_key_0d( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -7527,7 +7541,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_54( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_6c(secret_bytes); + deserialize_to_uncompressed_ring_element_fe(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; @@ -7547,7 +7561,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_250( +static KRML_MUSTINLINE void deserialize_then_decompress_u_410( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -7570,11 +7584,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_250( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_790(u_bytes); - ntt_vector_u_b70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_d30(u_bytes); + ntt_vector_u_090(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + memcpy( + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, u_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -7585,17 +7603,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_7d0( +compute_message_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_ef_05(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_ef_b2(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_4f0(&result, &product);); - invert_ntt_montgomery_8f0(&result); - result = subtract_reduce_ef_da(v, result); + ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_310(&result, &product);); + invert_ntt_montgomery_800(&result); + result = subtract_reduce_ef_73(v, result); return result; } @@ -7609,18 +7627,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_9d0(IndCpaPrivateKeyUnpacked_d6 *secret_key, +static void decrypt_unpacked_460(IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_250(ciphertext, u_as_ntt); + deserialize_then_decompress_u_410(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_b90( + deserialize_then_decompress_ring_element_v_860( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_7d0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7e0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dd(message, ret0); + compress_then_serialize_message_83(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7634,10 +7652,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_9a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_54(secret_key, secret_as_ntt); + deserialize_secret_key_0d(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -7648,7 +7666,7 @@ static void decrypt_75(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - decrypt_unpacked_9d0(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_460(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7688,7 +7706,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_7f( +void libcrux_ml_kem_ind_cca_decapsulate_6f( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7706,7 +7724,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_75(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_9a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7728,7 +7746,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_161(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7738,16 +7756,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_7f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_b4(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_16(Eurydice_array_to_slice((size_t)32U, + kdf_d8_dc(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_16(shared_secret0, shared_secret1); + kdf_d8_dc(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_400(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 42cc1517c..43910f900 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 9c539cfa1..b55505b93 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_mlkem_portable.h" @@ -199,6 +199,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[21U] = r11_21.f10; } +void libcrux_ml_kem_vector_portable_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -206,7 +212,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + libcrux_ml_kem_vector_portable_serialize_11(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -299,13 +305,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); + return libcrux_ml_kem_vector_portable_deserialize_11(a); } KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( @@ -1190,8 +1201,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( vec->elements[j], zeta); - vec->elements[j] = vec->elements[i] - t; - vec->elements[i] = vec->elements[i] + t; + int16_t a_minus_t = vec->elements[i] - t; + int16_t a_plus_t = vec->elements[i] + t; + vec->elements[j] = a_minus_t; + vec->elements[i] = a_plus_t; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1300,8 +1313,9 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t a_plus_b = vec->elements[j] + vec->elements[i]; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - vec->elements[i] + vec->elements[j]); + a_plus_b); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); @@ -1415,12 +1429,11 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t ai = a->elements[i]; - int16_t bi = b->elements[i]; - int16_t aj = a->elements[j]; - int16_t bj = b->elements[j]; + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t ai = a->elements[(size_t)2U * i]; + int16_t bi = b->elements[(size_t)2U * i]; + int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; + int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; int32_t ai_bi = (int32_t)ai * (int32_t)bi; int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; int16_t aj_bj = @@ -1437,8 +1450,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( ai_bj_aj_bi); - out->elements[i] = o0; - out->elements[j] = o1; + int16_t _out0[16U]; + memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t)); + out->elements[(size_t)2U * i] = o0; + out->elements[(size_t)2U * i + (size_t)1U] = o1; } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1452,22 +1467,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0, + (size_t)0U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0, + (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1, + (size_t)2U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1, + (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2, + (size_t)4U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2, + (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3, + (size_t)6U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3, + (size_t)7U, &out); return out; } @@ -1507,6 +1522,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_1( ret[1U] = result1; } +void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1514,7 +1535,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_1_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); + libcrux_ml_kem_vector_portable_serialize_1(a, ret); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1601,13 +1622,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); + return libcrux_ml_kem_vector_portable_deserialize_1(a); } KRML_MUSTINLINE uint8_t_x4 @@ -1657,6 +1683,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[7U] = result4_7.f3; } +void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1664,7 +1696,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); + libcrux_ml_kem_vector_portable_serialize_4(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -1734,13 +1766,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); + return libcrux_ml_kem_vector_portable_deserialize_4(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1788,6 +1825,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[9U] = r5_9.f4; } +void libcrux_ml_kem_vector_portable_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1795,7 +1838,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); + libcrux_ml_kem_vector_portable_serialize_5(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -1876,13 +1919,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); + return libcrux_ml_kem_vector_portable_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1956,6 +2004,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[19U] = r15_19.f4; } +void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1963,7 +2017,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); + libcrux_ml_kem_vector_portable_serialize_10(a, ret); } KRML_MUSTINLINE int16_t_x8 @@ -2052,13 +2106,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); + return libcrux_ml_kem_vector_portable_deserialize_10(a); } KRML_MUSTINLINE uint8_t_x3 @@ -2126,6 +2185,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[23U] = r21_23.thd; } +void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -2133,7 +2198,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} void libcrux_ml_kem_vector_portable_serialize_12_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); + libcrux_ml_kem_vector_portable_serialize_12(a, ret); } KRML_MUSTINLINE int16_t_x2 @@ -2191,13 +2256,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { return lit; } +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); + return libcrux_ml_kem_vector_portable_deserialize_12(a); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( @@ -2318,7 +2388,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a5(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_01(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -2340,7 +2410,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_75( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2354,7 +2424,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a5(ring_element); + deserialize_to_reduced_ring_element_01(ring_element); deserialized_pk[i0] = uu____0; } } @@ -2365,15 +2435,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_531( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_ef_1b();); - deserialize_ring_elements_reduced_da(public_key, deserialized_pk); + deserialize_ring_elements_reduced_75(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2383,7 +2457,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_95(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +shift_right_38(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2402,8 +2476,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_9d(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_95(v); +shift_right_0d_6b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_38(v); } /** @@ -2413,10 +2487,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_7c( +to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_9d(a); + shift_right_0d_6b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2430,10 +2504,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_field_modulus_b0( +to_unsigned_field_modulus_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - to_unsigned_representative_7c(a); + to_unsigned_representative_9f(a); return result; } @@ -2443,14 +2517,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_8b( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_field_modulus_b0(re->coefficients[i0]); + to_unsigned_field_modulus_c4(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2470,7 +2544,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_5a( +static KRML_MUSTINLINE void serialize_secret_key_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2488,11 +2562,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8b(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); + uint8_t result[1536U]; + memcpy(result, out, (size_t)1536U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1536U * sizeof(uint8_t)); } /** @@ -2503,13 +2579,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_mut_3c( +static KRML_MUSTINLINE void serialize_public_key_mut_12( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret[1536U]; - serialize_secret_key_5a(t_as_ntt, ret); + serialize_secret_key_1d(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -2526,11 +2602,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_07( +static KRML_MUSTINLINE void serialize_public_key_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - serialize_public_key_mut_3c(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_12(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1568U]; memcpy(result, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); @@ -2544,15 +2620,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_071(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_out_531( + deserialize_ring_elements_reduced_out_fa1( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_07( + serialize_public_key_e9( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t), @@ -2582,7 +2658,7 @@ with const generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_ae( +bool libcrux_ml_kem_ind_cca_validate_private_key_c0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *_ciphertext) { uint8_t t[32U]; @@ -2702,7 +2778,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_57( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_e4( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -3355,7 +3431,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_d0( +static KRML_MUSTINLINE void ntt_at_layer_3_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3373,7 +3449,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_76( +static KRML_MUSTINLINE void ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3392,7 +3468,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_5d( +static KRML_MUSTINLINE void ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3418,7 +3494,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_ef_17( +static KRML_MUSTINLINE void poly_barrett_reduce_ef_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3436,17 +3512,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d8( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_36( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { ntt_at_layer_7_97(re); size_t zeta_i = (size_t)1U; ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d0(&zeta_i, re); - ntt_at_layer_2_76(&zeta_i, re); - ntt_at_layer_1_5d(&zeta_i, re); - poly_barrett_reduce_ef_17(re); + ntt_at_layer_3_b8(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_ef_b4(re); } /** @@ -3458,7 +3534,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3477,7 +3553,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b1( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);); return domain_separator; } @@ -3501,7 +3577,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -3510,7 +3586,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_out_cb( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b1(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_f7(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3536,7 +3612,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_ef_45(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_ef_76(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_ef_1b(); for (size_t i = (size_t)0U; @@ -3568,7 +3644,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_5d( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3593,7 +3669,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_bf( +to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3610,14 +3686,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_ef_0f( +static KRML_MUSTINLINE void add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_bf(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_73(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3632,7 +3708,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_c7( +static KRML_MUSTINLINE void compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -3659,10 +3735,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_5d(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -3675,12 +3751,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_e9( +static void generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_42 *private_key, IndCpaPublicKeyUnpacked_42 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_57(key_generation_seed, hashed); + cpa_keygen_seed_d8_e4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3700,17 +3776,17 @@ static void generate_keypair_unpacked_e9( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b1(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_f7(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_44(copy_of_prf_input, domain_separator) .fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_c7(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f0(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -3731,18 +3807,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_501( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_081( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_42 private_key = default_1a_e9(); IndCpaPublicKeyUnpacked_42 public_key = default_8d_d1(); - generate_keypair_unpacked_e9(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_86(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1568U]; - serialize_public_key_07( + serialize_public_key_e9( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5a(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3766,7 +3842,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_d4( +static KRML_MUSTINLINE void serialize_kem_secret_key_50( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3822,7 +3898,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_281(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3831,13 +3907,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_501(ind_cpa_keypair_randomness); + generate_keypair_081(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d4( + serialize_kem_secret_key_50( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -3846,13 +3922,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_7f_af1(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e61(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee1( - uu____2, libcrux_ml_kem_types_from_5a_671(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_781( + uu____2, libcrux_ml_kem_types_from_5a_af1(copy_of_public_key)); } /** @@ -3865,7 +3941,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_62(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_b3(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3883,7 +3959,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_7f(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_23(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_ef_1b();); @@ -3951,7 +4027,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_08( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_19( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3972,7 +4048,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_91( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_f7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3991,7 +4067,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_41( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_77( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4011,7 +4087,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_13( + inv_ntt_layer_int_vec_step_reduce_97( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4031,7 +4107,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_dd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4046,7 +4122,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_ed( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_13( + inv_ntt_layer_int_vec_step_reduce_97( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4063,18 +4139,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_55( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_08(&zeta_i, re); - invert_ntt_at_layer_2_91(&zeta_i, re); - invert_ntt_at_layer_3_41(&zeta_i, re); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_17(re); + invert_ntt_at_layer_1_19(&zeta_i, re); + invert_ntt_at_layer_2_f7(&zeta_i, re); + invert_ntt_at_layer_3_77(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_b4(re); } /** @@ -4088,7 +4164,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_ef_4d( +static KRML_MUSTINLINE void add_error_reduce_ef_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4112,14 +4188,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_b8( +static KRML_MUSTINLINE void compute_vector_u_d2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result0[i] = ZERO_ef_1b();); + result[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -4139,16 +4215,12 @@ static KRML_MUSTINLINE void compute_vector_u_b8( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_5d(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a(&result[i1], &product); } - invert_ntt_montgomery_55(&result0[i1]); - add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c(&result[i1]); + add_error_reduce_ef_da(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; - memcpy( - result, result0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4161,7 +4233,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_78(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { +decompress_1_4a(libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); libcrux_ml_kem_vector_portable_vector_type_PortableVector s = @@ -4179,7 +4251,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { +deserialize_then_decompress_message_5e(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4190,7 +4262,7 @@ deserialize_then_decompress_message_e3(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_78(coefficient_compressed); + decompress_1_4a(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4207,7 +4279,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_ef_21( +add_message_error_reduce_ef_5c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4237,7 +4309,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1e( +compute_ring_element_v_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4245,10 +4317,10 @@ compute_ring_element_v_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_5d(&result, &product);); - invert_ntt_montgomery_55(&result); - result = add_message_error_reduce_ef_21(error_2, message, result); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); + invert_ntt_montgomery_8c(&result); + result = add_message_error_reduce_ef_5c(error_2, message, result); return result; } @@ -4258,7 +4330,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_61(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4279,9 +4351,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_fe( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_61(a); + return compress_6a(a); } /** @@ -4290,7 +4362,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_610(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4312,8 +4384,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fe0(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_610(a); +compress_0d_830(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_6a0(a); } /** @@ -4322,14 +4394,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_a9( +static KRML_MUSTINLINE void compress_then_serialize_11_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fe0(to_unsigned_representative_7c(re->coefficients[i0])); + compress_0d_830(to_unsigned_representative_9f(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4347,10 +4419,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b5( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_a9(re, uu____0); + compress_then_serialize_11_00(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4363,7 +4435,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_cd( +static void compress_then_serialize_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4379,7 +4451,7 @@ static void compress_then_serialize_u_cd( out, i0 * ((size_t)1408U / (size_t)4U), (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b5(&re, ret); + compress_then_serialize_ring_element_u_39(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } @@ -4391,7 +4463,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_611(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4413,8 +4485,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fe1(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_611(a); +compress_0d_831(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_6a1(a); } /** @@ -4423,14 +4495,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_06( +static KRML_MUSTINLINE void compress_then_serialize_4_df( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fe1(to_unsigned_field_modulus_b0(re.coefficients[i0])); + compress_0d_831(to_unsigned_field_modulus_c4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( @@ -4446,7 +4518,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_612(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { +compress_6a2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4468,8 +4540,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_fe2(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return compress_612(a); +compress_0d_832(libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { + return compress_6a2(a); } /** @@ -4478,14 +4550,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_69( +static KRML_MUSTINLINE void compress_then_serialize_5_51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_fe2(to_unsigned_representative_7c(re.coefficients[i0])); + compress_0d_832(to_unsigned_representative_9f(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( @@ -4502,9 +4574,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_69(re, out); + compress_then_serialize_5_51(re, out); } /** @@ -4525,7 +4597,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, +static void encrypt_unpacked_43(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4533,7 +4605,7 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_cb(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_out_44(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4543,7 +4615,7 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_7f(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_23(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4557,25 +4629,25 @@ static void encrypt_unpacked_c3(IndCpaPublicKeyUnpacked_42 *public_key, sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_b8(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_d2(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e3(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1e(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_95(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_cd( + compress_then_serialize_u_54( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_cf( + compress_then_serialize_ring_element_v_ce( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4599,10 +4671,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { IndCpaPublicKeyUnpacked_42 unpacked_public_key = default_8d_d1(); - deserialize_ring_elements_reduced_da( + deserialize_ring_elements_reduced_75( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4617,7 +4689,7 @@ static void encrypt_4b1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1568U]; - encrypt_unpacked_c3(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_43(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1568U * sizeof(uint8_t)); } @@ -4632,7 +4704,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_d8_19(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_a6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4659,11 +4731,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8a1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_62( + entropy_preprocess_d8_b3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4673,7 +4745,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( size_t); uint8_t ret[32U]; H_f1_d5(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4687,19 +4759,19 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_661( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_fe(public_key), uint8_t); + (size_t)1568U, libcrux_ml_kem_types_as_slice_fd_12(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_4b1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_1f ciphertext0 = - libcrux_ml_kem_types_from_01_45(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_19(shared_secret, shared_secret_array); + kdf_d8_a6(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_1f uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4718,7 +4790,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_07(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_a4(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4738,7 +4810,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_121( +static KRML_MUSTINLINE void deserialize_secret_key_831( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -4755,7 +4827,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_121( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_07(secret_bytes); + deserialize_to_uncompressed_ring_element_a4(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; @@ -4774,7 +4846,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a( +decompress_ciphertext_coefficient_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4799,9 +4871,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea( +decompress_ciphertext_coefficient_0d_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a(v); + return decompress_ciphertext_coefficient_fe(v); } /** @@ -4811,7 +4883,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_5c(Eurydice_slice serialized) { +deserialize_then_decompress_10_40(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); LowStar_Ignore_ignore( Eurydice_slice_len( @@ -4828,7 +4900,7 @@ deserialize_then_decompress_10_5c(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_ea(coefficient); + decompress_ciphertext_coefficient_0d_78(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4841,7 +4913,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a0( +decompress_ciphertext_coefficient_fe0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4866,9 +4938,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea0( +decompress_ciphertext_coefficient_0d_780( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a0(v); + return decompress_ciphertext_coefficient_fe0(v); } /** @@ -4878,7 +4950,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_77(Eurydice_slice serialized) { +deserialize_then_decompress_11_0a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4888,7 +4960,7 @@ deserialize_then_decompress_11_77(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_ea0(coefficient); + decompress_ciphertext_coefficient_0d_780(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4901,8 +4973,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_cd(Eurydice_slice serialized) { - return deserialize_then_decompress_11_77(serialized); +deserialize_then_decompress_ring_element_u_58(Eurydice_slice serialized) { + return deserialize_then_decompress_11_0a(serialized); } /** @@ -4911,17 +4983,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_2c( +static KRML_MUSTINLINE void ntt_vector_u_f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d0(&zeta_i, re); - ntt_at_layer_2_76(&zeta_i, re); - ntt_at_layer_1_5d(&zeta_i, re); - poly_barrett_reduce_ef_17(re); + ntt_at_layer_3_b8(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_ef_b4(re); } /** @@ -4932,7 +5004,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_bb( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -4955,11 +5027,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd(u_bytes); - ntt_vector_u_2c(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_58(u_bytes); + ntt_vector_u_f1(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -4970,7 +5046,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a1( +decompress_ciphertext_coefficient_fe1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4995,9 +5071,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea1( +decompress_ciphertext_coefficient_0d_781( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a1(v); + return decompress_ciphertext_coefficient_fe1(v); } /** @@ -5007,7 +5083,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_b1(Eurydice_slice serialized) { +deserialize_then_decompress_4_dd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -5017,7 +5093,7 @@ deserialize_then_decompress_4_b1(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_ea1(coefficient); + decompress_ciphertext_coefficient_0d_781(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5030,7 +5106,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_4a2( +decompress_ciphertext_coefficient_fe2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5055,9 +5131,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_ea2( +decompress_ciphertext_coefficient_0d_782( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_4a2(v); + return decompress_ciphertext_coefficient_fe2(v); } /** @@ -5067,7 +5143,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_7b(Eurydice_slice serialized) { +deserialize_then_decompress_5_e7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_ef_1b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5077,7 +5153,7 @@ deserialize_then_decompress_5_7b(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_ea2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_782(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5090,8 +5166,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_ce(Eurydice_slice serialized) { - return deserialize_then_decompress_5_7b(serialized); +deserialize_then_decompress_ring_element_v_87(Eurydice_slice serialized) { + return deserialize_then_decompress_5_e7(serialized); } /** @@ -5106,7 +5182,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_ef_92(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_ef_59(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5131,17 +5207,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_82( +compute_message_fc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_5d(&result, &product);); - invert_ntt_montgomery_55(&result); - result = subtract_reduce_ef_92(v, result); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a(&result, &product);); + invert_ntt_montgomery_8c(&result); + result = subtract_reduce_ef_59(v, result); return result; } @@ -5151,13 +5227,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_15( +static KRML_MUSTINLINE void compress_then_serialize_message_ee( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_field_modulus_b0(re.coefficients[i0]); + to_unsigned_field_modulus_c4(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5183,18 +5259,18 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_c9(IndCpaPrivateKeyUnpacked_42 *secret_key, +static void decrypt_unpacked_ee(IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ce( + deserialize_then_decompress_ring_element_v_87( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_82(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_fc(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5208,10 +5284,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5f1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_121(secret_key, secret_as_ntt); + deserialize_secret_key_831(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5222,7 +5298,7 @@ static void decrypt_dc1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_c9(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ee(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -5274,7 +5350,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_191( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5292,7 +5368,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_dc1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5f1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5314,7 +5390,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_191( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_40(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9f(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5324,17 +5400,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_191( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_4b1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_6f1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_19(Eurydice_array_to_slice((size_t)32U, + kdf_d8_a6(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_19(shared_secret0, shared_secret1); + kdf_d8_a6(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_40(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5349,7 +5425,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_750( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -5363,7 +5439,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a5(ring_element); + deserialize_to_reduced_ring_element_01(ring_element); deserialized_pk[i0] = uu____0; } } @@ -5374,15 +5450,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_530( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_ef_1b();); - deserialize_ring_elements_reduced_da0(public_key, deserialized_pk); + deserialize_ring_elements_reduced_750(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, deserialized_pk, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -5393,7 +5473,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_5a0( +static KRML_MUSTINLINE void serialize_secret_key_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5411,11 +5491,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a0( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8b(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); + uint8_t result[768U]; + memcpy(result, out, (size_t)768U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } /** @@ -5426,13 +5508,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_mut_3c0( +static KRML_MUSTINLINE void serialize_public_key_mut_120( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret[768U]; - serialize_secret_key_5a0(t_as_ntt, ret); + serialize_secret_key_1d0(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5449,11 +5531,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_070( +static KRML_MUSTINLINE void serialize_public_key_e90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; - serialize_public_key_mut_3c0(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_120(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[800U]; memcpy(result, public_key_serialized, (size_t)800U * sizeof(uint8_t)); memcpy(ret, result, (size_t)800U * sizeof(uint8_t)); @@ -5467,15 +5549,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_070(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_out_530( + deserialize_ring_elements_reduced_out_fa0( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_070( + serialize_public_key_e90( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t), @@ -5505,7 +5587,7 @@ with const generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_b4( +bool libcrux_ml_kem_ind_cca_validate_private_key_90( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *_ciphertext) { uint8_t t[32U]; @@ -5611,7 +5693,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_36( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_7e( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -6061,7 +6143,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -6080,7 +6162,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b10( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_6b0( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);); return domain_separator; } @@ -6104,7 +6186,7 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_440( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6113,7 +6195,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_out_cb0( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b10(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_f70(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6138,7 +6220,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_5d0( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6162,7 +6244,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_c70( +static KRML_MUSTINLINE void compute_As_plus_e_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -6189,10 +6271,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_5d0(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a0(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -6205,12 +6287,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void generate_keypair_unpacked_e90( +static void generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_ae *private_key, IndCpaPublicKeyUnpacked_ae *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_36(key_generation_seed, hashed); + cpa_keygen_seed_d8_7e(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6230,17 +6312,17 @@ static void generate_keypair_unpacked_e90( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b10(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_f70(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input, domain_separator) .fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_c70(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f00(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -6261,18 +6343,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_500( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_080( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_ae private_key = default_1a_e90(); IndCpaPublicKeyUnpacked_ae public_key = default_8d_d10(); - generate_keypair_unpacked_e90(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_860(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[800U]; - serialize_public_key_070( + serialize_public_key_e90( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_5a0(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d0(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6296,7 +6378,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a1( +static KRML_MUSTINLINE void serialize_kem_secret_key_4a( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6352,7 +6434,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6361,13 +6443,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_500(ind_cpa_keypair_randomness); + generate_keypair_080(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_a1( + serialize_kem_secret_key_4a( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6376,13 +6458,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -6395,7 +6477,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_89(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_9c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6445,7 +6527,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_7f0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_230(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_ef_1b();); @@ -6501,18 +6583,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_550( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_08(&zeta_i, re); - invert_ntt_at_layer_2_91(&zeta_i, re); - invert_ntt_at_layer_3_41(&zeta_i, re); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_17(re); + invert_ntt_at_layer_1_19(&zeta_i, re); + invert_ntt_at_layer_2_f7(&zeta_i, re); + invert_ntt_at_layer_3_77(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_b4(re); } /** @@ -6521,14 +6603,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_b80( +static KRML_MUSTINLINE void compute_vector_u_d20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result0[i] = ZERO_ef_1b();); + result[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -6548,16 +6630,12 @@ static KRML_MUSTINLINE void compute_vector_u_b80( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_5d0(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a0(&result[i1], &product); } - invert_ntt_montgomery_550(&result0[i1]); - add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c0(&result[i1]); + add_error_reduce_ef_da(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; - memcpy( - result, result0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6570,7 +6648,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1e0( +compute_ring_element_v_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6578,10 +6656,10 @@ compute_ring_element_v_1e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_5d0(&result, &product);); - invert_ntt_montgomery_550(&result); - result = add_message_error_reduce_ef_21(error_2, message, result); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); + invert_ntt_montgomery_8c0(&result); + result = add_message_error_reduce_ef_5c(error_2, message, result); return result; } @@ -6591,14 +6669,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_470( +static KRML_MUSTINLINE void compress_then_serialize_10_c50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_fe(to_unsigned_field_modulus_b0(re->coefficients[i0])); + compress_0d_83(to_unsigned_field_modulus_c4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6618,10 +6696,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b50( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_390( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_470(re, uu____0); + compress_then_serialize_10_c50(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6634,7 +6712,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_cd0( +static void compress_then_serialize_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6650,7 +6728,7 @@ static void compress_then_serialize_u_cd0( out, i0 * ((size_t)640U / (size_t)2U), (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b50(&re, ret); + compress_then_serialize_ring_element_u_390(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -6663,9 +6741,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_cf0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_06(re, out); + compress_then_serialize_4_df(re, out); } /** @@ -6686,7 +6764,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, +static void encrypt_unpacked_430(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -6695,7 +6773,7 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = - sample_vector_cbd_then_ntt_out_cb0(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_440(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6705,7 +6783,7 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_7f0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_230(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6719,25 +6797,25 @@ static void encrypt_unpacked_c30(IndCpaPublicKeyUnpacked_ae *public_key, sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_b80(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_d20(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e3(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1e0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_950(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_cd0( + compress_then_serialize_u_540( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_cf0( + compress_then_serialize_ring_element_v_ce0( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -6761,10 +6839,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { IndCpaPublicKeyUnpacked_ae unpacked_public_key = default_8d_d10(); - deserialize_ring_elements_reduced_da0( + deserialize_ring_elements_reduced_750( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -6779,7 +6857,7 @@ static void encrypt_4b0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[768U]; - encrypt_unpacked_c30(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_430(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)768U * sizeof(uint8_t)); } @@ -6794,7 +6872,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_d8_ab(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_f4(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6821,11 +6899,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8a0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_89( + entropy_preprocess_d8_9c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6835,7 +6913,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( size_t); uint8_t ret[32U]; H_f1_d50(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6849,19 +6927,19 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_660( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_fd_fe0(public_key), uint8_t); + (size_t)800U, libcrux_ml_kem_types_as_slice_fd_120(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_4b0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_450(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_ab(shared_secret, shared_secret_array); + kdf_d8_f4(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6879,7 +6957,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_120( +static KRML_MUSTINLINE void deserialize_secret_key_830( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -6896,7 +6974,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_120( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_07(secret_bytes); + deserialize_to_uncompressed_ring_element_a4(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; @@ -6915,8 +6993,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_cd0(Eurydice_slice serialized) { - return deserialize_then_decompress_10_5c(serialized); +deserialize_then_decompress_ring_element_u_580(Eurydice_slice serialized) { + return deserialize_then_decompress_10_40(serialized); } /** @@ -6925,17 +7003,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_2c0( +static KRML_MUSTINLINE void ntt_vector_u_f10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)6U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)5U); ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_d0(&zeta_i, re); - ntt_at_layer_2_76(&zeta_i, re); - ntt_at_layer_1_5d(&zeta_i, re); - poly_barrett_reduce_ef_17(re); + ntt_at_layer_3_b8(&zeta_i, re); + ntt_at_layer_2_34(&zeta_i, re); + ntt_at_layer_1_21(&zeta_i, re); + poly_barrett_reduce_ef_b4(re); } /** @@ -6946,7 +7024,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -6969,11 +7047,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes); - ntt_vector_u_2c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes); + ntt_vector_u_f10(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; + memcpy( + result, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, u_as_ntt, + ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6984,8 +7066,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_ce0(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b1(serialized); +deserialize_then_decompress_ring_element_v_870(Eurydice_slice serialized) { + return deserialize_then_decompress_4_dd(serialized); } /** @@ -6995,17 +7077,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_820( +compute_message_fc0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_5d0(&result, &product);); - invert_ntt_montgomery_550(&result); - result = subtract_reduce_ef_92(v, result); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a0(&result, &product);); + invert_ntt_montgomery_8c0(&result); + result = subtract_reduce_ef_59(v, result); return result; } @@ -7019,18 +7101,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c90(IndCpaPrivateKeyUnpacked_ae *secret_key, +static void decrypt_unpacked_ee0(IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_bb0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ce0( + deserialize_then_decompress_ring_element_v_870( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_820(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_fc0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7044,10 +7126,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5f0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_120(secret_key, secret_as_ntt); + deserialize_secret_key_830(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7058,7 +7140,7 @@ static void decrypt_dc0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_c90(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ee0(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -7098,7 +7180,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_190( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7116,7 +7198,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_dc0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5f0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7138,7 +7220,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_190( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_400(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9f1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7148,17 +7230,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_190( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_4b0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_6f0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_ab(Eurydice_array_to_slice((size_t)32U, + kdf_d8_f4(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_ab(shared_secret0, shared_secret1); + kdf_d8_f4(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_400(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae0(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7173,7 +7255,7 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_751( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -7187,7 +7269,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_da1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a5(ring_element); + deserialize_to_reduced_ring_element_01(ring_element); deserialized_pk[i0] = uu____0; } } @@ -7198,15 +7280,19 @@ libcrux_ml_kem.serialize.deserialize_ring_elements_reduced_out with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_53( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_out_fa( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_ef_1b();); - deserialize_ring_elements_reduced_da1(public_key, deserialized_pk); + deserialize_ring_elements_reduced_751(public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -7217,7 +7303,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_5a1( +static KRML_MUSTINLINE void serialize_secret_key_1d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7235,11 +7321,13 @@ static KRML_MUSTINLINE void serialize_secret_key_5a1( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_8b(&re, ret0); + serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -7250,13 +7338,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_mut_3c1( +static KRML_MUSTINLINE void serialize_public_key_mut_121( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - serialize_secret_key_5a1(t_as_ntt, ret); + serialize_secret_key_1d1(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -7273,11 +7361,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_071( +static KRML_MUSTINLINE void serialize_public_key_e91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - serialize_public_key_mut_3c1(t_as_ntt, seed_for_a, public_key_serialized); + serialize_public_key_mut_121(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); memcpy(ret, result, (size_t)1184U * sizeof(uint8_t)); @@ -7291,15 +7379,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_bf(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_07(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_out_53( + deserialize_ring_elements_reduced_out_fa( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_071( + serialize_public_key_e91( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -7329,7 +7417,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -bool libcrux_ml_kem_ind_cca_validate_private_key_33( +bool libcrux_ml_kem_ind_cca_validate_private_key_94( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -7441,7 +7529,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void cpa_keygen_seed_d8_d1( +static KRML_MUSTINLINE void cpa_keygen_seed_d8_a4( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -7880,7 +7968,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11( +static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_f71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -7899,7 +7987,7 @@ static KRML_MUSTINLINE uint8_t sample_vector_cbd_then_ntt_b11( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; re_as_ntt[i0] = sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]);); return domain_separator; } @@ -7923,7 +8011,7 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_441( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7932,7 +8020,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_out_cb1( uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); domain_separator = - sample_vector_cbd_then_ntt_b11(uu____0, uu____1, domain_separator); + sample_vector_cbd_then_ntt_f71(uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -7957,7 +8045,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_ef_5d1( +static KRML_MUSTINLINE void add_to_ring_element_ef_3a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -7981,7 +8069,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_c71( +static KRML_MUSTINLINE void compute_As_plus_e_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -8008,10 +8096,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_c71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(matrix_element, &s_as_ntt[j]); - add_to_ring_element_ef_5d1(&t_as_ntt[i0], &product); + ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); + add_to_ring_element_ef_3a1(&t_as_ntt[i0], &product); } - add_standard_error_reduce_ef_0f(&t_as_ntt[i0], &error_as_ntt[i0]); + add_standard_error_reduce_ef_69(&t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -8024,12 +8112,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void generate_keypair_unpacked_e91( +static void generate_keypair_unpacked_861( Eurydice_slice key_generation_seed, IndCpaPrivateKeyUnpacked_f8 *private_key, IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - cpa_keygen_seed_d8_d1(key_generation_seed, hashed); + cpa_keygen_seed_d8_a4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8049,17 +8137,17 @@ static void generate_keypair_unpacked_e91( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - sample_vector_cbd_then_ntt_b11(uu____2, copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_f71(uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input, domain_separator) + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compute_As_plus_e_c71(public_key->t_as_ntt, public_key->A, + compute_As_plus_e_f01(public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; core_result_Result_00 dst; @@ -8080,18 +8168,18 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_50( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_08( Eurydice_slice key_generation_seed) { IndCpaPrivateKeyUnpacked_f8 private_key = default_1a_e91(); IndCpaPublicKeyUnpacked_f8 public_key = default_8d_d11(); - generate_keypair_unpacked_e91(key_generation_seed, &private_key, &public_key); + generate_keypair_unpacked_861(key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - serialize_public_key_071( + serialize_public_key_e91( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5a1(private_key.secret_as_ntt, secret_key_serialized); + serialize_secret_key_1d1(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8115,7 +8203,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b0( +static KRML_MUSTINLINE void serialize_kem_secret_key_c0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8171,7 +8259,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8180,13 +8268,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_50(ind_cpa_keypair_randomness); + generate_keypair_08(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_b0( + serialize_kem_secret_key_c0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -8195,13 +8283,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e60(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee0( - uu____2, libcrux_ml_kem_types_from_5a_670(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_780( + uu____2, libcrux_ml_kem_types_from_5a_af0(copy_of_public_key)); } /** @@ -8214,7 +8302,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_d8_a9(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_d8_05(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8232,7 +8320,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_7f1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_231(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_ef_1b();); @@ -8288,18 +8376,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_551( +static KRML_MUSTINLINE void invert_ntt_montgomery_8c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_08(&zeta_i, re); - invert_ntt_at_layer_2_91(&zeta_i, re); - invert_ntt_at_layer_3_41(&zeta_i, re); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_ed(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_ef_17(re); + invert_ntt_at_layer_1_19(&zeta_i, re); + invert_ntt_at_layer_2_f7(&zeta_i, re); + invert_ntt_at_layer_3_77(&zeta_i, re); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_dd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_ef_b4(re); } /** @@ -8308,14 +8396,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_b81( +static KRML_MUSTINLINE void compute_vector_u_d21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result0[i] = ZERO_ef_1b();); + result[i] = ZERO_ef_1b();); for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( @@ -8335,16 +8423,12 @@ static KRML_MUSTINLINE void compute_vector_u_b81( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - add_to_ring_element_ef_5d1(&result0[i1], &product); + ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + add_to_ring_element_ef_3a1(&result[i1], &product); } - invert_ntt_montgomery_551(&result0[i1]); - add_error_reduce_ef_4d(&result0[i1], &error_1[i1]); + invert_ntt_montgomery_8c1(&result[i1]); + add_error_reduce_ef_da(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8357,7 +8441,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1e1( +compute_ring_element_v_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8365,10 +8449,10 @@ compute_ring_element_v_1e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_ef_5d1(&result, &product);); - invert_ntt_montgomery_551(&result); - result = add_message_error_reduce_ef_21(error_2, message, result); + ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); + invert_ntt_montgomery_8c1(&result); + result = add_message_error_reduce_ef_5c(error_2, message, result); return result; } @@ -8381,7 +8465,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_cd1( +static void compress_then_serialize_u_541( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8397,7 +8481,7 @@ static void compress_then_serialize_u_cd1( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b50(&re, ret); + compress_then_serialize_ring_element_u_390(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } @@ -8421,7 +8505,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, +static void encrypt_unpacked_431(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { @@ -8431,7 +8515,7 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = - sample_vector_cbd_then_ntt_out_cb1(copy_of_prf_input0, 0U); + sample_vector_cbd_then_ntt_out_441(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -8441,7 +8525,7 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_7f1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_231(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8455,25 +8539,25 @@ static void encrypt_unpacked_c31(IndCpaPublicKeyUnpacked_f8 *public_key, sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_b81(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_d21(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_e3(copy_of_message); + deserialize_then_decompress_message_5e(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1e1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_951(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_cd1( + compress_then_serialize_u_541( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_cf0( + compress_then_serialize_ring_element_v_ce0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -8497,10 +8581,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_6f(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { IndCpaPublicKeyUnpacked_f8 unpacked_public_key = default_8d_d11(); - deserialize_ring_elements_reduced_da1( + deserialize_ring_elements_reduced_751( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -8515,7 +8599,7 @@ static void encrypt_4b(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - encrypt_unpacked_c31(uu____1, copy_of_message, randomness, result); + encrypt_unpacked_431(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -8530,7 +8614,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_d8_b7(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_d8_8d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8557,11 +8641,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8a( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_d8_a9( + entropy_preprocess_d8_05( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -8571,7 +8655,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( size_t); uint8_t ret[32U]; H_f1_d51(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -8585,19 +8669,19 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_66( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_fe1(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_121(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_4b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_6f(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_451(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_7b1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_d8_b7(shared_secret, shared_secret_array); + kdf_d8_8d(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8615,7 +8699,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_12( +static KRML_MUSTINLINE void deserialize_secret_key_83( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -8632,7 +8716,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_12( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_07(secret_bytes); + deserialize_to_uncompressed_ring_element_a4(secret_bytes); secret_as_ntt[i0] = uu____0; } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; @@ -8652,7 +8736,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -8675,11 +8759,15 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_cd0(u_bytes); - ntt_vector_u_2c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_580(u_bytes); + ntt_vector_u_f10(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -8690,17 +8778,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_821( +compute_message_fc1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_ef_1b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_ef_45(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_ef_5d1(&result, &product);); - invert_ntt_montgomery_551(&result); - result = subtract_reduce_ef_92(v, result); + ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_ef_3a1(&result, &product);); + invert_ntt_montgomery_8c1(&result); + result = subtract_reduce_ef_59(v, result); return result; } @@ -8714,18 +8802,18 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c91(IndCpaPrivateKeyUnpacked_f8 *secret_key, +static void decrypt_unpacked_ee1(IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_bb1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_ce0( + deserialize_then_decompress_ring_element_v_870( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_821(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_fc1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_15(message, ret0); + compress_then_serialize_message_ee(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8739,10 +8827,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_5f(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_12(secret_key, secret_as_ntt); + deserialize_secret_key_83(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -8753,7 +8841,7 @@ static void decrypt_dc(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - decrypt_unpacked_c91(&secret_key_unpacked, ciphertext, result); + decrypt_unpacked_ee1(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -8793,7 +8881,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_19( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8811,7 +8899,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_dc(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_5f(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8833,7 +8921,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_19( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_401(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_9f3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -8843,16 +8931,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_19( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_4b(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_6f(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_d8_b7(Eurydice_array_to_slice((size_t)32U, + kdf_d8_8d(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - kdf_d8_b7(shared_secret0, shared_secret1); + kdf_d8_8d(shared_secret0, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_401(ciphertext), + libcrux_ml_kem_types_as_ref_00_ae1(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index c9875da03..f6b926cc0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem_portable_H @@ -74,6 +74,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]); +void libcrux_ml_kem_vector_portable_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -99,6 +103,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -421,8 +428,7 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out); + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out); libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_ntt_ntt_multiply( @@ -444,6 +450,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[2U]); +void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -455,6 +465,9 @@ void libcrux_ml_kem_vector_portable_serialize_1_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -476,6 +489,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[8U]); +void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -490,6 +507,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -512,6 +532,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]); +void libcrux_ml_kem_vector_portable_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -526,6 +550,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -540,6 +567,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]); +void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -554,6 +585,9 @@ int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -574,6 +608,10 @@ void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]); +void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -593,6 +631,9 @@ int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a); + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 6e2ab7015..426a4f6a6 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index d854d460d..79b702c22 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7da61a71e..d8b5a67ab 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 1e2de3251..950cc2aba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5cf30d99e..c0f445770 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 362ca6ad1..c5d577d1d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index dc4e2de87..9561d6d0d 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -2,5 +2,5 @@ This code was generated with the following revisions: Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 -F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd -Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 +F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 +Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index dcf4fd6fe..95ad567ef 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_76( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_24( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -245,7 +245,7 @@ with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_5a_67(uint8_t value[1184U]) { +libcrux_ml_kem_types_from_5a_af(uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); @@ -279,7 +279,7 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_3a_ee(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_3a_78(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); @@ -295,7 +295,7 @@ with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_7f_af(uint8_t value[2400U]) { +libcrux_ml_kem_types_from_7f_e6(uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); @@ -359,7 +359,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_8c(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_96(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -376,7 +376,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_fd with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_02( +static inline uint8_t *libcrux_ml_kem_types_as_slice_fd_60( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -428,7 +428,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_8c( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e7( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 898681bb4..8ea31d766 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 053e1683b..b28ba871c 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1236,7 +1236,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_23(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_ff(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -1248,7 +1248,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1269,7 +1269,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1287,7 +1287,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ff( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_a4( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1310,7 +1310,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_a8(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -1322,7 +1322,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1374,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e6( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( vector); } @@ -1388,7 +1388,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_86( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_58( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1404,7 +1404,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_86( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a6( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( coefficient); } return re; @@ -1418,7 +1418,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1470,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e60( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( vector); } @@ -1484,7 +1484,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_33( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1495,7 +1495,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_6d( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a60( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( coefficient); } return re; @@ -1509,9 +1509,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_86(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_58(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1586,7 +1586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_bc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1605,7 +1605,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_89( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_c2( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1625,7 +1625,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_d7( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_09( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1652,7 +1652,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1669,7 +1669,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)7U, @@ -1680,13 +1680,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_96( (size_t)3U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ba(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_bc(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_89(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_c2(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_d7(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_09(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re); } /** @@ -1699,7 +1699,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1724,12 +1724,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_3c( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_7b( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_96(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_b5(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + memcpy( + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( - ret, u_as_ntt, + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -1741,7 +1745,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1793,9 +1797,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e61( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( vector); } @@ -1807,7 +1811,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1818,7 +1822,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a61( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( coefficient); } return re; @@ -1832,7 +1836,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1884,9 +1888,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e62( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( vector); } @@ -1898,7 +1902,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -1909,7 +1913,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1b( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_a62( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( re.coefficients[i0]); } return re; @@ -1923,9 +1927,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c2(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9(serialized); } /** @@ -1941,7 +1945,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_ef_b2( +libcrux_ml_kem_polynomial_ntt_multiply_ef_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = @@ -1974,7 +1978,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_31( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; @@ -1995,7 +1999,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2019,7 +2023,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2041,7 +2045,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2062,7 +2066,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_09(b, &a); @@ -2081,7 +2085,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2096,7 +2100,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_9b( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_ef( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); __m256i x = uu____0.fst; @@ -2114,22 +2118,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_2d(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_38(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_0f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d8(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_73(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_18(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_e0(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_72(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re); } /** @@ -2145,7 +2149,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_ef_23( +libcrux_ml_kem_polynomial_subtract_reduce_ef_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2169,7 +2173,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_ee( +libcrux_ml_kem_matrix_compute_message_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2178,12 +2182,12 @@ libcrux_ml_kem_matrix_compute_message_ee( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_23(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_a0(v, result); return result; } @@ -2194,7 +2198,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2208,9 +2212,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_c1( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_09_0f( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_f2(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_0c(vector); } /** @@ -2221,8 +2225,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_c1(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_09_0f(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_09( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_09(a, &fm); @@ -2236,8 +2240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b(__m256i a) { - return libcrux_ml_kem_vector_traits_to_unsigned_representative_3f(a); +libcrux_ml_kem_serialize_to_unsigned_field_modulus_88(__m256i a) { + return libcrux_ml_kem_vector_traits_to_unsigned_representative_b5(a); } /** @@ -2248,12 +2252,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_db( +libcrux_ml_kem_serialize_compress_then_serialize_message_53( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_09(coefficient); @@ -2280,20 +2284,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9c(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_96(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_2a( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_ee(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_db(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_53(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2308,11 +2312,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_3a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_c6(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2324,7 +2328,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_1c(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -2418,7 +2422,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -2442,7 +2446,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -2456,7 +2460,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ed( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_63( ring_element); deserialized_pk[i0] = uu____0; } @@ -2937,7 +2941,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_f4(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_2d(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -3128,7 +3132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; @@ -3138,13 +3142,13 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef( (size_t)11207U + (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_ca( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_ba( + libcrux_ml_kem_ntt_ntt_at_layer_3_bc( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_89( + libcrux_ml_kem_ntt_ntt_at_layer_2_c2( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_d7( + libcrux_ml_kem_ntt_ntt_at_layer_1_09( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_a9(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_dc(re); } /** @@ -3157,7 +3161,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -3179,7 +3183,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_ef(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_44(&re_as_ntt[i0]); } return domain_separator; } @@ -3194,7 +3198,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3203,7 +3207,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3228,7 +3232,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_92(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_0d(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -3242,7 +3246,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3320,7 +3324,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_c6(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_8e(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -3336,7 +3340,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_e3( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3358,14 +3362,14 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_cf( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); + result[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -3386,18 +3390,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_43( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_3a(&result0[i1], - &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_e3(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -3410,7 +3409,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_06( +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_8f( __m256i vec) { __m256i z = libcrux_ml_kem_vector_avx2_ZERO_09(); __m256i s = libcrux_ml_kem_vector_avx2_sub_09(z, &vec); @@ -3426,7 +3425,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_44( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -3437,7 +3436,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_06(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_8f(coefficient_compressed); } return re; } @@ -3455,7 +3454,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3483,7 +3482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_5b( +libcrux_ml_kem_matrix_compute_ring_element_v_de( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3493,12 +3492,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_5b( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_ea(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_81( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_3e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_d4( error_2, message, result); return result; } @@ -3511,7 +3510,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3566,9 +3565,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a6( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_82( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( vector); } @@ -3580,14 +3579,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_34( +libcrux_ml_kem_serialize_compress_then_serialize_10_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a6( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); @@ -3609,7 +3608,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3664,9 +3663,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a60( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_820( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( vector); } @@ -3678,14 +3677,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_47( +libcrux_ml_kem_serialize_compress_then_serialize_11_65( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a60( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); @@ -3706,10 +3705,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_34(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_b4(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3723,7 +3722,7 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -3739,7 +3738,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_e3(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b8(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -3754,7 +3753,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3809,9 +3808,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a61( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_821( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( vector); } @@ -3823,14 +3822,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_c3( +libcrux_ml_kem_serialize_compress_then_serialize_4_ea( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_4e1( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a61( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); @@ -3849,7 +3848,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3904,9 +3903,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_4e2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a62( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_822( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( vector); } @@ -3918,14 +3917,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_de( +libcrux_ml_kem_serialize_compress_then_serialize_5_47( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_4e2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_3f( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_a62( + libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); @@ -3945,9 +3944,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_c3(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_ea(re, out); } /** @@ -3968,7 +3967,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_32( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3976,7 +3975,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -3986,7 +3985,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_fe( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_e7( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4001,27 +4000,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( libcrux_ml_kem_sampling_sample_from_binomial_distribution_d7( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_43(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_cf(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_45( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_44( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_5b( + libcrux_ml_kem_matrix_compute_ring_element_v_de( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_57( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ba( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_63( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -4045,13 +4044,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_e7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -4067,7 +4066,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_b6(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -4084,7 +4083,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_16( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_dc( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4116,7 +4115,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4134,7 +4133,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4158,7 +4157,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( @@ -4169,18 +4168,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_16( + libcrux_ml_kem_variant_kdf_d8_dc( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_16(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_dc(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4210,10 +4209,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); } /** @@ -4227,7 +4226,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_14(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, ciphertext, ret); } @@ -4242,7 +4241,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_64( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_c5( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4285,11 +4284,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_64( + libcrux_ml_kem_variant_entropy_preprocess_d8_c5( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4300,7 +4299,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -4315,20 +4314,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_16(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_dc(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4360,14 +4359,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a7(uu____0, copy_of_randomness); } /** @@ -4385,7 +4384,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_14( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( uu____0, copy_of_randomness); } @@ -4421,7 +4420,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_75( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_10( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -4444,7 +4443,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_79( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c1( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_09( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -4463,14 +4462,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_79( + libcrux_ml_kem_vector_traits_to_standard_domain_c1( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_09( libcrux_ml_kem_vector_avx2_add_09(coefficient_normal_form, @@ -4485,7 +4484,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_67( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, @@ -4513,12 +4512,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_2d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_b2(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_63(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_4f(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_31(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_34( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_ba( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -4533,12 +4532,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_75(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_10(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4558,7 +4557,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4566,11 +4565,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_2d( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -4588,13 +4587,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_7b( + __m256i coefficient = libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_09(coefficient, bytes); @@ -4616,7 +4615,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_05( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -4634,11 +4633,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_99( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_2c(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_b8(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -4650,13 +4651,13 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_99(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -4674,11 +4675,11 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -4699,20 +4700,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_6a(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_47(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -4738,7 +4739,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -4795,7 +4796,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d2(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -4804,13 +4805,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_6a(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_47(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -4819,13 +4820,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -4841,12 +4842,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d2(copy_of_randomness); } /** @@ -4858,7 +4859,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_8b( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( copy_of_randomness); } @@ -4874,7 +4875,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_20( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -4885,7 +4886,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_f5( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_76(ciphertext), + libcrux_ml_kem_types_as_slice_d4_24(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -4919,7 +4920,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4937,7 +4938,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_1c(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -4961,7 +4962,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( @@ -4972,18 +4973,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_1f0( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_f5( + libcrux_ml_kem_variant_kdf_33_20( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_f5(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_20(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5017,10 +5018,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_1f0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); } /** @@ -5034,7 +5035,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_7a( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( private_key, ciphertext, ret); } @@ -5049,7 +5050,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_e7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_d3( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_41(randomness, ret); } @@ -5074,11 +5075,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_a70( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_e7( + libcrux_ml_kem_variant_entropy_preprocess_33_d3( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5089,7 +5090,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5104,20 +5105,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_b6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_f5(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_20(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5152,14 +5153,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_a70(uu____0, copy_of_randomness); } /** @@ -5177,7 +5178,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ff( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( uu____0, copy_of_randomness); } @@ -5192,7 +5193,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_bc( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_39( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G_a9_9f(key_generation_seed, ret); } @@ -5207,12 +5208,12 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_bc(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_39(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5232,7 +5233,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b0( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5240,11 +5241,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_81( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_d7( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_matrix_compute_As_plus_e_2d( + libcrux_ml_kem_matrix_compute_As_plus_e_67( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5268,21 +5269,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_6a0( +libcrux_ml_kem_ind_cpa_generate_keypair_470( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a40( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a0( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_99(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_05(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5315,7 +5316,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5324,13 +5325,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_6a0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_470(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_1f( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_71( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5339,13 +5340,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_0b0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -5362,12 +5363,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_0b0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d20(copy_of_randomness); } /** @@ -5379,7 +5380,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_a1( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( copy_of_randomness); } @@ -5392,7 +5393,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_3a( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_e5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -5418,10 +5419,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_3a(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_e5(private_key, ciphertext); } @@ -5434,7 +5435,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_01( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( private_key, ciphertext); } @@ -5446,7 +5447,7 @@ types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_4b( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_1a( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -5459,17 +5460,21 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; memcpy( - ret, deserialized_pk, + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } @@ -5482,16 +5487,16 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c0( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_84( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_3e( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_86( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -5510,9 +5515,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_c0(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_84(public_key); } /** @@ -5523,7 +5528,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_59( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( public_key->value); } @@ -5549,11 +5554,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_81( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b3( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_1d( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5583,7 +5588,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_16( @@ -5595,11 +5600,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_32( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5636,10 +5641,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_6a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(key_pair, ciphertext, ret); } /** @@ -5653,7 +5658,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_44( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( private_key, ciphertext, ret); } @@ -5676,7 +5681,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5704,7 +5709,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_32(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5714,7 +5719,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_11( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5748,7 +5753,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5756,7 +5761,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_11(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_f8(uu____0, copy_of_randomness); } @@ -5777,7 +5782,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_71( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( uu____0, copy_of_randomness); } @@ -5797,7 +5802,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_59(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_dd(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_ef_05(); } @@ -5816,7 +5821,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_05(); @@ -5836,7 +5841,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_8d_ae( +libcrux_ml_kem_polynomial_clone_8d_55( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5863,7 +5868,7 @@ with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -5873,19 +5878,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_a4( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_4a( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_c4(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_0a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_ae( + libcrux_ml_kem_polynomial_clone_8d_55( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -5898,7 +5903,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_ca( + libcrux_ml_kem_ind_cpa_serialize_public_key_e5( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -5934,13 +5939,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_41(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_12(copy_of_randomness, out); } /** @@ -5953,7 +5958,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_00( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( copy_of_randomness, key_pair); } @@ -5970,7 +5975,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_44(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); lit.public_key_hash[0U] = 0U; @@ -6022,7 +6027,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_2c(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_b9(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6060,7 +6065,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_44()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_f9()}); } /** @@ -6069,7 +6074,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_2c(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_b9(); } /** @@ -6078,7 +6083,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_44(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(); } /** @@ -6099,10 +6104,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_6c( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -6127,10 +6132,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( &self->public_key, serialized); } @@ -6142,7 +6147,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_39(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b(key_pair, serialized); } @@ -6159,7 +6164,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6196,11 +6201,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_69( +libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_18(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6224,7 +6229,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6237,8 +6242,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_69( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_b9(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b(key_pair)); pk[0U] = uu____0; } @@ -6249,7 +6254,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_99(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf(public_key, serialized); } @@ -6267,13 +6272,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72( +libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_ea( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e4( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -6293,7 +6298,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_41( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -6314,11 +6319,11 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_72(public_key, + libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_8b(public_key, unpacked_public_key); } @@ -6330,7 +6335,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_7f( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index 1e215bec0..b40c9731a 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3d23894e4..b32c976d7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_portable_H @@ -250,6 +250,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( ret[21U] = r11_21.f10; } +static inline void libcrux_ml_kem_vector_portable_serialize_11( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -257,7 +263,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_11(a, ret); + libcrux_ml_kem_vector_portable_serialize_11(a, ret); } typedef struct int16_t_x8_s { @@ -361,13 +367,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_11(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); + return libcrux_ml_kem_vector_portable_deserialize_11(a); } static KRML_MUSTINLINE void @@ -1271,8 +1282,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_step( int16_t t = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( vec->elements[j], zeta); - vec->elements[j] = vec->elements[i] - t; - vec->elements[i] = vec->elements[i] + t; + int16_t a_minus_t = vec->elements[i] - t; + int16_t a_plus_t = vec->elements[i] + t; + vec->elements[j] = a_minus_t; + vec->elements[i] = a_plus_t; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1381,8 +1394,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_inv_ntt_step( libcrux_ml_kem_vector_portable_vector_type_PortableVector *vec, int16_t zeta, size_t i, size_t j) { int16_t a_minus_b = vec->elements[j] - vec->elements[i]; + int16_t a_plus_b = vec->elements[j] + vec->elements[i]; int16_t o0 = libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( - vec->elements[i] + vec->elements[j]); + a_plus_b); int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( a_minus_b, zeta); @@ -1497,12 +1511,11 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, - size_t i, size_t j, - libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { - int16_t ai = a->elements[i]; - int16_t bi = b->elements[i]; - int16_t aj = a->elements[j]; - int16_t bj = b->elements[j]; + size_t i, libcrux_ml_kem_vector_portable_vector_type_PortableVector *out) { + int16_t ai = a->elements[(size_t)2U * i]; + int16_t bi = b->elements[(size_t)2U * i]; + int16_t aj = a->elements[(size_t)2U * i + (size_t)1U]; + int16_t bj = b->elements[(size_t)2U * i + (size_t)1U]; int32_t ai_bi = (int32_t)ai * (int32_t)bi; int32_t aj_bj_ = (int32_t)aj * (int32_t)bj; int16_t aj_bj = @@ -1519,8 +1532,10 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( int16_t o1 = libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( ai_bj_aj_bi); - out->elements[i] = o0; - out->elements[j] = o1; + int16_t _out0[16U]; + memcpy(_out0, out->elements, (size_t)16U * sizeof(int16_t)); + out->elements[(size_t)2U * i] = o0; + out->elements[(size_t)2U * i + (size_t)1U] = o1; } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1534,22 +1549,22 @@ libcrux_ml_kem_vector_portable_ntt_ntt_multiply( int16_t nzeta3 = -zeta3; libcrux_ml_kem_vector_portable_vector_type_PortableVector out = libcrux_ml_kem_vector_portable_vector_type_zero(); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta0, (size_t)0U, (size_t)1U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta0, (size_t)2U, (size_t)3U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta1, (size_t)4U, (size_t)5U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta1, (size_t)6U, (size_t)7U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta2, (size_t)8U, (size_t)9U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta2, (size_t)10U, (size_t)11U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, zeta3, (size_t)12U, (size_t)13U, &out); - libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( - lhs, rhs, nzeta3, (size_t)14U, (size_t)15U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta0, + (size_t)0U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta0, + (size_t)1U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta1, + (size_t)2U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta1, + (size_t)3U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta2, + (size_t)4U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta2, + (size_t)5U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, zeta3, + (size_t)6U, &out); + libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials(lhs, rhs, nzeta3, + (size_t)7U, &out); return out; } @@ -1590,6 +1605,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_1( ret[1U] = result1; } +static inline void libcrux_ml_kem_vector_portable_serialize_1( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1597,7 +1618,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_1_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_1(a, ret); + libcrux_ml_kem_vector_portable_serialize_1(a, ret); } static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -1684,13 +1705,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); + return libcrux_ml_kem_vector_portable_deserialize_1(a); } typedef struct uint8_t_x4_s { @@ -1748,6 +1774,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( ret[7U] = result4_7.f3; } +static inline void libcrux_ml_kem_vector_portable_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1755,7 +1787,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); + libcrux_ml_kem_vector_portable_serialize_4(a, ret); } static KRML_MUSTINLINE int16_t_x8 @@ -1825,13 +1857,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); + return libcrux_ml_kem_vector_portable_deserialize_4(a); } typedef struct uint8_t_x5_s { @@ -1888,6 +1925,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( ret[9U] = r5_9.f4; } +static inline void libcrux_ml_kem_vector_portable_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1895,7 +1938,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); + libcrux_ml_kem_vector_portable_serialize_5(a, ret); } static KRML_MUSTINLINE int16_t_x8 @@ -1976,13 +2019,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); + return libcrux_ml_kem_vector_portable_deserialize_5(a); } static KRML_MUSTINLINE uint8_t_x5 @@ -2057,6 +2105,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( ret[19U] = r15_19.f4; } +static inline void libcrux_ml_kem_vector_portable_serialize_10( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -2064,7 +2118,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); + libcrux_ml_kem_vector_portable_serialize_10(a, ret); } static KRML_MUSTINLINE int16_t_x8 @@ -2153,13 +2207,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); + return libcrux_ml_kem_vector_portable_deserialize_10(a); } typedef struct uint8_t_x3_s { @@ -2234,6 +2293,12 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( ret[23U] = r21_23.thd; } +static inline void libcrux_ml_kem_vector_portable_serialize_12( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -2241,7 +2306,7 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} static inline void libcrux_ml_kem_vector_portable_serialize_12_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_12(a, ret); + libcrux_ml_kem_vector_portable_serialize_12(a, ret); } typedef struct int16_t_x2_s { @@ -2304,13 +2369,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { return lit; } +static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_12(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_12(a); + return libcrux_ml_kem_vector_portable_deserialize_12(a); } static KRML_MUSTINLINE size_t @@ -2486,7 +2556,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_57(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_97(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -2497,7 +2567,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2519,7 +2589,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2537,7 +2607,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_4c( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_e8( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2559,7 +2629,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_77(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_46(size_t _) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -2570,7 +2640,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2595,9 +2665,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe( v); } @@ -2608,7 +2678,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2627,7 +2697,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_78( coefficient); re.coefficients[i0] = uu____0; } @@ -2641,7 +2711,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2666,9 +2736,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a0( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe0( v); } @@ -2679,7 +2749,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_6f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2691,7 +2761,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_a7( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea0( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_780( coefficient); re.coefficients[i0] = uu____0; } @@ -2705,9 +2775,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f9(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_4c(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2785,7 +2855,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b8( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2805,7 +2875,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_76( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2826,7 +2896,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_21( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2854,7 +2924,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2872,7 +2942,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)7U, @@ -2883,13 +2953,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_62( (size_t)3U * (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf(&zeta_i, re, (size_t)4U, (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_d0(&zeta_i, re, (size_t)3U, + libcrux_ml_kem_ntt_ntt_at_layer_3_b8(&zeta_i, re, (size_t)3U, (size_t)5U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_76(&zeta_i, re, (size_t)2U, + libcrux_ml_kem_ntt_ntt_at_layer_2_34(&zeta_i, re, (size_t)2U, (size_t)6U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_5d(&zeta_i, re, (size_t)1U, + libcrux_ml_kem_ntt_ntt_at_layer_1_21(&zeta_i, re, (size_t)1U, (size_t)7U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re); } /** @@ -2901,7 +2971,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2926,12 +2996,16 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_ad( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_62(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_7c(&u_as_ntt[i0]); } + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; memcpy( - ret, u_as_ntt, + result, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy( + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -2942,7 +3016,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2967,9 +3041,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a1( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe1( v); } @@ -2980,7 +3054,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_87( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -2992,7 +3066,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea1( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_781( coefficient); re.coefficients[i0] = uu____0; } @@ -3006,7 +3080,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3031,9 +3105,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_4a2( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_fe2( v); } @@ -3044,7 +3118,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_df( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_34( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -3056,7 +3130,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_df( re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_ea2( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_782( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3070,9 +3144,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_87(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_2d(serialized); } /** @@ -3087,7 +3161,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_ef_45( +libcrux_ml_kem_polynomial_ntt_multiply_ef_76( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = @@ -3121,7 +3195,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3145,7 +3219,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3168,7 +3242,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3189,7 +3263,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3211,7 +3285,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3232,7 +3306,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3247,7 +3321,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_96( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_01( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_get_zeta(zeta_i[0U])); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3264,22 +3338,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_28(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_69(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_6a(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_60(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_2f(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_47(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_fa(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b5(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re); } /** @@ -3294,7 +3368,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_ef_3d( +libcrux_ml_kem_polynomial_subtract_reduce_ef_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3320,7 +3394,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_d5( +libcrux_ml_kem_matrix_compute_message_9f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3329,12 +3403,12 @@ libcrux_ml_kem_matrix_compute_message_d5( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_ef_3d(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_ef_55(v, result); return result; } @@ -3344,7 +3418,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_95( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_38( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3364,9 +3438,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_9d( +libcrux_ml_kem_vector_portable_shift_right_0d_6b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_95(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_38(v); } /** @@ -3376,10 +3450,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( +libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_9d(a); + libcrux_ml_kem_vector_portable_shift_right_0d_6b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3393,10 +3467,10 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( +libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector result = - libcrux_ml_kem_vector_traits_to_unsigned_representative_7c(a); + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f(a); return result; } @@ -3407,13 +3481,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_b1( +libcrux_ml_kem_serialize_compress_then_serialize_message_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3441,20 +3515,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_9d(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_23(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_54( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_c5( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_d5(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_9f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_b1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_80(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3468,11 +3542,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_0d(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_ab(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_d9(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3484,7 +3558,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t result[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7(&secret_key_unpacked, ciphertext, result); memcpy(ret, result, (size_t)32U * sizeof(uint8_t)); } @@ -3573,7 +3647,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -3598,7 +3672,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *deserialized_pk) { for (size_t i = (size_t)0U; @@ -3612,7 +3686,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_87( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_53( ring_element); deserialized_pk[i0] = uu____0; } @@ -4083,7 +4157,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_55(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_closure_25(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -4253,7 +4327,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { libcrux_ml_kem_ntt_ntt_at_layer_7_97(re); size_t zeta_i = (size_t)1U; @@ -4263,13 +4337,13 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8( (size_t)11207U + (size_t)3328U); libcrux_ml_kem_ntt_ntt_at_layer_4_plus_bf( &zeta_i, re, (size_t)4U, (size_t)11207U + (size_t)2U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_d0( + libcrux_ml_kem_ntt_ntt_at_layer_3_b8( &zeta_i, re, (size_t)3U, (size_t)11207U + (size_t)3U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_76( + libcrux_ml_kem_ntt_ntt_at_layer_2_34( &zeta_i, re, (size_t)2U, (size_t)11207U + (size_t)4U * (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_5d( + libcrux_ml_kem_ntt_ntt_at_layer_1_21( &zeta_i, re, (size_t)1U, (size_t)11207U + (size_t)5U * (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_17(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_ef_b4(re); } /** @@ -4282,7 +4356,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE uint8_t -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re_as_ntt, uint8_t prf_input[33U], uint8_t domain_separator) { /* Passing arrays by value in Rust generates a copy in C */ @@ -4304,7 +4378,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_d8(&re_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_36(&re_as_ntt[i0]); } return domain_separator; } @@ -4319,7 +4393,7 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4328,7 +4402,7 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = re_as_ntt; uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( + domain_separator = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( uu____0, uu____1, domain_separator); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4353,7 +4427,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_b7(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_44(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -4367,7 +4441,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -4442,7 +4516,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_a1(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_9f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -4457,7 +4531,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_2f( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_ef_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4481,14 +4555,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_ec( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result0[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result0[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); + result[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( @@ -4509,18 +4583,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_90( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result0[i1], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result0[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_ef_2f(&result0[i1], - &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_ef_7b(&result[i1], &error_1[i1]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; - memcpy( - result, result0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -4533,7 +4602,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_d4( +libcrux_ml_kem_vector_traits_decompress_1_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector vec) { libcrux_ml_kem_vector_portable_vector_type_PortableVector z = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4552,7 +4621,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -4565,7 +4634,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( (size_t)2U * i0 + (size_t)2U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_d4(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_a8(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4583,7 +4652,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf( +libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4613,7 +4682,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_c6( +libcrux_ml_kem_matrix_compute_ring_element_v_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4623,12 +4692,12 @@ libcrux_ml_kem_matrix_compute_ring_element_v_c6( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_b9(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_bf( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_0e(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_ef_45( error_2, message, result); return result; } @@ -4639,7 +4708,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_61( +libcrux_ml_kem_vector_portable_compress_compress_6a( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4662,9 +4731,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe( +libcrux_ml_kem_vector_portable_compress_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_61(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a(a); } /** @@ -4674,15 +4743,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_9d( +libcrux_ml_kem_serialize_compress_then_serialize_10_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fe( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_vector_portable_compress_0d_83( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); @@ -4702,7 +4771,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_610( +libcrux_ml_kem_vector_portable_compress_compress_6a0( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4725,9 +4794,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe0( +libcrux_ml_kem_vector_portable_compress_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_610(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a0(a); } /** @@ -4737,15 +4806,15 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_63( +libcrux_ml_kem_serialize_compress_then_serialize_11_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fe0( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( + libcrux_ml_kem_vector_portable_compress_0d_830( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); @@ -4765,10 +4834,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_9d(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_86(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -4781,7 +4850,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4797,7 +4866,7 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( out, i0 * ((size_t)960U / (size_t)3U), (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_78(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_c5(&re, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); @@ -4810,7 +4879,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_611( +libcrux_ml_kem_vector_portable_compress_compress_6a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4833,9 +4902,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe1( +libcrux_ml_kem_vector_portable_compress_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_611(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a1(a); } /** @@ -4845,15 +4914,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_32( +libcrux_ml_kem_serialize_compress_then_serialize_4_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_fe1( - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_vector_portable_compress_0d_831( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); @@ -4870,7 +4939,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_612( +libcrux_ml_kem_vector_portable_compress_compress_6a2( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4893,9 +4962,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_fe2( +libcrux_ml_kem_vector_portable_compress_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { - return libcrux_ml_kem_vector_portable_compress_compress_612(a); + return libcrux_ml_kem_vector_portable_compress_compress_6a2(a); } /** @@ -4905,15 +4974,15 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_14( +libcrux_ml_kem_serialize_compress_then_serialize_5_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_fe2( - libcrux_ml_kem_vector_traits_to_unsigned_representative_7c( + libcrux_ml_kem_vector_portable_compress_0d_832( + libcrux_ml_kem_vector_traits_to_unsigned_representative_9f( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); @@ -4932,9 +5001,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_32(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_56(re, out); } /** @@ -4955,7 +5024,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -4963,7 +5032,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -4973,7 +5042,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_95( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_67( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -4988,27 +5057,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( libcrux_ml_kem_sampling_sample_from_binomial_distribution_6b( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_90(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_ec(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_c5( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_fc( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_c6( + libcrux_ml_kem_matrix_compute_ring_element_v_aa( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_d3( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3a( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_32( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_ef( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -5032,13 +5101,13 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_a5(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 unpacked_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), unpacked_public_key.t_as_ntt); Eurydice_slice seed = @@ -5054,7 +5123,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_a7(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t result[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____1, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____1, copy_of_message, randomness, result); memcpy(ret, result, (size_t)1088U * sizeof(uint8_t)); } @@ -5070,7 +5139,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_b7( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_d8_8d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5101,7 +5170,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5119,7 +5188,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5143,7 +5212,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( @@ -5154,18 +5223,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_d8_b7( + libcrux_ml_kem_variant_kdf_d8_8d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_d8_b7(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_d8_8d(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5195,10 +5264,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1a(private_key, ciphertext, ret); } /** @@ -5211,7 +5280,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_a8( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_ce( private_key, ciphertext, ret); } @@ -5225,7 +5294,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_a9( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_d8_05( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5266,11 +5335,11 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_d8_a9( + libcrux_ml_kem_variant_entropy_preprocess_d8_05( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5281,7 +5350,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -5296,20 +5365,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_49( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_d8_b7(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_d8_8d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5340,14 +5409,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_49(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4e(uu____0, copy_of_randomness); } /** @@ -5364,7 +5433,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_a9( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_db( uu____0, copy_of_randomness); } @@ -5398,7 +5467,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { uint8_t seed[33U] = {0U}; Eurydice_slice_copy( @@ -5421,7 +5490,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_bf( +libcrux_ml_kem_vector_traits_to_standard_domain_73( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5439,7 +5508,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( +libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -5447,7 +5516,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_bf( + libcrux_ml_kem_vector_traits_to_standard_domain_73( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -5463,7 +5532,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, @@ -5491,12 +5560,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_ef_45(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_ef_76(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_ef_5d(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_add_to_ring_element_ef_3a(&t_as_ntt[i0], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_0f( + libcrux_ml_kem_polynomial_add_standard_error_reduce_ef_69( &t_as_ntt[i0], &error_as_ntt[i0]); } } @@ -5510,12 +5579,12 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_d8_d1(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_d8_a4(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5535,7 +5604,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -5543,11 +5612,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_c7( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -5564,14 +5633,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_serialize_to_unsigned_field_modulus_b0( + libcrux_ml_kem_serialize_to_unsigned_field_modulus_c4( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); @@ -5592,7 +5661,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5610,11 +5679,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_5a( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_8b(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_c6(&re, ret0); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); + uint8_t result[1152U]; + memcpy(result, out, (size_t)1152U * sizeof(uint8_t)); + memcpy(ret, result, (size_t)1152U * sizeof(uint8_t)); } /** @@ -5625,13 +5696,13 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t *serialized) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(t_as_ntt, ret); + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(t_as_ntt, ret); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret, uint8_t), uint8_t); Eurydice_slice_copy( @@ -5648,11 +5719,11 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_07( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_e9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c(t_as_ntt, seed_for_a, + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12(t_as_ntt, seed_for_a, public_key_serialized); uint8_t result[1184U]; memcpy(result, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -5672,20 +5743,20 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_50(Eurydice_slice key_generation_seed) { +libcrux_ml_kem_ind_cpa_generate_keypair_08(Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5710,7 +5781,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5766,7 +5837,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_28(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5775,13 +5846,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_50(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_08(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -5790,13 +5861,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -5812,12 +5883,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_28(copy_of_randomness); } /** @@ -5828,7 +5899,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_d1( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_e3( copy_of_randomness); } @@ -5843,7 +5914,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_ff( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5854,7 +5925,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_variant_kdf_33_de( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_76(ciphertext), + libcrux_ml_kem_types_as_slice_d4_24(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5887,7 +5958,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_1a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5905,7 +5976,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_0d(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -5929,7 +6000,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( @@ -5940,18 +6011,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_d50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_variant_kdf_33_de( + libcrux_ml_kem_variant_kdf_33_ff( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret1[32U]; - libcrux_ml_kem_variant_kdf_33_de(shared_secret0, ciphertext, shared_secret1); + libcrux_ml_kem_variant_kdf_33_ff(shared_secret0, ciphertext, shared_secret1); uint8_t shared_secret[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret1, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5985,10 +6056,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_d50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_1a0(private_key, ciphertext, ret); } /** @@ -6001,7 +6072,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_08( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d6( private_key, ciphertext, ret); } @@ -6015,7 +6086,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_47( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_entropy_preprocess_33_57( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_d5(randomness, ret); } @@ -6039,11 +6110,11 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_4e0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_variant_entropy_preprocess_33_47( + libcrux_ml_kem_variant_entropy_preprocess_33_57( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6054,7 +6125,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), ret); Eurydice_slice_copy( @@ -6069,20 +6140,20 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_490( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_02(public_key), uint8_t); + (size_t)1184U, libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_a7(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_variant_kdf_33_de(shared_secret, &ciphertext0, + libcrux_ml_kem_variant_kdf_33_ff(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6117,14 +6188,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_490(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_4e0(uu____0, copy_of_randomness); } /** @@ -6141,7 +6212,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_9e( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_f2( uu____0, copy_of_randomness); } @@ -6155,7 +6226,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_de( +static KRML_MUSTINLINE void libcrux_ml_kem_variant_cpa_keygen_seed_33_f9( Eurydice_slice key_generation_seed, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G_f1_87(key_generation_seed, ret); } @@ -6169,12 +6240,12 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( +static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( Eurydice_slice key_generation_seed, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *private_key, libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key) { uint8_t hashed[64U]; - libcrux_ml_kem_variant_cpa_keygen_seed_33_de(key_generation_seed, hashed); + libcrux_ml_kem_variant_cpa_keygen_seed_33_f9(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6194,7 +6265,7 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t domain_separator = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_b1( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_f7( uu____2, copy_of_prf_input0, 0U); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -6202,11 +6273,11 @@ static inline void libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_cb( + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_out_44( copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_matrix_compute_As_plus_e_c7( + libcrux_ml_kem_matrix_compute_As_plus_e_f0( public_key->t_as_ntt, public_key->A, private_key->secret_as_ntt, error_as_ntt); uint8_t uu____5[32U]; @@ -6229,21 +6300,21 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_500( +libcrux_ml_kem_ind_cpa_generate_keypair_080( Eurydice_slice key_generation_seed) { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e90( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_860( key_generation_seed, &private_key, &public_key); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, public_key.seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_5a(private_key.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_1d(private_key.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6275,7 +6346,7 @@ libcrux_ml_kem_variant_Kyber with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_280(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6284,13 +6355,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_500(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_080(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_b0( + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_c0( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); @@ -6299,13 +6370,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_7f_af(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_7f_e6(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_3a_ee( - uu____2, libcrux_ml_kem_types_from_5a_67(copy_of_public_key)); + return libcrux_ml_kem_types_from_3a_78( + uu____2, libcrux_ml_kem_types_from_5a_af(copy_of_public_key)); } /** @@ -6321,12 +6392,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_280(copy_of_randomness); } /** @@ -6338,7 +6409,7 @@ libcrux_ml_kem_mlkem768_portable_kyber_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_69( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_generate_keypair_28( copy_of_randomness); } @@ -6350,7 +6421,7 @@ with const generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_fd( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_private_key_96( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_ciphertext) { uint8_t t[32U]; @@ -6375,10 +6446,10 @@ generics - CIPHERTEXT_SIZE= 1088 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_validate_private_key_fd(private_key, + return libcrux_ml_kem_ind_cca_validate_private_key_96(private_key, ciphertext); } @@ -6390,7 +6461,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( static inline bool libcrux_ml_kem_mlkem768_portable_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_b9( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_private_key_c5( private_key, ciphertext); } @@ -6402,7 +6473,7 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_bc( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_closure_16( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -6414,17 +6485,21 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); } - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( public_key, deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; + memcpy( + result, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); memcpy( - ret, deserialized_pk, + ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } @@ -6436,16 +6511,16 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_68( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f6( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_a9( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_out_ae( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t), @@ -6463,9 +6538,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_68(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_f6(public_key); } /** @@ -6475,7 +6550,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( */ static inline bool libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_1f( + return libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_b6( public_key->value); } @@ -6501,11 +6576,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( +static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_be( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_6d( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b7( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_42( @@ -6535,7 +6610,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e7(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_9f( @@ -6547,11 +6622,11 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_24( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_8c(ciphertext), + libcrux_ml_kem_types_as_ref_00_e7(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6587,10 +6662,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_unpacked_decapsulate_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_unpacked_decapsulate_be(key_pair, ciphertext, ret); } /** @@ -6604,7 +6679,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_decapsulate( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_65( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_decapsulate_57( private_key, ciphertext, ret); } @@ -6627,7 +6702,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( +static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6655,7 +6730,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_24(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_05(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6665,7 +6740,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_8c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_96(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6698,7 +6773,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -6706,7 +6781,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_unpacked_encapsulate_8e(uu____0, + return libcrux_ml_kem_ind_cca_unpacked_encapsulate_fa(uu____0, copy_of_randomness); } @@ -6726,7 +6801,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_37( + return libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_encapsulate_91( uu____0, copy_of_randomness); } @@ -6745,7 +6820,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_42(size_t _j) { +libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_closure_08(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_ef_1b(); } @@ -6763,7 +6838,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_ef_1b(); @@ -6782,7 +6857,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_8d_26( +libcrux_ml_kem_polynomial_clone_8d_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6811,7 +6886,7 @@ libcrux_ml_kem_variant_MlKem with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( +static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( @@ -6821,19 +6896,19 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_e9( + libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_86( ind_cpa_keypair_randomness, &out->private_key.ind_cpa_private_key, &out->public_key.ind_cpa_public_key); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_8d(i, A[i]); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_closure_e0(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_polynomial_clone_8d_26( + libcrux_ml_kem_polynomial_clone_8d_ef( &out->public_key.ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____0; } @@ -6846,7 +6921,7 @@ static inline void libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_07( + libcrux_ml_kem_ind_cpa_serialize_public_key_e9( out->public_key.ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice( (size_t)32U, out->public_key.ind_cpa_public_key.seed_for_A, uint8_t), @@ -6881,13 +6956,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_generate_keypair_db(copy_of_randomness, out); + libcrux_ml_kem_ind_cca_unpacked_generate_keypair_f0(copy_of_randomness, out); } /** @@ -6900,7 +6975,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_b3( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_generate_keypair_26( copy_of_randomness, key_pair); } @@ -6916,7 +6991,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); lit.public_key_hash[0U] = 0U; @@ -6967,7 +7042,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_35(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7005,7 +7080,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_6e()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fa()}); } /** @@ -7013,7 +7088,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_35(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); } /** @@ -7021,7 +7096,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_6e(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(); } /** @@ -7041,10 +7116,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cpa_serialize_public_key_mut_3c( + libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12( self->ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, self->ind_cpa_public_key.seed_for_A, uint8_t), @@ -7068,10 +7143,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( &self->public_key, serialized); } @@ -7082,7 +7157,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_e1(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7(key_pair, serialized); } @@ -7098,7 +7173,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7134,11 +7209,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( +libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_b5(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7161,7 +7236,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7173,8 +7248,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_5f( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_e7(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c(key_pair)); pk[0U] = uu____0; } @@ -7185,7 +7260,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_52(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70(public_key, serialized); } @@ -7208,7 +7283,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( *unpacked_public_key) { Eurydice_slice uu____0 = Eurydice_array_to_subslice_to( (size_t)1184U, public_key->value, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_e5( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a4( uu____0, unpacked_public_key->ind_cpa_public_key.t_as_ntt); uint8_t uu____1[32U]; libcrux_ml_kem_utils_into_padded_array_423( @@ -7228,7 +7303,7 @@ libcrux_ml_kem_ind_cca_unpacked_unpack_public_key_40( uint8_t uu____3[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_d5( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_fd_02(public_key), + libcrux_ml_kem_types_as_slice_fd_60(public_key), uint8_t), uu____3); memcpy(unpacked_public_key->public_key_hash, uu____3, @@ -7248,7 +7323,7 @@ const generics - PUBLIC_KEY_SIZE= 1184 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b( +libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { @@ -7264,7 +7339,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_5b( + libcrux_ml_kem_ind_cca_instantiations_portable_unpacked_unpack_public_key_17( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index c283eae80..7f5d57201 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 2e9dfdbc9..55e780301 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index cd92309a3..0d652a9d7 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -7,8 +7,8 @@ * Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 - * F*: 650b216aeb5901ec6f1c44ff275acd924e54bdbd - * Libcrux: b1ecb428c60dd375b8bdd05c258cd0e4d5f1fec1 + * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 + * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 */ #ifndef __libcrux_sha3_portable_H From 2ac0798983cf39a0173c994df496711726e32ac8 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 29 Sep 2024 21:41:22 +0000 Subject: [PATCH 346/348] wip --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 388 ++++++++------ libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 56 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 2 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 487 ++++++++++-------- .../cg/libcrux_mlkem768_avx2_types.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 34 +- .../cg/libcrux_mlkem768_portable_types.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- 42 files changed, 655 insertions(+), 446 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 9561d6d0d..d393ef31c 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 -Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 +Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 948c453a8..9c0e8828e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b6f562f22..cd446e37c 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index cebf41ef3..c67068ba0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index d244bab2b..2f2a3e44e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c24be2163..6ee3decbd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 8608e9d62..1cbf9e303 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 46b59cbf7..788f288e4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 3612507c1..cdea86609 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index cf2b6c42a..a62e4b058 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem1024_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_2c0( +static void decapsulate_150( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_6f0(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_2c0( void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext, uint8_t ret[32U]) { - decapsulate_2c0(private_key, ciphertext, ret); + decapsulate_150(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ad0( +static tuple_21 encapsulate_9e0( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ad0(uu____0, copy_of_randomness); + return encapsulate_9e0(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_c70( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_010( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c70(copy_of_randomness); + return generate_keypair_010(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 3168 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_private_key_d10( +static KRML_MUSTINLINE bool validate_private_key_840( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e10(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_d10( bool libcrux_ml_kem_mlkem1024_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_types_MlKemCiphertext_1f *ciphertext) { - return validate_private_key_d10(private_key, ciphertext); + return validate_private_key_840(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_e30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_4a0(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e90(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key) { - return validate_public_key_e90(public_key->value); + return validate_public_key_e30(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 4b70a98fa..037013ac3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 4d65cde05..96788b0a9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 54017b446..9a9d19aa3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index b37a698b1..bc9966b87 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 1be10624b..92728c869 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem512_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_2c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_15(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_6f(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_2c(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_2c(private_key, ciphertext, ret); + decapsulate_15(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_ad( +static tuple_ec encapsulate_9e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ad(uu____0, copy_of_randomness); + return encapsulate_9e(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_c7( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_01( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c7(copy_of_randomness); + return generate_keypair_01(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 1632 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE bool validate_private_key_d1( +static KRML_MUSTINLINE bool validate_private_key_84( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e1(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_d1( bool libcrux_ml_kem_mlkem512_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext) { - return validate_private_key_d1(private_key, ciphertext); + return validate_private_key_84(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_e3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_4a(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e9(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be *public_key) { - return validate_public_key_e9(public_key->value); + return validate_public_key_e3(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index cb75e6d2f..9a569226e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 5ac7cbf18..b8c676f21 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 1b124a20f..d77580778 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index e4da7ff00..a6116f34c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index c00a10115..e40e70dc4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem768_avx2.h" @@ -35,7 +35,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_2c1( +static void decapsulate_151( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_6f1(private_key, ciphertext, ret); @@ -51,7 +51,7 @@ static void decapsulate_2c1( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_2c1(private_key, ciphertext, ret); + decapsulate_151(private_key, ciphertext, ret); } /** @@ -71,7 +71,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_ad1( +static tuple_3c encapsulate_9e1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -95,7 +95,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ad1(uu____0, copy_of_randomness); + return encapsulate_9e1(uu____0, copy_of_randomness); } /** @@ -109,7 +109,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c71( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_011( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -125,7 +125,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c71(copy_of_randomness); + return generate_keypair_011(copy_of_randomness); } /** @@ -136,7 +136,7 @@ generics - SECRET_KEY_SIZE= 2400 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE bool validate_private_key_d11( +static KRML_MUSTINLINE bool validate_private_key_841( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e11(private_key, @@ -151,7 +151,7 @@ static KRML_MUSTINLINE bool validate_private_key_d11( bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return validate_private_key_d11(private_key, ciphertext); + return validate_private_key_841(private_key, ciphertext); } /** @@ -162,7 +162,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { +static KRML_MUSTINLINE bool validate_public_key_e31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_4a1(public_key); } @@ -173,5 +173,5 @@ static KRML_MUSTINLINE bool validate_public_key_e91(uint8_t *public_key) { */ bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return validate_public_key_e91(public_key->value); + return validate_public_key_e31(public_key->value); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 7bd1569ee..aaf21051e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index ebf808267..5b18705f9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c88640dc9..3e1a2fe82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 99c09a651..4893a5ab2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_mlkem_avx2.h" @@ -164,7 +164,8 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { __m256i t0 = mm256_mulhi_epi16( vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t1 = mm256_add_epi16(t0, mm256_set1_epi16((int16_t)512)); + __m256i t512 = mm256_set1_epi16((int16_t)512); + __m256i t1 = mm256_add_epi16(t0, t512); __m256i quotient = mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = mm256_mullo_epi16( quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -522,8 +523,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = mm_movemask_epi8(msbs); - ret[0U] = (uint8_t)bits_packed; - ret[1U] = (uint8_t)(bits_packed >> 8U); + uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)}; + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** @@ -536,34 +537,35 @@ void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsb_to_msb); +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b) { + __m256i coefficients = + mm256_set_epi16(b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + __m256i coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768)); return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + (int16_t)a, (int16_t)b); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -572,15 +574,27 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x) { + int16_t n0 = (int16_t)1 << (uint32_t)n; + return mm256_madd_epi16( + x, mm256_set_epi16(n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1)); +} + KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector); __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_2_combined, mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, @@ -617,37 +631,47 @@ void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7) { + __m256i coefficients = mm256_set_epi16(b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, + b2, b2, b1, b1, b0, b0); + __m256i coefficients_in_msb = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); __m256i coefficients_in_lsb = mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); return mm256_and_si256(coefficients_in_lsb, mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + (int16_t)b0, (int16_t)b1, (int16_t)b2, (int16_t)b3, (int16_t)b4, + (int16_t)b5, (int16_t)b6, (int16_t)b7); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -707,6 +731,22 @@ void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128(__m128i lower, + __m128i upper) { + return mm256_inserti128_si256((int32_t)1, mm256_castsi128_si256(lower), upper, + __m256i); +} + KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { __m128i coefficients = @@ -726,11 +766,11 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients_loaded = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + coefficients, coefficients); __m256i coefficients0 = mm256_shuffle_epi8( - coefficients_loaded0, + coefficients_loaded, mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, @@ -757,16 +797,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector); __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, @@ -783,11 +818,23 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; + uint8_t serialized[32U] = {0U}; mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), upper_8); @@ -811,31 +858,40 @@ void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, } KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, - 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, - 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); - return mm256_and_si256(coefficients2, +libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U)); + __m256i coefficients1 = mm256_srli_epi16((int32_t)6, coefficients0, __m256i); + return mm256_and_si256(coefficients1, mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + Eurydice_slice lower_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t); + Eurydice_slice upper_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + mm_loadu_si128(lower_coefficients), mm_loadu_si128(upper_coefficients)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -884,16 +940,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1)); +KRML_MUSTINLINE core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(12U, vector); __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, @@ -912,6 +963,18 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -937,30 +1000,39 @@ void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = mm_shuffle_epi8( + lower_coefficients0, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_shuffle_epi8( + upper_coefficients0, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = mm256_mullo_epi16( + coefficients, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); + __m256i coefficients1 = mm256_srli_epi16((int32_t)4, coefficients0, __m256i); + return mm256_and_si256(coefficients1, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); +} + KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); __m128i lower_coefficients = mm_loadu_si128( Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, - 4U, 3U, 2U, 1U, 1U, 0U)); __m128i upper_coefficients = mm_loadu_si128( Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, - 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + lower_coefficients, upper_coefficients); } /** @@ -2954,7 +3026,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_44(__m256i vector) { +compress_ciphertext_coefficient_76(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3001,8 +3073,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_09_c6(__m256i vector) { - return compress_ciphertext_coefficient_44(vector); +static __m256i compress_09_70(__m256i vector) { + return compress_ciphertext_coefficient_76(vector); } /** @@ -3018,7 +3090,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_170( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_c6(to_unsigned_field_modulus_88(re->coefficients[i0])); + compress_09_70(to_unsigned_field_modulus_88(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3038,7 +3110,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_440(__m256i vector) { +compress_ciphertext_coefficient_760(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3085,8 +3157,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_09_c60(__m256i vector) { - return compress_ciphertext_coefficient_440(vector); +static __m256i compress_09_700(__m256i vector) { + return compress_ciphertext_coefficient_760(vector); } /** @@ -3141,7 +3213,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_441(__m256i vector) { +compress_ciphertext_coefficient_761(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3188,8 +3260,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_09_c61(__m256i vector) { - return compress_ciphertext_coefficient_441(vector); +static __m256i compress_09_701(__m256i vector) { + return compress_ciphertext_coefficient_761(vector); } /** @@ -3205,7 +3277,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_06( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_c61(to_unsigned_field_modulus_88(re.coefficients[i0])); + compress_09_701(to_unsigned_field_modulus_88(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_09(coefficient, bytes); Eurydice_slice_copy( @@ -3222,7 +3294,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_442(__m256i vector) { +compress_ciphertext_coefficient_762(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3269,8 +3341,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_09_c62(__m256i vector) { - return compress_ciphertext_coefficient_442(vector); +static __m256i compress_09_702(__m256i vector) { + return compress_ciphertext_coefficient_762(vector); } /** @@ -3286,7 +3358,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_7a( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_09_c62(to_unsigned_representative_b5(re.coefficients[i0])); + compress_09_702(to_unsigned_representative_b5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_09(coefficients, bytes); Eurydice_slice_copy( @@ -3572,7 +3644,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f(__m256i vector) { +decompress_ciphertext_coefficient_6c(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3616,8 +3688,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_09_c1(__m256i vector) { - return decompress_ciphertext_coefficient_8f(vector); +static __m256i decompress_ciphertext_coefficient_09_0f(__m256i vector) { + return decompress_ciphertext_coefficient_6c(vector); } /** @@ -3640,7 +3712,7 @@ deserialize_then_decompress_10_47(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f(coefficient); } return re; } @@ -3652,7 +3724,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f0(__m256i vector) { +decompress_ciphertext_coefficient_6c0(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3696,8 +3768,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_09_c10(__m256i vector) { - return decompress_ciphertext_coefficient_8f0(vector); +static __m256i decompress_ciphertext_coefficient_09_0f0(__m256i vector) { + return decompress_ciphertext_coefficient_6c0(vector); } /** @@ -3715,7 +3787,7 @@ deserialize_then_decompress_11_a8(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c10(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f0(coefficient); } return re; } @@ -3800,7 +3872,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f1(__m256i vector) { +decompress_ciphertext_coefficient_6c1(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3844,8 +3916,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_09_c11(__m256i vector) { - return decompress_ciphertext_coefficient_8f1(vector); +static __m256i decompress_ciphertext_coefficient_09_0f1(__m256i vector) { + return decompress_ciphertext_coefficient_6c1(vector); } /** @@ -3863,7 +3935,7 @@ deserialize_then_decompress_4_98(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_09_c11(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_09_0f1(coefficient); } return re; } @@ -3875,7 +3947,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8f2(__m256i vector) { +decompress_ciphertext_coefficient_6c2(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3919,8 +3991,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_09 with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_09_c12(__m256i vector) { - return decompress_ciphertext_coefficient_8f2(vector); +static __m256i decompress_ciphertext_coefficient_09_0f2(__m256i vector) { + return decompress_ciphertext_coefficient_6c2(vector); } /** @@ -3939,7 +4011,7 @@ deserialize_then_decompress_5_45(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_09_c12(re.coefficients[i0]); + decompress_ciphertext_coefficient_09_0f2(re.coefficients[i0]); } return re; } @@ -5452,7 +5524,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_b8( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_09_c60(to_unsigned_representative_b5(re->coefficients[i0])); + compress_09_700(to_unsigned_representative_b5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_09(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 43910f900..ce38cd383 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem_avx2_H @@ -234,6 +234,12 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, uint8_t ret[2U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); @@ -243,6 +249,15 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09(Eurydice_slice bytes); +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +__m256i libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x); + void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, uint8_t ret[8U]); @@ -252,6 +267,14 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, uint8_t ret[8U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); @@ -271,6 +294,18 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, uint8_t ret[10U]); +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +__m256i libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + __m128i lower, __m128i upper); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); @@ -280,6 +315,15 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09(Eurydice_slice bytes); +typedef struct core_core_arch_x86___m128i_x2_s { + __m128i fst; + __m128i snd; +} core_core_arch_x86___m128i_x2; + +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector); + void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, uint8_t ret[20U]); @@ -290,6 +334,9 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_10_09(__m256i vector, uint8_t ret[20U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); @@ -318,6 +365,10 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} */ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09(Eurydice_slice bytes); +core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector); + void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, uint8_t ret[24U]); @@ -328,6 +379,9 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} void libcrux_ml_kem_vector_avx2_serialize_12_09(__m256i vector, uint8_t ret[24U]); +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0); + __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index b55505b93..3bc08594b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index f6b926cc0..b375e1f09 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 426a4f6a6..ee291c40e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 79b702c22..65d87344a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index d8b5a67ab..67f5d174c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 950cc2aba..a20e6c410 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index c0f445770..360ff4122 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index c5d577d1d..2fc24f7d1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 9561d6d0d..d393ef31c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 28d543bfacc902ba9cc2a734b76baae9583892a4 Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 -Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 +Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 95ad567ef..1a0b95675 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 8ea31d766..443142103 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index b28ba871c..686aabb0d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_avx2_H @@ -204,8 +204,8 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { __m256i t0 = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16( - t0, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i t512 = libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512); + __m256i t1 = libcrux_intrinsics_avx2_mm256_add_epi16(t0, t512); __m256i quotient = libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t1, __m256i); __m256i quotient_times_field_modulus = @@ -636,8 +636,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( (int32_t)1, lsb_to_msb, __m128i); __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - ret[0U] = (uint8_t)bits_packed; - ret[1U] = (uint8_t)(bits_packed >> 8U); + uint8_t result[2U] = {(uint8_t)bits_packed, (uint8_t)(bits_packed >> 8U)}; + memcpy(ret, result, (size_t)2U * sizeof(uint8_t)); } /** @@ -652,35 +652,38 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_1_09(__m256i vector, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + int16_t a, int16_t b) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + b, b, b, b, b, b, b, b, a, a, a, a, a, a, a, a); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + uint8_t a, uint8_t b) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_i16s( + (int16_t)a, (int16_t)b); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1_deserialize_1_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -691,16 +694,29 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_09( return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } +/** + `mm256_concat_pairs_n(n, x)` is then a sequence of 32 bits packets + of the shape `0b0…0b₁…bₙa₁…aₙ`, if `x` is a sequence of pairs of + 16 bits, of the shape `(0b0…0a₁…aₙ, 0b0…0b₁…bₙ)` (where the last + `n` bits are non-zero). +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(uint8_t n, + __m256i x) { + int16_t n0 = (int16_t)1 << (uint32_t)n; + return libcrux_intrinsics_avx2_mm256_madd_epi16( + x, libcrux_intrinsics_avx2_mm256_set_epi16( + n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, + (int16_t)1, n0, (int16_t)1, n0, (int16_t)1, n0, (int16_t)1)); +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(4U, vector); __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi8( @@ -739,31 +755,19 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_4_09(__m256i vector, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + int16_t b0, int16_t b1, int16_t b2, int16_t b3, int16_t b4, int16_t b5, + int16_t b6, int16_t b7) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + b7, b7, b6, b6, b5, b5, b4, b4, b3, b3, b2, b2, b1, b1, b0, b0); __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( @@ -771,6 +775,30 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { ((int16_t)1 << 4U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + uint8_t b0, uint8_t b1, uint8_t b2, uint8_t b3, uint8_t b4, uint8_t b5, + uint8_t b6, uint8_t b7) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_i16s( + (int16_t)b0, (int16_t)b1, (int16_t)b2, (int16_t)b3, (int16_t)b4, + (int16_t)b5, (int16_t)b6, (int16_t)b7); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4_deserialize_4_u8s( + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -837,6 +865,24 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_5_09(__m256i vector, libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } +/** + We cannot model `mm256_inserti128_si256` on its own: it produces a + Vec256 where the upper 128 bits are undefined. Thus + `mm256_inserti128_si256` is not pure. + + Luckily, we always call `mm256_castsi128_si256` right after + `mm256_inserti128_si256`: this composition sets the upper bits, + making the whole computation pure again. +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128(__m128i lower, + __m128i upper) { + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, libcrux_intrinsics_avx2_mm256_castsi128_si256(lower), upper, + __m256i); +} + KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { @@ -858,11 +904,10 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + coefficients, coefficients); __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, + coefficients_loaded, libcrux_intrinsics_avx2_mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, @@ -892,17 +937,17 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_09( return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } +typedef struct core_core_arch_x86___m128i_x2_s { + __m128i fst; + __m128i snd; +} core_core_arch_x86___m128i_x2; + KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); +static inline core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(10U, vector); __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( @@ -921,11 +966,24 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_10_serialize_10_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; + uint8_t serialized[32U] = {0U}; libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t), @@ -952,37 +1010,46 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_10_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, +libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients0, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + Eurydice_slice lower_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t); + Eurydice_slice upper_coefficients = + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10_deserialize_10_vec( + libcrux_intrinsics_avx2_mm_loadu_si128(lower_coefficients), + libcrux_intrinsics_avx2_mm_loadu_si128(upper_coefficients)); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -1039,16 +1106,11 @@ static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_09( } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); +static KRML_MUSTINLINE core_core_arch_x86___m128i_x2 +libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + __m256i vector) { + __m256i adjacent_2_combined = + libcrux_ml_kem_vector_avx2_serialize_mm256_concat_pairs_n(12U, vector); __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, @@ -1068,6 +1130,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); + return ( + CLITERAL(core_core_arch_x86___m128i_x2){.fst = lower_8, .snd = upper_8}); +} + +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + core_core_arch_x86___m128i_x2 uu____0 = + libcrux_ml_kem_vector_avx2_serialize_serialize_12_serialize_12_vec( + vector); + __m128i lower_8 = uu____0.fst; + __m128i upper_8 = uu____0.snd; libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); @@ -1097,37 +1172,45 @@ static inline void libcrux_ml_kem_vector_avx2_serialize_12_09( KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, +libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + __m128i lower_coefficients0, __m128i upper_coefficients0) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients0, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); + libcrux_ml_kem_vector_avx2_serialize_mm256_si256_from_two_si128( + lower_coefficients, upper_coefficients); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients0, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + coefficients1, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); } +KRML_ATTRIBUTE_TARGET("avx2") +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12_deserialize_12_vec( + lower_coefficients, upper_coefficients); +} + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)#2} @@ -1322,7 +1405,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1374,9 +1457,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_72( vector); } @@ -1404,7 +1487,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_58( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_64( coefficient); } return re; @@ -1418,7 +1501,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1470,9 +1553,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_720( vector); } @@ -1495,7 +1578,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_33( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_640( coefficient); } return re; @@ -1745,7 +1828,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1797,9 +1880,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_721( vector); } @@ -1822,7 +1905,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_a9( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_641( coefficient); } return re; @@ -1836,7 +1919,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1888,9 +1971,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_fc2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_722( vector); } @@ -1913,7 +1996,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_9b( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_09(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_0e2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_09_642( re.coefficients[i0]); } return re; @@ -3510,7 +3593,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3565,9 +3648,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a6( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_52( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e( vector); } @@ -3585,7 +3668,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_b4( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a6( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb( libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3608,7 +3691,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3663,9 +3746,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a60( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_520( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e0( vector); } @@ -3683,7 +3766,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_65( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a60( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb0( libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3753,7 +3836,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3808,9 +3891,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a61( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_521( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e1( vector); } @@ -3828,7 +3911,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_ea( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_a61( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_09_eb1( libcrux_ml_kem_serialize_to_unsigned_field_modulus_88( re.coefficients[i0])); uint8_t bytes[8U]; @@ -3848,7 +3931,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3903,9 +3986,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_a62( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_09_eb2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_522( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_4e2( vector); } @@ -3923,7 +4006,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_47( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_a62( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_09_eb2( libcrux_ml_kem_vector_traits_to_unsigned_representative_b5( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4209,7 +4292,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_5b(private_key, ciphertext, ret); @@ -4226,7 +4309,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_10(private_key, ciphertext, ret); } @@ -4359,7 +4442,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -4384,7 +4467,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2c( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_bd( uu____0, copy_of_randomness); } @@ -4842,7 +4925,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -4859,7 +4942,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_14( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_dd( copy_of_randomness); } @@ -5018,7 +5101,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_decapsulate_5b0(private_key, ciphertext, ret); @@ -5035,7 +5118,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_f1( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_6e( private_key, ciphertext, ret); } @@ -5153,7 +5236,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; @@ -5178,7 +5261,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_61( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_c1( uu____0, copy_of_randomness); } @@ -5363,7 +5446,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5380,7 +5463,7 @@ libcrux_ml_kem_mlkem768_avx2_kyber_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_2d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_generate_keypair_8f( copy_of_randomness); } @@ -5419,7 +5502,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { return libcrux_ml_kem_ind_cca_validate_private_key_e5(private_key, @@ -5435,7 +5518,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_private_key( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_ca( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_private_key_cf( private_key, ciphertext); } @@ -5515,7 +5598,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_84(public_key); } @@ -5528,7 +5611,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( KRML_ATTRIBUTE_TARGET("avx2") static inline bool libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key) { - return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_06( + return libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_96( public_key->value); } @@ -5641,7 +5724,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_ind_cca_unpacked_decapsulate_81(key_pair, ciphertext, ret); @@ -5658,7 +5741,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_decapsulate( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_f6( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_decapsulate_ad( private_key, ciphertext, ret); } @@ -5753,7 +5836,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -5782,7 +5865,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_unpacked_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_2e( + return libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_encapsulate_62( uu____0, copy_of_randomness); } @@ -5939,7 +6022,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64( uint8_t randomness[64U], libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *out) { /* Passing arrays by value in Rust generates a copy in C */ @@ -5958,7 +6041,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_generate_key_pair( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_c8( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_generate_keypair_64( copy_of_randomness, key_pair); } @@ -5975,7 +6058,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_a5(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_89(); lit.public_key_hash[0U] = 0U; @@ -6027,7 +6110,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_b9(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_e3(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_3c(); uu____0.implicit_rejection_value[0U] = 0U; @@ -6065,7 +6148,7 @@ static KRML_MUSTINLINE return ( CLITERAL(libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_f9()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_a5()}); } /** @@ -6074,7 +6157,7 @@ static KRML_MUSTINLINE KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_b9(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_e3(); } /** @@ -6083,7 +6166,7 @@ libcrux_ml_kem_mlkem768_avx2_unpacked_init_key_pair(void) { KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_f9(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_a5(); } /** @@ -6104,7 +6187,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_07( @@ -6132,10 +6215,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91( &self->public_key, serialized); } @@ -6147,7 +6230,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_8b(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1d(key_pair, serialized); } @@ -6164,7 +6247,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -6201,11 +6284,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 -libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( +libcrux_ml_kem_ind_cca_unpacked_clone_28_e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_28(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_c1(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -6229,7 +6312,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -6242,8 +6325,8 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_public_key( libcrux_ml_kem_mlkem768_avx2_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_ea( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_7b(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_e1( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_8c(key_pair)); pk[0U] = uu____0; } @@ -6254,7 +6337,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_bf(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_91(public_key, serialized); } @@ -6319,7 +6402,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( +libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { @@ -6335,7 +6418,7 @@ static inline void libcrux_ml_kem_mlkem768_avx2_unpacked_unpacked_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *unpacked_public_key) { - libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_45( + libcrux_ml_kem_ind_cca_instantiations_avx2_unpacked_unpack_public_key_aa( public_key, unpacked_public_key); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h index b40c9731a..162259dd8 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_avx2_types_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index b32c976d7..091d5acc2 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_portable_H @@ -6991,7 +6991,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(void) { +libcrux_ml_kem_ind_cca_unpacked_default_1c_e8(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = libcrux_ml_kem_ind_cpa_unpacked_default_8d_d1(); lit.public_key_hash[0U] = 0U; @@ -7042,7 +7042,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked - libcrux_ml_kem_ind_cca_unpacked_default_07_27(void) { + libcrux_ml_kem_ind_cca_unpacked_default_07_e2(void) { libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____0; uu____0.ind_cpa_private_key = libcrux_ml_kem_ind_cpa_unpacked_default_1a_e9(); uu____0.implicit_rejection_value[0U] = 0U; @@ -7080,7 +7080,7 @@ static KRML_MUSTINLINE return (CLITERAL( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked){ .private_key = uu____0, - .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_fa()}); + .public_key = libcrux_ml_kem_ind_cca_unpacked_default_1c_e8()}); } /** @@ -7088,7 +7088,7 @@ static KRML_MUSTINLINE */ static inline libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_07_27(); + return libcrux_ml_kem_ind_cca_unpacked_default_07_e2(); } /** @@ -7096,7 +7096,7 @@ libcrux_ml_kem_mlkem768_portable_unpacked_init_key_pair(void) { */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 libcrux_ml_kem_mlkem768_portable_unpacked_init_public_key(void) { - return libcrux_ml_kem_ind_cca_unpacked_default_1c_fa(); + return libcrux_ml_kem_ind_cca_unpacked_default_1c_e8(); } /** @@ -7116,7 +7116,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { libcrux_ml_kem_ind_cpa_serialize_public_key_mut_12( @@ -7143,10 +7143,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7( +libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70( + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80( &self->public_key, serialized); } @@ -7157,7 +7157,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_key_pair_serialized_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_d7(key_pair, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_de_1a(key_pair, serialized); } @@ -7173,7 +7173,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57( +libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( @@ -7209,11 +7209,11 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 -libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( +libcrux_ml_kem_ind_cca_unpacked_clone_28_68( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *self) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 lit; lit.ind_cpa_public_key = - libcrux_ml_kem_ind_cpa_unpacked_clone_ef_57(&self->ind_cpa_public_key); + libcrux_ml_kem_ind_cpa_unpacked_clone_ef_93(&self->ind_cpa_public_key); uint8_t ret[32U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( (size_t)32U, self->public_key_hash, ret, uint8_t, void *); @@ -7236,7 +7236,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 * -libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c( +libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *self) { return &self->public_key; } @@ -7248,8 +7248,8 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_public_key( libcrux_ml_kem_mlkem768_portable_unpacked_MlKem768KeyPairUnpacked *key_pair, libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *pk) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 uu____0 = - libcrux_ml_kem_ind_cca_unpacked_clone_28_5e( - libcrux_ml_kem_ind_cca_unpacked_public_key_de_0c(key_pair)); + libcrux_ml_kem_ind_cca_unpacked_clone_28_68( + libcrux_ml_kem_ind_cca_unpacked_public_key_de_e9(key_pair)); pk[0U] = uu____0; } @@ -7260,7 +7260,7 @@ static inline void libcrux_ml_kem_mlkem768_portable_unpacked_serialized_public_key( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, libcrux_ml_kem_types_MlKemPublicKey_15 *serialized) { - libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_70(public_key, + libcrux_ml_kem_ind_cca_unpacked_serialized_public_key_mut_dd_80(public_key, serialized); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h index 7f5d57201..f381a6d12 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable_types.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_mlkem768_portable_types_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 55e780301..872af5692 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 0d652a9d7..ef344518f 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: 1a65dbf3758fe310833718c645a64266294a29ac * Karamel: 15d4bce74a2d43e34a64f48f8311b7d9bcb0e152 * F*: 3063d19312f8ec3af5945f24ed3ebbb6b6cd9678 - * Libcrux: 0e1943ac02e87b0a0f08a6b0dff97932b196f845 + * Libcrux: 098de7d283a7867de9c3e5672d7b3c915ef9b2f1 */ #ifndef __libcrux_sha3_portable_H From 101ed40d91c5676bc4071a5985bd9361103dbfab Mon Sep 17 00:00:00 2001 From: Karthikeyan Bhargavan Date: Mon, 30 Sep 2024 00:11:22 +0200 Subject: [PATCH 347/348] arith --- .../extraction/Libcrux_ml_kem.Variant.fsti | 243 ++++++++++++++++++ .../Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 4 +- .../Libcrux_ml_kem.Vector.Portable.fst | 59 +++++ libcrux-ml-kem/src/vector/avx2/arithmetic.rs | 4 +- 4 files changed, 306 insertions(+), 4 deletions(-) create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti create mode 100644 libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti new file mode 100644 index 000000000..943518133 --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Variant.fsti @@ -0,0 +1,243 @@ +module Libcrux_ml_kem.Variant +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Hash_functions in + () + +/// Implements [`Variant`], to perform the ML-KEM-specific actions +/// during encapsulation and decapsulation. +/// Specifically, +/// * during key generation, the seed hash is domain separated (this is a difference from the FIPS 203 IPD and Kyber) +/// * during encapsulation, the initial randomness is used without prior hashing, +/// * the derivation of the shared secret does not include a hash of the ML-KEM ciphertext. +type t_MlKem = | MlKem : t_MlKem + +/// This trait collects differences in specification between ML-KEM +/// (FIPS 203) and the Round 3 CRYSTALS-Kyber submission in the +/// NIST PQ competition. +/// cf. FIPS 203, Appendix C +class t_Variant (v_Self: Type0) = { + f_kdf_pre: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> pred: Type0{(Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32 ==> pred}; + f_kdf_post: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + shared_secret: t_Slice u8 -> + ciphertext: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == shared_secret}; + f_kdf: + v_K: usize -> + v_CIPHERTEXT_SIZE: usize -> + #v_Hasher: Type0 -> + {| i1: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 -> + x1: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE + -> Prims.Pure (t_Array u8 (sz 32)) + (f_kdf_pre v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1) + (fun result -> f_kdf_post v_K v_CIPHERTEXT_SIZE #v_Hasher #i1 x0 x1 result); + f_entropy_preprocess_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + randomness: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 randomness <: usize) =. sz 32 ==> pred}; + f_entropy_preprocess_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + randomness: t_Slice u8 -> + res: t_Array u8 (sz 32) + -> pred: Type0{pred ==> res == randomness}; + f_entropy_preprocess: + v_K: usize -> + #v_Hasher: Type0 -> + {| i3: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 32)) + (f_entropy_preprocess_pre v_K #v_Hasher #i3 x0) + (fun result -> f_entropy_preprocess_post v_K #v_Hasher #i3 x0 result); + f_cpa_keygen_seed_pre: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + seed: t_Slice u8 + -> pred: Type0{(Core.Slice.impl__len #u8 seed <: usize) =. sz 32 ==> pred}; + f_cpa_keygen_seed_post: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + t_Slice u8 -> + t_Array u8 (sz 64) + -> Type0; + f_cpa_keygen_seed: + v_K: usize -> + #v_Hasher: Type0 -> + {| i4: Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K |} -> + x0: t_Slice u8 + -> Prims.Pure (t_Array u8 (sz 64)) + (f_cpa_keygen_seed_pre v_K #v_Hasher #i4 x0) + (fun result -> f_cpa_keygen_seed_post v_K #v_Hasher #i4 x0 result) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl: t_Variant t_MlKem = + { + f_kdf_pre + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + (Core.Slice.impl__len #u8 shared_secret <: usize) =. sz 32); + f_kdf_post + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + (res: t_Array u8 (sz 32)) + -> + res == shared_secret); + f_kdf + = + (fun + (v_K: usize) + (v_CIPHERTEXT_SIZE: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (shared_secret: t_Slice u8) + (_: Libcrux_ml_kem.Types.t_MlKemCiphertext v_CIPHERTEXT_SIZE) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out shared_secret in + out); + f_entropy_preprocess_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + (Core.Slice.impl__len #u8 randomness <: usize) =. sz 32); + f_entropy_preprocess_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + (res: t_Array u8 (sz 32)) + -> + res == randomness); + f_entropy_preprocess + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i3: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (randomness: t_Slice u8) + -> + let out:t_Array u8 (sz 32) = Rust_primitives.Hax.repeat 0uy (sz 32) in + let out:t_Array u8 (sz 32) = Core.Slice.impl__copy_from_slice #u8 out randomness in + out); + f_cpa_keygen_seed_pre + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + (Core.Slice.impl__len #u8 key_generation_seed <: usize) =. sz 32); + f_cpa_keygen_seed_post + = + (fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + (out: t_Array u8 (sz 64)) + -> + true); + f_cpa_keygen_seed + = + fun + (v_K: usize) + (#v_Hasher: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i4: + Libcrux_ml_kem.Hash_functions.t_Hash v_Hasher v_K) + (key_generation_seed: t_Slice u8) + -> + let seed:t_Array u8 (sz 33) = Rust_primitives.Hax.repeat 0uy (sz 33) in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_range seed + ({ + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end = Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize) + (Core.Slice.impl__copy_from_slice #u8 + (seed.[ { + Core.Ops.Range.f_start = sz 0; + Core.Ops.Range.f_end + = + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + } + <: + Core.Ops.Range.t_Range usize ] + <: + t_Slice u8) + key_generation_seed + <: + t_Slice u8) + in + let seed:t_Array u8 (sz 33) = + Rust_primitives.Hax.Monomorphized_update_at.update_at_usize seed + Libcrux_ml_kem.Constants.v_CPA_PKE_KEY_GENERATION_SEED_SIZE + (cast (v_K <: usize) <: u8) + in + Libcrux_ml_kem.Hash_functions.f_G #v_Hasher + #v_K + #FStar.Tactics.Typeclasses.solve + (seed <: t_Slice u8) + } diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index c6edc5b32..14c6d47e2 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -85,7 +85,7 @@ let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in result -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200" let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 = @@ -184,7 +184,7 @@ let cond_subtract_3329_ (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = #pop-options -#push-options "--z3rlimit 100" +#push-options "--z3rlimit 200" let montgomery_multiply_by_constant (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst new file mode 100644 index 000000000..0ca12f7ff --- /dev/null +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Portable.fst @@ -0,0 +1,59 @@ +module Libcrux_ml_kem.Vector.Portable +#set-options "--fuel 0 --ifuel 1 --z3rlimit 100" +open Core +open FStar.Mul + +let _ = + (* This module has implicit dependencies, here we make them explicit. *) + (* The implicit dependencies arise from typeclasses instances. *) + let open Libcrux_ml_kem.Vector.Portable.Vector_type in + let open Libcrux_ml_kem.Vector.Traits in + () + +let deserialize_11_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_11_ a + +let deserialize_5_ (a: t_Slice u8) = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_5_ a + +let serialize_11_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_11_ a + +let serialize_5_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_5_ a + +let deserialize_1_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_1_ a + +let deserialize_10_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_10_ a + +let deserialize_12_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_12_ a + +let deserialize_4_ (a: t_Slice u8) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_lemma a in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_bounded_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.deserialize_4_ a + +let serialize_1_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 1) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_1_ a + +let serialize_10_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_10_ a + +let serialize_12_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_12_ a + +let serialize_4_ (a: Libcrux_ml_kem.Vector.Portable.Vector_type.t_PortableVector) = + let _:Prims.unit = assert (forall i. Rust_primitives.bounded (Seq.index a.f_elements i) 4) in + let _:Prims.unit = Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_lemma a in + Libcrux_ml_kem.Vector.Portable.Serialize.serialize_4_ a diff --git a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs index 7f6d7e6b3..1032ee28d 100644 --- a/libcrux-ml-kem/src/vector/avx2/arithmetic.rs +++ b/libcrux-ml-kem/src/vector/avx2/arithmetic.rs @@ -137,7 +137,7 @@ const BARRETT_MULTIPLIER: i16 = 20159; /// See Section 3.2 of the implementation notes document for an explanation /// of this code. #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b_array 28296 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${vector})")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == @@ -170,7 +170,7 @@ pub(crate) fn barrett_reduce(vector: Vec256) -> Vec256 { } #[inline(always)] -#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 100"))] +#[cfg_attr(hax, hax_lib::fstar::options("--z3rlimit 200"))] #[cfg_attr(hax, hax_lib::requires(fstar!("Spec.Utils.is_i16b 1664 constant")))] #[cfg_attr(hax, hax_lib::ensures(|result| fstar!("Spec.Utils.is_i16b_array 3328 (Libcrux_intrinsics.Avx2_extract.vec256_as_i16x16 ${result}) /\\ (forall i. i < 16 ==> v (get_lane $result i) % 3329 == From de526510678123df66653574e4259c9fe54b4cc9 Mon Sep 17 00:00:00 2001 From: karthikbhargavan Date: Sun, 29 Sep 2024 22:36:57 +0000 Subject: [PATCH 348/348] verifies --- .../fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst index 14c6d47e2..e1c2e554d 100644 --- a/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst +++ b/libcrux-ml-kem/proofs/fstar/extraction/Libcrux_ml_kem.Vector.Avx2.Arithmetic.fst @@ -85,7 +85,7 @@ let sub (lhs rhs: Libcrux_intrinsics.Avx2_extract.t_Vec256) = in result -#push-options "--z3rlimit 200" +#push-options "--z3rlimit 200 --split_queries always" let barrett_reduce (vector: Libcrux_intrinsics.Avx2_extract.t_Vec256) = let t0:Libcrux_intrinsics.Avx2_extract.t_Vec256 =